Question 1mediummultiple choice
Read the full Governance, Risk and Compliance explanation →CAS-004 Governance, Risk and Compliance • Complete Question Bank
Complete CAS-004 Governance, Risk and Compliance question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit.
```json
{
"PolicyName": "IAM-AdminAccess",
"PolicyDocument": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "*",
"Resource": "*"
}
]
}
}
```Refer to the exhibit. ``` C:\.ssh> ssh admin@192.168.1.100 admin@192.168.1.100's password: Permission denied, please try again. admin@192.168.1.100's password: Permission denied, please try again. admin@192.168.1.100's password: Received disconnect from 192.168.1.100 port 22:2: Too many authentication failures Authentication failed. ```
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
RDP
SSH
HTTPS
LDAP
LDAPS
Drag a concept onto its matching description — or click a concept then click the description.
Symmetric block cipher
Asymmetric public-key cryptosystem
Hash function (one-way)
Elliptic curve digital signature algorithm
Keyed-hash message authentication code
Refer to the exhibit. Firewall rule: rule id 10: allow source 203.0.113.0/24 destination 10.0.1.100 service any
Refer to the exhibit.
{
"Effect": "Allow",
"Principal": "*",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::mybucket/*"
}Refer to the exhibit. Log entry: 2025-02-14 09:23:45 VPN login FAILED from IP 192.0.2.10 user admin 2025-02-14 09:23:46 VPN login FAILED from IP 192.0.2.10 user admin 2025-02-14 09:23:47 VPN login FAILED from IP 192.0.2.10 user admin 2025-02-14 09:23:48 VPN login SUCCESS from IP 192.0.2.10 user admin
Refer to the exhibit. ``` access-list 101 deny ip any 10.0.0.0 0.0.0.255 ```
Refer to the exhibit.
```json
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "s3:GetObject",
"Resource": "arn:aws:s3:::example-bucket/*",
"Condition": {
"StringEquals": {
"aws:sourceVpce": "vpce-123abc"
}
}
}
]
}
```Refer to the exhibit. ``` The Processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: (a) the pseudonymization and encryption of personal data; (b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; (c) the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; (d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing. ```
Vulnerability Scan Report Host: 10.0.0.50 Port: 443 Vulnerability: TLS 1.0 enabled (CVE-2016-2183) Severity: High CVSS: 7.5 PCI DSS: Non-compliant (Requirement 4.1)
[2024-01-15 02:34:12] ALLOW TCP 192.168.1.200:55432 -> 10.0.0.10:1433 [2024-01-15 02:34:18] ALLOW TCP 192.168.1.200:55433 -> 10.0.0.10:1433 [2024-01-15 02:34:25] ALLOW TCP 192.168.1.200:55434 -> 10.0.0.10:1433
{
"dataClassification": {
"levels": ["Public", "Internal", "Confidential", "Critical"],
"default": "Internal",
"rules": [
{"dataType": "PII", "level": "Confidential"},
{"dataType": "PCI", "level": "Critical"}
]
}
}Refer to the exhibit.
{
"dataClassification": {
"policyName": "Corporate Data Classification",
"version": "2.1",
"categories": [
{
"label": "Public",
"allowedStorage": ["SharePoint Online"],
"allowedTransmission": ["Email (unencrypted)"]
},
{
"label": "Internal",
"allowedStorage": ["SharePoint Online", "On-premises file server"],
"allowedTransmission": ["Email with TLS", "VPN"]
},
{
"label": "Confidential",
"allowedStorage": ["On-premises encrypted database"],
"allowedTransmission": ["VPN only", "Encrypted email"]
},
{
"label": "Restricted",
"allowedStorage": ["Air-gapped system"],
"allowedTransmission": ["None (physical transfer only)"]
}
]
},
"event": "User attempted to send a document classified as 'Confidential' via unencrypted email."
}Refer to the exhibit. CIS Controls Assessment Results: Control 3: Data Protection — Score: 2/5 - Subcontrol 3.1: Inventory of sensitive data — 0/5 (Not implemented) - Subcontrol 3.2: Encryption of sensitive data at rest — 4/5 - Subcontrol 3.3: Encryption of sensitive data in transit — 3/5 Control 8: Incident Response — Score: 3/5 - Subcontrol 8.1: Incident response plan — 5/5 - Subcontrol 8.2: Incident response testing — 1/5 Control 13: Network Monitoring and Defense — Score: 1/5 - Subcontrol 13.1: Centralized logging — 2/5 - Subcontrol 13.2: Intrusion detection — 0/5