ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 509 discussion

Actual exam question from CompTIA's CAS-004
Question #: 509
Topic #: 1
[All CAS-004 Questions]

A company recently migrated its critical web application to a cloud provider’s environment. As part of the company's risk management program, the company intends to conduct an external penetration test. According to the scope of work and the rules of engagement, the penetration tester will validate the web application's security and check for opportunities to expose sensitive company information in the newly migrated cloud environment. Which of the following should be the first consideration prior to engaging in the test?

  • A. Prepare a redundant server to ensure the critical web application's availability during the test.
  • B. Obtain agreement between the company and the cloud provider to conduct penetration testing.
  • C. Ensure the latest patches and signatures are deployed on the web server.
  • D. Create an NDA between the external penetration tester and the company.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by 23169fd at July 18, 2024, 7:52 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Steel16
1 week, 2 days ago
Selected Answer: B
o This step is crucial for several reasons:  Legal compliance: Cloud providers have strict policies regarding security testing on their infrastructure. Conducting a penetration test without prior approval could violate the terms of service and potentially lead to legal issues  Shared responsibility model: In cloud environments, the responsibility for security is shared between the customer and the provider. The cloud provider needs to be aware of any testing to ensure it doesn’t interfere with their operations or other customers’ services  Avoiding false alarms: Notifying the cloud provider prevents them from misinterpreting the penetration test as an actual attack, which could result in unnecessary incident response measures or service disruptions
upvoted 1 times
...
gbemimatti
3 months, 3 weeks ago
Selected Answer: B
going for B
upvoted 1 times
...
23169fd
8 months ago
Selected Answer: B
B. Obtain agreement between the company and the cloud provider to conduct penetration testing is the most critical first consideration. This ensures that the test is conducted legally and within the cloud provider’s policies, preventing any potential violations or disruptions.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago