CompTIA CAS-004 Practice Test - Questions Answers, Page 57

A new VM server (Web Server C) was spun up in the cloud and added to the load balancer to an existing web application (Application A) that does not require internet access. Sales users are reporting intermittent issues with this application when processing orders that require access to the warehouse department.

Given the following information:

Firewall rules: Existing rules do not account for Web Server C's IP address (10.2.0.92).

Application A Security Group: Inbound rules and outbound rules are insufficient for the new server.

The security team wants to minimize the firewall rule set by avoiding specific host rules whenever possible. Which of the following actions must be taken to resolve the issue and meet the security team's requirements?

A security administrator is assessing the risk associated with using a software tool built by a small start-up company to provide product pricing updates. Which of the following risks would most likely be a factor?

A security analyst is evaluating all third-party software an organization uses. The analyst discovers that each department is violating the organization's policy by provisioning access to SaaS products without oversight from the security group and without using a centralized access control methodology. Which of the following should the organization use to enforce its SaaS product access requirements?

SIMULATION

You have received a report that some users are unable to use their personal devices to

authenticate to a protected corporate website. The users have stated that no changes have been made on their personal devices since the last time they were able to authenticate successfully.

INSTRUCTIONS

Examine the device health policy for the MFA solution, the MFA usage logs, and the device

telemetry. Using that information:

. Select the policy/policies that were violated.

. Select the telemetry log(s) that

explain(s) the policy violations.

SIMULATION

You are an information security analyst tasked to provide feedback and remediation

guidance to an organization that is working to comply with a prescriptive framework.

The framework includes the following controls related to network design:

. Network hosts must be segmented into security domains.

. A screened subnet must be used for all externally available assets.

. A shared services zone must be present for internal servers and should not contain workstations.

INSTRUCTIONS

Based on the stated requirements, place each resource in the appropriate network location. All resources must be used, and all network zones will be filled.

An organization is deploying a container-based application that requires persistence of sensitive information on the filesystem. The filesystem will be deployed into a cloud environment. The information that will persist will include PHI (Protected Health Information). Which of the following solutions would be best to ensure confidentiality of information at rest?

A company performs an annual attack surface analysis and identifies a large number of unexpected, external-facing systems. The Chief Information Security Officer (CISO) wishes to ensure this issue does not reoccur. Which of the following should the company do?

A security architect is improving a healthcare organization's security posture. Most of the software is cloud-based, but some old applications are still running on a server on-site. Medical devices using such applications require very low latency. The most important consideration isconfidentiality, followed byavailability, and thenintegrity. Which of the following is thefirst stepthe security architect should implement to protect PII?

A recentDASTscan indicates an application has multiple issues withpath traversal. Which of the following is thebestaction for the development team to take?