QUESTION: 197

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime.
Which of the following should the analyst perform?

Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.
Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.
Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.
Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.

Answer(s): C

Reveal Solution Next Question

QUESTION: 198

An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following data:
• Clients successfully establish TLS connections to web services provided by the server.
• After establishing the connections, most client connections are renegotiated.
• The renegotiated sessions use cipher suite TLS_RSA_WITH_NULL_SHA.
Which of the following is the MOST likely root cause?

The clients disallow the use of modem cipher suites.
The web server is misconfigured to support HTTP/1.1
A ransomware payload dropper has been installed.
An entity is performing downgrade attacks on path.

Answer(s): D

Reveal Solution Next Question

QUESTION: 199

A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the logs, the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:
Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

Personal health information; Inform the human resources department of the breach and review the DLP logs.
Account history; Inform the relationship managers of the breach and create new accounts for the affected users.
Customer IDs; Inform the customer service department of the breach and work to change the account numbers.
PAN; Inform the legal department of the breach and look for this data in dark web monitoring.

Answer(s): D

Reveal Solution Next Question

QUESTION: 200

The Chief Information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However, the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices.
Which of the following should the CIO implement to achieve this goal?

BYOD
CYOD
COPE
MDM

Answer(s): D

Reveal Solution Next Question

Free CAS-004 Exam Braindumps (page: 50)

QUESTION: 197

QUESTION: 198

QUESTION: 199

QUESTION: 200