ExamGecko
Login
Home / CompTIA / CAS-004 / List of questions
Ask Question

CompTIA CAS-004 Practice Test - Questions Answers, Page 22

List of questions

Question 211

Report Export Collapse

An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security?

Limit access to the system using a jump box.
Limit access to the system using a jump box.
Place the new system and legacy system on separate VLANs
Place the new system and legacy system on separate VLANs
Deploy the legacy application on an air-gapped system.
Deploy the legacy application on an air-gapped system.
Implement MFA to access the legacy system.
Implement MFA to access the legacy system.
Suggested answer: C
asked 02/10/2024
HAO KANG SUNG
41 questions

Question 212

Report Export Collapse

A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue. Which of the following security configurations is MOST likely the cause of the error?

HSTS
HSTS
TLS 1.2
TLS 1.2
Certificate pinning
Certificate pinning
Client authentication
Client authentication
Suggested answer: A
asked 02/10/2024
Ferran Ortega Torrabadell
39 questions

Question 213

Report Export Collapse

A company security engineer arrives at work to face the following scenario:

1) Website defacement

2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand

3) A Job offer from the company's competitor

4) A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data

Which of the following threat actors Is MOST likely involved?

Organized crime
Organized crime
Script kiddie
Script kiddie
APT/nation-state
APT/nation-state
Competitor
Competitor
Suggested answer: C
Explanation:

An Advanced Persistent Threat (APT) is an attack that is targeted, well-planned, and conducted over a long period of time by a nation-state actor. The evidence provided in the scenario indicates that the security analyst has identified a foreign adversary, which is strong evidence that an APT/nation-state actor is responsible for the attack. Resources:

CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 5: ''Advanced Persistent Threats,'' Wiley, 2018.https://www.wiley.com/en-us/CompTIA+Advanced+Security+Practitioner+CASP%2B+Study+Guide%2C+2nd+Edition-p-9781119396582

asked 02/10/2024
Andre Beary
31 questions

Question 214

Report Export Collapse

A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:

CompTIA CAS-004 image Question 214 94182 10022024175035000000

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

A) Personal health information: Inform the human resources department of the breach and review the DLP logs.

B) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.

C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.

D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

Option A
Option A
Option B
Option B
Option C
Option C
Option D
Option D
Suggested answer: D
asked 02/10/2024
Luis Marino
36 questions

Question 215

Report Export Collapse

A company wants to improve Its active protection capabilities against unknown and zero-day malware. Which of the following Is the MOST secure solution?

NIDS
NIDS
Application allow list
Application allow list
Sandbox detonation
Sandbox detonation
Endpoint log collection
Endpoint log collection
HIDS
HIDS
Suggested answer: C
asked 02/10/2024
Kong Yew Kuen
41 questions

Question 216

Report Export Collapse

A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements:

Work at the application layer

Send alerts on attacks from both privileged and malicious users

Have a very low false positive

Which of the following should the architect recommend?

FIM
FIM
WAF
WAF
NIPS
NIPS
DAM
DAM
UTM
UTM
Suggested answer: D
asked 02/10/2024
Rajesh Tripathy
33 questions

Question 217

Report Export Collapse

A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?

. Accept

. Avoid

Transfer
Transfer
Mitigate
Mitigate
Suggested answer:
asked 02/10/2024
Phuong Pham
44 questions

Question 218

Report Export Collapse

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

SDLC attack
SDLC attack
Side-load attack
Side-load attack
Remote code signing
Remote code signing
Supply chain attack
Supply chain attack
Suggested answer: D
asked 02/10/2024
Jason Childers
43 questions

Question 219

Report Export Collapse

An organization is assessing the security posture of a new SaaS CRM system that handles sensitive Pll and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:

1- There will be a $20,000 per day revenue loss for each day the system is delayed going into production.

2- The inherent risk is high.

3- The residual risk is low.

4- There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

Apply for a security exemption, as the risk is too high to accept.
Apply for a security exemption, as the risk is too high to accept.
Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.
Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.
Accept the risk, as compensating controls have been implemented to manage the risk.
Accept the risk, as compensating controls have been implemented to manage the risk.
Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.
Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.
Suggested answer: A
asked 02/10/2024
Phanel Xavier
49 questions

Question 220

Report Export Collapse

A company Invested a total of $10 million lor a new storage solution Installed across live on-site datacenters. Fitly percent of the cost of this Investment was for solid-state storage. Due to the high rate of wear on this storage, the company Is estimating that 5% will need to be replaced per year. Which of the following is the ALE due to storage replacement?

$50,000
$50,000
$125,000
$125,000
$250,000
$250,000
$500.000
$500.000
$51,000,000
$51,000,000
Suggested answer: C
asked 02/10/2024
Sivagami Narayanan
53 questions
Total 564 questions
Go to page: of 57
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis. A security engineer is concerned about the security of the solution and notes the following. * The critical devise send cleartext logs to the aggregator. * The log aggregator utilize full disk encryption. * The log aggregator sends to the analysis server via port 80. * MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely. * The data is compressed and encrypted prior to being achieved in the cloud. Which of the following should be the engineer's GREATEST concern?
Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?