- Home
- CompTIA
- CompTIA Advanced Security Practitioner (CASP+) Exam
- CompTIA.CAS-004.v2025-09-15.q229
- Question 16
Valid CAS-004 Dumps shared by ExamDiscuss.com for Helping Passing CAS-004 Exam! ExamDiscuss.com now offer the newest CAS-004 exam dumps, the ExamDiscuss.com CAS-004 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-004 dumps with Test Engine here:
Access CAS-004 Dumps Premium Version
(620 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 16/229
A company performs an annual attack surface analysis and identifies a large number of unexpected, external-facing systems. The Chief Information Security Officer (CISO) wishes to ensure this issue does not reoccur. Which of the following should the company do?
Correct Answer: C
Option C (Continuously monitor key risk indicators):Continuously monitoring key risk indicators (KRIs) ensures real-time visibility of changes in the attack surface, allowing for prompt identification of unexpected systems and minimizing risk.
Option A (Update the risk profile):Updating the risk profile reflects current risks but does not actively prevent the reoccurrence of unexpected systems.
Option B (Minimize errors in metrics):Reducing errors in metrics is useful for accuracy but does not directly address attack surface management.
Option D (Reduce assessment costs):Reducing costs does not mitigate or prevent the reoccurrence of external-facing systems.
Reference:
CompTIA CASP+ Exam Objective 1.4:Conduct ongoing monitoring of the attack surface and risk indicators.
CASP+ Study Guide, 5th Edition, Chapter 2, Risk Management and Continuous Monitoring.
Option A (Update the risk profile):Updating the risk profile reflects current risks but does not actively prevent the reoccurrence of unexpected systems.
Option B (Minimize errors in metrics):Reducing errors in metrics is useful for accuracy but does not directly address attack surface management.
Option D (Reduce assessment costs):Reducing costs does not mitigate or prevent the reoccurrence of external-facing systems.
Reference:
CompTIA CASP+ Exam Objective 1.4:Conduct ongoing monitoring of the attack surface and risk indicators.
CASP+ Study Guide, 5th Edition, Chapter 2, Risk Management and Continuous Monitoring.
- Question List (229q)
- Question 1: During a network defense engagement, a red team is able to e...
- Question 2: A systems administrator is in the process of hardening the h...
- Question 3: A company has a BYOD policy and has configured remote-wiping...
- Question 4: A company is looking for a solution to hide data stored in d...
- Question 5: The Chief information Officer (CIO) wants to implement enter...
- Question 6: An analyst reviews the following output collected during the...
- Question 7: A host on a company's network has been infected by a worm th...
- Question 8: A company is looking to fortify its cybersecurity defenses a...
- Question 9: Which of the following is the MOST important cloud-specific ...
- Question 10: A small company recently developed prototype technology for ...
- Question 11: A security analyst is reviewing the following output: (Exhib...
- Question 12: A mobile administrator is reviewing the following mobile dev...
- Question 13: A company created an external, PHP-based web application for...
- Question 14: A security architect is implementing a SOAR solution in an o...
- Question 15: An auditor needs to scan documents at rest for sensitive tex...
- Question 16: A company performs an annual attack surface analysis and ide...
- Question 17: A company's employees are not permitted to access company sy...
- Question 18: An ASIC manufacturer wishing to best reduce downstream suppl...
- Question 19: A regulated company is in the process of refreshing its enti...
- Question 20: A security analyst is using data provided from a recent pene...
- Question 21: An organization mat provides a SaaS solution recently experi...
- Question 22: A hospitality company experienced a data breach that include...
- Question 23: Based on PCI DSS v3.4, One Particular database field can sto...
- Question 24: A security auditor needs to review the manner in which an en...
- Question 25: A security analyst is reading the results of a successful ex...
- Question 26: A university issues badges through a homegrown identity mana...
- Question 27: (Exhibit)
- Question 28: A cybersecurity analyst receives a ticket that indicates a p...
- Question 29: An organization has deployed a cloud-based application that ...
- Question 30: During a system penetration test, a security engineer succes...
- Question 31: A network administrator for a completely air-gapped and clos...
- Question 32: A high-severity vulnerability was found on a web application...
- Question 33: A security engineer is implementing DLP. Which of the follow...
- Question 34: A company hosts a large amount of data in blob storage for i...
- Question 35: A software company wants to build a platform by integrating ...
- Question 36: A small business would like to provide guests who are using ...
- Question 37: A software developer needs to add an authentication method t...
- Question 38: A security analyst has been provided the following partial S...
- Question 39: The security analyst discovers a new device on the company's...
- Question 40: A security architect was asked to modify an existing interna...
- Question 41: PKI can be used to support security requirements in the chan...
- Question 42: An engineering team has deployed a new VPN service that requ...
- Question 43: A security engineer is concerned about the threat of side-ch...
- Question 44: Company A is establishing a contractual with Company B. The ...
- Question 45: A pharmaceutical company recently experienced a security bre...
- Question 46: A security engineer is performing a threat modeling procedur...
- Question 47: A software development company wants to ensure that users ca...
- Question 48: In comparison with traditional on-premises infrastructure co...
- Question 49: A security analyst wants to keep track of alt outbound web c...
- Question 50: A security engineer is hardening a company's multihomed SFTP...
- Question 51: A company with customers in the United States and Europe wan...
- Question 52: The OS on several servers crashed around the same time for a...
- Question 53: After the latest risk assessment, the Chief Information Secu...
- Question 54: in a situation where the cost of anti-malware exceeds the po...
- Question 55: A security review of the architecture for an application mig...
- Question 56: A security consultant needs to set up wireless security for ...
- Question 57: Users are reporting intermittent access issues with & ne...
- Question 58: A security analyst is examining a former employee's laptop f...
- Question 59: A security engineer needs to select the architecture for a c...
- Question 60: A recent data breach stemmed from unauthorized access to an ...
- Question 61: A bank is working with a security architect to find the BEST...
- Question 62: During a review of events, a security analyst notes that sev...
- Question 63: An organization is deploying a container-based application t...
- Question 64: A company undergoing digital transformation is reviewing the...
- Question 65: A security administrator needs to implement a security solut...
- Question 66: The Chief information Security Officer (CISO) of a small loc...
- Question 67: An organization develops a social media application that is ...
- Question 68: A systems administrator was given the following IOC to detec...
- Question 69: A security architect is reviewing the following proposed cor...
- Question 70: A security engineer is working for a service provider and an...
- Question 71: A control systems analyst is reviewing the defensive posture...
- Question 72: A security analyst is reviewing a new IOC in which data is i...
- Question 73: A networking team asked a security administrator to enable F...
- Question 74: A company reviews the regulatory requirements associated wit...
- Question 75: To bring digital evidence in a court of law the evidence mus...
- Question 76: Which of the following provides the best solution for organi...
- Question 77: A software development company needs to mitigate third-party...
- Question 78: A development team created a mobile application that contact...
- Question 79: A new VM server (Web Server C) was spun up in the cloud and ...
- Question 80: A security engineer is troubleshooting an issue in which an ...
- Question 81: A hospital has fallen behind with patching known vulnerabili...
- Question 82: A security analyst identified a vulnerable and deprecated ru...
- Question 83: A security consultant has been asked to recommend a secure n...
- Question 84: A software development company is implementing a SaaS-based ...
- Question 85: A security administrator is setting up a virtualization solu...
- Question 86: A company just released a new video card. Due to limited sup...
- Question 87: A security analyst is performing a vulnerability assessment ...
- Question 88: Company A acquired Company В. During an audit, a security e...
- Question 89: Which of the following technologies allows CSPs to add encry...
- Question 90: A Chief Information Security Officer (CISO) reviewed data fr...
- Question 91: An organization is in frequent litigation and has a large nu...
- Question 92: A security analyst is reviewing the following output from a ...
- Question 93: A company requires a task to be carried by more than one per...
- Question 94: After a cybersecurity incident, a judge found that a company...
- Question 95: An organization's existing infrastructure includes site-to-s...
- Question 96: An organization is assessing the security posture of a new S...
- Question 97: A security engineer is reviewing Apache web server logs and ...
- Question 98: A vulnerability assessment endpoint generated a report of th...
- Question 99: A company wants to implement a new website that will be acce...
- Question 100: A security administrator has been provided with three separa...
- Question 101: A security solution uses a sandbox environment to execute ze...
- Question 102: A developer wants to maintain integrity to each module of a ...
- Question 103: A security administrator has been tasked with hardening a do...
- Question 104: A security consultant needs to protect a network of electric...
- Question 105: SIMULATION A product development team has submitted code sni...
- Question 106: A company is preparing to deploy a global service. Which of ...
- Question 107: A common industrial protocol has the following characteristi...
- Question 108: Which of the following indicates when a company might not be...
- Question 109: The IT team suggests the company would save money by using s...
- Question 110: city government's IT director was notified by the City counc...
- Question 111: A health company has reached the physical and computing capa...
- Question 112: A software developer has been tasked with creating a unique ...
- Question 113: Which of the following controls primarily detects abuse of p...
- Question 114: An organization is developing a disaster recovery plan that ...
- Question 115: An IDS was unable to detect malicious network traffic during...
- Question 116: A security architect is improving a healthcare organization'...
- Question 117: A company has been the target of LDAP injections, as well as...
- Question 118: An IT department is currently working to implement an enterp...
- Question 119: A security analyst is investigating a possible buffer overfl...
- Question 120: A security engineer needs to ensure production containers ar...
- Question 121: When managing and mitigating SaaS cloud vendor risk, which o...
- Question 122: A security analyst has been tasked with providing key inform...
- Question 123: In order to save money, a company has moved its data to the ...
- Question 124: An organization is rolling out a robust vulnerability manage...
- Question 125: Which of the following BEST sets expectation between the sec...
- Question 126: A company provides guest WiFi access to the internet and phy...
- Question 127: During a vendor assessment, an analyst reviews a listing of ...
- Question 128: A system administrator at a medical imaging company discover...
- Question 129: A company moved its on-premises services to the cloud. Altho...
- Question 130: SIMULATION You are a security analyst tasked with interpreti...
- Question 131: A security analyst is validating the MAC policy on a set of ...
- Question 132: A company based in the United States holds insurance details...
- Question 133: A client is adding scope to a project. Which of the followin...
- Question 134: An multinational organization was hacked, and the incident r...
- Question 135: A shipping company that is trying to eliminate entire classe...
- Question 136: A security administrator at a global organization wants to u...
- Question 137: An engineering team is developing and deploying a fleet of m...
- Question 138: An organization is deploying a new, online digital bank and ...
- Question 139: In preparation for the holiday season, a company redesigned ...
- Question 140: A software development company is building a new mobile appl...
- Question 141: A security architect is working with a new customer to find ...
- Question 142: A software development company makes Its software version av...
- Question 143: An organization developed a containerized application. The o...
- Question 144: A developer wants to develop a secure external-facing web ap...
- Question 145: A local university that has a global footprint is undertakin...
- Question 146: A security architect recommends replacing the company's mono...
- Question 147: Which of the following security features do email signatures...
- Question 148: A security analyst is designing a touch screen device so use...
- Question 149: A security analyst is participating in a risk assessment and...
- Question 150: A home automation company just purchased and installed tools...
- Question 151: The findings from a recent penetration test report indicate ...
- Question 152: A junior developer is informed about the impact of new malwa...
- Question 153: A cloud security engineer is setting up a cloud-hosted WAF. ...
- Question 154: An organization's hunt team thinks a persistent threats exis...
- Question 155: A security engineer was auditing an organization's current s...
- Question 156: A small business requires a low-cost approach to theft detec...
- Question 157: A network administrator receives a ticket regarding an error...
- Question 158: A company wants to refactor a monolithic application to take...
- Question 159: Based on a recent security audit, a company discovered the p...
- Question 160: A high-severity vulnerability was found on a web application...
- Question 161: A Chief Information Security Officer (CISO) is concerned tha...
- Question 162: The Chief information Officer (CIO) wants to establish a non...
- Question 163: Due to budget constraints, an organization created a policy ...
- Question 164: A disaster recovery team learned of several mistakes that we...
- Question 165: A security engineer investigates an incident and determines ...
- Question 166: A security analyst needs to recommend a remediation to the f...
- Question 167: A company wants to use a process to embed a sign of ownershi...
- Question 168: A security architect examines a section of code and discover...
- Question 169: A financial institution generates a list of newly created ac...
- Question 170: An organization has a secure manufacturing facility that is ...
- Question 171: A security architect Is analyzing an old application that is...
- Question 172: A Chief information Security Officer (CISO) is developing co...
- Question 173: Which of the following objectives BEST supports leveraging t...
- Question 174: A company wants to improve Its active protection capabilitie...
- Question 175: A company that all mobile devices be encrypted, commensurate...
- Question 176: A company is moving most of its customer-facing production s...
- Question 177: A security analyst is investigating a series of suspicious e...
- Question 178: An organization needs to classify its systems and data in ac...
- Question 179: A Chief Information Security Officer (CISO) received a call ...
- Question 180: A company has identified a number of vulnerable, end-of-supp...
- Question 181: A third-party organization has implemented a system that all...
- Question 182: A security administrator wants to enable a feature that woul...
- Question 183: A company has hired a security architect to address several ...
- Question 184: A security engineer has been informed by the firewall team t...
- Question 185: A security analyst observes the following while looking thro...
- Question 186: A security architect is implementing a web application that ...
- Question 187: After establishing coding standards and integrating software...
- Question 188: A SaaS startup is maturing its DevSecOps program and wants t...
- Question 189: A company is repeatedly being breached by hackers who valid ...
- Question 190: A forensic investigator would use the foremost command for:...
- Question 191: A company's Chief Information Security Officer is concerned ...
- Question 192: A customer requires secure communication of subscribed web s...
- Question 193: The Chief Information Security Officer (CISO) asked a securi...
- Question 194: During a phishing exercise, a few privileged users ranked hi...
- Question 195: An application server was recently upgraded to prefer TLS 1....
- Question 196: The Chief information Officer (CIO) asks the system administ...
- Question 197: A company that provides services to clients who work with hi...
- Question 198: A security engineer is implementing a server-side TLS config...
- Question 199: A business wants to migrate its workloads from an exclusivel...
- Question 200: A security analyst received a report that a suspicious flash...
- Question 201: A security officer is requiring all personnel working on a s...
- Question 202: A web service provider has just taken on a very large contra...
- Question 203: An enterprise is undergoing an audit to review change manage...
- Question 204: Which of the following is a risk associated with SDN?...
- Question 205: A security administrator configured the account policies per...
- Question 206: A user logged in to a web application. Later, a SOC analyst ...
- Question 207: A networking team was asked to provide secure remote access ...
- Question 208: A customer reports being unable to connect to a website at w...
- Question 209: A security consultant is designing an infrastructure securit...
- Question 210: A business stores personal client data of individuals residi...
- Question 211: A pharmaceutical company was recently compromised by ransomw...
- Question 212: A company would like to move its payment card data to a clou...
- Question 213: A threat hunting team receives a report about possible APT a...
- Question 214: After installing an unapproved application on a personal dev...
- Question 215: A security analyst is reviewing the following output from a ...
- Question 216: A recent data breach revealed that a company has a number of...
- Question 217: A company Is adopting a new artificial-intelligence-based an...
- Question 218: A security analyst sees that a hacker has discovered some ke...
- Question 219: A large telecommunications equipment manufacturer needs to e...
- Question 220: Immediately following the report of a potential breach, a se...
- Question 221: A company has moved its sensitive workloads lo the cloud and...
- Question 222: A software company is developing an application in which dat...
- Question 223: The CI/CD pipeline requires code to have close to zero defec...
- Question 224: After a server was compromised an incident responder looks a...
- Question 225: A web application server is running a legacy operating syste...
- Question 226: A security engineer is reviewing metrics for a series of bug...
- Question 227: A security analyst at a global financial firm was reviewing ...
- Question 228: An organization performed a risk assessment and discovered t...
- Question 229: The Chief Information Security Officer (CISO) is working wit...
