最新的CompTIA Advanced Security Practitioner (CASP+) - CAS-004免費考試真題
A mobile device hardware manufacturer receives the following requirements from a company that wants to produce and sell a new mobile platform:
*The platform should store biometric data.
*The platform should prevent unapproved firmware from being loaded.
* A tamper-resistant, hardware-based counter should track if unapproved firmware was loaded.
Which of the following should the hardware manufacturer implement? (Select three).
*The platform should store biometric data.
*The platform should prevent unapproved firmware from being loaded.
* A tamper-resistant, hardware-based counter should track if unapproved firmware was loaded.
Which of the following should the hardware manufacturer implement? (Select three).
正確答案: A,E,F
說明:(僅 Fast2test 成員可見)
Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal?
正確答案: D
A forensic investigator started the process of gathering evidence on a laptop in response to an incident The investigator took a snapshof of the hard drive, copied relevant log files and then performed a memory dump Which of the following steps in the process should have occurred first?
正確答案: A
說明:(僅 Fast2test 成員可見)
Which of the following should an organization implement to prevent unauthorized API key sharing?
正確答案: D
說明:(僅 Fast2test 成員可見)
A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token- based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?
正確答案: B
All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:
Leaked to the media via printing of the documents
Sent to a personal email address
Accessed and viewed by systems administrators
Uploaded to a file storage site
Which of the following would mitigate the department's concerns?
Leaked to the media via printing of the documents
Sent to a personal email address
Accessed and viewed by systems administrators
Uploaded to a file storage site
Which of the following would mitigate the department's concerns?
正確答案: D
說明:(僅 Fast2test 成員可見)
Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?
正確答案: B
說明:(僅 Fast2test 成員可見)
After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BYOD policy. However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log:
Which of the following is the most likely reason for the successful attack?
Which of the following is the most likely reason for the successful attack?
正確答案: A
說明:(僅 Fast2test 成員可見)
A company recently acquired a SaaS company and performed a gap analysis. The results of the gap analysis indicate security controls are absent throughout the SDLC and have led to several vulnerable production releases. Which of the following security tools best reduces the risk of vulnerable code being pushed to production in the future?
正確答案: A
A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.
Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?
Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?
正確答案: C
說明:(僅 Fast2test 成員可見)
A software developer needs to add an authentication method to a web application. The following requirements must be met:
* The web application needs to use well-supported standards.
* The initial login to the web application should rely on an outside, trusted third party.
* The login needs to be maintained for up to six months.
Which of the following would best support these requirements? (Select two).
* The web application needs to use well-supported standards.
* The initial login to the web application should rely on an outside, trusted third party.
* The login needs to be maintained for up to six months.
Which of the following would best support these requirements? (Select two).
正確答案: A,D
說明:(僅 Fast2test 成員可見)
An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely. Which of the following features of these devices MOST likely led to this decision? (Select TWO.)
正確答案: A,E
A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation Part of this transformation involves a move to cloud servers to ensure a scalable, high- performance, online user experience The current architecture includes:
* Directory servers
* Web servers
* Database servers
* Load balancers
* Cloud-native VPN concentrator
* Remote access server
The MSP must secure this environment similarly to the infrastructure on premises Which of the following should the MSP put in place to BEST meet this objective? (Select THREE)
* Directory servers
* Web servers
* Database servers
* Load balancers
* Cloud-native VPN concentrator
* Remote access server
The MSP must secure this environment similarly to the infrastructure on premises Which of the following should the MSP put in place to BEST meet this objective? (Select THREE)
正確答案: D,F,G
說明:(僅 Fast2test 成員可見)
A security analyst is reviewing the following vulnerability assessment report:
Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?
Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?
正確答案: D