ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 26

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?

Question 251

Report
Export
Collapse

A software development company is building a new mobile application for its social media platform. The company wants to gain its Users' rust by reducing the risk of on-path attacks between the mobile client and its servers and

by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

* Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

A.
Quick UDP internet connection
A.
Quick UDP internet connection
Answers
B.
OCSP stapling
B.
OCSP stapling
Answers
C.
Private CA
C.
Private CA
Answers
D.
DNSSEC
D.
DNSSEC
Answers
E.
CRL
E.
CRL
Answers
F.
HSTS
F.
HSTS
Answers
G.
Distributed object model
G.
Distributed object model
Answers
Suggested answer: B, F

Explanation:

OCSP stapling and HSTS are the best options to meet the requirements of reducing the risk of on-path attacks and implementing stronger digital trust. OCSP stapling allows the social media servers to improve TLS performance by sending a signed certificate status along with the certificate, eliminating the need for the client to contact the CA separately. HSTS allows the social media servers to inform the client to only use HTTPS and prevent downgrade attacks.

Question 252

Report
Export
Collapse

Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

A.
Modify the ACLS.
A.
Modify the ACLS.
Answers
B.
Review the Active Directory.
B.
Review the Active Directory.
Answers
C.
Update the marketing department's browser.
C.
Update the marketing department's browser.
Answers
D.
Reconfigure the WAF.
D.
Reconfigure the WAF.
Answers
Suggested answer: A

Explanation:

Modifying the ACLs (access control lists) is the most likely solution to avoid the intermittent access issues with the new cloud application. ACLs are used to define permissions for different users and groups to access resources on a network. The problem may be caused by incorrect or missing ACLs for the marketing department that prevent them from accessing the cloud application or its data sources. The other options are either irrelevant or less effective for the given scenario.

Question 253

Report
Export
Collapse

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

A.
E-discovery
A.
E-discovery
Answers
B.
Review analysis
B.
Review analysis
Answers
C.
Information governance
C.
Information governance
Answers
D.
Chain of custody
D.
Chain of custody
Answers
Suggested answer: A

Explanation:

E-discovery is the process of searching and collecting evidence during an investigation or lawsuit. E-discovery involves identifying, preserving, processing, reviewing, analyzing, and producing electronically stored information (ESI) that is relevant for a legal case or investigation. E-discovery can be used to find evidence in email, business communications, social media, online documents, databases, and other digital sources.The other options are either irrelevant or less effective for the given scenario

Question 254

Report
Export
Collapse

Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a better picture of the risk while adhering to the organization's policy?

A.
Align the exploitability metrics to the predetermined system categorization.
A.
Align the exploitability metrics to the predetermined system categorization.
Answers
B.
Align the remediation levels to the predetermined system categorization.
B.
Align the remediation levels to the predetermined system categorization.
Answers
C.
Align the impact subscore requirements to the predetermined system categorization.
C.
Align the impact subscore requirements to the predetermined system categorization.
Answers
D.
Align the attack vectors to the predetermined system categorization.
D.
Align the attack vectors to the predetermined system categorization.
Answers
Suggested answer: C

Explanation:

Aligning the impact subscore requirements to the predetermined system categorization can help the analyst get a better picture of the risk while adhering to the organization's policy. The impact subscore is one of the components of the CVSS base score, which reflects the severity of a vulnerability. The impact subscore is calculated based on three metrics: confidentiality, integrity, and availability. These metrics can be adjusted according to the system categorization, which defines the security objectives and requirements for a system based on its potential impact on an organization's operations and assets. By aligning the impact subscore requirements to the system categorization, the analyst can ensure that the CVSS scores reflect the true impact of a vulnerability on a specific system and prioritize remediation accordingly.

Question 255

Report
Export
Collapse

A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs. Which of the following would be the MOST secure way to dispose of the SSDs given the CISO's concern?

A.
Degaussing
A.
Degaussing
Answers
B.
Overwiting
B.
Overwiting
Answers
C.
Shredding
C.
Shredding
Answers
D.
Formatting
D.
Formatting
Answers
E.
Incinerating
E.
Incinerating
Answers
Suggested answer: C

Explanation:

Shredding is the most secure way to dispose of the SSDs given the CISO's concern. Shredding involves physically destroying the SSDs by cutting them into small pieces that make the data unrecoverable. Shredding is the ultimate data destruction method for both HDDs and SSDs, as it ensures that no data remanence is left on the media.

Question 256

Report
Export
Collapse

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

Code Snippet 1

Code Snippet 2

Vulnerability 1:

SQL injection

Cross-site request forgery

Server-side request forgery

Indirect object reference

Cross-site scripting

Fix 1:

Perform input sanitization of the userid field.

Perform output encoding of queryResponse,

Ensure usex:ia belongs to logged-in user.

Inspect URLS and disallow arbitrary requests.

Implement anti-forgery tokens.

Vulnerability 2

1) Denial of service

2) Command injection

3) SQL injection

4) Authorization bypass

5) Credentials passed via GET

Fix 2

A) Implement prepared statements and bind variables.

B) Remove the serve_forever instruction.

C) Prevent the 'authenticated' value from being overridden by a GET parameter.

D) HTTP POST should be used for sensitive parameters.

E) Perform input sanitization of the userid field.

A.
See below explanation
A.
See below explanation
Answers
Suggested answer: A

Explanation:


Code Snippet 1

Vulnerability 1:SQL injection

SQL injection is a type of attack that exploits a vulnerability in the code that interacts with a database. An attacker can inject malicious SQL commands into the input fields, such as username or password, and execute them on the database server. This can result in data theft, data corruption, or unauthorized access.

Fix 1:Perform input sanitization of the userid field.

Input sanitization is a technique that prevents SQL injection by validating and filtering the user input values before passing them to the database. The input sanitization should remove any special characters, such as quotes, semicolons, or dashes, that can alter the intended SQL query. Alternatively, the input sanitization can use a whitelist of allowed values and reject any other values.


Code Snippet 2

Vulnerability 2:Cross-site request forgery

Cross-site request forgery (CSRF) is a type of attack that exploits a vulnerability in the code that handles web requests. An attacker can trick a user into sending a malicious web request to a server that performs an action on behalf of the user, such as changing their password, transferring funds, or deleting data. This can result in unauthorized actions, data loss, or account compromise.

Fix 2:Implement anti-forgery tokens.

Anti-forgery tokens are techniques that prevent CSRF by adding a unique and secret value to each web request that is generated by the server and verified by the server before performing the action. The anti-forgery token should be different for each user and each session, and should not be predictable or reusable by an attacker. This way, only legitimate web requests from the user's browser can be accepted by the server.

Question 257

Report
Export
Collapse

An analyst received a list of IOCs from a government agency. The attack has the following characteristics:

1- The attack starts with bulk phishing.

2- If a user clicks on the link, a dropper is downloaded to the computer.

3- Each of the malware samples has unique hashes tied to the user.

The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use?

A.
Update the incident response plan.
A.
Update the incident response plan.
Answers
B.
Blocklist the executable.
B.
Blocklist the executable.
Answers
C.
Deploy a honeypot onto the laptops.
C.
Deploy a honeypot onto the laptops.
Answers
D.
Detonate in a sandbox.
D.
Detonate in a sandbox.
Answers
Suggested answer: D

Explanation:

Detonating the malware in a sandbox is the best way to analyze its behavior and determine whether the existing endpoint controls are effective. A sandbox is an isolated environment that mimics a real system but prevents any malicious actions from affecting the actual system. By detonating the malware in a sandbox, the analyst can observe how it interacts with the system, what files it creates or modifies, what network connections it establishes, and what indicators of compromise it exhibits. This can help the analyst identify the malware's capabilities, objectives, and weaknesses. A sandbox can also help the analyst compare different malware samples and determine if they are related or part of the same campaign.

Question 258

Report
Export
Collapse

A software company is developing an application in which data must be encrypted with a cipher that requires the following:

* Initialization vector

* Low latency

* Suitable for streaming

Which of the following ciphers should the company use?

A.
Cipher feedback
A.
Cipher feedback
Answers
B.
Cipher block chaining message authentication code
B.
Cipher block chaining message authentication code
Answers
C.
Cipher block chaining
C.
Cipher block chaining
Answers
D.
Electronic codebook
D.
Electronic codebook
Answers
Suggested answer: A

Explanation:

Cipher feedback (CFB) is a mode of operation for block ciphers that allows them to encrypt streaming data. CFB uses an initialization vector (IV) and a block cipher to generate a keystream that is XORed with the plaintext to produce the ciphertext. CFB has low latency because it can encrypt each byte or bit of plaintext as soon as it arrives, without waiting for a full block. CFB is suitable for streaming data because it does not require padding or block synchronization.

B. Cipher block chaining message authentication code (CBC-MAC) is a mode of operation for blockciphers that provides both encryption and authentication. CBC-MAC uses an IV and a block cipher toencrypt the plaintext and generate a MAC value that is appended to the ciphertext. CBC-MAC hashigh latency because it requires the entire message to be processed before generating the MACvalue. CBC-MAC is not suitable for streaming data because it requires padding and blocksynchronization.C. Cipher block chaining (CBC) is a mode of operation for block ciphers that provides encryption only.CBC uses an IV and a block cipher to encrypt each block of plaintext by XORing it with the previousciphertext block. CBC has high latency because it requires a full block of plaintext before encryption.CBC is not suitable for streaming data because it requires padding and block synchronization.D. Electronic codebook (ECB) is a mode of operation for block ciphers that provides encryption only.ECB uses a block cipher to encrypt each block of plaintext independently. ECB has low latencybecause it can encrypt each block of plaintext as soon as it arrives. However, ECB is not suitable forstreaming data because it requires padding and block synchronization. Moreover, ECB is insecurebecause it does not use an IV and produces identical ciphertext blocks for identical plaintext blocks.

Question 259

Report
Export
Collapse

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

A.
Deploying a WAF signature
A.
Deploying a WAF signature
Answers
B.
Fixing the PHP code
B.
Fixing the PHP code
Answers
C.
Changing the web server from HTTPS to HTTP
C.
Changing the web server from HTTPS to HTTP
Answers
D.
UsingSSLv3
D.
UsingSSLv3
Answers
E.
Changing the code from PHP to ColdFusion
E.
Changing the code from PHP to ColdFusion
Answers
F.
Updating the OpenSSL library
F.
Updating the OpenSSL library
Answers
Suggested answer: A, F

Explanation:


B) Fixing the PHP code is not a way to resolve or mitigate the Heartbleed vulnerability, because the vulnerability is not in the PHP code, but in the OpenSSL library that handles the SSL/TLS encryption for the web server.

C) Changing the web server from HTTPS to HTTP is not a way to resolve or mitigate the Heartbleed vulnerability, because it would expose all the web traffic to eavesdropping and tampering by attackers. HTTPS provides confidentiality, integrity, and authentication for web communications, and should not be disabled for security reasons.

D) Using SSLv3 is not a way to resolve or mitigate the Heartbleed vulnerability, because SSLv3 is an outdated and insecure protocol that has been deprecated and replaced by TLS. SSLv3 does not support modern cipher suites, encryption algorithms, or security features, and is vulnerable to various attacks, such as POODLE.

E) Changing the code from PHP to ColdFusion is not a way to resolve or mitigate the Heartbleed vulnerability, because the vulnerability is not related to the programming language of the web application, but to the OpenSSL library that handles the SSL/TLS encryption for the web server. https://owasp.org/www-community/vulnerabilities/Heartbleed_Bug https://heartbleed.com/

Deploying a web application firewall (WAF) signature is a way to detect and block attempts to exploit the Heartbleed vulnerability on the web server. A WAF signature is a pattern that matches a known attack vector, such as a malicious heartbeat request. By deploying a WAF signature, the company can protect its web application from Heartbleed attacks until the underlying vulnerability is fixed.

Updating the OpenSSL library is the ultimate way to fix and mitigate the Heartbleed vulnerability. The OpenSSL project released version 1.0.1g on April 7, 2014, which patched the bug by adding a bounds check to the heartbeat function. By updating the OpenSSL library on the web server, the company can eliminate the vulnerability and prevent any future exploitation.

Question 260

Report
Export
Collapse

A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client's systems?

A.
The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.
A.
The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.
Answers
B.
The change control board must review and approve a submission.
B.
The change control board must review and approve a submission.
Answers
C.
The information system security officer provides the systems engineer with the system updates.
C.
The information system security officer provides the systems engineer with the system updates.
Answers
D.
The security engineer asks the project manager to review the updates for the client's system.
D.
The security engineer asks the project manager to review the updates for the client's system.
Answers
Suggested answer: B

Explanation:


A) The implementation engineer requesting direct approval from the systems engineer and the Chief Information Security Officer is not a correct process for requesting updates or corrections to the client's systems, because it bypasses the change control board and the project manager. This could lead to unauthorized changes that could compromise the project's objectives and deliverables.

C) The information system security officer providing the systems engineer with the system updates is not a correct process for requesting updates or corrections to the client's systems, because it does not involve the change control board or the project manager. This could lead to unauthorized changes that could introduce security vulnerabilities or conflicts with other system components.

D) The security engineer asking the project manager to review the updates for the client's system is not a correct process for requesting updates or corrections to the client's systems, because it does not involve the change control board. The project manager is responsible for facilitating the change management process, but not for approving or rejecting change requests. https://www.projectmanager.com/blog/change-control-board-roles-responsibilities-processes

The change control board (CCB) is a committee that consists of subject matter experts and managers who decide whether to implement proposed changes to a project. The change control board is part of the change management plan, which defines the roles and processes for managing change within a team or organization. The change control board must review and approve a submission for any change request that affects the scope, schedule, budget, quality, or risks of the project. The change control board evaluates the impact and benefits of the change request and decides whether to accept, reject, or defer it.

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms