Which of the following are risks associated with vendor lock-in? (Choose two.)

The vendor can change product offerings.

The client experiences decreased quality of service.

The client can seamlessly move data.

The vendor can change product offerings.

The client receives a sufficient level of service.

The client experiences decreased quality of service.

The client can leverage a multicloud approach.

The client experiences increased interoperability.

A security engineer was auditing an organization's current software development practice and discovered that multiple open-source libraries were Integrated into the organization's software. The organization currently performs SAST and DAST on the software it develops.Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Track the library versions and monitor the CVE website for related vulnerabilities.

Perform additional SAST/DAST on the open-source libraries.

Implement the SDLC security guidelines.

Track the library versions and monitor the CVE website for related vulnerabilities.

Perform unit testing of the open-source libraries.

An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.Which of the following is the MOST cost-effective solution?

Move the server to a cloud provider.

Buy a new server and create an active-active cluster.

Upgrade the server with a new one.

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

The company will have access to the latest version to continue development.

The company will be able to force the third-party developer to continue support.

The company will be able to manage the third-party developer's development process.

The company will be paid by the third-party developer to hire a new development team.

A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.Which of the following techniques would be BEST suited for this requirement?

Deploy SOAR utilities and runbooks.

Replace the associated hardware.

Provide the contractors with direct access to satellite telemetry data.

Reduce link latency on the affected ground and satellite segments.

A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

Designing data protection schemes to mitigate the risk of loss due to multitenancy

Implementing redundant stores and services across diverse CSPs for high availability

Emulating OS and hardware architectures to blur operations from CSP view

Purchasing managed FIM services to alert on detected modifications to covered data

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.Based on RPO requirements, which of the following recommendations should the management team make?

Increase the frequency of backups and create SIEM alerts for IOCs.

Leave the current backup schedule intact and pay the ransom to decrypt the data.

Leave the current backup schedule intact and make the human resources fileshare read-only.

Increase the frequency of backups and create SIEM alerts for IOCs.

Decrease the frequency of backups and pay the ransom to decrypt the data.

A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.Which of the following would be BEST to proceed with the transformation?

An on-premises solution as a backup

A load balancer with a round-robin configuration

An active-active solution within the same tenant

A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.Which of the following solutions should the security architect recommend?

Replace the current antivirus with an EDR solution.

Remove the web proxy and install a UTM appliance.

Implement a deny list feature on the endpoints.

Add a firewall module on the current antivirus solution.

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:Leaked to the media via printing of the documentsSent to a personal email addressAccessed and viewed by systems administratorsUploaded to a file storage siteWhich of the following would mitigate the department's concerns?

Data loss detection, reverse proxy, EDR, and PGP

Watermarking, forward proxy, DLP, and MFA

Proxy, secure VPN, endpoint encryption, and AV

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:Unauthorized insertions into application development environmentsAuthorized insiders making unauthorized changes to environment configurationsWhich of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

Model user behavior and monitor for deviations from normal.

Continuously monitor code commits to repositories and generate summary logs.

Perform static code analysis of committed code and generate summary reports.

Implement an XML gateway and monitor for policy violations.

Monitor dependency management tools and report on susceptible third-party libraries.

Install an IDS on the development subnet and passively monitor for vulnerable services.

Model user behavior and monitor for deviations from normal.

Continuously monitor code commits to repositories and generate summary logs.

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Deploy MFA for the service accounts.

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:ERR_SSL_VERSION_OR_CIPHER_MISMATCHWhich of the following is MOST likely the root cause?

The client application is configured to use RC4.

The client application is testing PFS.

The client application is configured to use ECDHE.

The client application is configured to use RC4.

The client application is configured to use AES-256 in GCM.

An organization is designing a network architecture that must meet the following requirements:Users will only be able to access predefined services.Each user will have a unique allow list defined for access.The system will construct one-to-one subject/object access paths dynamically.Which of the following architectural designs should the organization use to meet these requirements?

Microsegmentation enabled by software-defined networking

Peer-to-peer secure communications enabled by mobile applications

Proxied application data connections enabled by API gateways

Microsegmentation enabled by software-defined networking

VLANs enabled by network infrastructure devices

A company's claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee's laptop when was opened.

Implement cloud-based content filtering with sandboxing capabilities.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

Required all laptops to connect to the VPN before accessing email.

Implement cloud-based content filtering with sandboxing capabilities.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following: The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run: Which of the following is an appropriate security control the company should implement?

Separate the items in the system call to prevent command injection.

Restrict directory permission to read-only access.

Use server-side processing to avoid XSS vulnerabilities in path input.

Separate the items in the system call to prevent command injection.

Parameterize a query in the path variable to prevent SQL injection.

A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session: Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

The clients may not trust idapt by default.

Secure LDAP does not support wildcard certificates.

The clients may not trust idapt by default.

The secure LDAP service is not started, so no connections can be made.

Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.

Secure LDAP should be running on UDP rather than TCP.

The company is using the wrong port. It should be using port 389 for secure LDAP.

Secure LDAP does not support wildcard certificates.

The clients may not trust Chicago by default.

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier's rating. Report finding units that rely on the suppliers and the various risk teams.

Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier's post-contract renewal with a dedicated risk management team.

Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier's rating. Report finding units that rely on the suppliers and the various risk teams.

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

Hybrid IaaS solution in a single-tenancy cloud

Pass solution in a multinency cloud

SaaS solution in a community cloud

Private SaaS solution in a single tenancy cloud.

A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text. Which of the following should the security analyst perform?

Contact the security department at the business partner and alert them to the email event.

Block the IP address for the business partner at the perimeter firewall.

Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.

Configure the email gateway to automatically quarantine all messages originating from the business partner.

A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

On-premises cloud service model

A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are:The Chief marketing officer (CMO) email is being used department wide as the usernameThe password has been shared within the departmentWhich of the following controls would be BEST for the analyst to recommend?

Configure MFA for all users to decrease their reliance on other authentication.

Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.

Create multiple social media accounts for all marketing user to separate their actions.

Ensue the password being shared is sufficiently and not written down anywhere.

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

Inability to selected AES-256 encryption

Removal of user authentication requirements

A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.A security engineer is concerned about the security of the solution and notes the following.* The critical devise send cleartext logs to the aggregator.* The log aggregator utilize full disk encryption.* The log aggregator sends to the analysis server via port 80.* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.* The data is compressed and encrypted prior to being achieved in the cloud.Which of the following should be the engineer's GREATEST concern?

Hardware vulnerabilities introduced by the log aggregate server

Network bridging from a remote access VPN

Multinancy and data remnants in the cloud

Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

Log reduction and visualization tools

Traffic interceptor log analysis

Log reduction and visualization tools

A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee' PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.

The DHCP server has a reservation for the PC's MAC address for the wired interface.

The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.

The DHCP server is unavailable, so no IP address is being sent back to the PC.

Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?

A hash value of the image must be computed.

The image must be password protected against changes.

A hash value of the image must be computed.

The disk containing the image must be placed in a seated container.

A duplicate copy of the image must be maintained

CompTIA CAS-004 Practice Test 3 - Free Online Exam Prep & Questions

Question 1 / 40

A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

CompTIA CAS-004 image Question 81 94049 10022024175034000000

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

Comment (0)

CompTIA CAS-004 Practice Test 3

Question

CompTIA CAS-004 Practice Tests

Practice Tests