ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 32

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?

Question 311

Report
Export
Collapse

A security analyst runs a vulnerability scan on a network administrator's workstation. The network administrator has direct administrative access to the company's SSO web portal. The vulnerability scan uncovers critical vulnerabilities with equally high CVSS scores for the user's browser, OS, email client, and an offline password manager. Which of the following should the security analyst patch FIRST?

A.
Email client
A.
Email client
Answers
B.
Password manager
B.
Password manager
Answers
C.
Browser
C.
Browser
Answers
D.
OS
D.
OS
Answers
Suggested answer: C

Explanation:

The browser is the application that the security analyst should patch first, given that all the applications have equally high CVSS scores. CVSS stands for Common Vulnerability Scoring System, which is a method for measuring the severity of vulnerabilities based on various factors, such as access conditions, impact, and exploitability. CVSS scores range from 0 to 10, with higher scores indicating higher severity. However, CVSS scores alone are not sufficient to determine the patching priority, as they do not account for other factors, such as the likelihood of exploitation, the exposure of the system, or the criticality of the data. Therefore, the security analyst should also consider the context and the risk of each application when deciding which one to patch first. In this case, the browser is likely to be the most exposed and frequently used application by the network administrator, and also the most likely entry point for an attacker to compromise the system or access the SSO web portal. Therefore, patching the browser first can reduce the risk of a successful attack and protect the system and the data from further damage. Verified

Reference:

https://nvd.nist.gov/vuln-metrics/cvss

https://www.darkreading.com/risk/vulnerability-severity-scores-make-for-poor-patching-priority-researchers-find

Question 312

Report
Export
Collapse

A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in

the service being unavailable. V*Vh1ch of the following would BEST prevent this scenario from happening again?

A.
Performing routine tabletop exercises
A.
Performing routine tabletop exercises
Answers
B.
Implementing scheduled, full interruption tests
B.
Implementing scheduled, full interruption tests
Answers
C.
Backing up system log reviews
C.
Backing up system log reviews
Answers
D.
Performing department disaster recovery walk-throughs
D.
Performing department disaster recovery walk-throughs
Answers
Suggested answer: B

Question 313

Report
Export
Collapse

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select THREE).

A.
Temporal
A.
Temporal
Answers
B.
Availability
B.
Availability
Answers
C.
Integrity
C.
Integrity
Answers
D.
Confidentiality
D.
Confidentiality
Answers
E.
Base
E.
Base
Answers
F.
Environmental
F.
Environmental
Answers
G.
Impact
G.
Impact
Answers
H.
Attack vector
H.
Attack vector
Answers
Suggested answer: A, E, F

Explanation:

The three metric groups that are needed to calculate CVSS scores are Base, Temporal, and Environmental. The Base metrics represent the intrinsic characteristics of a vulnerability that are constant over time and across user environments. The Temporal metrics represent the characteristics of a vulnerability that may change over time but not across user environments. The Environmental metrics represent the characteristics of a vulnerability that are relevant and unique to a particular user's environment. Verified

Reference:

https://nvd.nist.gov/vuln-metrics/cvss

https://www.first.org/cvss/specification-document

Question 314

Report
Export
Collapse

Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition, Company A is requiring the following:

* Before the merger is complete, users from both companies should use a single set of usernames and passwords.

* Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.

* Users from Company B should be able to access Company A's available resources.

Which of the following are the BEST solutions? (Select TWO).

A.
Installing new Group Policy Object policies
A.
Installing new Group Policy Object policies
Answers
B.
Establishing one-way trust from Company B to Company A
B.
Establishing one-way trust from Company B to Company A
Answers
C.
Enabling multifactor authentication
C.
Enabling multifactor authentication
Answers
D.
Implementing attribute-based access control
D.
Implementing attribute-based access control
Answers
E.
Installing Company A's Kerberos systems in Company B's network
E.
Installing Company A's Kerberos systems in Company B's network
Answers
F.
Updating login scripts
F.
Updating login scripts
Answers
Suggested answer: B, D

Explanation:

Establishing one-way trust from Company B to Company A would allow users from Company B to access Company A's resources using their existing credentials. Implementing attribute-based access control would allow users to have different sets of rights and privileges based on their attributes, such as department and IP address. Verified

Reference:

https://www.cloudflare.com/learning/access-management/what-is-sso/

https://frontegg.com/blog/a-complete-guide-to-implementing-single-sign-on

https://learn.microsoft.com/en-us/host-integration-server/esso/enterprise-single-sign-on-basics

Question 315

Report
Export
Collapse

A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

A.
Reviewing video from IP cameras within the facility
A.
Reviewing video from IP cameras within the facility
Answers
B.
Reconfiguring the SIEM connectors to collect data from the perimeter network hosts
B.
Reconfiguring the SIEM connectors to collect data from the perimeter network hosts
Answers
C.
Implementing integrity checks on endpoint computing devices
C.
Implementing integrity checks on endpoint computing devices
Answers
D.
Looking for privileged credential reuse on the network
D.
Looking for privileged credential reuse on the network
Answers
Suggested answer: A

Explanation:

Reviewing video from IP cameras within the facility would be the most likely process to expose an attacker who has compromised an air-gapped system. Since air-gapped systems are isolated from external networks, an attacker would need physical access to the system or use some covert channel to communicate with it. Video surveillance could reveal any unauthorized or suspicious activity within the facility that could be related to the attack. Verified

Reference:

https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf

https://en.wikipedia.org/wiki/Air-Gap_Malware

https://www.techtarget.com/searchsecurity/essentialguide/How-air-gap-attacks-challenge-the-notion-of-secure-networks

Question 316

Report
Export
Collapse

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

* The highest form Of web identity validation

* Encryption of all web transactions

* The strongest encryption in-transit

* Logical separation based on data sensitivity

Other things that should be considered include:

* The company operates multiple other websites that use encryption.

* The company wants to minimize total expenditure.

* The company wants to minimize complexity

Which of the following should the company implement on its new website? (Select TWO).

A.
Wildcard certificate
A.
Wildcard certificate
Answers
B.
EV certificate
B.
EV certificate
Answers
C.
Mutual authentication
C.
Mutual authentication
Answers
D.
Certificate pinning
D.
Certificate pinning
Answers
E.
SSO
E.
SSO
Answers
F.
HSTS
F.
HSTS
Answers
Suggested answer: B, F

Explanation:

The company should implement an EV certificate and HSTS on its new website. An EV certificate provides the highest level of web identity validation by requiring extensive verification of the organization's identity and domain ownership. HSTS enforces encryption of all web transactions by redirecting HTTP requests to HTTPS and preventing users from accepting invalid certificates. These solutions would enhance the security and trustworthiness of the website without increasing complexity or expenditure significantly. Verified

Reference:

https://www.entrust.com/digital-security/certificate-solutions/products/digital-certificates/tls-ssl-certificates

https://learn.microsoft.com/en-us/azure/active-directory/develop/access-tokens

Question 317

Report
Export
Collapse

A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

A.
Certificate chain
A.
Certificate chain
Answers
B.
Root CA
B.
Root CA
Answers
C.
Certificate pinning
C.
Certificate pinning
Answers
D.
CRL
D.
CRL
Answers
E.
OCSP
E.
OCSP
Answers
Suggested answer: B

Explanation:

The developer would most likely implement a Root CA in the autonomous vehicle's software. A Root CA is the top-level authority in a PKI that issues and validates certificates for subordinate CAs or end entities. A Root CA can be self-signed and embedded in the vehicle's software, which would reduce the need for external communication and verification. A Root CA would also enable the vehicle to use digital signatures and encryption for secure communication with other vehicles or infrastructure. Verified

Reference:

https://cse.iitkgp.ac.in/~abhij/publications/PKI++.pdf

https://www.digicert.com/blog/connected-cars-need-security-use-pki

https://ieeexplore.ieee.org/document/9822667/

Question 318

Report
Export
Collapse

An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?

A.
An additional layer of encryption
A.
An additional layer of encryption
Answers
B.
A third-party data integrity monitoring solution
B.
A third-party data integrity monitoring solution
Answers
C.
A complete backup that is created before moving the data
C.
A complete backup that is created before moving the data
Answers
D.
Additional application firewall rules specific to the migration
D.
Additional application firewall rules specific to the migration
Answers
Suggested answer: A

Explanation:

The company should use an additional layer of encryption to secure the data from theft when moving to a CSP. Encryption is a process of transforming data into an unreadable format using a secret key. Encryption can protect the data from unauthorized access or modification during transit and at rest. Encryption can be applied at different levels, such as disk, file, or application. An additional layer of encryption can provide an extra security measure on top of the encryption provided by the CSP. Verified

Reference:

https://learn.microsoft.com/en-us/partner-center/transition-seat-based-services

https://cloud.google.com/architecture/patterns-for-connecting-other-csps-with-gcp

Question 319

Report
Export
Collapse

A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?

A.
NGFW for web traffic inspection and activity monitoring
A.
NGFW for web traffic inspection and activity monitoring
Answers
B.
CSPM for application configuration control
B.
CSPM for application configuration control
Answers
C.
Targeted employee training and awareness exercises
C.
Targeted employee training and awareness exercises
Answers
D.
CASB for OAuth application permission control
D.
CASB for OAuth application permission control
Answers
Suggested answer: D

Explanation:

The company should use CASB for OAuth application permission control to help prevent this type of attack in the future. CASB stands for cloud access security broker, which is a software tool that monitors and enforces security policies for cloud applications. CASB can help control which third-party applications can access the company's cloud file storage service and what permissions they have. CASB can also detect and block any unauthorized or malicious applications that try to access the company's data. Verified

Reference:

https://www.kaspersky.com/resource-center/threats/how-to-avoid-social-engineering-attacks

https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/understanding-preventing-social-engineering-attacks/

https://www.indusface.com/blog/10-ways-businesses-can-prevent-social-engineering-attacks/

Question 320

Report
Export
Collapse

A consultant needs access to a customer's cloud environment. The customer wants to enforce the following engagement requirements:

* All customer data must remain under the control of the customer at all times.

* Third-party access to the customer environment must be controlled by the customer.

* Authentication credentials and access control must be under the customer's control.

Which of the following should the consultant do to ensure all customer requirements are satisfied when accessing the cloud environment?

A.
use the customer's SSO with read-only credentials and share data using the customer's provisioned secure network storage
A.
use the customer's SSO with read-only credentials and share data using the customer's provisioned secure network storage
Answers
B.
use the customer-provided VDI solution to perform work on the customer's environment.
B.
use the customer-provided VDI solution to perform work on the customer's environment.
Answers
C.
Provide code snippets to the customer and have the customer run code and securely deliver its output
C.
Provide code snippets to the customer and have the customer run code and securely deliver its output
Answers
D.
Request API credentials from the customer and only use API calls to access the customer's environment.
D.
Request API credentials from the customer and only use API calls to access the customer's environment.
Answers
Suggested answer: B

Explanation:

The consultant should use the customer-provided VDI solution to perform work on the customer's environment. VDI stands for virtual desktop infrastructure, which is a technology that allows users to access a virtual desktop hosted on a remote server. VDI can help meet the customer's requirements by ensuring that all customer data remains under the customer's control at all times, that third-party access to the customer environment is controlled by the customer, and that authentication credentials and access control are under the customer's control. Verified

Reference:

https://www.kaspersky.com/resource-center/threats/how-to-avoid-social-engineering-attacks

https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/understanding-preventing-social-engineering-attacks/

https://www.indusface.com/blog/10-ways-businesses-can-prevent-social-engineering-attacks/

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms