CAS-004 Free Practice Test

A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.
Which of the following would BEST safeguard the APIs? (Choose two.)

1. A. Bot protection
2. B. OAuth 2.0
3. C. Input validation
4. D. Autoscaling endpoints
5. E. Rate limiting
6. F. CSRF protection

Correct Answer: DE

A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:
Support all phases of the SDLC. Use tailored website portal software.
Allow the company to build and use its own gateway software. Utilize its own data management platform.
Continue using agent-based security tools.
Which of the following cloud-computing models should the CIO implement?

1. A. SaaS
2. B. PaaS
3. C. MaaS
4. D. IaaS

Correct Answer: D

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.
Which of the following would BEST secure the company’s CI/CD pipeline?

1. A. Utilizing a trusted secrets manager
2. B. Performing DAST on a weekly basis
3. C. Introducing the use of container orchestration
4. D. Deploying instance tagging

Correct Answer: A

A forensic investigator would use the foremost command for:

1. A. cloning disks.
2. B. analyzing network-captured packets.
3. C. recovering lost files.
4. D. extracting features such as email addresses

Correct Answer: C