Free CAS-004 Exam Braindumps

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.
Which of the following is the BEST solution?

1. A. Deploy an RA on each branch office.
2. B. Use Delta CRLs at the branches.
3. C. Configure clients to use OCSP.
4. D. Send the new CRLs by using GPO.

Correct Answer: C

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.
Which of the following should be the analyst’s FIRST action?

1. A. Create a full inventory of information and data assets.
2. B. Ascertain the impact of an attack on the availability of crucial resources.
3. C. Determine which security compliance standards should be followed.
4. D. Perform a full system penetration test to determine the vulnerabilities.

Correct Answer: A

A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

1. A. Community cloud service model
2. B. Multinency SaaS
3. C. Single-tenancy SaaS
4. D. On-premises cloud service model

Correct Answer: A

A help desk technician just informed the security department that a user downloaded a suspicious file from internet explorer last night. The user confirmed accessing all the files and folders before going home from work. the next morning, the user was no longer able to boot the system and was presented a screen with a phone number. The technician then tries to boot the computer using wake-on-LAN, but the system would not come up. which of the following explains why the computer would not boot?

1. A. The operating system was corrupted.
2. B. SElinux was in enforced status.
3. C. A secure boot violation occurred.
4. D. The disk was encrypted.

Correct Answer: A

An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed.
Which of the following side-channel attacks did the team use?

1. A. Differential power analysis
2. B. Differential fault analysis
3. C. Differential temperature analysis
4. D. Differential timing analysis

Correct Answer: B
"Differential fault analysis (DFA) is a type of active side-channel attack in the field of cryptography, specifically cryptanalysis. The principle is to induce faults—unexpected environmental conditions—into cryptographic operations, to reveal their internal states."