As part of an organization’s compliance program, administrators must complete a hardening checklist and note any potential improvements. The process of noting improvements in the checklist is MOST likely driven by:
A. the collection of data as part of the continuous monitoring program.
B. adherence to policies associated with incident response.
C. the organization’s software development life cycle.
D. changes in operating systems or industry trends.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Going with A.
B. Hardening is a mitigating/preventative measure, not related to IR in this context
C. Hardening does not only apply to software or the SDLC
D. This absolutely drives the need to review and update hardening checklists, but many factors and influences also drive the need to improve hardening checklists.
yet another dump with incorrect answers.
Agreed. Almost positive the answer is D
Industry compliance and regulations change over time often due to the change in operating systems and trends in the industry. In order to keep up with the organization compliance program, hardening checklists must be done for potential improvements in security along with meeting regulations/compliance.
There are no indicators that a continuous monitoring program is what this checklist is being used for.
The answer is D
Per NIST:
The objective of a continuous monitoring program is to determine if the complete set of planned, required, and deployed security controls within an information system or inherited by the system continue to be effective over time in light of the inevitable changes that occur.
So I agree with A.
A