ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 29

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?

Question 281

Report
Export
Collapse

A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Select THREE).

A.
Least privilege
A.
Least privilege
Answers
B.
VPN
B.
VPN
Answers
C.
Policy automation
C.
Policy automation
Answers
D.
PKI
D.
PKI
Answers
E.
Firewall
E.
Firewall
Answers
F.
Continuous validation
F.
Continuous validation
Answers
G.
Continuous integration
G.
Continuous integration
Answers
H.
laas
H.
laas
Answers
Suggested answer: A, C, F

Explanation:


A) Least privilege is a principle that states that every entity or resource should only have the minimum level of access or permissions necessary to perform its function. Least privilege can help enforce granular and dynamic policies that limit the exposure and impact of potential breaches. Least privilege can also help prevent privilege escalation and abuse by malicious insiders or compromised accounts.

C) Policy automation is a process that enables the creation, enforcement, and management of security policies using automated tools and workflows. Policy automation can help simplify and streamline the implementation of zero trust architecture by reducing human errors, inconsistencies, and delays. Policy automation can also help adapt to changing conditions and requirements by updating and applying policies in real time.

F) Continuous validation is a process that involves verifying the identity, context, and risk level of every request and transaction throughout its lifecycle. Continuous validation can help ensure that only authorized and legitimate requests and transactions are allowed to access or transfer data. Continuous validation can also help detect and respond to anomalies or threats by revoking access or terminating sessions if the risk level changes.

B) VPN is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. VPN stands for Virtual Private Network, which is a technology that creates a secure tunnel between a device and a network over the internet. VPN can provide confidentiality, integrity, and authentication for network communications, but it does not provide zero trust security by itself. VPN still relies on network-based perimeters and does not verify every request or transaction at a granular level.

D) PKI is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. PKI stands for Public Key Infrastructure, which is a system that manages the creation, distribution, and verification of certificates. Certificates are digital documents that contain public keys and identity information of their owners. Certificates can be used to prove the identity and authenticity of the certificate holders, as well as to encrypt and sign data. PKI can provide encryption and authentication for data communications, but it does not provide zero trust security by itself. PKI still relies on trusted authorities and does not verify every request or transaction at a granular level.

E) Firewall is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. Firewall is a device or software that monitors and controls incoming and outgoing network traffic based on predefined rules. Firewall can provide protection against unauthorized or malicious network access, but it does not provide zero trust security by itself. Firewall still relies on network-based perimeters and does not verify every request or transaction at a granular level.

G) Continuous integration is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. Continuous integration is a software development practice that involves merging code changes from multiple developers into a shared repository frequently and automatically. Continuous integration can help improve the quality, reliability, and performance of software products, but it does not provide zero trust security by itself. Continuous integration still relies on code-based quality assurance and does not verify every request or transaction at a granular level.

H) IaaS is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. IaaS stands for Infrastructure as a Service, which is a cloud computing model that provides virtualized computing resources over the internet. IaaS can provide scalability, flexibility, and cost-efficiency for IT infrastructure, but it does not provide zero trust security by itself. IaaS still relies on cloud-based security controls and does not verify every request or transaction at a granular level. (Need Quick help to double verify the Answers that based on CompTIA CASP+ documents and resources) Give me following format: Question no: (Number only) Correct Answer: (Answer option in bold)


Least privilege, policy automation, and continuous validation are some of the key elements that need to be implemented to achieve the objective of transitioning to a zero trust architecture. Zero trust architecture is a security model that assumes no implicit trust for any entity or resource, regardless of their location or ownership. Zero trust architecture requires verifying every request and transaction before granting access or allowing data transfer. Zero trust architecture also requires minimizing the attack surface and reducing the risk of lateral movement by attackers.

Short but Comprehensive Explanation of Correct Answer Only: (Short Explanation based on CompTIA CASP+ documents and resources)

Verified

Reference: (Related URLs AND Make sure Links are working and verified references)

Question 282

Report
Export
Collapse

A security administrator wants to detect a potential forged sender claim in tt-e envelope of an email. Which of the following should the security administrator implement? (Select TWO).

A.
MX record
A.
MX record
Answers
B.
DMARC
B.
DMARC
Answers
C.
SPF
C.
SPF
Answers
D.
DNSSEC
D.
DNSSEC
Answers
E.
S/MIME
E.
S/MIME
Answers
F.
TLS
F.
TLS
Answers
Suggested answer: B, C

Explanation:

DMARC (Domain-based Message Authentication, Reporting and Conformance) and SPF (Sender Policy Framework) are two mechanisms that can help detect and prevent email spoofing, which is the creation of email messages with a forged sender address. DMARC allows a domain owner to publish a policy that specifies how receivers should handle messages that fail authentication tests, such as SPF or DKIM (DomainKeys Identified Mail). SPF allows a domain owner to specify which mail servers are authorized to send email on behalf of their domain. By checking the DMARC and SPF records of the sender's domain, a receiver can verify if the email is from a legitimate source or not. Verified

Reference:

https://en.wikipedia.org/wiki/Email_spoofing

https://en.wikipedia.org/wiki/DMARC

https://en.wikipedia.org/wiki/Sender_Policy_Framework

Question 283

Report
Export
Collapse

During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that

was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

A.
Order of volatility
A.
Order of volatility
Answers
B.
Chain of custody
B.
Chain of custody
Answers
C.
Verification
C.
Verification
Answers
D.
Secure storage
D.
Secure storage
Answers
Suggested answer: A

Explanation:

Order of volatility is a procedure that a computer forensics examiner must follow during evidence collection. It refers to the order in which digital evidence is collected, starting with the most volatile and moving to the least volatile. Volatile data is data that is not permanent and is easily lost, such as data in memory when you turn off a computer. The security analyst should have followed the order of volatility to preserve the most fragile evidence first, such as the malicious script running as a background process, before turning off the infected machine. Verified

Reference:

https://www.computer-forensics-recruiter.com/order-of-volatility/

https://www.sans.org/blog/best-practices-in-digital-evidence-collection/

https://blogs.getcertifiedgetahead.com/order-of-volatility/

Question 284

Report
Export
Collapse

Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the

website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect

recommend?

A.
Adding more nodes to the web server clusters
A.
Adding more nodes to the web server clusters
Answers
B.
Changing the cipher algorithm used on the web server
B.
Changing the cipher algorithm used on the web server
Answers
C.
Implementing OCSP stapling on the server
C.
Implementing OCSP stapling on the server
Answers
D.
Upgrading to TLS 1.3
D.
Upgrading to TLS 1.3
Answers
Suggested answer: C

Explanation:

OCSP stapling is a solution that allows the web server to provide a time-stamped OCSP response signed by the CA along with the certificate during the TLS handshake, eliminating the need for the client to contact the CA separately to validate the certificate. OCSP stapling can reduce the delay caused by the certificate validation process by saving a round-trip between the client and the CA. It can also improve the security and privacy of the certificate validation by preventing potential attacks or tracking by malicious third parties. Verified

Reference:

https://en.wikipedia.org/wiki/OCSP_stapling

https://www.digicert.com/knowledgebase/ssl-certificates/ssl-general-topics/what-is-ocsp-stapling.html

https://www.entrust.com/knowledgebase/ssl/online-certificate-status-protocol-ocsp-stapling

Question 285

Report
Export
Collapse

A pharmaceutical company was recently compromised by ransomware. Given the following EDR output from the process investigation:

On which of the following devices and processes did the ransomware originate?

A.
cpt-ws018, powershell.exe
A.
cpt-ws018, powershell.exe
Answers
B.
cpt-ws026, DearCry.exe
B.
cpt-ws026, DearCry.exe
Answers
C.
cpt-ws002, NO-AV.exe
C.
cpt-ws002, NO-AV.exe
Answers
D.
cpt-ws026, NO-AV.exe
D.
cpt-ws026, NO-AV.exe
Answers
E.
cpt-ws002, DearCry.exe
E.
cpt-ws002, DearCry.exe
Answers
Suggested answer: D

Explanation:

The EDR output shows the process tree of the ransomware infection. The root node is NO-AV.exe, which is a malicious executable that disables antivirus software and downloads the DearCry ransomware. The NO-AV.exe process was launched on cpt-ws026 by a user named John. The DearCry.exe process was then launched on cpt-ws026 by NO-AV.exe and propagated to other devices via SMB. Therefore, the ransomware originated from cpt-ws026 and NO-AV.exe. Verified

Reference:

https://www.microsoft.com/security/blog/2021/03/12/analyzing-dearcry-ransomware-the-first-attack-to-exploit-exchange-server-vulnerabilities/

https://www.crowdstrike.com/blog/dearcry-ransomware-analysis/

Question 286

Report
Export
Collapse

A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:

* Maintain customer trust

* Minimize data leakage

* Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

A.
Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.
A.
Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.
Answers
B.
Disable file exchange, enable watermarking, and enable the user authentication requirement.
B.
Disable file exchange, enable watermarking, and enable the user authentication requirement.
Answers
C.
Enable end-to-end encryption, disable video recording, and disable file exchange.
C.
Enable end-to-end encryption, disable video recording, and disable file exchange.
Answers
D.
Enable watermarking, enable the user authentication requirement, and disable video recording.
D.
Enable watermarking, enable the user authentication requirement, and disable video recording.
Answers
Suggested answer: B

Explanation:

Disabling file exchange can help to minimize data leakage by preventing users from sharing sensitive documents or data through the videoconferencing platform. Enabling watermarking can help to maintain customer trust and ensure non-repudiation by adding a visible or invisible mark to the video stream that identifies the source or owner of the content. Enabling the user authentication requirement can help to secure the videoconferencing sessions by verifying the identity of the participants and preventing unauthorized access. Verified

Reference:

https://www.rev.com/blog/marketing/follow-these-7-video-conferencing-security-best-practices

https://www.paloaltonetworks.com/blog/2020/04/network-video-conferencing-security/

https://www.megameeting.com/news/best-practices-secure-video-conferencing/

Question 287

Report
Export
Collapse

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead and be resistant to offline password attacks. Which of the following should the security consultant recommend?

A.
WPA2-Preshared Key
A.
WPA2-Preshared Key
Answers
B.
WPA3-Enterprise
B.
WPA3-Enterprise
Answers
C.
WPA3-Personal
C.
WPA3-Personal
Answers
D.
WPA2-Enterprise
D.
WPA2-Enterprise
Answers
Suggested answer: C

Explanation:

WPA3-Personal is a simple, secure solution for a small business with a single access point. It uses a new security protocol called Simultaneous Authentication of Equals (SAE), which replaces the Pre-Shared Key (PSK) exchange with a more secure way to do initial key exchange. SAE also provides forward secrecy, which means that even if the password is compromised, the attacker cannot decrypt past or future data. WPA3-Personal also uses AES-128 in CCM mode as the minimum encryption algorithm, which is resistant to offline password attacks. WPA3-Personal requires low administrative overhead and supports a single SSID with no guest access. Verified

Reference:

https://www.diffen.com/difference/WPA2_vs_WPA3

https://www.thewindowsclub.com/wpa3-personal-enterprise-wi-fi-encryption

https://www.teldat.com/blog/wpa3-wi-fi-network-security-wpa3-personal-wpa3-enterprise/

Question 288

Report
Export
Collapse

A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways:

* Five numerical digits followed by a dash, followed by four numerical digits; or

* Five numerical digits

When one of these IOCs is identified, the online process stops working. Which of the following regular expressions should be implemented in the NIPS?

A.
^\d{4}(-\d{5})?$
A.
^\d{4}(-\d{5})?$
Answers
B.
^\d{5}(-\d{4})?$
B.
^\d{5}(-\d{4})?$
Answers
C.
^\d{5-4}$
C.
^\d{5-4}$
Answers
D.
^\d{9}$
D.
^\d{9}$
Answers
Suggested answer: B

Question 289

Report
Export
Collapse

An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following

data:

* Clients successfully establish TLS connections to web services provided by the server.

* After establishing the connections, most client connections are renegotiated

* The renegotiated sessions use cipher suite SHR.

Which of the following is the MOST likely root cause?

A.
The clients disallow the use of modern cipher suites
A.
The clients disallow the use of modern cipher suites
Answers
B.
The web server is misconfigured to support HTTP/1.1.
B.
The web server is misconfigured to support HTTP/1.1.
Answers
C.
A ransomware payload dropper has been installed
C.
A ransomware payload dropper has been installed
Answers
D.
An entity is performing downgrade attacks on path
D.
An entity is performing downgrade attacks on path
Answers
Suggested answer: D

Explanation:

A downgrade attack is a type of man-in-the-middle attack that forces two hosts to use an older or weaker version of the TLS protocol or its parameters. The attacker does this by replacing or deleting the STARTTLS command or exploiting the compatibility features of the protocol. The purpose of the attack is to create a pathway for enabling a cryptographic attack that would not be possible in case of a connection that is encrypted over the latest version of TLS protocol. The IOC shows that most client connections are renegotiated after establishing the connections, which could indicate that an entity is performing downgrade attacks on path by interfering with the initial handshake and making the client and server agree on a lower version of TLS or a weaker cipher suite. Verified

Reference:

https://en.wikipedia.org/wiki/Downgrade_attack

https://crypto.stackexchange.com/questions/10493/why-is-tls-susceptible-to-protocol-downgrade-attacks

https://venafi.com/blog/preventing-downgrade-attacks/

Question 290

Report
Export
Collapse

Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?

A.
Initiate a legal hold.
A.
Initiate a legal hold.
Answers
B.
Refer to the retention policy
B.
Refer to the retention policy
Answers
C.
Perform e-discovery.
C.
Perform e-discovery.
Answers
D.
Review the subpoena
D.
Review the subpoena
Answers
Suggested answer: A

Explanation:

A legal hold is a process by which an organization instructs its employees or other relevant parties to preserve specific data for potential litigation. A legal hold is triggered when litigation is reasonably anticipated, such as when law enforcement officials inform an organization that an investigation has begun. The first step the organization should take is to initiate a legal hold to ensure that relevant evidence is not deleted, destroyed, or altered. A legal hold also demonstrates the organization's good faith and compliance with its duty to preserve evidence. Verified

Reference:

https://percipient.co/litigation-hold-triggers-and-the-duty-to-preserve-evidence/

https://www.everlaw.com/blog/ediscovery-best-practices/guide-to-legal-holds/

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms