An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?

The certificate is set for the wrong key usage.

The NTP server is set incorrectly for the developers

The CA has included the certificate in its CRL.

The certificate is set for the wrong key usage.

Each application is missing a SAN or wildcard entry on the certificate

A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed. Which of the following is the MOST likely cause of the error?

Lockout of privileged access account

Duration of the BitLocker lockout period

Failure of the Kerberos time drift sync

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.Which of the following should the security team recommend FIRST?

Working with procurement and creating a requirements document to select a new IAM system/vendor

Investigating a potential threat identified in logs related to the identity management system

Updating the identity management system to use discretionary access control

Beginning research on two-factor authentication to later introduce into the identity management system

Working with procurement and creating a requirements document to select a new IAM system/vendor

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.

Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.

A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

Implement iterative software releases.

Revise the scope of the project to use a waterfall approach

Change the scope of the project to use the spiral development methodology.

Perform continuous integration.

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

Utilize watermarks in the images that are specific to each external party.

Properly configure a secure file transfer system to ensure file integrity.

Have the external parties sign non-disclosure agreements before sending any images.

Only share images with external parties that have worked with the firm previously.

Utilize watermarks in the images that are specific to each external party.

A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems. Some of the requirements are:* Handle an increase in customer demand of resources* Provide quick and easy access to information* Provide high-quality streaming media* Create a user-friendly interfaceWhich of the following actions should be taken FIRST?

Implement a content delivery network.

Deploy high-availability web servers.

Enhance network access controls.

Implement a content delivery network.

Migrate to a virtualized environment.

A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that have hit the company. The data Indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful. Which of the following should the CSO implement?

Conducting a sanctioned vishing attack

A network administrator who manages a Linux web server notices the following traffic:http://corr.ptia.org/.../.../.../... /etc./shadowWhich of the following Is the BEST action for the network administrator to take to defend against this type of web attack?

Validate the server input and append the input to the base directory path.

Validate the server certificate and trust chain.

Validate the server input and append the input to the base directory path.

Validate that the server is not deployed with default account credentials.

Validate that multifactor authentication is enabled on the server for all user accounts.

A new, online file hosting service is being offered. The service has the following security requirements:• Threats to customer data integrity and availability should be remediated first.• The environment should be dynamic to match increasing customer demands.• The solution should not interfere with customers" ability to access their data at anytime.• Security analysts should focus on high-risk items.Which of the following would BEST satisfy the requirements?

Implementing a SOAR solution to address known threats

Expanding the use of IPS and NGFW devices throughout the environment

Increasing the number of analysts to Identify risks that need remediation

Implementing a SOAR solution to address known threats

Integrating enterprise threat feeds in the existing SIEM

A security consultant has been asked to recommend a secure network design that would:• Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.• Limit operational disruptions.Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.

A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodityInternet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?

The SD-WAN provider uses a third party for support.

The SD-WAN provider would not be able to handle the organization's bandwidth requirements.

The operating costs of the MPLS network are too high for the organization.

The SD-WAN provider uses a third party for support.

Internal IT staff will not be able to properly support remote offices after the migration.

A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:post /malicious. phpUser-Agent: Malicious Tool V 1.0Host: www.rcalicious.comThe IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hostsare compromised, while reducing false positives?

www\. malicious\. com\/malicious. php

A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal?

Configure certificate pinning inside the application.

Utilize the SAN certificate to enable a single certificate for all regions.

Deploy client certificates to all devices in the network.

Configure certificate pinning inside the application.

Enable HSTS on the application's server side for all communication.

A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the network?

Multiple solicited responses over time

Packets that are the wrong size or length

Use of any non-DNP3 communication on a DNP3 port

Multiple solicited responses over time

Application of an unsupported encryption algorithm

A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attacks Which of the following is the MOST important infrastructure security design element to prevent an outage?

Leveraging content delivery network across multiple regions

Supporting heterogeneous architecture

Leveraging content delivery network across multiple regions

Ensuring cloud autoscaling is in place

Scaling horizontally to handle increases in traffic

CompTIA CAS-004 Practice Test 9 - Free Online Exam Prep & Questions

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

Become a Premium Member for full access

Unlock Premium Member

CompTIA CAS-004 Practice Test 9

Question

CompTIA CAS-004 Practice Tests

Practice Tests