CompTIA CAS-004 Practice Test - Questions Answers, Page 32

A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in

the service being unavailable. V*Vh1ch of the following would BEST prevent this scenario from happening again?

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select THREE).

Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition, Company A is requiring the following:

* Before the merger is complete, users from both companies should use a single set of usernames and passwords.

* Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.

* Users from Company B should be able to access Company A's available resources.

Which of the following are the BEST solutions? (Select TWO).

A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

* The highest form Of web identity validation

* Encryption of all web transactions

* The strongest encryption in-transit

* Logical separation based on data sensitivity

Other things that should be considered include:

* The company operates multiple other websites that use encryption.

* The company wants to minimize total expenditure.

* The company wants to minimize complexity

Which of the following should the company implement on its new website? (Select TWO).

A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?

A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?

A consultant needs access to a customer's cloud environment. The customer wants to enforce the following engagement requirements:

* All customer data must remain under the control of the customer at all times.

* Third-party access to the customer environment must be controlled by the customer.

* Authentication credentials and access control must be under the customer's control.

Which of the following should the consultant do to ensure all customer requirements are satisfied when accessing the cloud environment?