Download Latest CAS-004 Questions

SD-WAN (Software-Defined Wide Area Network) is a technology that allows organizations to use multiple, low-cost Internet connections to create a secure and dynamic WAN. SD-WAN can provide benefits such as lower costs, higher performance, and easier management compared to traditional WAN technologies, such as MPLS (Multiprotocol Label Switching).

However, SD-WAN also introduces some potential risks, such as:

The reliability and security of the Internet connections, which may vary depending on the location, provider, and traffic conditions.

The compatibility and interoperability of the SD-WAN hardware and software, which may come from different vendors or use different standards.

The availability and quality of the SD-WAN provider’s support, which may depend on the provider’s size, reputation, and outsourcing practices.

In this case, the CISO would most likely identify the risk that the SD-WAN provider uses a third party for support, because this could:

Affect the organization’s ability to resolve issues or request changes in a timely and effective manner.

Expose the organization’s network data and configuration to unauthorized or malicious parties.

Increase the complexity and uncertainty of the SD-WAN service level agreement (SLA) and contract terms.

WPA3-Personal is a simple, secure solution for a small business with a single access point. It uses a new security protocol called Simultaneous Authentication of Equals (SAE), which replaces the Pre-Shared Key (PSK) exchange with a more secure way to do initial key exchange. SAE also provides forward secrecy, which means that even if the password is compromised, the attacker cannot decrypt past or future data. WPA3-Personal also uses AES-128 in CCM mode as the minimum encryption algorithm, which is resistant to offline password attacks. WPA3-Personal requires low administrative overhead and supports a single SSID with no guest access. Verified References:

The developer would most likely implement a Root CA in the autonomous vehicle’s software. A Root CA is the top-level authority in a PKI that issues and validates certificates for subordinate CAs or end entities. A Root CA can be self-signed and embedded in the vehicle’s software, which would reduce the need for external communication and verification. A Root CA would also enable the vehicle to use digital signatures and encryption for secure communication with other vehicles or infrastructure. Verified References:

Order of volatility is a procedure that a computer forensics examiner must follow during evidence collection. It refers to the order in which digital evidence is collected, starting with the most volatile and moving to the least volatile. Volatile data is data that is not permanent and is easily lost, such as data in memory when you turn off a computer. The security analyst should have followed the order of volatility to preserve the most fragile evidence first, such as the malicious script running as a background process, before turning off the infected machine. Verified References: