Free CAS-004 Exam Braindumps

A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:
• Enforce MFA for RDP
• Ensure RDP connections are only allowed with secure ciphers.
The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls Of ACLs.
Which of the following should the security architect recommend to meet these requirements?

1. A. Implement a reverse proxy for remote desktop with a secure cipher configuration enforced.
2. B. Implement a bastion host with a secure cipher configuration enforced.
3. C. Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP
4. D. Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.

Correct Answer: A

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:
Only users with corporate-owned devices can directly access servers hosted by the cloud provider.
User browser activity can be monitored.
Which of the following solutions would BEST meet these requirements?

1. A. IAM gateway, MDM, and reverse proxy
2. B. VPN, CASB, and secure web gateway
3. C. SSL tunnel, DLP, and host-based firewall
4. D. API gateway, UEM, and forward proxy

Correct Answer: B

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

1. A. Hybrid IaaS solution in a single-tenancy cloud
2. B. Pass solution in a multinency cloud
3. C. SaaS solution in a community cloud
4. D. Private SaaS solution in a single tenancy cloud.

Correct Answer: D

A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

1. A. Installing a network firewall
2. B. Placing a WAF inline
3. C. Implementing an IDS
4. D. Deploying a honeypot

Correct Answer: B

A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.
Which of the following is a security concern that will MOST likely need to be addressed during migration?

1. A. Latency
2. B. Data exposure
3. C. Data loss
4. D. Data dispersion

Correct Answer: B