CAS-004 Exam Dumps | A company underwent an audit in which the following issues were enumerated: * Insufficient security controls

<< Prev Question Next Question >>

Question 102/219

A company underwent an audit in which the following issues were enumerated:
* Insufficient security controls for internet-facing services, such as VPN and extranet
* Weak password policies governing external access for third-party vendors Which of the following strategies would help mitigate the risks of unauthorized access?

A. 2FA

B. RADIUS

C. Federation

D. OTP

Question List (219q): Question 1: Which of the following is the MOST important security object...; Question 2: A senior security analyst is helping the development team im...; Question 3: A university issues badges through a homegrown identity mana...; Question 4: A security engineer needs to implement a cost-effective auth...; Question 5: A vulnerability scanner detected an obsolete version of an o...; Question 6: A security analyst has been provided the following partial S...; Question 7: A company security engineer arrives at work to face the foll...; Question 8: A managed security provider (MSP) is engaging with a custome...; Question 9: After a cybersecurity incident, a judge found that a company...; Question 10: A SaaS startup is maturing its DevSecOps program and wants t...; Question 11: An organization is assessing the security posture of a new S...; Question 12: An organization does not have visibility into when company-o...; Question 13: Which of the following is a security concern for DNP3?...; Question 14: An energy company is required to report the average pressure...; Question 15: A security architect Is analyzing an old application that is...; Question 16: To bring digital evidence in a court of law the evidence mus...; Question 17: The Chief information Officer (CIO) wants to implement enter...; Question 18: The goal of a Chief information Security Officer (CISO) prov...; Question 19: A security engineer needs to implement a solution to increas...; Question 20: A large telecommunications equipment manufacturer needs to e...; Question 21: A business stores personal client data of individuals residi...; Question 22: A security analyst is trying to identify the source of a rec...; Question 23: A systems administrator is in the process of hardening the h...; Question 24: An organization recently started processing, transmitting, a...; Question 25: A network administrator receives a ticket regarding an error...; Question 26: A security consultant has been asked to identify a simple, s...; Question 27: A company wants to protect its intellectual property from th...; Question 28: An application server was recently upgraded to prefer TLS 1....; Question 29: A cyberanalyst for a government agency is concerned about ho...; Question 30: Due to budget constraints, an organization created a policy ...; Question 31: A security analyst has been tasked with providing key inform...; Question 32: The principal security analyst for a global manufacturer is ...; Question 33: An organization's finance system was recently attacked. A fo...; Question 34: A threat analyst notices the following URL while going throu...; Question 35: A company suspects a web server may have been infiltrated by...; Question 36: A company wants to refactor a monolithic application to take...; Question 37: A major broadcasting company that requires continuous availa...; Question 38: A security architect is working with a new customer to find ...; Question 39: An organization is running its e-commerce site in the cloud....; Question 40: An loT device implements an encryption module built within i...; Question 41: A security administrator needs to recommend an encryption pr...; Question 42: A company hired a third party to develop software as part of...; Question 43: Leveraging cryptographic solutions to protect data that is i...; Question 44: A financial services company wants to migrate its email serv...; Question 45: A company has decided to purchase a license for software tha...; Question 46: A small company needs to reduce its operating costs. vendors...; Question 47: Users are claiming that a web server is not accessible. A se...; Question 48: An engineering team is developing and deploying a fleet of m...; Question 49: An attack team performed a penetration test on a new smart c...; Question 50: In preparation for the holiday season, a company redesigned ...; Question 51: During a system penetration test, a security engineer succes...; Question 52: An enterprise is undergoing an audit to review change manage...; Question 53: A cloud security engineer is setting up a cloud-hosted WAF. ...; Question 54: A security analyst observes the following while looking thro...; Question 55: A shipping company that is trying to eliminate entire classe...; Question 56: A security administrator wants to enable a feature that woul...; Question 57: A company wants to improve the security of its web applicati...; Question 58: A software development company makes Its software version av...; Question 59: A security is assisting the marketing department with ensuri...; Question 60: An attacker infiltrated the code base of a hardware manufact...; Question 61: A security engineer is creating a single CSR for the followi...; Question 62: A help desk technician just informed the security department...; Question 63: A university issues badges through a homegrown identity mana...; Question 64: Which of the following processes involves searching and coll...; Question 65: A network security engineer is designing a three-tier web ar...; Question 66: A security engineer is assessing a legacy server and needs t...; Question 67: A hospital has fallen behind with patching known vulnerabili...; Question 68: The Chief information Officer (CIO) wants to establish a non...; Question 69: An auditor needs to scan documents at rest for sensitive tex...; Question 70: A host on a company's network has been infected by a worm th...; Question 71: Which of the following allows computation and analysis of da...; Question 72: A security researcher detonated some malware in a lab enviro...; Question 73: A home automation company just purchased and installed tools...; Question 74: An analyst execute a vulnerability scan against an internet-...; Question 75: An e-commerce company is running a web server on premises, a...; Question 76: A software developer created an application for a large, mul...; Question 77: A company is moving most of its customer-facing production s...; Question 78: A security analyst is reviewing SIEM events and is uncertain...; Question 79: A municipal department receives telemetry data from a third-...; Question 80: A bank is working with a security architect to find the BEST...; Question 81: A security analyst notices a number of SIEM events that show...; Question 82: The Chief Security Officer (CSO) requested the security team...; Question 83: A company has moved its sensitive workloads lo the cloud and...; Question 84: Signed applications reduce risks by:...; Question 85: Which of the following is the BEST disaster recovery solutio...; Question 86: A security architect is designing a solution for a new custo...; Question 87: An organization is assessing the security posture of a new S...; Question 88: An engineering team has deployed a new VPN service that requ...; Question 89: A large number of emails have been reported, and a security ...; Question 90: A security analyst for a managed service provider wants to i...; Question 91: A security analyst is reviewing network connectivity on a Li...; Question 92: An organization is implementing a new identity and access ma...; Question 93: A customer reports being unable to connect to a website at w...; Question 94: A SOC analyst is reviewing malicious activity on an external...; Question 95: A vulnerability analyst identified a zero-day vulnerability ...; Question 96: A company requires a task to be carried by more than one per...; Question 97: A software development company is building a new mobile appl...; Question 98: A company recently deployed a SIEM and began importing logs ...; Question 99: A software company is developing an application in which dat...; Question 100: A developer wants to maintain integrity to each module of a ...; Question 101: Which of the following BEST describes a common use case for ...; Question 102: A company underwent an audit in which the following issues w...; Question 103: A security team received a regulatory notice asking for info...; Question 104: Ransomware encrypted the entire human resources fileshare fo...; Question 105: Which of the following is the MOST important cloud-specific ...; Question 106: Which of the following protocols is a low power, low data ra...; Question 107: The general counsel at an organization has received written ...; Question 108: A developer is creating a new mobile application for a compa...; Question 109: Due to internal resource constraints, the management team ha...; Question 110: In order to authenticate employees who, call in remotely, a ...; Question 111: A security architect works for a manufacturing organization ...; Question 112: A security analyst is investigating a possible buffer overfl...; Question 113: Which of the following should be established when configurin...; Question 114: A business wants to migrate its workloads from an exclusivel...; Question 115: (Exhibit) An organization is planning for disaster recovery ...; Question 116: An internal security assessor identified large gaps in a com...; Question 117: A mobile administrator is reviewing the following mobile dev...; Question 118: A security operations center analyst is investigating anomal...; Question 119: A security architect is tasked with scoping a penetration te...; Question 120: A security engineer has been informed by the firewall team t...; Question 121: A company wants to use a process to embed a sign of ownershi...; Question 122: A system administrator at a medical imaging company discover...; Question 123: The Chief information Officer (CIO) of a large bank, which u...; Question 124: The Chief Information Security Officer of a startup company ...; Question 125: A security analyst wants to keep track of alt outbound web c...; Question 126: A software development company is building a new mobile appl...; Question 127: Users are reporting intermittent access issues with a new cl...; Question 128: A security architect is reviewing the following proposed cor...; Question 129: Which of the following best describes what happens if chain ...; Question 130: A large organization is planning to migrate from on premises...; Question 131: An organization is establishing a new software assurance pro...; Question 132: A technician is reviewing the logs and notices a large numbe...; Question 133: A security analyst is concerned that a malicious piece of co...; Question 134: A security analyst is validating the MAC policy on a set of ...; Question 135: During a network defense engagement, a red team is able to e...; Question 136: A satellite communications ISP frequently experiences outage...; Question 137: An architectural firm is working with its security team to e...; Question 138: A company has retained the services of a consultant to perfo...; Question 139: The Chief Information Security Officer is concerned about th...; Question 140: A company publishes several APIs for customers and is requir...; Question 141: Which of the following indicates when a company might not be...; Question 142: A company is deploying multiple VPNs to support supplier con...; Question 143: An organization established an agreement with a partner comp...; Question 144: A small business requires a low-cost approach to theft detec...; Question 145: A cloud security architect has been tasked with finding a so...; Question 146: A security engineer needs to review the configurations of se...; Question 147: A company wants to improve Its active protection capabilitie...; Question 148: A company provides guest WiFi access to the internet and phy...; Question 149: An organization is referencing NIST best practices for BCP c...; Question 150: As part of the customer registration process to access a new...; Question 151: A systems administrator was given the following IOC to detec...; Question 152: A security analyst is performing a vulnerability assessment ...; Question 153: Which of the following processes involves searching and coll...; Question 154: Due to internal resource constraints, the management team ha...; Question 155: An organization has an operational requirement with a specif...; Question 156: A company created an external application for its customers....; Question 157: Over the last 90 days, many storage services has been expose...; Question 158: A company hosts a large amount of data in blob storage for i...; Question 159: A disaster recovery team learned of several mistakes that we...; Question 160: An analyst has prepared several possible solutions to a succ...; Question 161: A security analyst runs a vulnerability scan on a network ad...; Question 162: An IPSec solution is being deployed. The configuration files...; Question 163: A security consultant is designing an infrastructure securit...; Question 164: A vulnerability assessment endpoint generated a report of th...; Question 165: After a server was compromised an incident responder looks a...; Question 166: A client is adding scope to a project. Which of the followin...; Question 167: An organization is preparing to migrate its production envir...; Question 168: A network administrator for a completely air-gapped and clos...; Question 169: Which of the following testing plans is used to discuss disa...; Question 170: The CI/CD pipeline requires code to have close to zero defec...; Question 171: A security architect must mitigate the risks from what is su...; Question 172: An organization decided to begin issuing corporate mobile de...; Question 173: In order to save money, a company has moved its data to the ...; Question 174: A security engineer needs to select the architecture for a c...; Question 175: A Chief information Security Officer (CISO) has launched to ...; Question 176: A global organization's Chief Information Security Officer (...; Question 177: An IT administrator is reviewing all the servers in an organ...; Question 178: In a shared responsibility model for PaaS, which of the foll...; Question 179: Company A acquired Company . During an audit, a security eng...; Question 180: A security analyst discovered that the company's WAF was not...; Question 181: Application owners are reporting performance issues with tra...; Question 182: A networking team was asked to provide secure remote access ...; Question 183: Which of the following is record-level encryption commonly u...; Question 184: An administrator at a software development company would lik...; Question 185: A security analyst needs to recommend a remediation to the f...; Question 186: After a security incident, a network security engineer disco...; Question 187: A company is looking for a solution to hide data stored in d...; Question 188: A security analyst discovered that the company's WAF was not...; Question 189: A security engineer is implementing a server-side TLS config...; Question 190: A company is looking to fortify its cybersecurity defenses a...; Question 191: A junior developer is informed about the impact of new malwa...; Question 192: After installing an unapproved application on a personal dev...; Question 193: in a situation where the cost of anti-malware exceeds the po...; Question 194: An investigator is attempting to determine if recent data br...; Question 195: A security architect updated the security policy to require ...; Question 196: A security consultant needs to set up wireless security for ...; Question 197: An ISP is receiving reports from a portion of its customers ...; Question 198: A security analyst is reviewing a new IOC in which data is i...; Question 199: A security architect was asked to modify an existing interna...; Question 200: A high-severity vulnerability was found on a web application...; Question 201: An organization requires a contractual document that include...; Question 202: A company is looking at sending historical backups containin...; Question 203: During a review of events, a security analyst notes that sev...; Question 204: A local university that has a global footprint is undertakin...; Question 205: An organization performed a risk assessment and discovered t...; Question 206: During a phishing exercise, a few privileged users ranked hi...; Question 207: An organization recently experienced a ransomware attack. Th...; Question 208: Which of the following technologies allows CSPs to add encry...; Question 209: A cloud security architect has been tasked with selecting th...; Question 210: A cybersecurity analyst created the following tables to help...; Question 211: A company with only U S -based customers wants to allow deve...; Question 212: A company is experiencing a large number of attempted networ...; Question 213: A security analyst discovered that a database administrator'...; Question 214: An organization recently recovered from an attack that featu...; Question 215: Based on PCI DSS v3.4, One Particular database field can sto...; Question 216: A new web server must comply with new secure-by-design princ...; Question 217: A security architect for a large, multinational manufacturer...; Question 218: A small business would like to provide guests who are using ...; Question 219: A security analyst is investigating a series of suspicious e...

Question 102/219

LEAVE A REPLY

Download PDF File