ExamGecko
Login
Home / CompTIA / CAS-004 / List of questions
Ask Question

CompTIA CAS-004 Practice Test - Questions Answers, Page 16

List of questions

Question 151

Report Export Collapse

A company's Chief Information Security Officer is concerned that the company's proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.

Which of the following compensating controls would be BEST to implement in this situation?

EDR
EDR
SIEM
SIEM
HIDS
HIDS
UEBA
UEBA
Suggested answer: B
asked 02/10/2024
Santosh Kumar
45 questions

Question 152

Report Export Collapse

A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who are no longer with the organization. The legal department provided the security team with a list of search terms to investigate.

This is an example of:

due intelligence
due intelligence
e-discovery.
e-discovery.
due care.
due care.
legal hold.
legal hold.
Suggested answer: A
asked 02/10/2024
Fermin Paneque Cabrera
44 questions

Question 153

Report Export Collapse

Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?

Zigbee
Zigbee
CAN
CAN
DNP3
DNP3
Modbus
Modbus
Suggested answer: A
asked 02/10/2024
Kingsley Tibs
44 questions

Question 154

Report Export Collapse

An organization's assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API.

Given this information, which of the following is a noted risk?

Feature delay due to extended software development cycles
Feature delay due to extended software development cycles
Financial liability from a vendor data breach
Financial liability from a vendor data breach
Technical impact to the API configuration
Technical impact to the API configuration
The possibility of the vendor's business ceasing operations
The possibility of the vendor's business ceasing operations
Suggested answer: A
asked 02/10/2024
Vahit Erciyas
46 questions

Question 155

Report Export Collapse

A cybersecurity analyst discovered a private key that could have been exposed.

Which of the following is the BEST way for the analyst to determine if the key has been compromised?

HSTS
HSTS
CRL
CRL
CSRs
CSRs
OCSP
OCSP
Suggested answer: C
asked 02/10/2024
nico farina
45 questions

Question 156

Report Export Collapse

A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:

Must have a minimum of 15 characters

Must use one number

Must use one capital letter

Must not be one of the last 12 passwords used

Which of the following policies should be added to provide additional security?

Shared accounts
Shared accounts
Password complexity
Password complexity
Account lockout
Account lockout
Password history
Password history
Time-based logins
Time-based logins
Suggested answer: C
asked 02/10/2024
Muhammad Gul
46 questions

Question 157

Report Export Collapse

A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.

When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the network?

Packets that are the wrong size or length
Packets that are the wrong size or length
Use of any non-DNP3 communication on a DNP3 port
Use of any non-DNP3 communication on a DNP3 port
Multiple solicited responses over time
Multiple solicited responses over time
Application of an unsupported encryption algorithm
Application of an unsupported encryption algorithm
Suggested answer: C
asked 02/10/2024
Aur ROULIC
38 questions

Question 158

Report Export Collapse

A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.

Which of the following techniques would BEST support this?

Configuring systemd services to run automatically at startup
Configuring systemd services to run automatically at startup
Creating a backdoor
Creating a backdoor
Exploiting an arbitrary code execution exploit
Exploiting an arbitrary code execution exploit
Moving laterally to a more authoritative server/service
Moving laterally to a more authoritative server/service
Suggested answer: B
asked 02/10/2024
SAI CHARAN TANGELLA
39 questions

Question 159

Report Export Collapse

Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.

Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?

Drive wiping
Drive wiping
Degaussing
Degaussing
Purging
Purging
Physical destruction
Physical destruction
Suggested answer: B
asked 02/10/2024
Mounir Mrabet
45 questions

Question 160

Report Export Collapse

A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.

Which of the following offers an authoritative decision about whether the evidence was obtained legally?

Lawyers
Lawyers
Court
Court
Upper management team
Upper management team
Police
Police
Suggested answer: A
asked 02/10/2024
Nadja Burkart
36 questions
Total 564 questions
Go to page: of 57
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis. A security engineer is concerned about the security of the solution and notes the following. * The critical devise send cleartext logs to the aggregator. * The log aggregator utilize full disk encryption. * The log aggregator sends to the analysis server via port 80. * MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely. * The data is compressed and encrypted prior to being achieved in the cloud. Which of the following should be the engineer's GREATEST concern?
Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?