ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 44

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?

Question 431

Report
Export
Collapse

Company A is merging with Company B Company A is a small, local company Company B has a large, global presence The two companies have a lot of duplication in their IT systems processes, and procedures On the new Chief Information Officer's (ClO's) first day a fire breaks out at Company B's mam data center Which of the following actions should the CIO take first?

A.
Determine whether the incident response plan has been tested at both companies, and use it to respond
A.
Determine whether the incident response plan has been tested at both companies, and use it to respond
Answers
B.
Review the incident response plans, and engage the disaster recovery plan while relying on the IT leaders from both companies.
B.
Review the incident response plans, and engage the disaster recovery plan while relying on the IT leaders from both companies.
Answers
C.
Ensure hot. warm, and mobile disaster recovery sites are available, and give an update to the companies' leadership teams
C.
Ensure hot. warm, and mobile disaster recovery sites are available, and give an update to the companies' leadership teams
Answers
D.
Initiate Company A's IT systems processes and procedures, assess the damage, and perform a BIA
D.
Initiate Company A's IT systems processes and procedures, assess the damage, and perform a BIA
Answers
Suggested answer: B

Explanation:

In the event of a fire at the main data center, the immediate action should be to review and engage the disaster recovery plan. This is to ensure the continuity of business operations. The CIO should coordinate with IT leaders from both companies to ensure a unified response. Assessing the damage and planning for recovery are crucial, and leveraging the expertise from both companies can help streamline the process.

Question 432

Report
Export
Collapse

An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?

A.
Use over-the-air updates to replace the private key
A.
Use over-the-air updates to replace the private key
Answers
B.
Manufacture a new loT device with a redesigned SoC
B.
Manufacture a new loT device with a redesigned SoC
Answers
C.
Replace the public portion of the loT key on its servers
C.
Replace the public portion of the loT key on its servers
Answers
D.
Release a patch for the SoC software
D.
Release a patch for the SoC software
Answers
Suggested answer: B

Explanation:

If the asymmetric private key defined in the write-once read-many (WORM) portion of the System on Chip (SoC) is compromised, the IoT device manufacturer cannot simply replace or update the key through software changes due to the nature of WORM memory. The compromised key would necessitate the production of a new IoT device with a redesigned SoC that includes a new, secure private key. This is because the integrity of the encryption module is fundamental to the device's security, and a compromised key cannot be allowed to persist in the hardware.

Question 433

Report
Export
Collapse

A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops. Which of the following authenticator types would be most appropriate for the engineer to include in the design?

A.
TOTP token
A.
TOTP token
Answers
B.
Device certificate
B.
Device certificate
Answers
C.
Smart card
C.
Smart card
Answers
D.
Biometric
D.
Biometric
Answers
Suggested answer: B

Explanation:

Using digital certificates for authentication is a secure method to control access to laptops and other devices. A device certificate can serve as an authenticator by providing a means for the device to prove its identity in a cryptographic manner. This certificate-based authentication is commonly used in enterprise environments for strong authentication.

Question 434

Report
Export
Collapse

A company is in the process of refreshing its entire infrastructure The company has a business-critical process running on an old 2008 Windows server If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company should take?

A.
Accept the risk as the cost of doing business
A.
Accept the risk as the cost of doing business
Answers
B.
Create an organizational risk register for project prioritization
B.
Create an organizational risk register for project prioritization
Answers
C.
Calculate the ALE and conduct a cost-benefit analysis
C.
Calculate the ALE and conduct a cost-benefit analysis
Answers
D.
Purchase insurance to offset the cost if a failure occurred
D.
Purchase insurance to offset the cost if a failure occurred
Answers
Suggested answer: C

Explanation:

Calculating the Annual Loss Expectancy (ALE) and conducting a cost-benefit analysis is a critical part of risk management. The ALE will help the company understand the potential losses associated with the server failure per year, which can then be weighed against the cost of mitigating the risk (e.g., replacing the server or implementing redundancies). This analysis will inform the decision on the best course of action to manage the risk associated with the aging server.

Question 435

Report
Export
Collapse

A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port The service cannot be turned off, as it would impact a critical application's ability to function. Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited?

A.
service ---status-ali I grep ftpd
A.
service ---status-ali I grep ftpd
Answers
B.
chkconfig --list
B.
chkconfig --list
Answers
C.
neestat -tulpn
C.
neestat -tulpn
Answers
D.
systeactl list-unit-file ---type service ftpd
D.
systeactl list-unit-file ---type service ftpd
Answers
E.
service ftpd. status
E.
service ftpd. status
Answers
Suggested answer: C

Explanation:

The netstat -tulpn command is used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. The -tulpn options specifically show TCP and UDP connections with the process ID and the name that is listening on each port, which would provide the necessary information to identify if FTP is running and on which port without turning the service off. This information can then be used to create a precise firewall rule to prevent the FTP service from being exploited.

Question 436

Report
Export
Collapse

A forensic investigator started the process of gathering evidence on a laptop in response to an incident The investigator took a snapshof of the hard drive, copied relevant log files and then performed a memory dump Which of the following steps in the process should have occurred first?

A.
Preserve secure storage
A.
Preserve secure storage
Answers
B.
Clone the disk.
B.
Clone the disk.
Answers
C.
Collect the most volatile data
C.
Collect the most volatile data
Answers
D.
Copy the relevant log files
D.
Copy the relevant log files
Answers
Suggested answer: C

Explanation:

The first step in forensic analysis is to collect the most volatile data, which is the information that would be lost when the power is turned off or the system is rebooted. This includes the contents of memory (RAM) and other temporary data that are stored in caches or buffers. A memory dump captures this data and should be done before other less volatile data is collected, like hard drive images or log files, to ensure the most accurate and comprehensive capture of the system's state at the time of the incident.

Question 437

Report
Export
Collapse

An organization has an operational requirement with a specific equipment vendor The organization is located in the United States, but the vendor is located in another region Which of the following risks would be most concerning to the organization in the event of equipment failure?

A.
Support may not be available during all business hours
A.
Support may not be available during all business hours
Answers
B.
The organization requires authorized vendor specialists.
B.
The organization requires authorized vendor specialists.
Answers
C.
Each region has different regulatory frameworks to follow
C.
Each region has different regulatory frameworks to follow
Answers
D.
Shipping delays could cost the organization money
D.
Shipping delays could cost the organization money
Answers
Suggested answer: A

Explanation:

The primary risk for an organization working with vendors in different time zones is that support might not be available during the organization's regular business hours. This can lead to delays in receiving necessary support or assistance when equipment issues arise, which could be critical if there's an equipment failure.

Question 438

Report
Export
Collapse

A company has retained the services of a consultant to perform a security assessment. As part of the assessment the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks Which of the following would best enable this activity?

A.
ISAC
A.
ISAC
Answers
B.
OSINT
B.
OSINT
Answers
C.
CVSS
C.
CVSS
Answers
D.
Threat modeling
D.
Threat modeling
Answers
Suggested answer: A

Explanation:

Information Sharing and Analysis Centers (ISACs) are member-driven organizations, facilitated by the government, that gather and share information on cybersecurity threats, vulnerabilities, and incidents among their members. Engaging with an ISAC would enable the company to collaborate with others in the industry regarding emerging attacks and security threats.

Question 439

Report
Export
Collapse

The Chief Executive Officer of an online retailer notices a sudden drop in sales A security analyst at the retailer detects a redirection of unsecure web traffic to a competitor's site Which of the following would best prevent this type of attack?

A.
Enabling HSTS
A.
Enabling HSTS
Answers
B.
Configuring certificate pinning
B.
Configuring certificate pinning
Answers
C.
Enforcing DNSSEC
C.
Enforcing DNSSEC
Answers
D.
Deploying certificate stapling
D.
Deploying certificate stapling
Answers
Suggested answer: A

Explanation:

HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. Enabling HSTS would prevent attackers from redirecting users from a secure site to an unsecure or malicious one.

Question 440

Report
Export
Collapse

An organization is designing a MAC scheme (or critical servers running GNU/Linux. The security engineer is investigating SELinux but is confused about how to read labeling contexts. The engineer executes the command stat ./secretfile and receives the following output:

Which of the following describes the correct order of labels shown in the output above?

A.
Role, type MLS level, and user identity
A.
Role, type MLS level, and user identity
Answers
B.
Role, user identity, object, and MLS level
B.
Role, user identity, object, and MLS level
Answers
C.
Object MLS level, role, and type
C.
Object MLS level, role, and type
Answers
D.
User identity, role, type, and MLS level
D.
User identity, role, type, and MLS level
Answers
E.
Object, user identity, role, and MLS level
E.
Object, user identity, role, and MLS level
Answers
Suggested answer: D

Explanation:

SELinux contexts are typically made up of several components, including the user identity, role, type (also known as domain or type), and MLS (Multi-Level Security) level. The context format is user:role:type:level. In the given output sys:secret:sec_t:s0, 'sys' represents the user identity, 'secret' is the role, 'sec_t' is the type, and 's0' is the MLS level. Understanding SELinux contexts is critical for managing Mandatory Access Control (MAC) in GNU/Linux systems to protect against unauthorized access.

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms