CAS-004 Free Practice Test

A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?

1. A. Accept
2. B. Avoid
3. C. Transfer
4. D. Mitigate

Correct Answer: D

An organization is preparing to migrate its production environment systems from an on- premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment.
Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?

1. A. Migrating operations assumes the acceptance of all risk.
2. B. Cloud providers are unable to avoid risk.
3. C. Specific risks cannot be transferred to the cloud provider.
4. D. Risks to data in the cloud cannot be mitigated.

Correct Answer: C
According to NIST SP 800-146, cloud computing introduces new risks that need to be assessed and managed by the cloud consumer. Some of these risks are related to the shared responsibility model of cloud computing, where some security controls are implemented by the cloud provider and some by the cloud consumer. The cloud consumer cannot transfer all the risks to the cloud provider and needs to understand which risks are retained and which are mitigated by the cloud provider.3

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

1. A. DLP
2. B. Mail gateway
3. C. Data flow enforcement
4. D. UTM

Correct Answer: A
A DLP system is the best option for the company to mitigate the risk of losing its proprietary enhancements to competitors. DLP stands for data loss prevention, which is a set of tools and policies that aim to prevent unauthorized access, disclosure, or exfiltration of sensitive data. DLP can monitor, filter, encrypt, or block data transfers based on predefined rules and criteria, such as content, source, destination, etc. DLP can help protect the company’s intellectual property and trade secrets from being compromised by malicious actors or accidental leaks. Verified References: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://www.csoonline.com/article/3245746/what-is-dlp-data-loss-prevention-and-how- does-it-work.html

Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

1. A. Remote provider BCDR
2. B. Cloud provider BCDR
3. C. Alternative provider BCDR
4. D. Primary provider BCDR

Correct Answer: B

A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:
• All remote devices to have up-to-date antivirus
• An up-to-date and patched OS
Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

1. A. NAC
2. B. WAF
3. C. NIDS
4. D. Reverse proxy
5. E. NGFW
6. F. Bastion host

Correct Answer: AC