CompTIA CAS-005 Practice Test - Questions Answers, Page 16

An organization that performs real-time financial processing is implementing a new backup solution. Given the following business requirements:

The backup solution must reduce the risk of potential backup compromise.

The backup solution must be resilient to a ransomware attack.

The time to restore from backups is less important than backup data integrity.

Multiple copies of production data must be maintained.

Which of the following backup strategies best meets these requirements?

A company migrating to a remote work model requires that company-owned devices connect to a VPN before logging in to the device itself. The VPN gateway requires that a specific key extension is deployed to the machine certificates in the internal PKI. Which of the following best explains this requirement?

An organization has noticed an increase in phishing campaigns utilizing typosquatting. A security analyst needs to enrich the data for commonly used domains against the domains used in phishing campaigns. The analyst uses a log forwarder to forward network logs to the SIEM. Which of the following would allow the security analyst to perform this analysis?

An analyst reviews a SIEM and generates the following report:

Only HOST002 is authorized for internet traffic. Which of the following statements is accurate?

A compliance officer is facilitating a business impact analysis (BIA) and wants business unit leaders to collect meaningful data. Several business unit leaders want more information about the types of data the officer needs.

Which of the following data types would be the most beneficial for the compliance officer? (Select two)

A company's SIEM is designed to associate the company's asset inventory with user events. Given the following report:

Which of the following should a security engineer investigate first as part of a log audit?

During a recent security event, access from the non-production environment to the production environment enabled unauthorized users to:

Install unapproved software

Make unplanned configuration changes

During the investigation, the following findings were identified:

Several new users were added in bulk by the IAM team

Additional firewalls and routers were recently added

Vulnerability assessments have been disabled for more than 30 days

The application allow list has not been modified in two weeks

Logs were unavailable for various types of traffic

Endpoints have not been patched in over ten days

Which of the following actions would most likely need to be taken to ensure proper monitoring? (Select two)

A building camera is remotely accessed and disabled from the remote console application during off-hours. A security analyst reviews the following logs:

Which of the following actions should the analyst take to best mitigate the threat?

A company must build and deploy security standards for all servers in its on-premises and cloud environments based on hardening guidelines. Which of the following solutions most likely meets the requirements?