CAS-004 Free Practice Test

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.
Based on RPO requirements, which of the following recommendations should the management team make?

1. A. Leave the current backup schedule intact and pay the ransom to decrypt the data.
2. B. Leave the current backup schedule intact and make the human resources fileshare read-only.
3. C. Increase the frequency of backups and create SIEM alerts for IOCs.
4. D. Decrease the frequency of backups and pay the ransom to decrypt the data.

Correct Answer: C

A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.
Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?

1. A. NAC to control authorized endpoints
2. B. FIM on the servers storing the data
3. C. A jump box in the screened subnet
4. D. A general VPN solution to the primary network

Correct Answer: A
Network Access Control (NAC) is used to bolster the network security by restricting the availability of network resources to managed endpoints that don't satisfy the compliance requirements of the Organization.

A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.
Which of the following would be BEST to proceed with the transformation?

1. A. An on-premises solution as a backup
2. B. A load balancer with a round-robin configuration
3. C. A multicloud provider solution
4. D. An active-active solution within the same tenant

Correct Answer: C
An active-active cluster does nothing if the cloud provider goes down. One of the main features of multi-cloud is redundancy. https://www.cloudflare.com/learning/cloud/what-is-multicloud/

After a security incident, a network security engineer discovers that a portion of the company’s sensitive external traffic has been redirected through a secondary ISP that is not normally used.
Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

1. A. Disable BGP and implement a single static route for each internal network.
2. B. Implement a BGP route reflector.
3. C. Implement an inbound BGP prefix list.
4. D. Disable BGP and implement OSPF.

Correct Answer: C
Defenses against BGP hijacks include IP prefix filtering, meaning IP address announcements are sent and accepted only from a small set of well-defined autonomous systems, and monitoring Internet traffic to identify signs of abnormal traffic flows.

Which of the following are risks associated with vendor lock-in? (Choose two.)

1. A. The client can seamlessly move data.
2. B. The vendor can change product offerings.
3. C. The client receives a sufficient level of service.
4. D. The client experiences decreased quality of service.
5. E. The client can leverage a multicloud approach.
6. F. The client experiences increased interoperability.

Correct Answer: BD