ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 41

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

Question 401

Report
Export
Collapse

An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

A.
Due care
A.
Due care
Answers
B.
Due diligence
B.
Due diligence
Answers
C.
Due process
C.
Due process
Answers
D.
Due notice
D.
Due notice
Answers
Suggested answer: A

Explanation:

Due care refers to the effort made by an ordinarily prudent or reasonable party to avoid harm to another party. By not reporting the gaps in the inventory system, the assessor is neglecting their responsibility and not exercising the due care that is expected of them, which could lead to legal ramifications for non-compliance or other security breaches.

Question 402

Report
Export
Collapse

A security architect must mitigate the risks from what is suspected to be an exposed, private cryptographic key. Which of the following is the best step to take?

A.
Revoke the certificate.
A.
Revoke the certificate.
Answers
B.
Inform all the users of the certificate.
B.
Inform all the users of the certificate.
Answers
C.
Contact the company's Chief Information Security Officer.
C.
Contact the company's Chief Information Security Officer.
Answers
D.
Disable the website using the suspected certificate.
D.
Disable the website using the suspected certificate.
Answers
E.
Alert the root CA.
E.
Alert the root CA.
Answers
Suggested answer: A

Explanation:

In the context of a private cryptographic key suspected to be exposed, the best immediate action is to revoke the certificate associated with that key. Revoking the certificate ensures that it cannot be used to establish new secure sessions, which prevents attackers from using the potentially compromised key to impersonate or decrypt communications. The revocation process typically involves updating the Certificate Revocation List (CRL) or leveraging the Online Certificate Status Protocol (OCSP), both of which are used by clients to check the validity of certificates.

Question 403

Report
Export
Collapse

Signed applications reduce risks by:

A.
encrypting the application's data on the device.
A.
encrypting the application's data on the device.
Answers
B.
requiring the developer to use code-level hardening techniques.
B.
requiring the developer to use code-level hardening techniques.
Answers
C.
providing assurance that the application is using unmodified source code.
C.
providing assurance that the application is using unmodified source code.
Answers
D.
costing the developer money to publish, which reduces the likelihood of malicious intent.
D.
costing the developer money to publish, which reduces the likelihood of malicious intent.
Answers
Suggested answer: C

Explanation:

Signed applications ensure the integrity of the application by verifying that the source code has not been tampered with. Digital signatures provide a cryptographic guarantee that the software is exactly as the developer released it.

Question 404

Report
Export
Collapse

After a server was compromised an incident responder looks at log files to determine the attack vector that was used The incident responder reviews the web server log files from the time before an unexpected SSH session began:

Which of the following is the most likely vulnerability that was exploited based on the log files?

A.
Directory traversal revealed the hashed SSH password, which was used to access the server.
A.
Directory traversal revealed the hashed SSH password, which was used to access the server.
Answers
B.
A SQL injection was used during the ordering process to compromise the database server
B.
A SQL injection was used during the ordering process to compromise the database server
Answers
C.
The root password was easily guessed and used as a parameter lo open a reverse shell
C.
The root password was easily guessed and used as a parameter lo open a reverse shell
Answers
D.
An outdated third-party PHP plug-in was vulnerable to a known remote code execution
D.
An outdated third-party PHP plug-in was vulnerable to a known remote code execution
Answers
Suggested answer: A

Explanation:

The logs indicate a directory traversal attempt (/../..//.etc/shadow), which is a type of attack that exploits insufficient security validation/sanitization of user-supplied input file names, so that characters representing 'traverse to parent directory' are passed through to the file APIs. The /etc/shadow file on Unix systems contains password hashes. If an attacker successfully exploited this vulnerability, they could potentially access the hashed SSH password. This information could then be used to gain unauthorized access to the server if the hash was cracked.

Question 405

Report
Export
Collapse

A network security engineer is designing a three-tier web architecture that will allow a third-party vendor to perform the following audit functions within the organization's cloud environment

* Review communication between all infrastructure endpoints

* Identify unauthorized and malicious data patterns

* Perform automated, risk-mitigating configuration changes

Which of the following should the network security engineer include in the design to address these requirements?

A.
Network edge NIPS
A.
Network edge NIPS
Answers
B.
Centralized syslog
B.
Centralized syslog
Answers
C.
Traffic mirroring
C.
Traffic mirroring
Answers
D.
Network flow
D.
Network flow
Answers
Suggested answer: C

Explanation:

Traffic mirroring, also known as port mirroring or SPAN (Switched Port Analyzer), involves creating a copy of the actual network traffic for independent analysis. This would allow the third-party vendor to review communications between infrastructure endpoints, identify unauthorized and malicious data patterns, and perform automated, risk-mitigating configuration changes without impacting the live environment. This is used in network intrusion detection systems (NIDS) and for traffic analysis purposes.

Question 406

Report
Export
Collapse

A PKI engineer is defining certificate templates for an organization's CA and would like to ensure at least two of the possible SAN certificate extension fields populate for documentation purposes. Which of the following are explicit options within this extension? (Select two).

A.
Type
A.
Type
Answers
B.
Email
B.
Email
Answers
C.
OCSP responder
C.
OCSP responder
Answers
D.
Registration authority
D.
Registration authority
Answers
E.
Common Name
E.
Common Name
Answers
F.
DNS name
F.
DNS name
Answers
Suggested answer: B, F

Explanation:

The SAN (Subject Alternative Name) field in a certificate can include multiple types of entries, including DNS names and email addresses. These are explicit options within the SAN extension, allowing a single certificate to be valid for multiple domain names and email addresses. This is often used in multi-domain SSL certificates, where a single certificate needs to be valid for multiple subdomains or different domain names.

Question 407

Report
Export
Collapse

A hospital has fallen behind with patching known vulnerabilities due to concerns that patches may cause disruptions in the availability of data and impact patient care. The hospital does not have a tracking solution in place to audit whether systems have been updated or to track the length of time between notification of the weakness and patch completion Since tracking is not in place the hospital lacks accountability with regard to who is responsible for these activities and the timeline of patching efforts. Which of the following should the hospital do first to mitigate this risk?

A.
Complete a vulnerability analysis
A.
Complete a vulnerability analysis
Answers
B.
Obtain guidance from the health ISAC
B.
Obtain guidance from the health ISAC
Answers
C.
Purchase a ticketing system for auditing efforts
C.
Purchase a ticketing system for auditing efforts
Answers
D.
Ensure CVEs are current
D.
Ensure CVEs are current
Answers
E.
Train administrators on why patching is important
E.
Train administrators on why patching is important
Answers
Suggested answer: A

Explanation:

The first step in mitigating the risk associated with delayed patching is to conduct a vulnerability analysis. This process involves identifying, categorizing, and assessing the vulnerabilities within the hospital's IT infrastructure. By understanding the specific vulnerabilities and their potential impact on patient care and data availability, the hospital can prioritize patching efforts effectively and develop a strategy that minimizes disruptions while ensuring critical systems remain secure.

Question 408

Report
Export
Collapse

Which of the following is record-level encryption commonly used to do?

A.
Protect database fields
A.
Protect database fields
Answers
B.
Protect individual files
B.
Protect individual files
Answers
C.
Encrypt individual packets
C.
Encrypt individual packets
Answers
D.
Encrypt the master boot record
D.
Encrypt the master boot record
Answers
Suggested answer: A

Explanation:

Record-level encryption is primarily used to protect sensitive information stored in specific fields within a database, such as personal data, financial information, or health records. This encryption method ensures that individual data entries are encrypted, providing a high level of security and privacy by making the data unreadable to unauthorized users or in the event of a database breach, while still allowing the database to be functional for authorized queries and operations.

Question 409

Report
Export
Collapse

A security engineer is concerned about the threat of side-channel attacks The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from its normal operating range As a result, the part deteriorated more quickly than the mean time to failure A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the pan failed Which of the following solutions would be best to prevent a side-channel attack in the future?

A.
Installing online hardware sensors
A.
Installing online hardware sensors
Answers
B.
Air gapping important ICS and machines
B.
Air gapping important ICS and machines
Answers
C.
Implementing a HIDS
C.
Implementing a HIDS
Answers
D.
Installing a SIEM agent on the endpoint
D.
Installing a SIEM agent on the endpoint
Answers
Suggested answer: B

Explanation:

Air gapping, which means physically isolating a secure network from unsecured networks, including the public internet, is one of the most effective ways to prevent side-channel attacks. By creating an air gap, you remove the pathways that an attacker might exploit to gain unauthorized access to sensitive systems and manipulate them, as in the case of the SCADA system mentioned.

Question 410

Report
Export
Collapse

During a network defense engagement, a red team is able to edit the following registry key:

Which of the following tools is the red team using to perform this action?

A.
PowerShell
A.
PowerShell
Answers
B.
SCAP scanner
B.
SCAP scanner
Answers
C.
Network vulnerability scanner
C.
Network vulnerability scanner
Answers
D.
Fuzzer
D.
Fuzzer
Answers
Suggested answer: A

Explanation:

PowerShell is a versatile scripting language that can be used to automate administrative tasks and configurations on Windows machines. It has the capability to edit registry keys, which is what the red team appears to have done based on the provided information. PowerShell is a common tool used by both system administrators and attackers (in the form of a red team during penetration testing).

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms