ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 42

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?

Question 411

Report
Export
Collapse

A security administrator needs to implement a security solution that will

* Limit the attack surface in case of an incident

* Improve access control for external and internal network security.

* Improve performance with less congestion on network traffic

Which of the following should the security administrator do?

A.
Integrate threat intelligence feeds into the FIM
A.
Integrate threat intelligence feeds into the FIM
Answers
B.
Update firewall rules to match new IP addresses in use
B.
Update firewall rules to match new IP addresses in use
Answers
C.
Configure SIEM dashboards to provide alerts and visualizations
C.
Configure SIEM dashboards to provide alerts and visualizations
Answers
D.
Deploy DLP rules based on updated Pll formatting
D.
Deploy DLP rules based on updated Pll formatting
Answers
Suggested answer: B

Explanation:

Updating firewall rules to match new IP addresses in use will help to limit the attack surface in case of an incident by ensuring only legitimate traffic is allowed. It can also improve access control for external and internal network security by ensuring that only authorized entities can access certain resources, and may improve network performance by reducing unnecessary traffic (less congestion).

Question 412

Report
Export
Collapse

A security engineer is assessing the security controls of loT systems that are no longer supported for updates and patching. Which of the following is the best mitigation for defending these loT systems?

A.
Disable administrator accounts
A.
Disable administrator accounts
Answers
B.
Enable SELinux
B.
Enable SELinux
Answers
C.
Enforce network segmentation
C.
Enforce network segmentation
Answers
D.
Assign static IP addresses
D.
Assign static IP addresses
Answers
Suggested answer: C

Explanation:

Network segmentation is a method to isolate environments from one another, thus limiting the scope of a potential attack. For IoT systems that cannot be updated or patched, network segmentation is the best mitigation technique. It would contain any compromise to the segmented network and prevent it from affecting the rest of the network infrastructure.

Question 413

Report
Export
Collapse

A security analyst has been tasked with assessing a new API The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities Which of the following should the analyst use to achieve this goal?

A.
Static analysis
A.
Static analysis
Answers
B.
Input validation
B.
Input validation
Answers
C.
Fuzz testing
C.
Fuzz testing
Answers
D.
Post-exploitation
D.
Post-exploitation
Answers
Suggested answer: C

Explanation:

Fuzz testing, or fuzzing, is a software testing technique that involves providing invalid, unexpected, or random data as input to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for potential memory leaks. This type of testing can help identify security vulnerabilities that could be exploited by malicious inputs.

Question 414

Report
Export
Collapse

A penetration tester inputs the following command:

This command will allow the penetration tester to establish a:

A.
port mirror
A.
port mirror
Answers
B.
network pivot
B.
network pivot
Answers
C.
reverse shell
C.
reverse shell
Answers
D.
proxy chain
D.
proxy chain
Answers
Suggested answer: C

Explanation:

The command depicted is indicative of a reverse shell, which is a type of shell where the target system initiates an outgoing connection to a remote host, and then standard input and output of the command line interface on the target system is redirected through this connection to the remote host. This is typically used by an attacker after exploitation to open a remote command line interface to control the compromised machine.

Question 415

Report
Export
Collapse

Which of the following technologies would benefit the most from the use of biometric readers proximity badge entry systems, and the use of hardware security tokens to access various environments and data entry systems?

A.
Deep learning
A.
Deep learning
Answers
B.
Machine learning
B.
Machine learning
Answers
C.
Nanotechnology
C.
Nanotechnology
Answers
D.
Passwordless authentication
D.
Passwordless authentication
Answers
E.
Biometric impersonation
E.
Biometric impersonation
Answers
Suggested answer: D

Explanation:

Passwordless authentication is an authentication method that does not require the user to enter a password. Instead, it relies on alternative forms of verification, such as biometric readers (fingerprint or facial recognition), proximity badge entry systems, and hardware security tokens. These technologies provide a means to authenticate users with higher assurance levels and would benefit the most from the use of the mentioned devices and methods.

Question 416

Report
Export
Collapse

An multinational organization was hacked, and the incident response team's timely action prevented a major disaster Following the event, the team created an after action report. Which of the following is the primary goal of an after action review?

A.
To gather evidence for subsequent legal action
A.
To gather evidence for subsequent legal action
Answers
B.
To determine the identity of the attacker
B.
To determine the identity of the attacker
Answers
C.
To identify ways to improve the response process
C.
To identify ways to improve the response process
Answers
D.
To create a plan of action and milestones
D.
To create a plan of action and milestones
Answers
Suggested answer: C

Explanation:

The primary goal of an after-action review (AAR) is to evaluate the response to an incident critically and identify what was done well and what could be improved. An AAR is a structured review or de-brief process for analyzing what happened, why it happened, and how it can be done better by the participants and those responsible for the project or event.

Question 417

Report
Export
Collapse

After the latest risk assessment, the Chief Information Security Officer (CISO) decides to meet with the development and security teams to find a way to reduce the security task workload The CISO would like to:

* Have a solution that uses API to communicate with other security tools

* Use the latest technology possible

* Have the highest controls possible on the solution

Which of following is the best option to meet these requirements?

A.
EDR
A.
EDR
Answers
B.
CSP
B.
CSP
Answers
C.
SOAR
C.
SOAR
Answers
D.
CASB
D.
CASB
Answers
Suggested answer: C

Explanation:

Security Orchestration, Automation, and Response (SOAR) solutions are designed to automate and streamline security operations in complex environments. By utilizing APIs, SOAR platforms can integrate with various security tools to enhance incident response processes, automate tasks, and improve overall efficiency. This aligns with the requirements of using the latest technology and having high control over the solution. SOAR's ability to orchestrate between different security solutions and automate responses to threats makes it the best option to reduce the security task workload while maintaining high controls.

Question 418

Report
Export
Collapse

A security engineer needs to select the architecture for a cloud database that will protect an organization's sensitive data. The engineer has a choice between a single-tenant or a multitenant database architecture offered by a cloud vendor. Which of the following best describes the security benefits of the single-tenant option? (Select two).

A.
Most cost-effective
A.
Most cost-effective
Answers
B.
Ease of backup and restoration
B.
Ease of backup and restoration
Answers
C.
High degree of privacy
C.
High degree of privacy
Answers
D.
Low resilience to side-channel attacks
D.
Low resilience to side-channel attacks
Answers
E.
Full control and ability to customize
E.
Full control and ability to customize
Answers
F.
Increased geographic diversity
F.
Increased geographic diversity
Answers
Suggested answer: C, E

Explanation:

Single-tenant architectures provide a dedicated environment for each client, which enhances data privacy since the resources are not shared with other tenants. This isolation minimizes the risk of data leakage or interference from other tenants, offering a high degree of privacy. Additionally, single-tenancy allows for full control over the database environment, including customization options tailored to specific security requirements or compliance needs, which is not always possible in a multi-tenant architecture.

Question 419

Report
Export
Collapse

A company with multiple locations has taken a cloud-only approach to its infrastructure The company does not have standard vendors or systems resulting in a mix of various solutions put in place by each location The Chief Information Security Officer wants to ensure that the internal security team has visibility into all platforms Which of the following best meets this objective?

A.
Security information and event management
A.
Security information and event management
Answers
B.
Cloud security posture management
B.
Cloud security posture management
Answers
C.
SNMFV2 monitoring and log aggregation
C.
SNMFV2 monitoring and log aggregation
Answers
D.
Managed detection and response services from a third party
D.
Managed detection and response services from a third party
Answers
Suggested answer: A

Explanation:

Security Information and Event Management (SIEM) systems provide real-time analysis of security alerts generated by applications and network hardware. SIEMs are beneficial in environments where there is a mix of various solutions, as they can collect and aggregate logs from multiple sources, providing the internal security team with a centralized view and visibility into all platforms. This would best meet the objective of ensuring visibility into all platforms, regardless of the differing solutions across the company's locations.

Question 420

Report
Export
Collapse

Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?

A.
Initiate a legal hold.
A.
Initiate a legal hold.
Answers
B.
Refer to the retention policy
B.
Refer to the retention policy
Answers
C.
Perform e-discovery.
C.
Perform e-discovery.
Answers
D.
Review the subpoena
D.
Review the subpoena
Answers
Suggested answer: A

Explanation:

A legal hold is a process by which an organization instructs its employees or other relevant parties to preserve specific data for potential litigation. A legal hold is triggered when litigation is reasonably anticipated, such as when law enforcement officials inform an organization that an investigation has begun. The first step the organization should take is to initiate a legal hold to ensure that relevant evidence is not deleted, destroyed, or altered. A legal hold also demonstrates the organization's good faith and compliance with its duty to preserve evidence. Verified

Reference:

https://percipient.co/litigation-hold-triggers-and-the-duty-to-preserve-evidence/

https://www.everlaw.com/blog/ediscovery-best-practices/guide-to-legal-holds/


Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms