ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 24

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?

Question 231

Report
Export
Collapse

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card dat a.

Which of the following commands should the analyst run to BEST determine whether financial data was lost?

A.
Option A
A.
Option A
Answers
B.
Option B
B.
Option B
Answers
C.
Option C
C.
Option C
Answers
D.
Option D
D.
Option D
Answers
Suggested answer: C

Question 232

Report
Export
Collapse

A security architect is tasked with scoping a penetration test that will start next month. The architect wants to define what security controls will be impacted. Which of the following would be the BEST document to consult?

A.
Rules of engagement
A.
Rules of engagement
Answers
B.
Master service agreement
B.
Master service agreement
Answers
C.
Statement of work
C.
Statement of work
Answers
D.
Target audience
D.
Target audience
Answers
Suggested answer: C

Explanation:

The Statement of Work is a document that outlines the scope of the penetration test and defines the objectives, tools, methodology, and targets of the test. It also outlines the security controls that will be impacted by the test and what the expected outcomes are. Additionally, the Statement of Work should include any legal requirements and other considerations that should be taken into account during the penetration test.

Question 233

Report
Export
Collapse

A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for the implementation includes the capability to discover SaaS applications and block access to those

that are unapproved or identified as risky. Which of the following would BEST achieve this objective?


A.
Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.
A.
Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.
Answers
B.
Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies.
B.
Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies.
Answers
C.
Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.
C.
Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.
Answers
D.
Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.
D.
Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.
Answers
Suggested answer: C

Explanation:

The best way to achieve the objective of discovering SaaS applications and blocking access to unapproved or identified as risky ones is to implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy (C). This solution would allow the security architect to inspect all web traffic and enforce access control policies centrally. This solution also allows the security architect to detect and block risky SaaS applications.Reference: CompTIA Advanced Security Practitioner (CASP+) Study Guide: Chapter 1: Network Security Architecture and Design, Section 1.3: Cloud Security.


Question 234

Report
Export
Collapse

An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted C

A.
Which of the following is MOST likely the cause of the signature failing?
A.
Which of the following is MOST likely the cause of the signature failing?
Answers
B.
The NTP server is set incorrectly for the developers.
B.
The NTP server is set incorrectly for the developers.
Answers
C.
The CA has included the certificate in its CRL_
C.
The CA has included the certificate in its CRL_
Answers
D.
The certificate is set for the wrong key usage.
D.
The certificate is set for the wrong key usage.
Answers
E.
Each application is missing a SAN or wildcard entry on the certificate.
E.
Each application is missing a SAN or wildcard entry on the certificate.
Answers
Suggested answer: C

Explanation:

Digital signatures require the use of a cryptographic key pair, which consists of a private key used to sign the application and a public key used to verify the signature. If the certificate used for signing the application is set for the wrong key usage, then the signature will fail. This can happen if the certificate is set for encrypting data instead of signing data, or if the certificate is set for the wrong algorithm, such as using an RSA key for an ECDSA signature.

Question 235

Report
Export
Collapse

A municipal department receives telemetry data from a third-party provider The server collecting telemetry sits in the municipal departments screened network and accepts connections from the third party over HTTPS. The daemon has a code execution vulnerability from a lack of input sanitization of out-of-bound messages, and therefore, the cybersecurity engineers would like to Implement nsk mitigations. Which of the following actions, if combined, would BEST prevent exploitation of this vulnerability? (Select TWO).

A.
Implementing a TLS inspection proxy on-path to enable monitoring and policy enforcement
A.
Implementing a TLS inspection proxy on-path to enable monitoring and policy enforcement
Answers
B.
Creating a Linux namespace on the telemetry server and adding to it the servicing HTTP daemon
B.
Creating a Linux namespace on the telemetry server and adding to it the servicing HTTP daemon
Answers
C.
Installing and configuring filesystem integrity monitoring service on the telemetry server
C.
Installing and configuring filesystem integrity monitoring service on the telemetry server
Answers
D.
Implementing an EDR and alert on Identified privilege escalation attempts to the SIEM
D.
Implementing an EDR and alert on Identified privilege escalation attempts to the SIEM
Answers
E.
Subscribing to a UTM service that enforces privacy controls between the internal network and the screened subnet
E.
Subscribing to a UTM service that enforces privacy controls between the internal network and the screened subnet
Answers
F.
Using the published data schema to monitor and block off nominal telemetry messages
F.
Using the published data schema to monitor and block off nominal telemetry messages
Answers
Suggested answer: A, C

Explanation:

A TLS inspection proxy can be used to monitor and enforce policy on HTTPS connections, ensuring that only valid traffic is allowed through and malicious traffic is blocked. Additionally, a filesystem integrity monitoring service can be installed and configured on the telemetry server to monitor for any changes to the filesystem, allowing any malicious changes to be detected and blocked.

Question 236

Report
Export
Collapse

An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS components. of the following TPM structures enables this storage functionality?

A.
Endorsement tickets
A.
Endorsement tickets
Answers
B.
Clock/counter structures
B.
Clock/counter structures
Answers
C.
Command tag structures with MAC schemes
C.
Command tag structures with MAC schemes
Answers
D.
Platform configuration registers
D.
Platform configuration registers
Answers
Suggested answer: D

Explanation:

TPMs provide the ability to store measurements of code and data that can be used to ensure that code and data remain unchanged over time. This is done through Platform Configuration Registers (PCRs), which are structures used to store measurements of code and data. The measurements are taken during the boot process and can be used to compare the state of the system at different times, which can be used to detect any changes to the system and verify that the system has not been tampered with.

Question 237

Report
Export
Collapse

A company has moved its sensitive workloads lo the cloud and needs to ensure high availability and resiliency of its web-based application. The cloud architecture team was given the following requirements

* The application must run at 70% capacity at all times

* The application must sustain DoS and DDoS attacks.

* Services must recover automatically.

Which of the following should the cloud architecture team implement? (Select THREE).

A.
Read-only replicas
A.
Read-only replicas
Answers
B.
BCP
B.
BCP
Answers
C.
Autoscaling
C.
Autoscaling
Answers
D.
WAF
D.
WAF
Answers
E.
CDN
E.
CDN
Answers
F.
Encryption
F.
Encryption
Answers
G.
Continuous snapshots
G.
Continuous snapshots
Answers
H.
Containenzation
H.
Containenzation
Answers
Suggested answer: C, D, F

Explanation:

The cloud architecture team should implement Autoscaling (C), WAF (D) and Encryption (F). Autoscaling (C) will ensure that the application is running at 70% capacity at all times. WAF (D) will protect the application from DoS and DDoS attacks. Encryption (F) will protect the data from unauthorized access and ensure that the sensitive workloads remain secure.

Question 238

Report
Export
Collapse

A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations. Which of the following is the BEST course of action to help prevent this situation m the near future?

A.
Establish cross-account trusts to connect all VPCs via API for secure configuration scanning.
A.
Establish cross-account trusts to connect all VPCs via API for secure configuration scanning.
Answers
B.
Migrate the system to another larger, top-tier cloud provider and leverage the additional VPC peering flexibility.
B.
Migrate the system to another larger, top-tier cloud provider and leverage the additional VPC peering flexibility.
Answers
C.
Implement a centralized network gateway to bridge network traffic between all VPCs.
C.
Implement a centralized network gateway to bridge network traffic between all VPCs.
Answers
D.
Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.
D.
Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.
Answers
Suggested answer: A

Explanation:

The BEST course of action for the security analyst to help prevent a similar situation in the near future is to Establish cross-account trusts to connect all VPCs via API for secure configuration scanning (A). Cross-account trusts allow for VPCs to be securely connected for the purpose of secure configuration scanning, which can help to identify and remediate vulnerabilities within the system.

Question 239

Report
Export
Collapse

A software company wants to build a platform by integrating with another company's established product. Which of the following provisions would be MOST important to include when drafting an agreement between the two companies?

A.
Data sovereignty
A.
Data sovereignty
Answers
B.
Shared responsibility
B.
Shared responsibility
Answers
C.
Source code escrow
C.
Source code escrow
Answers
D.
Safe harbor considerations
D.
Safe harbor considerations
Answers
Suggested answer: B

Explanation:

When drafting an agreement between two companies, it is important to clearly define the responsibilities of each party. This is particularly relevant when a software company is looking to integrate with an established product. A shared responsibility agreement ensures that both parties understand their respective responsibilities and are able to work together efficiently and effectively. For example, the software company might be responsible for integrating the product and ensuring it meets user needs, while the established product provider might be responsible for providing ongoing support and maintenance. By outlining these responsibilities in the agreement, both parties can ensure that the platform is built and maintained successfully.

Reference: CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 8, Working with Third Parties.

Question 240

Report
Export
Collapse

A security operations center analyst is investigating anomalous activity between a database server and an unknown external IP address and gathered the following data:

* dbadmin last logged in at 7:30 a.m. and logged out at 8:05 a.m.

* A persistent TCP/6667 connection to the external address was established at 7:55 a.m. The connection is still active.

* Other than bytes transferred to keep the connection alive, only a few kilobytes of data transfer every hour since the start of the connection.

* A sample outbound request payload from PCAP showed the ASCII content: 'JOIN #community'.

Which of the following is the MOST likely root cause?

A.
A SQL injection was used to exfiltrate data from the database server.
A.
A SQL injection was used to exfiltrate data from the database server.
Answers
B.
The system has been hijacked for cryptocurrency mining.
B.
The system has been hijacked for cryptocurrency mining.
Answers
C.
A botnet Trojan is installed on the database server.
C.
A botnet Trojan is installed on the database server.
Answers
D.
The dbadmin user is consulting the community for help via Internet Relay Chat.
D.
The dbadmin user is consulting the community for help via Internet Relay Chat.
Answers
Suggested answer: D

Explanation:

The dbadmin user is consulting the community for help via Internet Relay Chat. The clues in the given information point to the dbadmin user having established an Internet Relay Chat (IRC) connection to an external address at 7:55 a.m. This connection is still active, and only a few kilobytes of data have been transferred since the start of the connection. The sample outbound request payload of 'JOIN #community' also suggests that the user is trying to join an IRC chatroom. This suggests that the dbadmin user is using the IRC connection to consult the community for help with a problem. Therefore, the root cause of the anomalous activity is likely the dbadmin user consulting the community for help via IRC.

Reference: CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 10, Investigating Intrusions and Suspicious Activity.

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms