While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

Isolate the servers to prevent the spread.

Pay the ransom within 48 hours.

Isolate the servers to prevent the spread.

Request that the affected servers be restored immediately.

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:Only users with corporate-owned devices can directly access servers hosted by the cloud provider.The company can control what SaaS applications each individual user can access.User browser activity can be monitored.Which of the following solutions would BEST meet these requirements?

VPN, CASB, and secure web gateway

IAM gateway, MDM, and reverse proxy

VPN, CASB, and secure web gateway

SSL tunnel, DLP, and host-based firewall

API gateway, UEM, and forward proxy

During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Spawn a shell using sudo and an escape string such as sudo vim -c '!sh'.

Perform ASIC password cracking on the host.

Read the /etc/passwd file to extract the usernames.

Initiate unquoted service path exploits.

Use the UNION operator to extract the database schema.

A threat hunting team receives a report about possible APT activity in the network.Which of the following threat management frameworks should the team implement?

The Diamond Model of Intrusion Analysis

Device event logs sources from MDM software as follows: Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Impossible travel; disable the device's account and access while investigating.

Malicious installation of an application; change the MDM configuration to remove application ID 1220.

Resource leak; recover the device for analysis and clean up the local storage.

Impossible travel; disable the device's account and access while investigating.

Falsified status reporting; remotely wipe the device.

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company's Chief Financial Officer loses a phone multiple times a year.Which of the following will MOST likely secure the data on the lost device?

Require a VPN to be active to access company data.

Set up different profiles based on the person's risk.

Require MFA to access company applications.

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA.Which of the following is the BEST solution?

Deploy an RA on each branch office.

Use Delta CRLs at the branches.

Send the new CRLs by using GPO.

After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used.Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

Implement an inbound BGP prefix list.

Disable BGP and implement a single static route for each internal network.

Implement a BGP route reflector.

Implement an inbound BGP prefix list.

Disable BGP and implement OSPF.

A company's SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.Which of the following should the company use to make this determination?

Log analysis within the SIEM tool

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:1- The network supports core applications that have 99.99% uptime.2- Configuration updates to the SD-WAN routers can only be initiated from the management service.3- Documents downloaded from websites must be scanned for malware.Which of the following solutions should the network architect implement to meet the requirements?

DoS protection at the hub site, mutual certificate authentication, and cloud proxy

Reverse proxy, stateful firewalls, and VPNs at the local sites

IDSs, WAFs, and forward proxy IDS

DoS protection at the hub site, mutual certificate authentication, and cloud proxy

IPSs at the hub, Layer 4 firewalls, and DLP

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.Which of the following is the BEST solution to meet these objectives?

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

Take an MD5 hash of the server.

Delete all PHI from the network until the legal department is consulted.

Consult the legal department to determine the legal requirements.

A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output: The penetration testers MOST likely took advantage of:

A plain-text password disclosure

An integer overflow vulnerability

A buffer overflow vulnerability

A financial institution has several that currently employ the following controls:* The severs follow a monthly patching cycle.* All changes must go through a change management process.* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

Implement file integrity monitoring with automated alerts on the servers.

Require more than one approver for all change management requests.

Implement file integrity monitoring with automated alerts on the servers.

Disable automatic patch update capabilities on the servers

Enhanced audit logging on the jump servers and ship the logs to the SIEM.

Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

Implement a user-behavior system to associate user events and cloud service creation events.

Compile a list of firewall requests and compare than against interesting cloud services.

Implement a CASB solution and track cloud service use cases for greater visibility.

Implement a user-behavior system to associate user events and cloud service creation events.

Capture all log and feed then to a SIEM and then for cloud service events

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

Log reduction and analysis tool

The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank's risk committee is to ensure:

Budgeting for cybersecurity increases year over year.

The committee knows how much work is being done.

Business units are responsible for their own mitigation.

The bank is aware of the status of cybersecurity risks

A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts: Which of the following MOST appropriate corrective action to document for this finding?

The product owner should perform a business impact assessment regarding the ability to implement a WAF.

The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

The system administrator should evaluate dependencies and perform upgrade as necessary.

The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

Add the objects of concern to the default context.

Create separate domain and context files for irc.

Rebuild the policy, reinstall, and test.

An organization's hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

Implement decoy files on adjacent hosts.

Modify user password history and length requirements.

Apply new isolation and segmentation schemes.

Implement decoy files on adjacent hosts.

A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.Which of the following will allow the inspection of the data without multiple certificate deployments?

Include all available cipher suites.

A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.Which of the following techniques will MOST likely meet the business's needs?

Performing deep-packet inspection of all digital audio files

Adding identifying filesystem metadata to the digital audio files

Purchasing and installing a DRM suite

Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

Implement rate limiting on the API.

Implement geoblocking on the WAF.

Implement OAuth 2.0 on the API.

Implement input validation on the API.

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:Unstructured data being exfiltrated after an employee leaves the organizationData being exfiltrated as a result of compromised credentialsSensitive information in emails being exfiltratedWhich of the following solutions should the security team implement to mitigate the risk of data loss?

Mobile application management, MFA, and DRM

Mobile device management, remote wipe, and data loss detection

Conditional access, DoH, and full disk encryption

Mobile application management, MFA, and DRM

Certificates, DLP, and geofencing

Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.Which of the following would be the BEST option to implement?

Distributed connection allocation

CompTIA CAS-004 Practice Test 2 - Free Online Exam Prep & Questions

Question 1 / 40

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst's FIRST action?

Create a full inventory of information and data assets.

Ascertain the impact of an attack on the availability of crucial resources.

Determine which security compliance standards should be followed.

Perform a full system penetration test to determine the vulnerabilities.

Comment (0)

CompTIA CAS-004 Practice Test 2

Question

CompTIA CAS-004 Practice Tests

Practice Tests