ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 12

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

Question 111

Report
Export
Collapse

A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

A.
Community cloud service model
A.
Community cloud service model
Answers
B.
Multinency SaaS
B.
Multinency SaaS
Answers
C.
Single-tenancy SaaS
C.
Single-tenancy SaaS
Answers
D.
On-premises cloud service model
D.
On-premises cloud service model
Answers
Suggested answer: C

Explanation:

A single-tenancy SaaS solution is the best solution for this company. SaaS stands for software as a service, which is a cloud-based model that allows customers to access applications hosted by a provider over the internet. A single-tenancy SaaS solution means that the company has its own dedicated instance of the application and its underlying infrastructure, which offers more control, customization, and security than a multi-tenancy SaaS solution where multiple customers share the same resources. A single-tenancy SaaS solution also eliminates the need for managing a private cloud or an on-premises infrastructure. Verified

Reference: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://www.ibm.com/cloud/learn/saas

Question 112

Report
Export
Collapse

A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are:

The Chief marketing officer (CMO) email is being used department wide as the username

The password has been shared within the department

Which of the following controls would be BEST for the analyst to recommend?

A.
Configure MFA for all users to decrease their reliance on other authentication.
A.
Configure MFA for all users to decrease their reliance on other authentication.
Answers
B.
Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.
B.
Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.
Answers
C.
Create multiple social media accounts for all marketing user to separate their actions.
C.
Create multiple social media accounts for all marketing user to separate their actions.
Answers
D.
Ensue the password being shared is sufficiently and not written down anywhere.
D.
Ensue the password being shared is sufficiently and not written down anywhere.
Answers
Suggested answer: A

Explanation:

Configuring MFA for all users to decrease their reliance on other authentication is the best option to improve email security at the company. MFA stands for multi-factor authentication, which is a method of verifying a user's identity by requiring two or more factors, such as something the user knows (e.g., password), something the user has (e.g., token), or something the user is (e.g., biometric). MFA can prevent unauthorized access to email accounts even if the username or password is compromised or shared. Verified

Reference: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://www.csoonline.com/article/3239144/what-is-mfa-how-multi-factor-authentication-works.html

Question 113

Report
Export
Collapse

A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer's company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

A.
DLP
A.
DLP
Answers
B.
Mail gateway
B.
Mail gateway
Answers
C.
Data flow enforcement
C.
Data flow enforcement
Answers
D.
UTM
D.
UTM
Answers
Suggested answer: A

Explanation:

A DLP system is the best option for the company to mitigate the risk of losing its proprietary enhancements to competitors. DLP stands for data loss prevention, which is a set of tools and policies that aim to prevent unauthorized access, disclosure, or exfiltration of sensitive data. DLP can monitor, filter, encrypt, or block data transfers based on predefined rules and criteria, such as content, source, destination, etc. DLP can help protect the company's intellectual property and trade secrets from being compromised by malicious actors or accidental leaks. Verified

Reference: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://www.csoonline.com/article/3245746/what-is-dlp-data-loss-prevention-and-how-does-it-work.html

Question 114

Report
Export
Collapse

The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

* Transaction being requested by unauthorized individuals.

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attackers using email to malware and ransomeware.

* Exfiltration of sensitive company information.

The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the boar's concerns for this email migration?

A.
Data loss prevention
A.
Data loss prevention
Answers
B.
Endpoint detection response
B.
Endpoint detection response
Answers
C.
SSL VPN
C.
SSL VPN
Answers
D.
Application whitelisting
D.
Application whitelisting
Answers
Suggested answer: A

Explanation:

Data loss prevention (DLP) is the best option to resolve the board's concerns for this email migration. DLP is a set of tools and policies that aim to prevent unauthorized access, disclosure, or exfiltration of sensitive data. DLP can monitor, filter, encrypt, or block email messages based on predefined rules and criteria, such as content, sender, recipient, attachment, etc. DLP can help protect transactions, customer data, and company information from being compromised by malicious actors or accidental leaks. Verified

Reference: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://www.csoonline.com/article/3245746/what-is-dlp-data-loss-prevention-and-how-does-it-work.html

Question 115

Report
Export
Collapse

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

A.
Increased network latency
A.
Increased network latency
Answers
B.
Unavailable of key escrow
B.
Unavailable of key escrow
Answers
C.
Inability to selected AES-256 encryption
C.
Inability to selected AES-256 encryption
Answers
D.
Removal of user authentication requirements
D.
Removal of user authentication requirements
Answers
Suggested answer: C

Explanation:

The inability to select AES-256 encryption will most likely be a limiting factor when selecting mobile device managers for the company. AES-256 is a symmetric encryption algorithm that uses a 256-bit key to encrypt and decrypt data. It is considered one of the strongest encryption methods available and is widely used for securing sensitive data. Mobile device managers are software applications that allow administrators to remotely manage and secure mobile devices used by employees. However, not all mobile device managers may support AES-256 encryption or allow the company to enforce it as a policy on all mobile devices. Verified

Reference: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://searchmobilecomputing.techtarget.com/definition/mobile-device-management

Question 116

Report
Export
Collapse

A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.

A security engineer is concerned about the security of the solution and notes the following.

* The critical devise send cleartext logs to the aggregator.

* The log aggregator utilize full disk encryption.

* The log aggregator sends to the analysis server via port 80.

* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.

* The data is compressed and encrypted prior to being achieved in the cloud.

Which of the following should be the engineer's GREATEST concern?

A.
Hardware vulnerabilities introduced by the log aggregate server
A.
Hardware vulnerabilities introduced by the log aggregate server
Answers
B.
Network bridging from a remote access VPN
B.
Network bridging from a remote access VPN
Answers
C.
Encryption of data in transit
C.
Encryption of data in transit
Answers
D.
Multinancy and data remnants in the cloud
D.
Multinancy and data remnants in the cloud
Answers
Suggested answer: C

Explanation:

Encryption of data in transit should be the engineer's greatest concern regarding the security of the solution. Data in transit refers to data that is being transferred over a network or between devices. If data in transit is not encrypted, it can be intercepted, modified, or stolen by attackers who can exploit vulnerabilities in the network protocols or devices. The solution in the question sends logs from the critical devices to the aggregator in cleartext and from the aggregator to the analysis server via port 80, which are both insecure methods that expose the data to potential attacks. Verified

Reference: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://us-cert.cisa.gov/ncas/tips/ST04-019

Question 117

Report
Export
Collapse

A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:

Which of the following meets the budget needs of the business?

A.
Filter ABC
A.
Filter ABC
Answers
B.
Filter XYZ
B.
Filter XYZ
Answers
C.
Filter GHI
C.
Filter GHI
Answers
D.
Filter TUV
D.
Filter TUV
Answers
Suggested answer: B

Explanation:

Filter XYZ is the best option that meets the budget needs of the business. Filter XYZ has an ALE of $1 million per year, which is lower than any other filter option. ALE stands for annualized loss expectancy, which is a measure of how much money a business can expect to lose due to a risk over a year. ALE is calculated by multiplying the annualized rate of occurrence (ARO) of an event by the single loss expectancy (SLE) of an event. ARO is how often an event is expected to occur in a year. SLE is how much money an event will cost each time it occurs. Therefore, ALE = ARO x SLE. Filter XYZ has an ARO of 0.1 and an SLE of $10 million, so ALE = 0.1 x $10 million = $1 million. Verified

Reference: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://www.techopedia.com/definition/24771/annualized-loss-expectancy-ale

Question 118

Report
Export
Collapse

Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

A.
Traffic interceptor log analysis
A.
Traffic interceptor log analysis
Answers
B.
Log reduction and visualization tools
B.
Log reduction and visualization tools
Answers
C.
Proof of work analysis
C.
Proof of work analysis
Answers
D.
Ledger analysis software
D.
Ledger analysis software
Answers
Suggested answer: B

Question 119

Report
Export
Collapse

A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee' PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

A.
The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.
A.
The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.
Answers
B.
The DHCP server has a reservation for the PC's MAC address for the wired interface.
B.
The DHCP server has a reservation for the PC's MAC address for the wired interface.
Answers
C.
The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.
C.
The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.
Answers
D.
The DHCP server is unavailable, so no IP address is being sent back to the PC.
D.
The DHCP server is unavailable, so no IP address is being sent back to the PC.
Answers
Suggested answer: A

Question 120

Report
Export
Collapse

Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?

A.
The image must be password protected against changes.
A.
The image must be password protected against changes.
Answers
B.
A hash value of the image must be computed.
B.
A hash value of the image must be computed.
Answers
C.
The disk containing the image must be placed in a seated container.
C.
The disk containing the image must be placed in a seated container.
Answers
D.
A duplicate copy of the image must be maintained
D.
A duplicate copy of the image must be maintained
Answers
Suggested answer: B
Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms