CompTIA CAS-005 Exam With Confidence Using Practice Dumps

To prevent unauthorized applications from running, the company needs a mechanism to explicitly define and enforce which applications are allowed to execute. "Permit listing" (often referred to as "whitelisting" in security contexts) is the most effective solution here. It involves creating a list of approved applications, and only those on the list are permitted to run, blocking all others by default. This directly addresses the root cause—users installing unapproved software—by restricting execution to only authorized programs.

Option A (Signing):Code signing ensures the authenticity and integrity of software by verifying it comes from a trusted source and hasn’t been tampered with. While useful, it doesn’t inherently prevent unauthorized applications from running unless combined with a policy like whitelisting.

Option B (Access control):Access control governs who can access systems or resources but doesn’t specifically restrict which applications can execute. It’s too broad for this scenario.

Option C (HIPS):A Host-based Intrusion Prevention System (HIPS) can detect and block malicious behavior, but it’s reactive and relies on signatures or heuristics, not a proactive allow-only approach.

Option D (Permit listing):This is the best fit, as it proactively enforces a policy where only explicitly authorized applications can run, preventing malware introduced by unauthorized software.

The General Data Protection Regulation (GDPR) is the regulation most likely being addressed by the news organization. GDPR includes provisions for the "right to be forgotten," which allows individuals to request the deletion of personal data that is no longer necessary for the purposes for which it was collected. This regulation aims to protect the privacy and personal data of individuals within the European Union.

Understanding Business Impact Analysis (BIA):

ABIA assesses the effects of disruptionsto an organization's operations.

It helpsprioritize resourcesbased on the potential impact ofdowntime, compliance issues, and critical processes.

Why Options B, C, and F are Correct:

B (Applicable contract obligations)→ Many companies havelegal and compliance obligationsregarding downtime, availability, and SLAs. This information helps determine whatrisk levelsare acceptable.

C (Costs associated with downtime)→ BIA quantifies the financial impact of system failures. Knowinglost revenue, regulatory fines, and recovery costshelps in planning.

F (Critical processes)→ Identifyingcore business processesallows an organization toprioritize recoveryeffortsandmaintain operational continuity.

Why Other Options Are Incorrect:

A (Inventory details)→ While useful for asset management, it doesnot directly impact business continuity planning.

D (Network diagrams)→ These help in security architecture but arenot directly related to the financial/business impact analysis.

E (Contingency plans)→ BIA isperformed before contingency planningto identifywhat needs protection.