To ensure that logs from a legacy platform are properly retained beyond the default retention period, configuring the SIEM to aggregate the logs is the best approach. SIEM solutions are designed to collect, aggregate, and store logs from various sources, providing centralized log management and retention. This setup ensures that logs are retained according to policy and can be easily accessed for analysis and compliance purposes.
Reference:
CompTIA SecurityX Study Guide: Discusses the role of SIEM in log management and retention.
NIST Special Publication 800-92, "Guide to Computer Security Log Management": Recommends the use of centralized log management solutions, such as SIEM, for effective log retention and analysis.
"Security Information and Event Management (SIEM) Implementation" by David Miller: Covers best practices for configuring SIEM systems to aggregate and retain logs from various sources.

The routing entry 0.0.0.0/0 forces all traffic from remote clients-including traffic destined for the public internet-through the VPN tunnel. This is called full-tunnel VPN routing. While it ensures strong security by forcing all traffic to pass through corporate controls, it can also overload VPN gateways and cause slow access to both internal and external applications, as seen in this scenario.
The correct fix is to enable split tunneling (B). Split tunneling allows only corporate traffic (e.g., private IP ranges or internal applications) to flow through the VPN, while internet-bound traffic routes directly to the internet. This reduces congestion on VPN concentrators, improves performance for remote users, and ensures efficient use of bandwidth.
Moving servers to a screened subnet (A) relates to internal segmentation but does not fix the VPN bottleneck. NAC (C) enforces device compliance but does not address routing inefficiencies. DNS over HTTPS (D) secures name resolution but is unrelated to network congestion.
Thus, enabling split tunneling balances security and performance for remote workers.

Comprehensive and Detailed
Managing telemetry and differentiating it by office requires a way to categorize data. Let's evaluate:
A . Sensor placement:Useful for data collection but doesn't inherently differentiate by office.
B . Data labeling:Assigns metadata (e.g., office location) to telemetry, enabling differentiation. This aligns with CAS-005's focus on data management for security operations.
C . Continuous monitoring:Ensures ongoing data collection but doesn't address differentiation.

B . Pre-commit code linting: Linting tools analyze code for syntax errors and adherence to coding standards before the code is committed to the repository. This helps catch minor code issues early in the development process, reducing the likelihood of deployment failures.
D . Automated regression testing: Automated regression tests ensure that new code changes do not introduce bugs or regressions into the existing codebase. By running these tests automatically during the deployment process, developers can catch issues early and ensure the stability of the development environment.
Other options:
A . Software composition analysis: This helps identify vulnerabilities in third-party components but does not directly address code quality or deployment failures.
C . Repository branch protection: While this can help manage the code submission process, it does not directly prevent deployment failures caused by code issues or security check failures.
E . Code submit authorization workflow: This manages who can submit code but does not address the quality of the code being submitted.
F . Pipeline compliance scanning: This checks for compliance with security policies but does not address syntax or regression issues.
Reference:
CompTIA Security+ Study Guide
"Continuous Integration and Continuous Delivery" by Jez Humble and David Farley OWASP (Open Web Application Security Project) guidelines on secure coding practices

The most secure way to prevent inadvertent data disclosure when encrypted SSDs are reused is to securely delete the encryption keys used by the SSD. Without the encryption keys, the data on the SSD remains encrypted and is effectively unreadable, rendering any residual data useless. This method is more reliable and efficient than overwriting data multiple times or using other physical destruction methods.
Reference:
CompTIA SecurityX Study Guide: Highlights the importance of managing encryption keys and securely deleting them to protect data.
NIST Special Publication 800-88, "Guidelines for Media Sanitization": Recommends cryptographic erasure as a secure method for sanitizing encrypted storage devices.