CAS-004 Exam - Question 269

Question

An architect is designing security scheme for an organization that is concerned about APTs. Any proposed architecture must meet the following requirements:

• Services must be able to be reconstituted quickly from a known-good state.

• Network services must be designed to ensure multiple diverse layers of redundancy.

• Defensive and responsive actions must be automated to reduce human operator demands.

Which of the following designs must be considered to ensure the architect meets these requirements? (Choose three.)

Examice · Accepted Answer

To ensure security and meet the requirements for handling advanced persistent threats (APTs), three key designs must be considered: Geographic distribution of critical data and services to ensure redundancy and quick recovery from known-good states across multiple locations, Hardened and verified container usage to secure, isolate services, and enable rapid reconstitution, and Implementation and configuration of a SOAR (Security Orchestration, Automation, and Response) system to automate defensive and responsive actions, thus reducing human operator demands.

2CU8 · Answer

The designs that must be considered to ensure the architect meets these requirements are:

Network services must be designed to ensure multiple diverse layers of redundancy.

Establishment of warm and hot sites for continuity of operations.

Implementation and configuration of a SOAR (Security Orchestration, Automation and Response) system to automate defensive and responsive actions to reduce human operator demands.

Heterogeneous architecture refers to the use of different types of hardware and software in a system. It is not related to the design of network services to ensure multiple diverse layers of redundancy.

32d799a · Answer

Geographic distribution of critical data and services - This ensures redundancy and helps in quickly recovering from a known good state if one location gets compromised;

Hardened and verified container usage - Containers can be reconstituted quickly, and if they are hardened and verified, they are resistant to compromise;

Implementation and configuration of a SOAR (Security Orchestration, Automation, and Response) - This primarily deals with the automation of defensive and responsive actions, making it relevant to the third requirement.

OdinAtlasSteel · Answer

Unless that ATP is planning to magically summon a tornado to destroy your office, I don't see how establishing a Hot/Warm Site is going to do anything to help you.  For that reason, my answer is B, C, H.

BiteSize · Answer

Source:
Verifying each answer against Chat GPT, my experience, other test banks, a written book, and weighing in the discussion from all users to create a 100% accurate guide for myself before I take the exam. (It isn't easy because of the time needed, but it is doing my diligence)

ThatGuyOverThere · Answer

What 32d799a said.

ThatGuyOverThere · Answer

What 32d799a said.

last_resort · Answer

F. Heterogeneous architecture - vendor diversity for redundancy
G. Deployment of IPS services that can identify and block malicious traffic- to defend
H. Implementation and configuration of a SOAR- for automation of recover

javier051977 · Answer

B, C, and H are the most appropriate designs to ensure that the architect meets the requirements.

B. Geographic distribution of critical data and services will ensure that multiple sites are available to restore data and services in the event of an APT attack. This will also reduce the impact of DDoS attacks by ensuring that traffic is spread across multiple sites.

C. Hardened and verified container usage can help to isolate services from one another and protect them from APT attacks. Containerization can provide a secure and scalable platform for deploying services, which can be reconstituted quickly from a known-good state.

H. Implementation and configuration of a SOAR platform will automate the process of responding to and mitigating APT attacks. The SOAR platform will allow the organization to create a set of automated actions that can be executed in response to security events, reducing the human operator demands.

Alizadeh · Answer

Based on the provided requirements, the following designs should be considered to ensure the architect meets the organization's needs:

p1s3c · Answer

A. Increased efficiency by embracing advanced caching capabilities
B. Geographic distribution of critical data and services
H. Implementation and configuration of a SOAR

Explanation:

A: Advanced caching can be used to improve the speed of reconstitution from a known-good state, which is one of the requirements.

B: Geographic distribution of critical data and services can be used to ensure multiple diverse layers of redundancy.

H: The implementation and configuration of a SOAR (Security Orchestration, Automation and Response) can help automate defensive and responsive actions, thereby reducing the demands on human operators.

23169fd · Answer

B. Geographic distribution of critical data and services

Ensures redundancy and resilience by distributing data and services across multiple locations, reducing the impact of localized failures or attacks.
C. Hardened and verified container usage

Facilitates quick reconstitution of services from known-good states using secure, consistent container images.
H. Implementation and configuration of a SOAR (Security Orchestration, Automation, and Response)

Automates defensive and responsive actions, reducing human operator demands and ensuring rapid, consistent responses to security incidents.

CAS-004 Exam - Question 269

Discussion