CAS-004 Exam QuestionsBrowse all questions from this exam
Go to Exam

CAS-004 Exam - Question 235

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form of web identity validation

• Encryption of all web transactions

• The strongest encryption in-transit

• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.

• The company wants to minimize total expenditure.

• The company wants to minimize complexity.

Which of the following should the company implement on its new website? (Choose two.)

Show Answer
Correct Answer: BF

The company should implement an Extended Validation (EV) certificate and HTTP Strict Transport Security (HSTS). The EV certificate provides the highest form of web identity validation, ensuring thorough vetting and verification by the certificate authority, which is crucial given the sensitivity of the medical information being handled. HSTS enforces the use of HTTPS, ensuring that all web transactions are encrypted, offering the strongest encryption in-transit, and protecting against downgrade attacks and cookie hijacking. These two implementations align with the company's requirements for high-level security and encryption for sensitive data.

Discussion

8 comments
Sign in to comment
hheerreessjjoohhnnyyOption: B
Oct 13, 2023

As others have mentioned, the solution is B & F. Mods: please fix this question so 2 choices can be selected. Thank you.

catastrophie
Oct 21, 2023

You've made it to question 235 and somehow still think mods are actively fixing material? haha they don't care as long as we keep forking money over for a test they probably got from another site, but we have the benefit of open discussion. Other than that I think we are SOL in regards to material correctness.

OneSaintOption: B
Feb 17, 2023

B & F, HTTP Strict Transport Security (HSTS), HTTP Strict Transport Security allows a site to request that it always be contacted over HTTPS

encxorbloodOption: B
Mar 26, 2023

B. EV certificate F. HSTS B. The company should implement an Extended Validation (EV) certificate for the new website. This certificate provides the highest form of web identity validation, ensuring that the company's identity is thoroughly vetted and verified by the certificate authority. F. The company should also implement HTTP Strict Transport Security (HSTS). HSTS enforces the use of HTTPS, ensuring that all web transactions are encrypted and providing the strongest encryption in-transit. It also helps to protect against downgrade attacks and cookie hijacking.

BroesweeliesOption: B
Mar 8, 2023

what onesaint said.

itsTopazOption: F
Mar 25, 2023

B&F B. EV certificate - Extended Validation (EV) certificate is the highest form of web identity validation that provides users with visual cues, such as a green address bar, to confirm the website's authenticity. EV certificates require rigorous validation of the organization's identity before issuance and provide the highest level of trust and security. F. HSTS (HTTP Strict Transport Security) - HSTS is a web security policy that enforces the use of HTTPS, which encrypts all web transactions, and the strongest encryption in-transit, to protect against data interception and tampering. HSTS also helps prevent downgrade attacks that attempt to force the use of unencrypted HTTP.

Sam1289Option: F
Aug 17, 2023

F. The company should also implement HTTP Strict Transport Security (HSTS). HSTS enforces the use of HTTPS, ensuring that all web transactions are encrypted and providing the strongest encryption in-transit. It also helps to protect against downgrade attacks and cookie hijacking.

Delab202Option: F
Jan 12, 2024

F. HSTS (HTTP Strict Transport Security): HSTS enforces the use of secure connections by instructing browsers to always connect to a website over HTTPS. This ensures encryption of all web transactions and provides the strongest encryption in-transit. It helps prevent downgrade attacks and enhances overall security.

EAlonsoOptions: BF
Jul 14, 2024

B. and F.