ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 43

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?

Question 421

Report
Export
Collapse

The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold. Which of the following actions should the organization take to comply with the request?

A.
Preserve all communication matching the requested search terms
A.
Preserve all communication matching the requested search terms
Answers
B.
Block communication with the customer while litigation is ongoing
B.
Block communication with the customer while litigation is ongoing
Answers
C.
Require employees to be trained on legal record holds
C.
Require employees to be trained on legal record holds
Answers
D.
Request that all users do not delete any files
D.
Request that all users do not delete any files
Answers
Suggested answer: A

Explanation:

When a legal records hold is issued, the organization is required to preserve all documents and communications that may relate to the litigation. This includes emails, files, and any other form of communication that contains the requested search terms. It is a process of ensuring that this information is not deleted, altered, or otherwise tampered with.

Question 422

Report
Export
Collapse

A small bank is evaluating different methods to address and resolve the following requirements

' Must be able to store credit card data using the smallest amount of data possible

* Must be compliant with PCI DSS

* Must maintain confidentiality if one piece of the layer is compromised

Which of the following is the best solution for the bank?

A.
Scrubbing
A.
Scrubbing
Answers
B.
Tokenization
B.
Tokenization
Answers
C.
Masking
C.
Masking
Answers
D.
Homomorphic encryption
D.
Homomorphic encryption
Answers
Suggested answer: B

Explanation:

Tokenization is the process of replacing sensitive data, like credit card numbers, with unique identification symbols (tokens) that retain all the essential information without compromising its security. This method is compliant with PCI DSS requirements as it ensures that actual credit card data is not stored or processed, thus minimizing the risk of data breaches. Tokenization also maintains confidentiality even if part of the data handling system is compromised, as the tokens do not hold any exploitable data.

Question 423

Report
Export
Collapse

A cyberanalyst for a government agency is concerned about how Pll is protected A supervisor indicates that a Privacy Impact Assessment must be done. Which of the following describes a function of a Privacy Impact Assessment?

A.
To validate the project participants
A.
To validate the project participants
Answers
B.
To identify the network ports
B.
To identify the network ports
Answers
C.
To document residual risks
C.
To document residual risks
Answers
D.
To evaluate threat acceptance
D.
To evaluate threat acceptance
Answers
Suggested answer: C

Explanation:

A Privacy Impact Assessment (PIA) is a process used to evaluate and manage privacy risks associated with the collection, use, and storage of personally identifiable information (PII). One of the key functions of a PIA is to document residual risks, which are the privacy risks that remain after controls have been applied. By identifying and documenting these risks, organizations can make informed decisions about whether additional measures are needed or whether certain risks are acceptable.

Question 424

Report
Export
Collapse

A security engineer is creating a single CSR for the following web server hostnames:

* wwwint internal

* www company com

* home.internal

* www internal

Which of the following would meet the requirement?

A.
SAN
A.
SAN
Answers
B.
CN
B.
CN
Answers
C.
CA
C.
CA
Answers
D.
CRL
D.
CRL
Answers
E.
Issuer
E.
Issuer
Answers
Suggested answer: A

Explanation:

Subject Alternative Name (SAN) is a part of the X.509 specification for SSL certificates that allows multiple domain names to be protected under a single SSL certificate. Using SAN is the most suitable option when a single Certificate Signing Request (CSR) needs to cover multiple hostnames. It enables the security engineer to list all the required hostnames in one certificate, ensuring secure communications for each listed entity without the need for separate certificates.

Question 425

Report
Export
Collapse

To bring digital evidence in a court of law the evidence must be:

A.
material
A.
material
Answers
B.
tangible
B.
tangible
Answers
C.
consistent
C.
consistent
Answers
D.
conserved
D.
conserved
Answers
Suggested answer: A

Explanation:

In the context of legal proceedings, 'material' evidence refers to evidence that is relevant and has a significant impact on the case at hand. For digital evidence to be admissible in court, it must be material, meaning it must relate directly to the case and contribute to proving or disproving a key aspect of the case. Material evidence helps establish the facts and is crucial for the court's decision-making process.

Question 426

Report
Export
Collapse

A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?

A.
Create a rule lo authorize personnel only from certain IPs to access the files
A.
Create a rule lo authorize personnel only from certain IPs to access the files
Answers
B.
Assign labels to the files and require formal access authorization
B.
Assign labels to the files and require formal access authorization
Answers
C.
Assign attributes to each file and allow authorized users to share the files
C.
Assign attributes to each file and allow authorized users to share the files
Answers
D.
Assign roles to users and authorize access to files based on the roles
D.
Assign roles to users and authorize access to files based on the roles
Answers
Suggested answer: B

Explanation:

Labeling files and requiring formal access authorization is a method that aligns with the principle of least privilege and the need-to-know basis. By assigning labels to files based on their sensitivity and requiring formal access approval from the data owner, the security officer can ensure that only personnel with the necessary clearance and a legitimate need to access the information can do so. This approach helps in maintaining data confidentiality and integrity in line with the project's security requirements.

Question 427

Report
Export
Collapse

A company with only U S -based customers wants to allow developers from another country to work on the company's website However, the company plans to block normal internet traffic from the other country Which of the following strategies should the company use to accomplish this objective? (Select two).

A.
Block foreign IP addresses from accessing the website
A.
Block foreign IP addresses from accessing the website
Answers
B.
Have the developers use the company's VPN
B.
Have the developers use the company's VPN
Answers
C.
Implement a WAP for the website
C.
Implement a WAP for the website
Answers
D.
Give the developers access to a jump box on the network
D.
Give the developers access to a jump box on the network
Answers
E.
Employ a reverse proxy for the developers
E.
Employ a reverse proxy for the developers
Answers
F.
Use NAT to enable access for the developers
F.
Use NAT to enable access for the developers
Answers
Suggested answer: B, D

Explanation:

Having developers use the company's VPN can provide them with secure access to the network while still allowing the company to block normal internet traffic from the other country. A jump box serves as a secure entry point for administrators or in this case, developers, to connect before launching any administrative tasks or accessing further areas of the network. This setup maintains security while still providing necessary access.

Question 428

Report
Export
Collapse

A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file Which of the following should the investigator use while preserving evidence integrity?

A.
idd
A.
idd
Answers
B.
bcrypt
B.
bcrypt
Answers
C.
SHA-3
C.
SHA-3
Answers
D.
ssdeep
D.
ssdeep
Answers
E.
dcfldd
E.
dcfldd
Answers
Suggested answer: D

Explanation:

ssdeep is a tool that computes and matches Context Triggered Piecewise Hashing (CTPH), also known as fuzzy hashing. It can be used to identify similar files or slight variations of the same file, which may point to the creator of the file if certain patterns or markers are consistently present. This method allows for integrity checking without altering the evidence, which is critical in forensic investigation.

Question 429

Report
Export
Collapse

A SOC analyst received an alert about a potential compromise and is reviewing the following SIEM logs:

Which of the following is the most appropriate action for the SOC analyst to recommend?

A.
Disabling account JDoe to prevent further lateral movement
A.
Disabling account JDoe to prevent further lateral movement
Answers
B.
Isolating laptop314 from the network
B.
Isolating laptop314 from the network
Answers
C.
Alerting JDoe about the potential account compromise
C.
Alerting JDoe about the potential account compromise
Answers
D.
Creating HIPS and NIPS rules to prevent logins
D.
Creating HIPS and NIPS rules to prevent logins
Answers
Suggested answer: B

Explanation:

The SIEM logs indicate suspicious behavior that could be a sign of a compromise, such as the launching of cmd.exe after Outlook.exe, which is atypical user behavior and could indicate that a machine has been compromised to perform lateral movement within the network. Isolating laptop314 from the network would contain the threat and prevent any potential spread to other systems while further investigation takes place.

Question 430

Report
Export
Collapse

A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service. Which of the following AES modes should the security administrator recommend given these requirements?

A.
CTR
A.
CTR
Answers
B.
ECB
B.
ECB
Answers
C.
OF8
C.
OF8
Answers
D.
GCM
D.
GCM
Answers
Suggested answer: D

Explanation:

Galois/Counter Mode (GCM) is an AES mode of operation that provides both confidentiality and data integrity. It is well-suited for processing streams of data, making it ideal for streaming video services. GCM is known for its strong cryptographic security and good performance, which aligns with the legacy cipher's characteristics and the streaming service's requirements.

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms