ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 235 discussion

Actual exam question from CompTIA's CAS-004
Question #: 235
Topic #: 1
[All CAS-004 Questions]

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form of web identity validation
• Encryption of all web transactions
• The strongest encryption in-transit
• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.
• The company wants to minimize total expenditure.
• The company wants to minimize complexity.

Which of the following should the company implement on its new website? (Choose two.)

  • A. Wildcard certificate
  • B. EV certificate
  • C. Mutual authentication
  • D. Certificate pinning
  • E. SSO
  • F. HSTS
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by OneSaint at Feb. 17, 2023, 4:02 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
hheerreessjjoohhnnyy
Highly Voted 1 year, 6 months ago
Selected Answer: B
As others have mentioned, the solution is B & F. Mods: please fix this question so 2 choices can be selected. Thank you.
upvoted 8 times
catastrophie
1 year, 6 months ago
You've made it to question 235 and somehow still think mods are actively fixing material? haha they don't care as long as we keep forking money over for a test they probably got from another site, but we have the benefit of open discussion. Other than that I think we are SOL in regards to material correctness.
upvoted 19 times
snowmaggedon
8 months ago
Best comment on the entire site...hands down. Well played, catastrophie, well played!
upvoted 1 times
...
...
...
encxorblood
Highly Voted 2 years, 1 month ago
Selected Answer: B
B. EV certificate F. HSTS B. The company should implement an Extended Validation (EV) certificate for the new website. This certificate provides the highest form of web identity validation, ensuring that the company's identity is thoroughly vetted and verified by the certificate authority. F. The company should also implement HTTP Strict Transport Security (HSTS). HSTS enforces the use of HTTPS, ensuring that all web transactions are encrypted and providing the strongest encryption in-transit. It also helps to protect against downgrade attacks and cookie hijacking.
upvoted 5 times
...
StillFiguringItOut
Most Recent 4 days, 22 hours ago
Selected Answer: F
Another F to even it out
upvoted 1 times
...
1c7fe0b
3 months, 2 weeks ago
Selected Answer: F
In support of second correct answer.
upvoted 2 times
...
Bright07
5 months ago
Selected Answer: B
The Ans is B&F because the question requested for two answers. Both B&F are the best answer.
upvoted 1 times
...
EAlonso
9 months, 3 weeks ago
B. and F.
upvoted 1 times
...
Delab202
1 year, 3 months ago
Selected Answer: F
F. HSTS (HTTP Strict Transport Security): HSTS enforces the use of secure connections by instructing browsers to always connect to a website over HTTPS. This ensures encryption of all web transactions and provides the strongest encryption in-transit. It helps prevent downgrade attacks and enhances overall security.
upvoted 2 times
...
Sam1289
1 year, 8 months ago
Selected Answer: F
F. The company should also implement HTTP Strict Transport Security (HSTS). HSTS enforces the use of HTTPS, ensuring that all web transactions are encrypted and providing the strongest encryption in-transit. It also helps to protect against downgrade attacks and cookie hijacking.
upvoted 2 times
...
itsTopaz
2 years, 1 month ago
Selected Answer: F
B&F B. EV certificate - Extended Validation (EV) certificate is the highest form of web identity validation that provides users with visual cues, such as a green address bar, to confirm the website's authenticity. EV certificates require rigorous validation of the organization's identity before issuance and provide the highest level of trust and security. F. HSTS (HTTP Strict Transport Security) - HSTS is a web security policy that enforces the use of HTTPS, which encrypts all web transactions, and the strongest encryption in-transit, to protect against data interception and tampering. HSTS also helps prevent downgrade attacks that attempt to force the use of unencrypted HTTP.
upvoted 5 times
...
Broesweelies
2 years, 1 month ago
Selected Answer: B
what onesaint said.
upvoted 3 times
...
OneSaint
2 years, 2 months ago
B & F, HTTP Strict Transport Security (HSTS), HTTP Strict Transport Security allows a site to request that it always be contacted over HTTPS
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago