Exam CAS-004 All QuestionsBrowse all questions from this exam
Go to Exam
Question 235

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form of web identity validation

• Encryption of all web transactions

• The strongest encryption in-transit

• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.

• The company wants to minimize total expenditure.

• The company wants to minimize complexity.

Which of the following should the company implement on its new website? (Choose two.)

    Correct Answer: B, F

    The company should implement an Extended Validation (EV) certificate and HTTP Strict Transport Security (HSTS). The EV certificate provides the highest form of web identity validation, ensuring thorough vetting and verification by the certificate authority, which is crucial given the sensitivity of the medical information being handled. HSTS enforces the use of HTTPS, ensuring that all web transactions are encrypted, offering the strongest encryption in-transit, and protecting against downgrade attacks and cookie hijacking. These two implementations align with the company's requirements for high-level security and encryption for sensitive data.

Discussion
hheerreessjjoohhnnyyOption: B

As others have mentioned, the solution is B & F. Mods: please fix this question so 2 choices can be selected. Thank you.

catastrophie

You've made it to question 235 and somehow still think mods are actively fixing material? haha they don't care as long as we keep forking money over for a test they probably got from another site, but we have the benefit of open discussion. Other than that I think we are SOL in regards to material correctness.

encxorbloodOption: B

B. EV certificate F. HSTS B. The company should implement an Extended Validation (EV) certificate for the new website. This certificate provides the highest form of web identity validation, ensuring that the company's identity is thoroughly vetted and verified by the certificate authority. F. The company should also implement HTTP Strict Transport Security (HSTS). HSTS enforces the use of HTTPS, ensuring that all web transactions are encrypted and providing the strongest encryption in-transit. It also helps to protect against downgrade attacks and cookie hijacking.

OneSaintOption: B

B & F, HTTP Strict Transport Security (HSTS), HTTP Strict Transport Security allows a site to request that it always be contacted over HTTPS

itsTopazOption: F

B&F B. EV certificate - Extended Validation (EV) certificate is the highest form of web identity validation that provides users with visual cues, such as a green address bar, to confirm the website's authenticity. EV certificates require rigorous validation of the organization's identity before issuance and provide the highest level of trust and security. F. HSTS (HTTP Strict Transport Security) - HSTS is a web security policy that enforces the use of HTTPS, which encrypts all web transactions, and the strongest encryption in-transit, to protect against data interception and tampering. HSTS also helps prevent downgrade attacks that attempt to force the use of unencrypted HTTP.

BroesweeliesOption: B

what onesaint said.

EAlonsoOptions: BF

B. and F.

Delab202Option: F

F. HSTS (HTTP Strict Transport Security): HSTS enforces the use of secure connections by instructing browsers to always connect to a website over HTTPS. This ensures encryption of all web transactions and provides the strongest encryption in-transit. It helps prevent downgrade attacks and enhances overall security.

Sam1289Option: F

F. The company should also implement HTTP Strict Transport Security (HSTS). HSTS enforces the use of HTTPS, ensuring that all web transactions are encrypted and providing the strongest encryption in-transit. It also helps to protect against downgrade attacks and cookie hijacking.