Online Access Free CAS-005 Exam Questions

A security architect is establishing requirements to design resilience in un enterprise system trial will be extended to other physical locations. The system must
* Be survivable to one environmental catastrophe
* Re recoverable within 24 hours of critical loss of availability
* Be resilient to active exploitation of one site-to-site VPN solution

• A.Use orchestration to procure, provision, and transfer application workloads lo cloud services
• B.Employ layering of routers from diverse vendors
• C.Allocate fully redundant and geographically distributed standby sites.
• D.Lease space to establish cold sites throughout other countries
• E.Implement full weekly backups to be stored off-site for each of the company ' s sites
• F.Load-balance connection attempts and data Ingress at internet gateways

A development team must create a website to share indicators of compromise. The team wants to use APIs between industry peers to aid in configuring SIEM and SOAR. The team needs to create a free tier of service, and the senior developer insists on configuring rate limiting. Which of the following best describes the senior developer ' s reasoning?

• A.To limit the likelihood of resource exhaustion occurring on the API server
• B.To reduce attack surface exposure of the API endpoints connecting peers
• C.To address concerns the team has about API bandwidth utilization
• D.To prevent password-spraying attacks on the services hosting the API

A security engineer is implementing a code signing requirement for all code developed by the organization.
Currently, the PKI only generates website certificates. Which of the following steps should the engineer perform first?

• A.Recalculate a public/private key pair for the root CA.
• B.Implement a SAN for all internal web applications.
• C.Generate a wildcard certificate for the internal domain.
• D.Add a new template on the internal CA with the correct attributes.

A security analyst is performing a review of a web application. During testing as a standard user, the following error log appears:
Error Message in Database Connection
Connection to host USA-WebApp-Database failed
Database " Prod-DB01 " not found
Table " CustomerInfo " not found
Please retry your request later
Which of the following best describes the analyst's findings and a potential mitigation technique?

• A.The findings indicate information disclosure. The displayed error message should be modified.
• B.The findings indicate a SQL injection. The database needs to be upgraded.
• C.The findings indicate unsecure protocols. All cookies should be marked as HttpOnly.
• D.The findingsindicate unsecure references. All potential user input needs to be properly sanitized.

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors.
Which of the following categories best describes this type of vendor risk?

• A.Remote code signing
• B.SDLC attack
• C.Side-load attack
• D.Supply chain attack