CompTIA Updated CAS-004 Exam Questions and Answers by jannah

PCI DSS (Payment Card Industry Data Security Standard) is the most appropriate governance framework when collecting and processing credit card data, including international user data. PCI DSS establishes security standards for organizations that handle payment card transactions and ensures the protection of cardholder data globally. The other options, such as ISO 27001 and NIST 800-53, provide general security frameworks, but PCI DSS is specifically designed for payment card security, which is critical when handling credit card information. CASP+ emphasizes the role of PCI DSS in ensuring the secure handling of payment data.

References:

CASP+ CAS-004 Exam Objectives: Domain 1.0 – Risk Management (PCI DSS Compliance for Payment Systems)

CompTIA CASP+ Study Guide: Payment Systems Security and PCI DSS

To protect confidential financial information on a laptop that is frequently moved between locations, full disk encryption (FDE) is a strong security measure that ensures that all data on the hard drive is encrypted. This means that if the laptop is lost or stolen, the data remains inaccessible without the encryption key. Additionally, backing up the file to an encrypted flash drive provides an extra layer of security and ensures that there is a secure copy of the file in case the laptop is compromised.

Step by Step Explanation:

The information disclosed in the error message (e.g., "Apache Tomcat 7.0.52") provides attackers insights into the software version, which may have known vulnerabilities.

Correcting this issue ensures that attackers cannot use the disclosed information to tailor more sophisticated or targeted attacks.

Best practices include suppressing unnecessary error details to mitigate the risk of information disclosure.

Non-repudiation ensures that a sender cannot deny having sent a message, achieved through digital signatures provided by PKI. This aligns with CASP+ objective 3.2, emphasizing cryptographic assurance in communication.