ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 30

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?

Question 291

Report
Export
Collapse

A company has decided that only administrators are permitted to use PowerShell on their Windows computers. Which of the following is the BEST way for an administrator to implement this decision?

A.
Monitor the Application and Services Logs group within Windows Event Log.
A.
Monitor the Application and Services Logs group within Windows Event Log.
Answers
B.
Uninstall PowerSheII from all workstations.
B.
Uninstall PowerSheII from all workstations.
Answers
C.
Configure user settings in Group Policy.
C.
Configure user settings in Group Policy.
Answers
D.
Provide user education and training.
D.
Provide user education and training.
Answers
E.
Block PowerSheII via HIDS.
E.
Block PowerSheII via HIDS.
Answers
Suggested answer: C

Explanation:

Configuring user settings in Group Policy is the best way for an administrator to implement the decision to restrict PowerShell access to only administrators. Group Policy is a feature of Windows that allows administrators to manage and enforce settings for users and computers in a domain. By using Group Policy, an administrator can create a policy that blocks or disables PowerShell for all users except for a particular group, such as administrators. This policy can be applied to all computers in the domain or to specific organizational units. This method is more effective and manageable than uninstalling PowerShell, monitoring event logs, providing user education, or blocking PowerShell via HIDS. Verified

Reference:

https://www.windowscentral.com/how-disable-powershell-windows-10

https://learn.microsoft.com/en-us/answers/questions/195218/how-to-restrict-powershell-for-all-users-except-fo

https://windowsloop.com/block-disable-powershell/

Question 292

Report
Export
Collapse

The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company's data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored. Which of the following would meet these requirements?

A.
Near-field communication
A.
Near-field communication
Answers
B.
Short Message Service
B.
Short Message Service
Answers
C.
Geofencing
C.
Geofencing
Answers
D.
Bluetooth
D.
Bluetooth
Answers
Suggested answer: C

Explanation:

Geofencing is a location-based service that allows an organization to define and enforce a virtual boundary around a sensitive area, such as a data center. Geofencing can use various technologies, such as GPS, Wi-Fi, cellular data, or RFID, to detect when a mobile device enters or exits the geofence. Geofencing can also trigger certain actions or notifications based on the device's location. For example, the organization can set up a geofencing policy that sends an alert to the CISO and the device user when a mobile device enters the data center area. Geofencing can also be used to restrict access to certain apps or features based on the device's location. Verified

Reference:

https://developer.android.com/training/location/geofencing

https://www.manageengine.com/mobile-device-management/mdm-geofencing.html

https://www.koombea.com/blog/mobile-geofencing/

Question 293

Report
Export
Collapse

A security analyst for a managed service provider wants to implement the most up-to-date and effective security methodologies to provide clients with the best offerings. Which of the following resources would the analyst MOST likely adopt?

A.
OSINT
A.
OSINT
Answers
B.
ISO
B.
ISO
Answers
C.
MITRE ATT&CK
C.
MITRE ATT&CK
Answers
D.
OWASP
D.
OWASP
Answers
Suggested answer: C

Explanation:

MITRE ATT&CK is a threat management framework that provides a comprehensive and detailed knowledge base of adversary tactics and techniques based on real-world observations. It can help security analysts to identify, understand, and prioritize potential threats, as well as to develop effective detection and response strategies. MITRE ATT&CK covers the entire lifecycle of a cyberattack, from initial access to impact, and provides information on how to mitigate, detect, and hunt for each technique. It also includes threat actor profiles, software descriptions, and data sources that can be used for threat intelligence and analysis. MITRE ATT&CK is the most likely resource that a security analyst would adopt to implement the most up-to-date and effective security methodologies for their clients. Verified

Reference:

https://attack.mitre.org/

https://resources.infosecinstitute.com/topic/top-threat-modeling-frameworks-stride-owasp-top-10-mitre-attck-framework/

Question 294

Report
Export
Collapse

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate undefined

Which of the following is the root cause of this issue?

A.
iOS devices have an empty root certificate chain by default.
A.
iOS devices have an empty root certificate chain by default.
Answers
B.
OpenSSL is not configured to support PKCS#12 certificate files.
B.
OpenSSL is not configured to support PKCS#12 certificate files.
Answers
C.
The VPN client configuration is missing the CA private key.
C.
The VPN client configuration is missing the CA private key.
Answers
D.
The iOS keychain imported only the client public and private keys.
D.
The iOS keychain imported only the client public and private keys.
Answers
Suggested answer: D

Explanation:

The root cause of this issue is that the iOS keychain imported only the client public and private keys, but not the CA certificate. A PKCS#12 file (.p12 or .pfx) is a file format that contains a certificate and its private key, optionally protected by a password. A PKCS#12 file can also contain intermediate certificates or root certificates that are needed to verify the certificate chain. However, when importing a PKCS#12 file into the iOS keychain, only the certificate and its private key are imported, not the CA certificate. This means that the iOS device cannot verify the authenticity of the certificate, and displays the error message ''mbedTLS: ca certificate undefined''. To fix this issue, the CA certificate needs to be imported separately into the iOS keychain, either manually or using a configuration profile. Verified

Reference:

https://developer.apple.com/documentation/devicemanagement/certificatepkcs12

https://support.apple.com/guide/deployment/distribute-certificates-depcdc9a6a3f/web

https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-ios-keychain/

Question 295

Report
Export
Collapse

A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:

* Access to critical web services at the edge must be redundant and highly available.

* Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.

* Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.

Which of the following solutions BEST meets these requirements?

A.
Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider
A.
Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider
Answers
B.
Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.
B.
Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.
Answers
C.
Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.
C.
Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.
Answers
D.
Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.
D.
Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.
Answers
Suggested answer: B

Explanation:

Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks is the best solution to meet the requirements. Vendor-diverse redundancy means using different vendors or technologies to provide the same service or function, which can increase the availability and resilience of the service. For example, if one vendor's VPN solution fails due to a zero-day vulnerability, another vendor's VPN solution can take over without affecting the users. Event response driven by playbooks means using predefined workflows or scripts to automate the actions or decisions that need to be taken in response to certain events or triggers. For example, a playbook can define how to switch between different remote access solutions based on certain criteria or conditions, such as performance, availability, security, or manual input. Playbooks can also be integrated with SOAR platforms to leverage their capabilities for orchestration, automation, and response. Verified

Reference:

https://cyware.com/security-guides/security-orchestration-automation-and-response/what-is-vendor-agnostic-security-orchestration-automation-and-response-soar-40e4

https://www.paloaltonetworks.com/cyberpedia/what-is-a-security-playbook

Question 296

Report
Export
Collapse

A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?

A.
Develop an Nmap plug-in to detect the indicator of compromise.
A.
Develop an Nmap plug-in to detect the indicator of compromise.
Answers
B.
Update the organization's group policy.
B.
Update the organization's group policy.
Answers
C.
Include the signature in the vulnerability scanning tool.
C.
Include the signature in the vulnerability scanning tool.
Answers
D.
Deliver an updated threat signature throughout the EDR system
D.
Deliver an updated threat signature throughout the EDR system
Answers
Suggested answer: D

Explanation:

Delivering an updated threat signature throughout the endpoint detection and response (EDR) system is the best way to take advantage of the security solution that uses a sandbox environment to execute zero-day software and collect indicators of compromise. An EDR system is a solution that monitors and analyzes the activities and behaviors of endpoints, such as computers, mobile devices, or servers, and detects and responds to potential threats. An EDR system can use threat signatures, which are patterns or characteristics of known malicious software or attacks, to identify and block malicious activities on endpoints. By delivering an updated threat signature based on the indicators of compromise collected from the sandbox environment, the organization can enhance its EDR system's ability to detect and prevent zero-day attacks that exploit unknown vulnerabilities. Verified

Reference:

https://www.cisco.com/c/en/us/products/security/what-is-endpoint-detection-response.html

https://www.crowdstrike.com/epp-101/what-is-a-sandbox/

Question 297

Report
Export
Collapse

A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.

Which of the following scan types will provide the systems administrator with the MOST accurate information?

A.
A passive, credentialed scan
A.
A passive, credentialed scan
Answers
B.
A passive, non-credentialed scan
B.
A passive, non-credentialed scan
Answers
C.
An active, non-credentialed scan
C.
An active, non-credentialed scan
Answers
D.
An active, credentialed scan
D.
An active, credentialed scan
Answers
Suggested answer: D

Question 298

Report
Export
Collapse

A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.

Which of the following should the security administrator do to mitigate the risk?

A.
Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement.
A.
Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement.
Answers
B.
Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management.
B.
Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management.
Answers
C.
Suggest that the networking team contact the original embedded system's vendor to get an update to the system that does not require Flash.
C.
Suggest that the networking team contact the original embedded system's vendor to get an update to the system that does not require Flash.
Answers
D.
Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.
D.
Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.
Answers
Suggested answer: D

Question 299

Report
Export
Collapse

Given the following log snippet from a web server:

Which of the following BEST describes this type of attack?

A.
SQL injection
A.
SQL injection
Answers
B.
Cross-site scripting
B.
Cross-site scripting
Answers
C.
Brute-force
C.
Brute-force
Answers
D.
Cross-site request forgery
D.
Cross-site request forgery
Answers
Suggested answer: A

Question 300

Report
Export
Collapse

A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information.

The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

A.
The pharmaceutical company
A.
The pharmaceutical company
Answers
B.
The cloud software provider
B.
The cloud software provider
Answers
C.
The web portal software vendor
C.
The web portal software vendor
Answers
D.
The database software vendor
D.
The database software vendor
Answers
Suggested answer: A
Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms