CAS-004 Exam Question 261
A threat analyst notices the following URL while going through the HTTP logs.
Which of the following attack types is the threat analyst seeing?
Which of the following attack types is the threat analyst seeing?
CAS-004 Exam Question 262
An e-commerce company is running a web server on premises, and the resource utilization is usually less than
30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.
Which of the following is the MOST cost-effective solution?
30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.
Which of the following is the MOST cost-effective solution?
CAS-004 Exam Question 263
Due to a recent acquisition, the security team must find a way to secure several legacy applications. During a review of the applications, the following issues are documented:
- The applications are considered mission-critical.
- The applications are written in code languages not currently
supported by the development staff.
- Security updates and patches will not be made available for the
applications.
- Username and passwords do not meet corporate standards.
- The data contained within the applications includes both PII and PHI.
- The applications communicate using TLS 1.0.
- Only internal users access the applications.
Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?
- The applications are considered mission-critical.
- The applications are written in code languages not currently
supported by the development staff.
- Security updates and patches will not be made available for the
applications.
- Username and passwords do not meet corporate standards.
- The data contained within the applications includes both PII and PHI.
- The applications communicate using TLS 1.0.
- Only internal users access the applications.
Which of the following should be utilized to reduce the risk associated with these applications and their current architecture?
CAS-004 Exam Question 264
A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.
After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?
After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?
CAS-004 Exam Question 265
A security administrator was informed that a server unexpectedly rebooted. The administrator received an export of syslog entries for analysis:
Which of the following does the log sample indicate? (Choose two.)
Which of the following does the log sample indicate? (Choose two.)