CAS-004 無料問題集「CompTIA Advanced Security Practitioner (CASP+)」

A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations. Which of the following is the BEST course of action to help prevent this situation m the near future?

解説: (JPNTest メンバーにのみ表示されます)
A cloud security architect has been tasked with selecting the appropriate solution given the following:
* The solution must allow the lowest RTO possible.
* The solution must have the least shared responsibility possible.
* Patching should be a responsibility of the CSP.
Which of the following solutions can BEST fulfill the requirements?

解説: (JPNTest メンバーにのみ表示されます)
Which of the following is a risk associated with SDN?

解説: (JPNTest メンバーにのみ表示されます)
Application owners are reporting performance issues with traffic using port 1433 from the cloud environment.
A security administrator has various pcap files to analyze the data between the related source and destination servers. Which of the following tools should be used to help troubleshoot the issue?

解説: (JPNTest メンバーにのみ表示されます)
Which of the following best describes what happens if chain of custody is broken?

解説: (JPNTest メンバーにのみ表示されます)
During a phishing exercise, a few privileged users ranked high on the failure list. The enterprise would like to ensure that privileged users have an extra security-monitoring control in place. Which of the following Is the MOST likely solution?

解説: (JPNTest メンバーにのみ表示されます)
Signed applications reduce risks by:

解説: (JPNTest メンバーにのみ表示されます)
The Chief Information Security Officer (CISO) is working with a new company and needs a legal "document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

解説: (JPNTest メンバーにのみ表示されます)
A penetration tester inputs the following command:

This command will allow the penetration tester to establish a:

解説: (JPNTest メンバーにのみ表示されます)
A company based in the United States holds insurance details of EU citizens. Which of the following must be adhered to when processing EU citizens' personal, private, and confidential data?

A security architect Is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been Implemented to prevent these types of risks?

解説: (JPNTest メンバーにのみ表示されます)
An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:
Unstructured data being exfiltrated after an employee leaves the organization Data being exfiltrated as a result of compromised credentials Sensitive information in emails being exfiltrated Which of the following solutions should the security team implement to mitigate the risk of data loss?

解説: (JPNTest メンバーにのみ表示されます)
A web application server is running a legacy operating system with an unpatched RCE (Remote Code Execution) vulnerability. The server cannot be upgraded until the corresponding application code is updated.
Which of the following compensating controls would prevent successful exploitation?

解説: (JPNTest メンバーにのみ表示されます)
A hospital has fallen behind with patching known vulnerabilities due to concerns that patches may cause disruptions in the availability of data and impact patient care. The hospital does not have a tracking solution in place to audit whether systems have been updated or to track the length of time between notification of the weakness and patch completion Since tracking is not in place the hospital lacks accountability with regard to who is responsible for these activities and the timeline of patching efforts. Which of the following should the hospital do first to mitigate this risk?

解説: (JPNTest メンバーにのみ表示されます)
Based on PCI DSS v3.4, One Particular database field can store data, but the data must be unreadable. which of the following data objects meets this requirement?

弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

オンラインサポート時間:( UTC+9 ) 9:00-24:00
月曜日から土曜日まで

サポート:現在連絡