CompTIA CAS-004 Practice Test - Questions Answers, Page 29

A security administrator wants to detect a potential forged sender claim in tt-e envelope of an email. Which of the following should the security administrator implement? (Select TWO).

During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that

was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the

website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect

recommend?

A pharmaceutical company was recently compromised by ransomware. Given the following EDR output from the process investigation:

On which of the following devices and processes did the ransomware originate?

A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:

* Maintain customer trust

* Minimize data leakage

* Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead and be resistant to offline password attacks. Which of the following should the security consultant recommend?

A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways:

* Five numerical digits followed by a dash, followed by four numerical digits; or

* Five numerical digits

When one of these IOCs is identified, the online process stops working. Which of the following regular expressions should be implemented in the NIPS?

An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following

data:

* Clients successfully establish TLS connections to web services provided by the server.

* After establishing the connections, most client connections are renegotiated

* The renegotiated sessions use cipher suite SHR.

Which of the following is the MOST likely root cause?

Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?