Free CAS-004 Exam Braindumps

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.

Which of the following phases establishes the identification and prioritization of critical systems and functions?

  1. Review a recent gap analysis.
  2. Perform a cost-benefit analysis.
  3. Conduct a business impact analysis.
  4. Develop an exposure factor matrix.

Answer(s): C


Reference:

https://itsm.ucsf.edu/business-impact-analysis-bia-0



A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.

Which of the following offers an authoritative decision about whether the evidence was obtained legally?

  1. Lawyers
  2. Court
  3. Upper management team
  4. Police

Answer(s): A



Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.

Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?

  1. Drive wiping
  2. Degaussing
  3. Purging
  4. Physical destruction

Answer(s): B


Reference:

https://securis.com/data-destruction/degaussing-as-a-service/



A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.

Which of the following techniques would BEST support this?

  1. Configuring systemd services to run automatically at startup
  2. Creating a backdoor
  3. Exploiting an arbitrary code execution exploit
  4. Moving laterally to a more authoritative server/service

Answer(s): B



A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.

When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ОТ network?

  1. Packets that are the wrong size or length
  2. Use of any non-DNP3 communication on a DNP3 port
  3. Multiple solicited responses over time
  4. Application of an unsupported encryption algorithm

Answer(s): C