Free Practice Questions for CompTIA CAS-004 Exam

Soft delete allows blobs to be deleted, but the data remains accessible for a period of time before it is permanently deleted. This allows the company to delete blobs as needed, while still affording enough time for the backup process to complete. After the backup process is complete, the blobs can be permanently deleted.

 The company using the wrong port is the most likely root cause of why secure LDAP is not working. Secure LDAP is a protocol that provides secure communication between clients and servers using LDAP (Lightweight Directory Access Protocol), which is a protocol that allows querying and modifying directory services over TCP/IP. Secure LDAP uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) to encrypt LDAP traffic and prevent unauthorized disclosure or interception. 

Aligning the impact subscore requirements to the predetermined system categorization can help the analyst get a better picture of the risk while adhering to the organization’s policy. The impact subscore is one of the components of the CVSS base score, which reflects the severity of a vulnerability. The impact subscore is calculated based on three metrics: confidentiality, integrity, and availability. These metrics can be adjusted according to the system categorization, which defines the security objectives and requirements for a system based on its potential impact on an organization’s operations and assets. By aligning the impact subscore requirements to the system categorization, the analyst can ensure that the CVSS scores reflect the true impact of a vulnerability on a specific system and prioritize remediation accordingly. 

The cloud architecture team should implement Autoscaling (C), WAF (D) and Encryption (F). Autoscaling (C) will ensure that the application is running at 70% capacity at all times. WAF (D) will protect the application from DoS and DDoS attacks. Encryption (F) will protect the data from unauthorized access and ensure that the sensitive workloads remain secure.

Problem Statement:

The CIO needs a solution that:

Supportsenterprise mobility(employees accessing resources from various devices).

Allowsenforcement of configuration settings.

Enablesdata managementanddevice managementfor bothcompany-owned and personal devices.

Why the Correct Answer is D (MDM - Mobile Device Management):

MDM (Mobile Device Management)is a comprehensive solution that:

Manages both corporate and personal devicesby enrolling them into a centralized system.

Enforcesconfiguration policies, such aspassword policies, encryption settings, and app restrictions.

Providesremote management capabilitieslikewipe, lock, or locatein case of theft or loss.

Supportsdata separationon personal devices throughcontainerization.

MDM tools can integrate withBYOD, CYOD, and COPE policiesto providegranular controlregardless of device ownership.

Popular MDM solutions include:

Microsoft Intune

VMware Workspace ONE

MobileIron

Why the Other Options Are Incorrect:

A. BYOD (Bring Your Own Device):

BYOD policies allow employees touse personal devicesfor work.

However, BYOD alone does not providemanagement or enforcement capabilities.

MDM is requiredto manage BYOD effectively.

B. CYOD (Choose Your Own Device):

Employees select a device from apre-approved list, but theorganization retains ownership.

CYOD addressesdevice choicebut not thecomprehensive managementrequired.

MDMis still needed forenforcement and data control.

C. COPE (Corporate-Owned, Personally Enabled):

Devices arecompany-ownedbut allowpersonal use.

While it allowsmore controlthan BYOD, it still lacks thedevice management and data protectioncapabilities needed without MDM.

Why MDM is the Best Choice:

MDM integrates seamlessly withBYOD, CYOD, and COPEpolicies.

It provides theCIO with centralized management, allowing control over:

Application installations

Security configurations

Data access and protection

Device compliance

Additionally, MDM supportsmulti-platform environments(Android, iOS, Windows), making it versatile forenterprise mobility.

Real-World Example:

A company with aremote workforceallows employees to use bothcorporate and personal devicesfor accessing internal applications.

They implementMicrosoft Intune (an MDM solution)to:

Enforce encryption and passcodeson both device types.

Monitor app usageandbrowser activityfor compliance.

Remotely wipecompany data frompersonal devicesif an employee leaves.

Visual Representation:

pgsql

CopyEdit

+-------------------+ +-------------------+

| Company-Owned | | Personal Device |

| Device | | (BYOD) |

+-------------------+ +-------------------+

| |

| |

+-------------------+ +-------------------+

| MDM Server | <---------> | Policy Engine |

+-------------------+ +-------------------+

| |

Centralized Management Configuration Enforcement

The MDM server acts as acentral pointto enforce policies on bothcorporate and personal devices.

Extract from CompTIA SecurityX CAS-005 Study Guide:

TheCompTIA SecurityX CAS-005 Official Study GuidehighlightsMDMas a key component for managingenterprise mobility, especially in environments where bothcorporate and personal devicesare used. MDM enablespolicy enforcement,data management, anddevice control, fulfilling the requirements of modernmobile-first organizations.

A TLS inspection proxy can be used to monitor and enforce policy on HTTPS connections, ensuring that only valid traffic is allowed through and malicious traffic is blocked. Additionally, a filesystemintegrity monitoring service can be installed and configured on the telemetry server to monitor for any changes to the filesystem, allowing any malicious changes to be detected and blocked.