ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 40

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

Question 391

Report
Export
Collapse

A security engineer is trying to identify instances of a vulnerability in an internally developed line of business software. The software is hosted at the company's internal data center. Although a standard vulnerability definition does not exist, the identification and remediation results should be tracked in the company's vulnerability management system. Which of the following should the engineer use to identify this vulnerability?

A.
SIEM
A.
SIEM
Answers
B.
CASB
B.
CASB
Answers
C.
SCAP
C.
SCAP
Answers
D.
OVAL
D.
OVAL
Answers
Suggested answer: C

Explanation:

The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation. Using SCAP can help to identify vulnerabilities, including those without standard definitions, and ensure they are tracked and managed effectively.

Question 392

Report
Export
Collapse

During a review of events, a security analyst notes that several log entries from the FIM system identify changes to firewall rule sets. While coordinating a response to the FIM entries, the analyst receives alerts from the DLP system that indicate an employee is sending sensitive data to an external email address. Which of the following would be the most relevant to review in order to gain a better understanding of whether these events are associated with an attack?

A.
Configuration management tool
A.
Configuration management tool
Answers
B.
Intrusion prevention system
B.
Intrusion prevention system
Answers
C.
Mobile device management platform
C.
Mobile device management platform
Answers
D.
Firewall access control list
D.
Firewall access control list
Answers
E.
NetFlow logs
E.
NetFlow logs
Answers
Suggested answer: E

Explanation:

NetFlow logs provide visibility into network traffic patterns and volume, which can be analyzed to detect anomalies, including potential security incidents. They can be invaluable in correlating the timing and nature of network events with security incidents to better understand if there is an association.

Question 393

Report
Export
Collapse

A company underwent an audit in which the following issues were enumerated:

* Insufficient security controls for internet-facing services, such as VPN and extranet

* Weak password policies governing external access for third-party vendors

Which of the following strategies would help mitigate the risks of unauthorized access?

A.
2FA
A.
2FA
Answers
B.
RADIUS
B.
RADIUS
Answers
C.
Federation
C.
Federation
Answers
D.
OTP
D.
OTP
Answers
Suggested answer: A

Explanation:

Two-factor authentication (2FA) adds an additional layer of security by requiring two forms of identification before granting access to an account or system. Implementing 2FA can significantly reduce the risk of unauthorized access, even if passwords are weak or compromised.


Question 394

Report
Export
Collapse

A user forwarded a suspicious email to a security analyst for review. The analyst examined the email and found that neither the URL nor the attachment showed any indication of malicious activities. Which of the following intelligence collection methods should the analyst use to confirm the legitimacy of the email?

A.
HUMINT
A.
HUMINT
Answers
B.
UEBA
B.
UEBA
Answers
C.
OSINT
C.
OSINT
Answers
D.
RACE
D.
RACE
Answers
Suggested answer: C

Explanation:

Open-source intelligence (OSINT) refers to the collection and analysis of information that is gathered from public, or open, sources. In the context of confirming the legitimacy of an email, OSINT could involve checking online databases, public records, or using search engines to find information related to the email's domain, the sender, links included in the email, or file hashes of attachments. This method can help determine if the email is part of a known phishing campaign or if it has been flagged by others as suspicious.

Question 395

Report
Export
Collapse

A user in the finance department uses a laptop to store a spreadsheet that contains confidential financial information for the company. Which of the following would be the best way to protect the file while the user brings the laptop between locations? (Select two).

A.
Encrypt the hard drive with full disk encryption.
A.
Encrypt the hard drive with full disk encryption.
Answers
B.
Back up the file to an encrypted flash drive.
B.
Back up the file to an encrypted flash drive.
Answers
C.
Place an ACL on the file to only allow access to specified users.
C.
Place an ACL on the file to only allow access to specified users.
Answers
D.
Store the file in the user profile.
D.
Store the file in the user profile.
Answers
E.
Place an ACL on the file to deny access to everyone.
E.
Place an ACL on the file to deny access to everyone.
Answers
F.
Enable access logging on the file.
F.
Enable access logging on the file.
Answers
Suggested answer: A, B

Explanation:

To protect confidential financial information on a laptop that is frequently moved between locations, full disk encryption (FDE) is a strong security measure that ensures that all data on the hard drive is encrypted. This means that if the laptop is lost or stolen, the data remains inaccessible without the encryption key. Additionally, backing up the file to an encrypted flash drive provides an extra layer of security and ensures that there is a secure copy of the file in case the laptop is compromised.

Question 396

Report
Export
Collapse

Application owners are reporting performance issues with traffic using port 1433 from the cloud environment. A security administrator has various pcap files to analyze the data between the related source and destination servers. Which of the following tools should be used to help troubleshoot the issue?

A.
Fuzz testing
A.
Fuzz testing
Answers
B.
Wireless vulnerability scan
B.
Wireless vulnerability scan
Answers
C.
Exploit framework
C.
Exploit framework
Answers
D.
Password cracker
D.
Password cracker
Answers
E.
Protocol analyzer
E.
Protocol analyzer
Answers
Suggested answer: E

Explanation:

A protocol analyzer, such as Wireshark, is a tool used to capture and analyze network traffic. It allows security administrators to inspect individual packets, understand the traffic flow, and identify any unusual patterns or issues that may be impacting performance, such as high latency or unusual volume of traffic on a specific port.

Question 397

Report
Export
Collapse

A software development company wants to ensure that users can confirm the software is legitimate when installing it. Which of the following is the best way for the company to achieve this security objective?

A.
Code signing
A.
Code signing
Answers
B.
Non-repudiation
B.
Non-repudiation
Answers
C.
Key escrow
C.
Key escrow
Answers
D.
Private keys
D.
Private keys
Answers
Suggested answer: A

Explanation:

Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. This provides users with the assurance that the software is legitimate and safe to install.

Question 398

Report
Export
Collapse

After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BYOD policy. However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log:

Which of the following is the most likely reason for the successful attack?

A.
Lack of MDM controls
A.
Lack of MDM controls
Answers
B.
Auto-join hotspots enabled
B.
Auto-join hotspots enabled
Answers
C.
Sideloading
C.
Sideloading
Answers
D.
Lack of application segmentation
D.
Lack of application segmentation
Answers
Suggested answer: A

Explanation:

A lack of Mobile Device Management (MDM) controls can lead to successful attacks because MDM solutions provide the ability to enforce security policies, remotely wipe sensitive data, and manage software updates, which can prevent unauthorized access and protect corporate data. Without MDM, personal devices are more vulnerable to security risks.

Question 399

Report
Export
Collapse

A security administrator wants to enable a feature that would prevent a compromised encryption key from being used to decrypt all the VPN traffic. Which of the following should the security administrator use?

A.
Salsa20 cipher
A.
Salsa20 cipher
Answers
B.
TLS-based VPN
B.
TLS-based VPN
Answers
C.
PKI-based IKE IPSec negotiation
C.
PKI-based IKE IPSec negotiation
Answers
D.
Perfect forward secrecy
D.
Perfect forward secrecy
Answers
Suggested answer: D

Explanation:

Perfect Forward Secrecy (PFS) is a feature of certain key agreement protocols that ensures a session key derived from a set of long-term keys cannot be compromised if one of the long-term keys is compromised in the future. In the context of a VPN, PFS ensures that each session has a unique encryption key, and even if a key is compromised, it will not compromise past or future VPN sessions.

Question 400

Report
Export
Collapse

In order to save money, a company has moved its data to the cloud with a low-cost provider. The company did not perform a security review prior to the move; however, the company requires all of its data to be stored within the country where the headquarters is located. A new employee on the security team has been asked to evaluate the current provider against the most important requirements. The current cloud provider that the company is using offers:

* Only multitenant cloud hosting

* Minimal physical security

* Few access controls

* No access to the data center

The following information has been uncovered:

* The company is located in a known floodplain, which flooded last year.

* Government regulations require data to be stored within the country.

Which of the following should be addressed first?

A.
Update the disaster recovery plan to account for natural disasters.
A.
Update the disaster recovery plan to account for natural disasters.
Answers
B.
Establish a new memorandum of understanding with the cloud provider.
B.
Establish a new memorandum of understanding with the cloud provider.
Answers
C.
Establish a new service-level agreement with the cloud provider.
C.
Establish a new service-level agreement with the cloud provider.
Answers
D.
Provision services according to the appropriate legal requirements.
D.
Provision services according to the appropriate legal requirements.
Answers
Suggested answer: D

Explanation:

Given that the company requires all its data to be stored within the country and the provider offers only multitenant cloud hosting with minimal security measures, the first step should be to ensure that the data storage complies with legal requirements. This is particularly important because government regulations require data to be stored domestically, which is a legal requirement that takes precedence over other considerations.

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms