Sure Pass Exam CAS-004 PDF

Step by Step Explanation:

RPO (Recovery Point Objective): Specifies the maximum acceptable amount of data loss measured in time. If data loss of more than one hour is unacceptable, the RPO should be set to less than or equal to one hour.

RTO (Recovery Time Objective): Refers to the acceptable duration of system downtime, which is not relevant to the question.

The BCP, DRP, and SLA do not directly address data loss.

Passive scanning is the safest approach for SCADA systems to avoid disrupting their operations. It detects vulnerabilities by analyzing network traffic without directly interacting with the systems, aligning with CASP+ objective 4.2, which focuses on securing critical systems and reducing risks during vulnerability management.

Passive scanning collects network and device information without sending intrusive probes, which is critical for SCADA (Supervisory Control and Data Acquisition) systems as they are highly sensitive to disruptions.

Web application scanning focuses on website vulnerabilities and is irrelevant to SCADA systems.

Agent-based scanning involves installing software agents, which may not be feasible for SCADA.

Authenticated scanning requires credentials, which can still disrupt SCADA devices.

References:

CompTIA CASP+ Exam Objective 4.1: Conduct vulnerability scans to evaluate the state of system security.

CASP+ Study Guide, 5th Edition, Chapter 7, Specialized Vulnerability Scanning.

________________________________________

If the asymmetric private key defined in the write-once read-many (WORM) portion of the System on Chip (SoC) is compromised, the IoT device manufacturer cannot simply replace or update the key through software changes due to the nature of WORM memory. The compromised key would necessitate the production of a new IoT device with a redesigned SoC that includes a new, secure private key. This is because the integrity of the encryption module is fundamental to the device's security, and a compromised key cannot be allowed to persist in the hardware.

The network administrator is noticing a web attack that attempts to access the /etc/shadow file on a Linux web server. The /etc/shadow file contains the encrypted passwords of all users on the system and is a common target for attackers. The attack uses a technique called directory traversal, which exploits a vulnerability in the web application that allows an attacker to access files or directories outside of the intended scope by manipulating the file path.

Validating the server input and appending the input to the base directory path would be the best action for the network administrator to take to defend against this type of web attack, because it would:

Check the user input for any errors, malicious data, or unexpected values before processing it by the web application.

Prevent directory traversal by ensuring that the user input is always relative to the base directory path of the web application, and not absolute to the root directory of the web server.

Deny access to any files or directories that are not part of the web application’s scope or functionality.