ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 46

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

Question 451

Report
Export
Collapse

Which of the following is the reason why security engineers often cannot upgrade the security of embedded facility automation systems?

A.
They are constrained by available compute.
A.
They are constrained by available compute.
Answers
B.
They lack X86-64 processors.
B.
They lack X86-64 processors.
Answers
C.
They lack EEPROM.
C.
They lack EEPROM.
Answers
D.
They are not logic-bearing devices.
D.
They are not logic-bearing devices.
Answers
Suggested answer: A

Explanation:

Embedded facility automation systems are often difficult to upgrade because they are constrained by available compute. These systems typically have limited processing power, memory, and storage, which restricts the ability to implement modern security measures, such as encryption, software updates, or advanced security controls. Security engineers may be unable to apply patches or updates without exceeding the system's capacity. CASP+ discusses the challenges posed by resource-constrained devices, particularly in embedded systems and IoT environments, where upgrading security can be difficult due to hardware limitations.

CASP+ CAS-004 Exam Objectives: Domain 3.0 -- Enterprise Security Architecture (Embedded System Security and Constraints)

CompTIA CASP+ Study Guide: Managing Security for Resource-Constrained Embedded Systems

Question 452

Report
Export
Collapse

A security engineer has learned that terminated employees' accounts are not being disabled. The termination dates are updated automatically in the human resources information system software by the appropriate human resources staff. Which of the following would best reduce risks to the organization?

A.
Exporting reports from the system on a weekly basis to disable terminated employees' accounts
A.
Exporting reports from the system on a weekly basis to disable terminated employees' accounts
Answers
B.
Granting permission to human resources staff to mark terminated employees' accounts as disabled
B.
Granting permission to human resources staff to mark terminated employees' accounts as disabled
Answers
C.
Configuring allowed login times for all staff to only work during business hours
C.
Configuring allowed login times for all staff to only work during business hours
Answers
D.
Automating a process to disable the accounts by integrating Active Directory and human resources information systems
D.
Automating a process to disable the accounts by integrating Active Directory and human resources information systems
Answers
Suggested answer: D

Explanation:

The best way to reduce the risk of terminated employees' accounts not being disabled is to automate the process by integrating Active Directory (AD) with the human resources information system (HRIS). By automating this integration, when an employee's termination date is updated in the HRIS, the corresponding account in AD is automatically disabled, reducing the risk of accounts being left active after an employee leaves the organization. CASP+ highlights the importance of automating security processes, especially for user access management, to minimize human error and ensure timely action.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Automation of User Access Management)

CompTIA CASP+ Study Guide: Integration of HR Systems and Active Directory for Account Management

Question 453

Report
Export
Collapse

An IT director is working on a solution to meet the challenge of remotely managing laptop devices and securely locking them down. The solution must meet the following requirements:

* Cut down on patch management.

* Make use of standard configurations.

* Allow for custom resource configurations.

* Provide access to the enterprise system from multiple types of devices.

Which of the following would meet these requirements?

A.
MDM
A.
MDM
Answers
B.
Emulator
B.
Emulator
Answers
C.
Hosted hypervisor
C.
Hosted hypervisor
Answers
D.
VDI
D.
VDI
Answers
Suggested answer: D

Explanation:

A Virtual Desktop Infrastructure (VDI) solution meets all the listed requirements: reducing patch management, using standard configurations, allowing for custom resource configurations, and providing access from multiple device types. VDI allows centralized management of desktop environments, where patches and updates can be applied once and distributed across all virtual desktops. It also supports flexible resource configurations and secure remote access from various devices. CASP+ highlights VDI as a solution for centralized, secure desktop management that meets modern enterprise needs for mobility and security.

CASP+ CAS-004 Exam Objectives: Domain 3.0 -- Enterprise Security Architecture (VDI for Secure Remote Desktop Management)

CompTIA CASP+ Study Guide: Virtual Desktop Infrastructure for Centralized Management and Security

Question 454

Report
Export
Collapse

A penetration tester discovers a condition that causes unexpected behavior in a web application. This results in the dump of the interpreter's debugging information, which includes the interpreter's version, full path of binary files, and the user ID running the process. Which of the following actions would best mitigate this risk?

A.
Include routines in the application for message handling
A.
Include routines in the application for message handling
Answers
B.
Adopt a compiled programming language instead.
B.
Adopt a compiled programming language instead.
Answers
C.
Perform SAST vulnerability scans on every build.
C.
Perform SAST vulnerability scans on every build.
Answers
D.
Validate user-generated input.
D.
Validate user-generated input.
Answers
Suggested answer: A

Explanation:

In this scenario, the web application is disclosing sensitive debugging information when an error occurs. To mitigate this risk, the best solution is to implement proper error message handling routines that ensure detailed debugging information is not exposed to users. Instead, the application should display generic error messages to the end-user while logging detailed information securely for internal troubleshooting. This approach reduces the risk of information disclosure, which is a common vulnerability in web applications. CASP+ emphasizes the importance of secure error handling as part of secure software development practices.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Secure Coding and Error Handling)

CompTIA CASP+ Study Guide: Web Application Security and Proper Error Handling

Question 455

Report
Export
Collapse

A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer's software. The security researcher asks for the manager's advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher?

A.
Collect proof that the exploit works in order to expedite the process.
A.
Collect proof that the exploit works in order to expedite the process.
Answers
B.
Publish proof-of-concept exploit code on a personal blog.
B.
Publish proof-of-concept exploit code on a personal blog.
Answers
C.
Recommend legal consultation about the process.
C.
Recommend legal consultation about the process.
Answers
D.
Visit a bug bounty website for the latest information.
D.
Visit a bug bounty website for the latest information.
Answers
Suggested answer: C

Explanation:

When a security researcher identifies a vulnerability, especially one involving remote code execution, they must navigate a process that protects them legally and ethically. The best advice here is to consult with legal professionals to understand any liabilities, such as potential violations of non-disclosure agreements (NDAs) or intellectual property concerns. Legal consultation ensures that the researcher follows responsible disclosure practices and avoids legal repercussions, which aligns with CASP+ guidance on managing vulnerabilities and the responsible handling of sensitive security information. CompTIA CASP+ emphasizes the importance of adhering to legal and regulatory frameworks when reporting vulnerabilities, especially when dealing with former employers or clients.

CASP+ CAS-004 Exam Objectives: Domain 1.0 -- Risk Management (Responsible Disclosure, Legal Concerns)

CompTIA CASP+ Study Guide: Handling Vulnerabilities and Legal Considerations

Question 456

Report
Export
Collapse

A company has a website with a huge database. The company wants to ensure that a DR site could be brought online quickly in the event of a failover. and end users would miss no more than 30 minutes of data. Which of the following should the company do to meet these objectives?

A.
Build a content caching system at the DR site.
A.
Build a content caching system at the DR site.
Answers
B.
Store the nightly full backups at the DR site.
B.
Store the nightly full backups at the DR site.
Answers
C.
Increase the network bandwidth to the DR site.
C.
Increase the network bandwidth to the DR site.
Answers
D.
Implement real-time replication for the DR site.
D.
Implement real-time replication for the DR site.
Answers
Suggested answer: D

Explanation:

To meet the objective of ensuring minimal data loss (no more than 30 minutes of data) in case of a failover, real-time replication is the best solution. This technique involves continuously replicating data from the primary site to the disaster recovery (DR) site, minimizing data loss to the smallest possible timeframe (i.e., near real-time). Other options, such as content caching or nightly backups, do not address the requirement for minimal data loss effectively. Increasing bandwidth to the DR site may help with the recovery process but will not necessarily reduce the amount of lost data. CASP+ emphasizes the need for solutions like real-time replication to meet strict recovery time objectives (RTO) and recovery point objectives (RPO) in disaster recovery planning.

CASP+ CAS-004 Exam Objectives: Domain 3.0 -- Enterprise Security Architecture (Disaster Recovery)

CompTIA CASP+ Study Guide: Data Replication and Disaster Recovery

Question 457

Report
Export
Collapse

A security analyst is reviewing the following output from a vulnerability scan from an organization's internet-facing web services:

Which of the following indicates a susceptibility whereby an attacker can take advantage of the trust relationship between the client and the server?

A.
Line 06
A.
Line 06
Answers
B.
Line 10
B.
Line 10
Answers
C.
Line 13
C.
Line 13
Answers
D.
Line 17
D.
Line 17
Answers
Suggested answer: A

Explanation:

The scan output in line 06 indicates that OCSP Must-Staple is not supported. This vulnerability exposes the application to attacks where an attacker can exploit the trust relationship between the client and the server by forging certificate revocation statuses. When OCSP stapling is not enforced, a client cannot reliably check if a certificate has been revoked, potentially allowing attackers to exploit this gap. CASP+ discusses the importance of certificate validation mechanisms such as OCSP (Online Certificate Status Protocol) to prevent man-in-the-middle and trust-exploiting attacks.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Certificate Validation, OCSP)

CompTIA CASP+ Study Guide: Secure Web Services and Trust Relationships

Question 458

Report
Export
Collapse

Based on a recent security audit, a company discovered the perimeter strategy is inadequate for its recent growth. To address this issue, the company is looking for a solution that includes the following requirements:

* Collapse of multiple network security technologies into a single footprint

* Support for multiple VPNs with different security contexts

* Support for application layer security (Layer 7 of the OSI Model)

Which of the following technologies would be the most appropriate solution given these requirements?

A.
NAT gateway
A.
NAT gateway
Answers
B.
Reverse proxy
B.
Reverse proxy
Answers
C.
NGFW
C.
NGFW
Answers
D.
NIDS
D.
NIDS
Answers
Suggested answer: C

Explanation:

A Next-Generation Firewall (NGFW) is the best solution to meet the company's needs. NGFWs combine multiple security functions, such as VPN support, intrusion prevention, application-layer (Layer 7) inspection, and more, into a single device, simplifying network security management while improving security coverage. NGFWs can support multiple VPNs with different security contexts, which is critical for the company's requirement. CASP+ emphasizes NGFWs for their ability to collapse multiple security technologies into one platform and offer application-layer security, addressing modern perimeter security needs.

CASP+ CAS-004 Exam Objectives: Domain 3.0 -- Enterprise Security Architecture (NGFW and Unified Security Technologies)

CompTIA CASP+ Study Guide: NGFW and Perimeter Security Strategies

Question 459

Report
Export
Collapse

A company uses a CSP to provide a front end for its new payment system offering. The new offering is currently certified as PCI compliant. In order for the integrated solution to be compliant, the customer:

A.
must also be PCI compliant, because the risk is transferred to the provider.
A.
must also be PCI compliant, because the risk is transferred to the provider.
Answers
B.
still needs to perform its own PCI assessment of the provider's managed serverless service.
B.
still needs to perform its own PCI assessment of the provider's managed serverless service.
Answers
C.
needs to perform a penetration test of the cloud provider's environment.
C.
needs to perform a penetration test of the cloud provider's environment.
Answers
D.
must ensure in-scope systems for the new offering are also PCI compliant.
D.
must ensure in-scope systems for the new offering are also PCI compliant.
Answers
Suggested answer: D

Explanation:

Even though the company uses a cloud service provider (CSP) that is PCI compliant, the customer must still ensure that in-scope systems related to their new payment system offering are also PCI compliant. PCI DSS (Payment Card Industry Data Security Standard) applies to any system that processes, stores, or transmits credit card data, and this includes customer-owned systems, services, or applications integrated into the solution. The responsibility is shared between the CSP and the customer, and compliance is not automatically inherited just because the CSP is compliant. CASP+ emphasizes that organizations must ensure all components within their control are also PCI compliant.

CASP+ CAS-004 Exam Objectives: Domain 1.0 -- Risk Management (Compliance and PCI DSS)

CompTIA CASP+ Study Guide: Cloud Services and PCI Compliance

Question 460

Report
Export
Collapse

A company's software developers have indicated that the security team takes too long to perform application security tasks. A security analyst plans to improve the situation by implementing security into the SDLC. The developers have the following requirements:

1. The solution must be able to initiate SQL injection and reflected XSS attacks.

2. The solution must ensure the application is not susceptible to memory leaks.

Which of the following should be implemented to meet these requirements? (Select two).

A.
Side-channel analysis
A.
Side-channel analysis
Answers
B.
Protocol scanner
B.
Protocol scanner
Answers
C.
HTTP interceptor
C.
HTTP interceptor
Answers
D.
DAST
D.
DAST
Answers
E.
Fuzz testing
E.
Fuzz testing
Answers
F.
SAST
F.
SAST
Answers
G.
SCAP
G.
SCAP
Answers
Suggested answer: D, F

Explanation:

The combination of DAST (Dynamic Application Security Testing) and SAST (Static Application Security Testing) would meet the developers' requirements. DAST is used for runtime testing, capable of simulating attacks like SQL injection and reflected XSS, which fulfills the first requirement. SAST analyzes the code statically to ensure that the application is not vulnerable to issues like memory leaks, fulfilling the second requirement. Implementing both will integrate security testing into the SDLC, addressing the security concerns earlier in the development cycle, as recommended in CASP+.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (DAST, SAST for Secure Software Development)

CompTIA CASP+ Study Guide: Secure SDLC and Application Security Testing

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms