Company A is establishing a contractual with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements

1. A. Company A-B SLA v2.docx
2. B. Company A OLA v1b.docx
3. C. Company A MSA v3.docx
4. D. Company A MOU v1.docx
5. E. Company A-B NDA v03.docx

Correct Answer: C
A MSA stands for master service agreement, which is a document that covers the general terms and conditions of a contractual relationship between two parties. It usually includes payment terms, limitation of liability, intellectual property rights, dispute resolution, and other clauses that apply to all services provided by one party to another. Verified References: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://www.upcounsel.com/master-service-agreement

A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.
Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

1. A. Union filesystem overlay
2. B. Cgroups
3. C. Linux namespaces
4. D. Device mapper

Correct Answer: B
Cgroups (control groups) is a core Linux concept that reflects the ability to limit resource allocation to containers, such as CPU, memory, disk I/O, or network bandwidth. Cgroups can help prevent resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources, as it can enforce quotas or priorities for each container or group of containers. Union filesystem overlay is not a core Linux concept that reflects the ability to limit resource allocation to containers, but a technique that allows multiple filesystems to be mounted on the same mount point, creating a layered representation of files and directories. Linux namespaces is not a core Linux concept that reflects the ability to limit resource allocation to containers, but a feature that isolates and virtualizes system resources for each process or group of processes, creating independent instances of global resources. Device mapper is not a core Linux concept that reflects the ability to limit resource allocation to containers, but a framework that provides logical volume management, encryption, or snapshotting capabilities for block devices. Verified References: https://www.comptia.org/blog/what-is-cgroups https://partners.comptia.org/docs/default-source/resources/casp-content-guide

The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

1. A. Integrate the web proxy with threat intelligence feeds.
2. B. Scan all downloads using an antivirus engine on the web proxy.
3. C. Block known malware sites on the web proxy.
4. D. Execute the files in the sandbox on the web proxy.

Correct Answer: D
Executing the files in the sandbox on the web proxy is the best solution to reduce the risk of employees downloading and opening malicious files from the internet. A sandbox is a secure and isolated environment that can run untrusted or potentially harmful code without affecting the rest of the system. By executing the files in the sandbox, the web proxy can analyze their behavior and detect any malicious activity before allowing them to reach the corporate workstations.
References: [CompTIA CASP+ Study Guide, Second Edition, page 273]

A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.
Which of the following systems should the consultant review before making a recommendation?

1. A. CAN
2. B. ASIC
3. C. FPGA
4. D. SCADA

Correct Answer: D
Reference: https://www.sciencedirect.com/topics/computer-science/protective-relay

An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?

1. A. An additional layer of encryption
2. B. A third-party data integrity monitoring solution
3. C. A complete backup that is created before moving the data
4. D. Additional application firewall rules specific to the migration

Correct Answer: A
The company should use an additional layer of encryption to secure the data from theft when moving to a CSP. Encryption is a process of transforming data into an unreadable format using a secret key. Encryption can protect the data from unauthorized access or modification during transit and at rest. Encryption can be applied at different levels, such as disk, file, or application. An additional layer of encryption can provide an extra security measure on top of the encryption provided by the CSP. Verified References:
https://learn.microsoft.com/en-us/partner-center/transition-seat-based-services
https://cloud.google.com/architecture/patterns-for-connecting-other-csps-with-gcp