A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

1. A. Text editor
2. B. OOXML editor
3. C. Event Viewer
4. D. XML style sheet
5. E. SCAP tool
6. F. Debugging utility

Correct Answer: BD

A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.
Which of the following offers an authoritative decision about whether the evidence was obtained legally?

1. A. Lawyers
2. B. Court
3. C. Upper management team
4. D. Police

Correct Answer: A

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

Which of the following ciphers should the security analyst remove to support the business requirements?

1. A. TLS_AES_128_CCM_8_SHA256
2. B. TLS_DHE_DSS_WITH_RC4_128_SHA
3. C. TLS_CHACHA20_POLY1305_SHA256
4. D. TLS_AES_128_GCM_SHA256

Correct Answer: B
The security analyst should remove the cipher TLS_DHE_DSS_WITH_RC4_128_SHA to support the business requirements, as it is considered weak and vulnerable to on-path attacks. RC4 is an outdated stream cipher that has been deprecated by major browsers and protocols due to its flaws and weaknesses. The other ciphers are more secure and compliant with secure-by-design principles and PCI DSS. Verified References: https://www.comptia.org/blog/what-is-a-cipher https://partners.comptia.org/docs/default-source/resources/casp-content-guide

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

1. A. Hybrid IaaS solution in a single-tenancy cloud
2. B. Pass solution in a multinency cloud
3. C. SaaS solution in a community cloud
4. D. Private SaaS solution in a single tenancy cloud.

Correct Answer: A
A hybrid IaaS solution in a single-tenancy cloud is the best option for the company to meet the computing demand while complying with healthcare standards for virtualization and cloud computing. A hybrid IaaS solution allows the company to use both on-premises and cloud-based resources to scale up its capacity and performance. A single-tenancy cloud ensures that the company’s data and applications are isolated from other customers and have dedicated resources and security controls. Verified References:
https://www.comptia.org/training/books/casp-cas-004-study-guide , https://www.hhs.gov/hipaa/for-professionals/special-topics/cloud-computing/index.html

A company Invested a total of $10 million lor a new storage solution Installed across live on-site datacenters. Fitly percent of the cost of this Investment was for solid-state storage.
Due to the high rate of wear on this storage, the company Is estimating that 5% will need to be replaced per year. Which of the following is the ALE due to storage replacement?

1. A. $50,000
2. B. $125,000
3. C. $250,000
4. D. $500.000
5. E. $51,000,000

Correct Answer: C