ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 36

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

Question 351

Report
Export
Collapse

A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity

Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?

A.
The SD-WAN provider would not be able to handle the organization's bandwidth requirements.
A.
The SD-WAN provider would not be able to handle the organization's bandwidth requirements.
Answers
B.
The operating costs of the MPLS network are too high for the organization.
B.
The operating costs of the MPLS network are too high for the organization.
Answers
C.
The SD-WAN provider uses a third party for support.
C.
The SD-WAN provider uses a third party for support.
Answers
D.
Internal IT staff will not be able to properly support remote offices after the migration.
D.
Internal IT staff will not be able to properly support remote offices after the migration.
Answers
Suggested answer: C

Explanation:

SD-WAN (Software-Defined Wide Area Network) is a technology that allows organizations to use multiple, low-cost Internet connections to create a secure and dynamic WAN. SD-WAN can provide

benefits such as lower costs, higher performance, and easier management compared to traditional WAN technologies, such as MPLS (Multiprotocol Label Switching).

However, SD-WAN also introduces some potential risks, such as:

The reliability and security of the Internet connections, which may vary depending on the location, provider, and traffic conditions.

The compatibility and interoperability of the SD-WAN hardware and software, which may come from different vendors or use different standards.

The availability and quality of the SD-WAN provider’s support, which may depend on the provider’s size, reputation, and outsourcing practices.

In this case, the CISO would most likely identify the risk that the SD-WAN provider uses a third party for support, because this could:

Affect the organization’s ability to resolve issues or request changes in a timely and effective manner.

Expose the organization’s network data and configuration to unauthorized or malicious parties.

Increase the complexity and uncertainty of the SD-WAN service level agreement (SLA) and contract terms.

Question 352

Report
Export
Collapse

A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltration a company report by visiting the following URL:

www.intranet.abc.com/get-files.jsp?file=report.pdf

Which of the following mitigation techniques would be BEST for the security engineer to recommend?

A.
Input validation
A.
Input validation
Answers
B.
Firewall
B.
Firewall
Answers
C.
WAF
C.
WAF
Answers
D.
DLP
D.
DLP
Answers
Suggested answer: A

Explanation:

Input validation is a technique that checks the user input for any errors, malicious data, or unexpected values before processing it by the application. Input validation can prevent many

common web application attacks, such as:

SQL injection, which exploits a vulnerability in the application’s database query to execute malicious SQL commands.

Cross-site scripting (XSS), which injects malicious JavaScript code into the application’s web page to execute on the client-side browser.

Directory traversal, which accesses files or directories outside of the intended scope by manipulating the file path.

In this case, the security engineer should recommend input validation as the best mitigation technique, because it would:

Prevent the exfiltration of a company report by validating the file parameter in the URL and ensuring that it matches a predefined list of allowed files or formats.

Enhance the security of the web application by filtering out any malicious or invalid input from users or attackers.

Be more effective and efficient than other techniques, such as firewall, WAF (Web Application Firewall), or DLP (Data Loss Prevention), which may not be able to detect or block all types of web

application attacks.

Question 353

Report
Export
Collapse

A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:

post /malicious. php

User-Agent: Malicious Tool V 1.0

Host: www.rcalicious.com

The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts

are compromised, while reducing false positives?

A.
User-Agent: Malicious Tool. *
A.
User-Agent: Malicious Tool. *
Answers
B.
www\. malicious\. com\/malicious. php
B.
www\. malicious\. com\/malicious. php
Answers
C.
POST /malicious\. php
C.
POST /malicious\. php
Answers
D.
Hose: [a-2] *\.malicious\.com
D.
Hose: [a-2] *\.malicious\.com
Answers
E.
malicious. *
E.
malicious. *
Answers
Suggested answer: D

Explanation:

A regular expression (regex) is a sequence of characters that defines a search pattern for matching text. A regex can be used to detect the presence of a malicious piece of software communicating

with its command-and-control server by matching the indicators of compromise (IOC) in the network traffic.

In this case, the systems administrator should use the regex Host: [a-z]*.malicious.com to determine if any of the company hosts are compromised, while reducing false positives, because this regex

would:

Match the Host header in the HTTP request, which specifies the domain name of the command-andcontrol server.

Allow any subdomain under the malicious.com domain, by using the character class [a-z]*, which matches zero or more lowercase letters.

Escape the dot character in the domain name, by using the backslash , which prevents it from being interpreted as a wildcard that matches any character.

Not match any other parts of the IOC that could change, such as the URL path, the User-Agent header, or the HTTP method.

Question 354

Report
Export
Collapse

A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal?

A.
Utilize the SAN certificate to enable a single certificate for all regions.
A.
Utilize the SAN certificate to enable a single certificate for all regions.
Answers
B.
Deploy client certificates to all devices in the network.
B.
Deploy client certificates to all devices in the network.
Answers
C.
Configure certificate pinning inside the application.
C.
Configure certificate pinning inside the application.
Answers
D.
Enable HSTS on the application's server side for all communication.
D.
Enable HSTS on the application's server side for all communication.
Answers
Suggested answer: C

Explanation:

Certificate pinning is a technique that embeds one or more trusted certificates or public keys inside an application, and verifies that any certificate presented by a server matches one of those certificates or public keys. Certificate pinning can prevent on-path attacks, such as man-in-themiddle (MITM) attacks, which intercept and modify the communication between a client and a server.

Configuring certificate pinning inside the application would allow the mobile application developer to create a global, highly scalable, secure chat application that is not susceptible to on-path attacks while the user is traveling in potentially hostile regions, because it would:

Ensure that only trusted servers can communicate with the application, by rejecting any server certificate that does not match one of the pinned certificates or public keys.

Protect the confidentiality, integrity, and authenticity of the chat messages, by preventing any attacker from intercepting, modifying, or impersonating them.

Enhance the security of the application by reducing its reliance on external factors, such as certificate authorities (CAs), certificate revocation lists (CRLs), or online certificate status protocol (OCSP).

Question 355

Report
Export
Collapse

A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.

When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the network?

A.
Packets that are the wrong size or length
A.
Packets that are the wrong size or length
Answers
B.
Use of any non-DNP3 communication on a DNP3 port
B.
Use of any non-DNP3 communication on a DNP3 port
Answers
C.
Multiple solicited responses over time
C.
Multiple solicited responses over time
Answers
D.
Application of an unsupported encryption algorithm
D.
Application of an unsupported encryption algorithm
Answers
Suggested answer: C

Question 356

Report
Export
Collapse

A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed. Which of the following should the analyst use to create the list quickly?

A.
Business impact rating
A.
Business impact rating
Answers
B.
CVE dates
B.
CVE dates
Answers
C.
CVSS scores
C.
CVSS scores
Answers
D.
OVAL
D.
OVAL
Answers
Suggested answer: A

Question 357

Report
Export
Collapse

A new requirement for legislators has forced a government security team to develop a validation process to verify the integrity of a downloaded file and the sender of the file Which of the following is the BEST way for the security team to comply with this requirement?

A.
Digital signature
A.
Digital signature
Answers
B.
Message hash
B.
Message hash
Answers
C.
Message digest
C.
Message digest
Answers
D.
Message authentication code
D.
Message authentication code
Answers
Suggested answer: A

Explanation:

A digital signature is a cryptographic technique that allows the sender of a file to sign it with their private key and the receiver to verify it with the sender’s public key. This ensures the integrity and authenticity of the file, as well as the non-repudiation of the sender. A message hash or a message digest is a one-way function that produces a fixed-length output from an input, but it does not provide any information about the sender. A message authentication code (MAC) is a symmetric-key technique that allows both the sender and the receiver to generate and verify a code using a shared secret key, but it does not provide non-repudiation. Reference: [CompTIA Advanced Security

Practitioner (CASP+) Certification Exam Objectives], Domain 2: Enterprise Security Architecture, Objective 2.1: Apply cryptographic techniques

Question 358

Report
Export
Collapse

A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program Which of the following will BEST accomplish the company's objectives?

A.
RASP
A.
RASP
Answers
B.
SAST
B.
SAST
Answers
C.
WAF
C.
WAF
Answers
D.
CMS
D.
CMS
Answers
Suggested answer: B

Explanation:

Static application security testing (SAST) is a method of analyzing the source code of an application for vulnerabilities and weaknesses before it is deployed. SAST can help identify security issues earlier in the development process, reducing the time and cost of remediation. Dynamic application security testing (DAST) is a method of testing the functionality and behavior of an application at runtime for vulnerabilities and weaknesses. DAST can cover public-facing application components, but it cannot detect issues in the source code or in serverless applications. Runtime application self-protection (RASP) is a technology that monitors and protects an application from attacks in real time by

embedding security features into the application code or runtime environment. RASP can help prevent exploitation of vulnerabilities, but it cannot identify or fix them. A web application firewall (WAF) is a device or software that filters and blocks malicious web traffic from reaching an application. A WAF can help protect an application from common attacks, but it cannot detect or fix vulnerabilities in the application code or in serverless applications. Reference: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 3: Enterprise Security Operations, Objective 3.4: Conduct security assessments using appropriate tools

Question 359

Report
Export
Collapse

A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attacks Which of the following is the MOST important infrastructure security design element to prevent an outage?

A.
Supporting heterogeneous architecture
A.
Supporting heterogeneous architecture
Answers
B.
Leveraging content delivery network across multiple regions
B.
Leveraging content delivery network across multiple regions
Answers
C.
Ensuring cloud autoscaling is in place
C.
Ensuring cloud autoscaling is in place
Answers
D.
Scaling horizontally to handle increases in traffic
D.
Scaling horizontally to handle increases in traffic
Answers
Suggested answer: B

Explanation:

A content delivery network (CDN) is a distributed system of servers that delivers web content to users based on their geographic location, the origin of the content, and the performance of the network. A CDN can help improve the availability and performance of web applications by caching content closer to the users, reducing latency and bandwidth consumption. A CDN can also help mitigate distributed denial-of-service (DDoS) attacks by absorbing or filtering malicious traffic before it reaches the origin servers, reducing the impact on the application availability. Supporting heterogeneous architecture means using different types of hardware, software, or platforms in an IT

environment. This can help improve resilience by reducing single points of failure and increasing compatibility, but it does not directly prevent DDoS attacks. Ensuring cloud autoscaling is in place means using cloud services that automatically adjust the amount of resources allocated to an application based on the demand or load. This can help improve scalability and performance by providing more resources when needed, but it does not directly prevent DDoS attacks. Scaling horizontally means adding more servers or nodes to an IT environment to increase its capacity or throughput. This can help improve scalability and performance by distributing the load across

multiple servers, but it does not directly prevent DDoS attacks. Reference: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 2: Enterprise Security Architecture, Objective 2.4: Select controls based on systems security evaluation models

Question 360

Report
Export
Collapse

A company wants to improve the security of its web applications that are running on in-house servers A risk assessment has been performed and the following capabilities are desired:

• Terminate SSL connections at a central location

• Manage both authentication and authorization for incoming and outgoing web service calls

• Advertise the web service API

• Implement DLP and anti-malware features

Which of the following technologies will be the BEST option?

A.
WAF
A.
WAF
Answers
B.
XML gateway
B.
XML gateway
Answers
C.
ESB gateway
C.
ESB gateway
Answers
D.
API gateway
D.
API gateway
Answers
Suggested answer: D

Explanation:

An API gateway is a device or software that acts as an intermediary between clients and servers that provide web services through application programming interfaces (APIs). An API gateway can provide various functions such as:

Terminating SSL connections at a central location, reducing the overhead on the backend servers and simplifying certificate management Managing both authentication and authorization for incoming and outgoing web service calls,

enforcing security policies and access control Advertising the web service API, providing documentation and discovery features for developers and consumers

Implementing DLP and anti-malware features, preventing data leakage and malicious code injection A web application firewall (WAF) is a device or software that filters and blocks malicious web traffic from reaching an application. A WAF can provide some protection for web services, but it does not provide all the functions of an API gateway. An XML gateway is a device or software that validates, transforms, and routes XML messages between clients and servers that provide web services. An XML gateway can provide some functions of an API gateway, but it is limited to XML-based web services and does not support other formats such as JSON. An enterprise service bus (ESB) gateway is

a device or software that integrates and orchestrates multiple web services into a single service or application. An ESB gateway can provide some functions of an API gateway, but it is more focused on business logic and workflow rather than security and performance. Reference: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 2: Enterprise Security Architecture, Objective 2.3: Implement solutions for the secure use of cloud services

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms