ExamGecko
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 31

Question list
Search
Search

List of questions

Search

Related questions











A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?

A.
Turn off the infected host immediately.
A.
Turn off the infected host immediately.
Answers
B.
Run a full anti-malware scan on the infected host.
B.
Run a full anti-malware scan on the infected host.
Answers
C.
Modify the smb.conf file of the host to prevent outgoing SMB connections.
C.
Modify the smb.conf file of the host to prevent outgoing SMB connections.
Answers
D.
Isolate the infected host from the network by removing all network connections.
D.
Isolate the infected host from the network by removing all network connections.
Answers
Suggested answer: D

SIMULATION

You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.

The company's hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

A.
See below explanation
A.
See below explanation
Answers
Suggested answer: A

Explanation:


10.1.45.65 SFTP Server Disable 8080

10.1.45.66 Email Server Disable 415 and 443

10.1.45.67 Web Server Disable 21, 80

10.1.45.68 UTM Appliance Disable 21

A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market.

Which of the following should the company implement to address the risk of system unavailability?

A.
User and entity behavior analytics
A.
User and entity behavior analytics
Answers
B.
Redundant reporting systems
B.
Redundant reporting systems
Answers
C.
A self-healing system
C.
A self-healing system
Answers
D.
Application controls
D.
Application controls
Answers
Suggested answer: D

Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

A.
Biometric authenticators are immutable.
A.
Biometric authenticators are immutable.
Answers
B.
The likelihood of account compromise is reduced.
B.
The likelihood of account compromise is reduced.
Answers
C.
Zero trust is achieved.
C.
Zero trust is achieved.
Answers
D.
Privacy risks are minimized.
D.
Privacy risks are minimized.
Answers
Suggested answer: B

A review of the past year's attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information.

Which of the following would be BEST for the company to implement?

A.
A WAF
A.
A WAF
Answers
B.
An IDS
B.
An IDS
Answers
C.
A SIEM
C.
A SIEM
Answers
D.
A honeypot
D.
A honeypot
Answers
Suggested answer: D

A cloud security architect has been tasked with finding a solution for hardening VMS. The solution must meet the following requirements:

* Data needs to be stored outside of the VMS.

* No unauthorized modifications to the VMS are allowed

* If a change needs to be done, a new VM needs to be deployed.

Which of the following is the BEST solution?

A.
Immutable system
A.
Immutable system
Answers
B.
Data loss prevention
B.
Data loss prevention
Answers
C.
Storage area network
C.
Storage area network
Answers
D.
Baseline template
D.
Baseline template
Answers
Suggested answer: A

Explanation:

An immutable system is a system that does not change after it is deployed. Any changes or updates are done by creating a new system from a common image or template and replacing the old one. An immutable system meets the requirements of storing data outside of the VMs, preventing unauthorized modifications to the VMs, and deploying a new VM if a change needs to be done. An immutable system can improve the security, reliability, and consistency of the VMs by avoiding configuration drift, human errors, or malicious tampering. An immutable system can also simplify the deployment process and enable faster recovery from failures. Verified

Reference:

https://cloudinfrastructureservices.co.uk/vm-types-for-devops-pets-vs-cattle-vs-immutable/

https://www.digitalocean.com/community/tutorials/what-is-immutable-infrastructure

Which of the following is a risk associated with SDN?

A.
Expanded attack surface
A.
Expanded attack surface
Answers
B.
Increased hardware management costs
B.
Increased hardware management costs
Answers
C.
Reduced visibility of scaling capabilities
C.
Reduced visibility of scaling capabilities
Answers
D.
New firmware vulnerabilities
D.
New firmware vulnerabilities
Answers
Suggested answer: A

Explanation:

A risk associated with SDN is the expanded attack surface that it introduces. SDN is a network architecture that decouples the control plane from the data plane, allowing centralized and programmable management of network devices and traffic. However, this also exposes new attack vectors and vulnerabilities that can compromise the security and performance of the network. For example, an attacker can target the SDN controller, which is the core component that communicates with and controls the network devices. A successful attack on the SDN controller can result in denial of service, unauthorized access, data leakage, or network hijacking. An attacker can also exploit the communication channels between the SDN controller and the network devices, such as the OpenFlow protocol, to intercept, modify, or inject malicious messages or commands. Additionally, an attacker can leverage malicious or compromised applications that run on top of the SDN controller to manipulate or disrupt the network behavior. Verified

Reference:

https://www.isaca.org/resources/isaca-journal/issues/2016/volume-4/benefits-and-the-security-risk-of-software-defined-networking

https://link.springer.com/article/10.1007/s40860-022-00171-8

Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

A.
Determine the optimal placement of hot/warm sites within the enterprise architecture.
A.
Determine the optimal placement of hot/warm sites within the enterprise architecture.
Answers
B.
Create new processes for identified gaps in continuity planning.
B.
Create new processes for identified gaps in continuity planning.
Answers
C.
Establish new staff roles and responsibilities for continuity of operations.
C.
Establish new staff roles and responsibilities for continuity of operations.
Answers
D.
Assess the effectiveness of documented processes against a realistic scenario.
D.
Assess the effectiveness of documented processes against a realistic scenario.
Answers
Suggested answer: D

A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is that the traffic is occurring on a non-standard port (TCP 40322). Which of the following commands should the security engineer use FIRST to find the malicious process?

A.
tcpdump
A.
tcpdump
Answers
B.
netstar
B.
netstar
Answers
C.
tasklist
C.
tasklist
Answers
D.
traceroute
D.
traceroute
Answers
E.
ipconfig
E.
ipconfig
Answers
Suggested answer: B

Explanation:

Netstat is a command-line tool that can be used to find the malicious process that is using a specific port on a Windows workstation. Netstat displays active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). To find the process that is using a specific port, such as TCP 40322, the security engineer can use the following command:

netstat -ano | findstr :40322

This command will filter the netstat output by the port number and show the process identifier (PID) of the process that is using that port. The security engineer can then use the task manager or another tool to identify and terminate the malicious process by its PID. Verified

Reference:

https://docs.microsoft.com/en-us/windows-server/administration/windows-commands/netstat

https://www.howtogeek.com/28609/how-can-i-tell-what-is-listening-on-a-tcpip-port-in-windows/

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts most of the responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

A.
IaaS
A.
IaaS
Answers
B.
SaaS
B.
SaaS
Answers
C.
Faas
C.
Faas
Answers
D.
PaaS
D.
PaaS
Answers
Suggested answer: B
Total 510 questions
Go to page: of 51