Exam Name: | CompTIA SecurityX Certification Exam | ||
Exam Code: | CAS-004 Dumps | ||
Vendor: | CompTIA | Certification: | CompTIA CASP |
Questions: | 571 Q&A's | Shared By: | melanie |
A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing aCAPTCHAsystem on the web store to help reduce thenumber of video cards purchased through automated systems. Which of the following now describes the level of risk?
Based on a recent security audit, a company discovered the perimeter strategy is inadequate for its recent growth. To address this issue, the company is looking for a solution that
includes the following requirements:
• Collapse of multiple network security technologies into a single footprint
• Support for multiple VPNs with different security contexts
• Support for application layer security (Layer 7 of the OSI Model)
Which of the following technologies would be the most appropriate solution given these requirements?
A security analyst is reviewing the following output from a vulnerability scan of an organization's internet-facing web services:
•Line 06: Hostname sent via SNI does not match certificate.
•Line 10: Certificate not validated by OCSP.
•Line 13: Weak SHA-1 signature algorithm detected.
•Line 17: TLS 1.2 cipher suite negotiated.
•Line 18: SSL session not using forward secrecy.
Which of the following indicates a susceptibility whereby an attacker can take advantage of the trust relationship between the client and the server?
A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port The service cannot be turned off, as it would impact a critical application's ability to function. Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited?