CAS-004試験無料問題集「CompTIA Advanced Security Practitioner (CASP+) 認定」
A security architect is working with a new customer to find a vulnerability assessment solution that meets the following requirements:
* Fast scanning
* The least false positives possible
* Signature-based
* A low impact on servers when performing a scan
In addition, the customer has several screened subnets, VLANs, and branch offices. Which of the following will best meet the customer's needs?
* Fast scanning
* The least false positives possible
* Signature-based
* A low impact on servers when performing a scan
In addition, the customer has several screened subnets, VLANs, and branch offices. Which of the following will best meet the customer's needs?
正解:B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt the data using the keys from the website.
Which of the following should the security analyst recommend to protect the affected data?
Which of the following should the security analyst recommend to protect the affected data?
正解:D
解答を投票する
Users from the marketing department (192.168.0.1/24) are reporting performance issues with an on-premises application server (192.168.0.9). The application server should only be accessed internally. A security analyst reviews various logs and finds the following information:

Which of the following should the security analyst perform next to improve performance and ensure the application server is secured as required?

Which of the following should the security analyst perform next to improve performance and ensure the application server is secured as required?
正解:B
解答を投票する
A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?
正解:B
解答を投票する
A company underwent an audit in which the following issues were enumerated:
* Insufficient security controls for internet-facing services, such as VPN and extranet
* Weak password policies governing external access for third-party vendors Which of the following strategies would help mitigate the risks of unauthorized access?
* Insufficient security controls for internet-facing services, such as VPN and extranet
* Weak password policies governing external access for third-party vendors Which of the following strategies would help mitigate the risks of unauthorized access?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
A company's SOC has received threat intelligence about an active campaign utilizing a specific vulnerability.
The company would like to determine whether it is vulnerable to this active campaign.
Which of the following should the company use to make this determination?
The company would like to determine whether it is vulnerable to this active campaign.
Which of the following should the company use to make this determination?
正解:B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
A user in the finance department uses a laptop to store a spreadsheet that contains confidential financial information for the company. Which of the following would be the best way to protect the file while the user brings the laptop between locations? (Select two).
正解:A,C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
An incident response team completed recovery from offline backup for several workstations. The workstations were subjected to a ransomware attack after users fell victim to a spear-phishing campaign, despite a robust training program. Which of the following questions should be considered during the lessons- learned phase to most likely reduce the risk of reoccurrence? (Select two).
正解:B,C
解答を投票する