ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 33

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?

Question 321

Report
Export
Collapse

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

A.
MD5-based envelope method
A.
MD5-based envelope method
Answers
B.
HMAC SHA256
B.
HMAC SHA256
Answers
C.
PBKDF2
C.
PBKDF2
Answers
D.
PGP
D.
PGP
Answers
Suggested answer: B

Explanation:

The company should use HMAC SHA256 as a cryptographic technique to ensure that packets received between two parties have not been tampered with and the connection remains private. HMAC stands for hash-based message authentication code, which is a method of generating a message authentication code using a cryptographic hash function and a secret key. HMAC can provide both integrity and authenticity of the packets, as well as resistance to replay attacks. SHA256 is a specific hash function that produces a 256-bit output. SHA256 is considered secure and widely used in various cryptographic applications. Verified

Reference:

https://www.ericsson.com/en/blog/2021/7/cryptography-and-privacy-protecting-private-data

https://www.mdpi.com/journal/cryptography/special_issues/Preserve_Enhance_Privacy

https://link.springer.com/article/10.1007/s11432-021-3393-x

Question 322

Report
Export
Collapse

A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.

Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?

A.
True negative
A.
True negative
Answers
B.
False negative
B.
False negative
Answers
C.
False positive
C.
False positive
Answers
D.
Non-automated response
D.
Non-automated response
Answers
Suggested answer: C

Explanation:

The security analyst acknowledges this alert because it is a false positive. A false positive is an event classification that indicates a benign or normal activity is mistakenly flagged as malicious or suspicious by the SIEM system. A false positive can occur due to misconfigured rules, outdated signatures, or faulty algorithms. A false positive can waste the security analyst's time and resources, so it is important to acknowledge and dismiss it after verifying that it is not a real threat. Verified

Reference:

https://www.ibm.com/topics/siem

https://www.microsoft.com/en-us/security/business/security-101/what-is-siem

https://www.splunk.com/en_us/data-insider/what-is-siem.html

Question 323

Report
Export
Collapse

An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?

A.
The NTP server is set incorrectly for the developers
A.
The NTP server is set incorrectly for the developers
Answers
B.
The CA has included the certificate in its CRL.
B.
The CA has included the certificate in its CRL.
Answers
C.
The certificate is set for the wrong key usage.
C.
The certificate is set for the wrong key usage.
Answers
D.
Each application is missing a SAN or wildcard entry on the certificate
D.
Each application is missing a SAN or wildcard entry on the certificate
Answers
Suggested answer: C

Explanation:

The most likely cause of the signature failing is that the certificate is set for the wrong key usage. Key usage is an extension of a certificate that defines the purpose and functionality of the public key contained in the certificate. Key usage can include digital signature, key encipherment, data encipherment, certificate signing, and others. If the certificate is set for a different key usage than digital signature, it will not be able to sign the applications properly. The administrator should check the key usage extension of the certificate and make sure it matches the intended purpose. Verified

Reference:

https://www.wintips.org/how-to-fix-windows-cannot-verify-the-digital-signature-for-this-file-error-in-windows-8-7-vista/

https://softwaretested.com/mac/how-to-fix-a-digital-signature-error-on-windows-10/

https://support.microsoft.com/en-us/office/digital-signatures-and-certificates-8186cd15-e7ac-4a16-8597-22bd163e8e96

Question 324

Report
Export
Collapse

A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed. Which of the following is the MOST likely cause of the error?

A.
Lockout of privileged access account
A.
Lockout of privileged access account
Answers
B.
Duration of the BitLocker lockout period
B.
Duration of the BitLocker lockout period
Answers
C.
Failure of the Kerberos time drift sync
C.
Failure of the Kerberos time drift sync
Answers
D.
Failure of TPM authentication
D.
Failure of TPM authentication
Answers
Suggested answer: D

Explanation:

The most likely cause of the error is the failure of TPM authentication. TPM stands for Trusted Platform Module, which is a hardware component that stores encryption keys and other security information. TPM can be used by BitLocker to protect the encryption keys and verify the integrity of the boot process. If TPM fails to authenticate the laptop, BitLocker will enter recovery mode and ask for a recovery PIN, which is a 48-digit numerical password that can be used to unlock the system. The administrator should check the TPM status and configuration and make sure it is working properly. Verified

Reference:

https://support.microsoft.com/en-us/windows/finding-your-bitlocker-recovery-key-in-windows-6b71ad27-0b89-ea08-f143-056f5ab347d6

https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-recovery-guide-plan

https://docs.sophos.com/esg/sgn/8-1/user/win/en-us/esg/SafeGuard-Enterprise/tasks/BitLockerRecoveryKey.html

Question 325

Report
Export
Collapse

In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

A.
Network security
A.
Network security
Answers
B.
Physical security
B.
Physical security
Answers
C.
OS security
C.
OS security
Answers
D.
Host infrastructure
D.
Host infrastructure
Answers
Suggested answer: C

Explanation:

In a shared responsibility model for PaaS, the customer's responsibility is OS security. PaaS stands for Platform as a Service, which is a cloud service model that provides a platform for customers to develop, run, and manage applications without having to deal with the underlying infrastructure. The cloud provider is responsible for the physical security, network security, and host infrastructure of the platform, while the customer is responsible for the security of the operating system, the application, and the data. The customer needs to ensure that the operating system is patched, configured, and protected from malware and unauthorized access. Verified

Reference:

https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility

https://www.techtarget.com/searchcloudcomputing/feature/The-cloud-shared-responsibility-model-for-IaaS-PaaS-and-SaaS

https://www.splunk.com/en_us/blog/learn/shared-responsibility-model.html

Question 326

Report
Export
Collapse

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.

Which of the following should the security team recommend FIRST?

A.
Investigating a potential threat identified in logs related to the identity management system
A.
Investigating a potential threat identified in logs related to the identity management system
Answers
B.
Updating the identity management system to use discretionary access control
B.
Updating the identity management system to use discretionary access control
Answers
C.
Beginning research on two-factor authentication to later introduce into the identity management system
C.
Beginning research on two-factor authentication to later introduce into the identity management system
Answers
D.
Working with procurement and creating a requirements document to select a new IAM system/vendor
D.
Working with procurement and creating a requirements document to select a new IAM system/vendor
Answers
Suggested answer: D

Question 327

Report
Export
Collapse

A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encryption with associated data. Which of the following algorithms, when combined into a cipher suite, will meet these requirements? (Choose three.)

A.
EDE
A.
EDE
Answers
B.
CBC
B.
CBC
Answers
C.
GCM
C.
GCM
Answers
D.
AES
D.
AES
Answers
E.
RSA
E.
RSA
Answers
F.
RC4
F.
RC4
Answers
G.
ECDSA
G.
ECDSA
Answers
H.
DH
H.
DH
Answers
Suggested answer: C, D, G

Question 328

Report
Export
Collapse

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

A.
Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.
A.
Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.
Answers
B.
Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.
B.
Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.
Answers
C.
Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.
C.
Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.
Answers
D.
Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.
D.
Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.
Answers
Suggested answer: C

Explanation:

The analyst should implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics. This approach would allow the analyst to test each solution individually and measure its effectiveness against the attack, without affecting the other solutions or the production environment. This would also minimize the downtime required to implement the best solution, as only one change would be needed. The other options would either involve implementing multiple solutions at once, which could cause conflicts or errors, or collecting metrics before running the attack simulation, which would not reflect the actual impact of the solutions.

Question 329

Report
Export
Collapse

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status

* Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

A.
Quick UDP internet connection
A.
Quick UDP internet connection
Answers
B.
OCSP stapling
B.
OCSP stapling
Answers
C.
Private CA
C.
Private CA
Answers
D.
DNSSEC
D.
DNSSEC
Answers
E.
CRL
E.
CRL
Answers
F.
HSTS
F.
HSTS
Answers
G.
Distributed object model
G.
Distributed object model
Answers
Suggested answer: B, F

Explanation:

The company should implement OCSP stapling and HSTS to improve TLS performance and enforce HTTPS. OCSP stapling is a technique that allows a server to provide a signed proof of the validity of its certificate along with the TLS handshake, instead of relying on the client to contact the certificate authority (CA) for verification. This can reduce the latency and bandwidth of the TLS handshake, as well as improve the privacy and security of the certificate status. HSTS stands for HTTP Strict Transport Security, which is a mechanism that instructs browsers to only use HTTPS when connecting to a website, and to reject any unencrypted or invalid connections. This can prevent downgrade attacks, man-in-the-middle attacks, and mixed content errors, as well as improve the performance of HTTPS connections by avoiding unnecessary redirects. Verified

Reference:

https://www.techtarget.com/searchsecurity/definition/OCSP-stapling

https://www.techtarget.com/searchsecurity/definition/HTTP-Strict-Transport-Security

https://www.cloudflare.com/learning/ssl/what-is-hsts/

Question 330

Report
Export
Collapse

Which of the following indicates when a company might not be viable after a disaster?

A.
Maximum tolerable downtime
A.
Maximum tolerable downtime
Answers
B.
Recovery time objective
B.
Recovery time objective
Answers
C.
Mean time to recovery
C.
Mean time to recovery
Answers
D.
Annual loss expectancy
D.
Annual loss expectancy
Answers
Suggested answer: A

Explanation:

The indicator that shows when a company might not be viable after a disaster is the maximum tolerable downtime (MTD). MTD is the maximum amount of time that a business process or function can be disrupted without causing unacceptable consequences for the organization. MTD is a key metric for business continuity planning and disaster recovery, as it helps determine the recovery time objective (RTO) and the recovery point objective (RPO) for each process or function. If the actual downtime exceeds the MTD, the organization may face severe losses, reputational damage, regulatory penalties, or even bankruptcy. Verified

Reference:

https://www.techtarget.com/searchdisasterrecovery/definition/maximum-tolerable-downtime

https://www.techtarget.com/searchdisasterrecovery/definition/recovery-time-objective

https://www.techtarget.com/searchdisasterrecovery/definition/recovery-point-objective

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms