CompTIA Advanced Security Practitioner (CASP+) - CAS-004 模擬練習

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.
Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

正解: C
解説: (PassTest メンバーにのみ表示されます)
A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:

Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

正解: E,F
解説: (PassTest メンバーにのみ表示されます)
A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

正解: D
解説: (PassTest メンバーにのみ表示されます)
Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?

正解: B
解説: (PassTest メンバーにのみ表示されます)
A security analyst received a report that a suspicious flash drive was picked up in the office's waiting area, located beyond the secured door. The analyst investigated the drive and found malware designed to harvest and transmit credentials. Security cameras in the area where the flash drive was discovered showed a vendor representative dropping the drive. Which of the following should the analyst recommend as an additional way to identify anyone who enters the building, in the event the camera system fails?

正解: D
解説: (PassTest メンバーにのみ表示されます)
A company's BIA indicates that any loss of more than one hour of data would be catastrophic to the business.
Which of the following must be in place to meet this requirement?

正解: B
解説: (PassTest メンバーにのみ表示されます)
A company has been the target of LDAP injections, as well as brute-force, whaling, and spear-phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords. Which of the following additional controls should the company deploy?

正解: D
解説: (PassTest メンバーにのみ表示されます)
A web application server is running a legacy operating system with an unpatched RCE (Remote Code Execution) vulnerability. The server cannot be upgraded until the corresponding application code is updated.
Which of the following compensating controls would prevent successful exploitation?

正解: C
解説: (PassTest メンバーにのみ表示されます)
A company underwent an audit in which the following issues were enumerated:
* Insufficient security controls for internet-facing services, such as VPN and extranet
* Weak password policies governing external access for third-party vendors Which of the following strategies would help mitigate the risks of unauthorized access?

正解: A
解説: (PassTest メンバーにのみ表示されます)
A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.
Which of the following sources could the architect consult to address this security concern?

正解: D
解説: (PassTest メンバーにのみ表示されます)
A security architect discovers the following while reviewing code for a company's website:
selection = "SELECT Item FROM Catalog WHERE ItemID * " & Request("ItemID") Which of the following should the security architect recommend?

正解: A
解説: (PassTest メンバーにのみ表示されます)
A software developer needs to add an authentication method to a web application. The following requirements must be met:
* The web application needs to use well-supported standards.
* The initial login to the web application should rely on an outside, trusted third party.
* The login needs to be maintained for up to six months.
Which of the following would best support these requirements? (Select two).

正解: E,F
解説: (PassTest メンバーにのみ表示されます)
Company A is establishing a contractual with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements

正解: A
解説: (PassTest メンバーにのみ表示されます)
A security engineer is trying to identify instances of a vulnerability in an internally developed line of business software. The software is hosted at the company's internal data center. Although a standard vulnerability definition does not exist, the identification and remediation results should be tracked in the company's vulnerability management system. Which of the following should the engineer use to identify this vulnerability?

正解: B
解説: (PassTest メンバーにのみ表示されます)