ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 38

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

Question 371

Report
Export
Collapse

A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting?

A.
True positive
A.
True positive
Answers
B.
False negative
B.
False negative
Answers
C.
False positive
C.
False positive
Answers
D.
True negative
D.
True negative
Answers
Suggested answer: C

Explanation:

When an EDR (Endpoint Detection and Response) system flags legitimate software as malicious, it is a false positive. This occurs when the EDR incorrectly identifies normal, non-malicious activity as a threat. The scenario described indicates that the development software was blocked even though there were no changes to the software, which suggests a false positive by the EDR system.

Question 372

Report
Export
Collapse

After a cybersecurity incident, a judge found that a company did not conduct a proper forensic investigation. The company was ordered to pay penalties. Which of the following forensic steps would be best to prevent this from happening again?

A.
Evidence preservation
A.
Evidence preservation
Answers
B.
Evidence verification
B.
Evidence verification
Answers
C.
Evidence collection
C.
Evidence collection
Answers
D.
Evidence analysis
D.
Evidence analysis
Answers
Suggested answer: A

Explanation:

Proper forensic investigation requires that evidence is preserved in a manner that maintains its integrity and reliability. To prevent legal issues such as penalties for not conducting a proper forensic investigation, the first and most crucial step is to ensure that evidence is preserved so that it can be verified, collected, and analyzed correctly. This involves making sure that the evidence is not tampered with or altered from the time it is identified until it is presented in a legal proceeding.

Question 373

Report
Export
Collapse

A security review of the architecture for an application migration was recently completed. The following observations were made:

* External inbound access is blocked.

* A large amount of storage is available.

* Memory and CPU usage are low.

* The load balancer has only a single server assigned.

* Multiple APIs are integrated.

Which of the following needs to be addressed?

A.
Scalability
A.
Scalability
Answers
B.
Automation
B.
Automation
Answers
C.
Availability
C.
Availability
Answers
D.
Performance
D.
Performance
Answers
Suggested answer: A

Explanation:

The observation that the load balancer has only a single server assigned suggests an issue with scalability. Scalability refers to the ability of the system to handle increasing loads by adding resources. In this case, having a single server assigned to a load balancer may not be adequate to handle increased traffic or load, which could lead to performance issues.

Question 374

Report
Export
Collapse

A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee's personal device has been set up to access company resources and does not comply with standard security controls. Which of the following should the security engineer recommend to reduce the risk of future reoccurrence?

A.
Require device certificates to access company resources.
A.
Require device certificates to access company resources.
Answers
B.
Enable MFA at the organization's SSO portal.
B.
Enable MFA at the organization's SSO portal.
Answers
C.
Encrypt all workstation hard drives.
C.
Encrypt all workstation hard drives.
Answers
D.
Hide the company wireless SSID.
D.
Hide the company wireless SSID.
Answers
Suggested answer: A

Explanation:

To reduce the risk of unauthorized devices accessing company resources, requiring device certificates is an effective control. Device certificates can be used to authenticate devices before they are allowed to connect to the network and access resources, ensuring that only devices with a valid certificate, which are typically managed and issued by the organization, can connect.

Question 375

Report
Export
Collapse

A Chief Information Security Officer (CISO) reviewed data from a cyber exercise that examined all aspects of the company's response plan. Which of the following best describes what the CISO reviewed?

A.
An after-action report
A.
An after-action report
Answers
B.
A tabletop exercise
B.
A tabletop exercise
Answers
C.
A system security plan
C.
A system security plan
Answers
D.
A disaster recovery plan
D.
A disaster recovery plan
Answers
Suggested answer: A

Explanation:

An after-action report is a document that summarizes the performance of a team during a cybersecurity incident. It is used to review all aspects of the incident response plan, including what was done correctly, what needs improvement, and how the team responded to the incident. The CISO's review of data from a cyber exercise would typically result in an after-action report, which helps in improving future responses to incidents.

Question 376

Report
Export
Collapse

A company with customers in the United States and Europe wants to ensure its content is delivered to end users with low latency. Content includes both sensitive and public information. The company's data centers are located on the West Coast of the United States. Users on the East Coast of the United States and users in Europe are experiencing slow application response. Which of the following would allow the company to improve application response quickly?

A.
Installing reverse caching proxies in both data centers and implementing proxy auto scaling
A.
Installing reverse caching proxies in both data centers and implementing proxy auto scaling
Answers
B.
Using HTTPS to serve sensitive content and HTTP for public content
B.
Using HTTPS to serve sensitive content and HTTP for public content
Answers
C.
Using colocation services in regions where the application response is slow
C.
Using colocation services in regions where the application response is slow
Answers
D.
Implementing a CDN and forcing all traffic through the CDN
D.
Implementing a CDN and forcing all traffic through the CDN
Answers
Suggested answer: D

Explanation:

A Content Delivery Network (CDN) is designed to serve content to end-users with high availability and high performance. By implementing a CDN, the company can distribute the content across multiple geographically dispersed servers, thereby reducing latency for users far from the West Coast data centers, including those on the East Coast of the United States and in Europe.

Question 377

Report
Export
Collapse

Which of the following is the primary reason that a risk practitioner determines the security boundary prior to conducting a risk assessment?

A.
To determine the scope of the risk assessment
A.
To determine the scope of the risk assessment
Answers
B.
To determine the business owner(s) of the system
B.
To determine the business owner(s) of the system
Answers
C.
To decide between conducting a quantitative or qualitative analysis
C.
To decide between conducting a quantitative or qualitative analysis
Answers
D.
To determine which laws and regulations apply
D.
To determine which laws and regulations apply
Answers
Suggested answer: A

Explanation:

Identifying the security boundary is an essential first step in a risk assessment process as it defines the scope of the assessment. It delineates the environment where the risk assessment will take place and sets the limits for what assets, systems, and processes will be included in the assessment.

Question 378

Report
Export
Collapse

A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:

* Enterprise IT servers and supervisory industrial systems share the same subnet.

* Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.

* Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.

Which of the following re-architecture approaches would be best to reduce the company's risk?

A.
Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.
A.
Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.
Answers
B.
Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field.
B.
Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field.
Answers
C.
Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum.
C.
Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum.
Answers
D.
Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.
D.
Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.
Answers
Suggested answer: C

Explanation:

The best approach to reduce the company's risk is to segregate the enterprise IT servers and supervisory industrial systems. Creating a new network segment and using a Next-Generation Firewall (NGFW) to enforce a strict segmentation policy will help to isolate the systems and protect against potential attacks. Additionally, implementing a Wireless Intrusion Detection System (WIDS) can help monitor the spectrum for unauthorized devices or interference.

Question 379

Report
Export
Collapse

A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data. Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected?

A.
Write a SIEM rule that generates a critical alert when files are created on the application server.
A.
Write a SIEM rule that generates a critical alert when files are created on the application server.
Answers
B.
Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application.
B.
Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application.
Answers
C.
Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified.
C.
Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified.
Answers
D.
Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.
D.
Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.
Answers
Suggested answer: B

Explanation:

File Integrity Monitoring (FIM) is a technology that can detect changes in files, often used to safeguard critical data. Implementing a FIM solution that generates alerts for access by unauthorized IP addresses would ensure that any unauthorized modifications to the file can be detected and acted upon. This helps in mitigating the risk of insider threats, as it would alert to any changes not made through the expected application process.

Question 380

Report
Export
Collapse

When managing and mitigating SaaS cloud vendor risk, which of the following responsibilities belongs to the client?

A.
Data
A.
Data
Answers
B.
Storage
B.
Storage
Answers
C.
Physical security
C.
Physical security
Answers
D.
Network
D.
Network
Answers
Suggested answer: A

Explanation:

In a SaaS cloud service model, the client is typically responsible for the data, including its security and compliance aspects. The SaaS provider would handle the infrastructure, including physical security and network security, but the client must ensure the data they input into the SaaS application is protected in line with their own security policies and compliance requirements.

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms