Instant Access CompTIA.CAS-004.v2023-06-15.q131 Actual Practice Test Engine for Free (Page 26)

40%off

CAS-004 Premium Dumps

Latest CAS-004 Exam Premium Dumps provide by TrainingQuiz.com to help you Passing CAS-004 Exam! TrainingQuiz.com offers the updated CAS-004 exam dumps, the TrainingQuiz.com CAS-004 exam questions has been updated to correct Answer. Get the latest TrainingQuiz.com CAS-004 pdf dumps with Exam Engine here:

(620 Q&As Dumps, 40%OFF Special Discount: DumpsDB)

Question 121

A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

Which of the following MOST appropriate corrective action to document for this finding?

A.The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.
B.The product owner should perform a business impact assessment regarding the ability to implement a WAF.
C.The system administrator should evaluate dependencies and perform upgrade as necessary.
D.The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

Question 122

A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?
A) Personal health information: Inform the human resources department of the breach and review the DLP logs.
B) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.
C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.
D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

A.Option B
B.Option A
C.Option C
D.Option D

Question 123

A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

A.CAPTCHA
B.Data encoding
C.Network intrusion prevention
D.Input validation

Question 124

A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue. Which of the following security configurations is MOST likely the cause of the error?

A.TLS 1.2
B.HSTS
C.Certificate pinning
D.Client authentication

Question 125

A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?
A) Personal health information: Inform the human resources department of the breach and review the DLP logs.
) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.
C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.
D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

A.Option C
B.Option A
C.Option D
D.Option B