ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 47

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

Question 461

Report
Export
Collapse

Which of the following provides the best solution for organizations that want to securely back up the MFA seeds for its employees in a central, offline location with minimal management overhead?

A.
Key escrow service
A.
Key escrow service
Answers
B.
Secrets management
B.
Secrets management
Answers
C.
Encrypted database
C.
Encrypted database
Answers
D.
Hardware security module
D.
Hardware security module
Answers
Suggested answer: D

Explanation:

A Hardware Security Module (HSM) provides the best solution for securely backing up MFA seeds in a central, offline location with minimal management overhead. HSMs are specialized hardware devices designed for cryptographic key management, including storing sensitive data like MFA seeds securely. HSMs offer high levels of protection against tampering and provide offline security, making them an ideal choice for backing up cryptographic materials. CASP+ recognizes HSMs as critical components for managing and securing cryptographic keys in centralized, secure environments.

CASP+ CAS-004 Exam Objectives: Domain 3.0 -- Enterprise Security Architecture (HSM and Secure Key Management)

CompTIA CASP+ Study Guide: Secure Backup and Key Management with HSM

Question 462

Report
Export
Collapse

A common industrial protocol has the following characteristics:

* Provides for no authentication/security

* Is often implemented in a client/server relationship

* Is implemented as either RTU or TCP/IP

Which of the following is being described?

A.
Profinet
A.
Profinet
Answers
B.
Modbus
B.
Modbus
Answers
C.
Zigbee
C.
Zigbee
Answers
D.
Z-Wave
D.
Z-Wave
Answers
Suggested answer: B

Explanation:

The protocol described is Modbus, which is a commonly used industrial protocol that lacks built-in authentication and security features. Modbus operates in a client/server model and can be implemented over RTU (Remote Terminal Unit) or TCP/IP for communication between devices. The other protocols mentioned either have different characteristics or are used in different contexts (such as Profinet for industrial automation, Zigbee for wireless IoT devices, and Z-Wave for home automation). CASP+ identifies Modbus as a critical protocol in industrial environments that lacks security and requires additional protective measures.

CASP+ CAS-004 Exam Objectives: Domain 4.0 -- Industrial Control Systems (ICS) and Modbus Protocol

CompTIA CASP+ Study Guide: Industrial Protocols and Modbus Security

Question 463

Report
Export
Collapse

A security researcher identified the following messages while testing a web application:

Which of the following should the researcher recommend to remediate the issue?

A.
Software composition analysis
A.
Software composition analysis
Answers
B.
Packet inspection
B.
Packet inspection
Answers
C.
Proper error handling
C.
Proper error handling
Answers
D.
Elimination of the use of unsafe functions
D.
Elimination of the use of unsafe functions
Answers
Suggested answer: C

Explanation:

The log messages in the image display detailed error messages, indicating improper error handling, which can expose sensitive information to potential attackers. Proper error handling ensures that error messages do not reveal underlying application details (such as file paths or configuration information) that could be exploited. This aligns with the best practices in secure coding and is a core concept in CASP+. Rather than exposing the inner workings of the application, the system should return generic error messages to users while logging detailed information securely for internal troubleshooting.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Secure Coding, Error Handling)

CompTIA CASP+ Study Guide: Web Application Security and Proper Error Handling Techniques

Question 464

Report
Export
Collapse

During a software assurance assessment, an engineer notices the source code contains multiple instances of strcpy. which does not verify the buffer length. Which of the following solutions should be integrated into the SDLC process to reduce future risks?

A.
Require custom IDS/IPS detection signatures for each type of insecure function found.
A.
Require custom IDS/IPS detection signatures for each type of insecure function found.
Answers
B.
Perform a penetration test before moving to the next step of the SDLC.
B.
Perform a penetration test before moving to the next step of the SDLC.
Answers
C.
Update the company's secure coding policy to exclude insecure functions.
C.
Update the company's secure coding policy to exclude insecure functions.
Answers
D.
Perform DAST/SAST scanning before handoff to another team.
D.
Perform DAST/SAST scanning before handoff to another team.
Answers
Suggested answer: C

Explanation:

The source code in this scenario uses insecure functions like strcpy which are known for not checking buffer sizes, leading to buffer overflow vulnerabilities. The most effective solution is to update the company's secure coding policy to prohibit the use of insecure functions and replace them with safer alternatives, such as strncpy, which enforces buffer length checks. Integrating this change into the Software Development Life Cycle (SDLC) ensures that future code adheres to secure practices, thereby reducing the risk of vulnerabilities being introduced into production systems. This approach aligns with CASP+ guidelines that emphasize secure coding practices and policies to prevent common security flaws in software development.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Secure Coding Standards)

CompTIA CASP+ Study Guide: Secure Coding and Prevention of Buffer Overflows

Question 465

Report
Export
Collapse

An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities. Which of the following service models best meets these requirements?

A.
PaaS
A.
PaaS
Answers
B.
SaaS
B.
SaaS
Answers
C.
laaS
C.
laaS
Answers
D.
MaaS
D.
MaaS
Answers
Suggested answer: A

Explanation:

In this scenario, the organization is looking to deploy a containerized application in the cloud and wants the infrastructure to automatically scale without handling patch management. A Platform as a Service (PaaS) model is the best fit because it allows developers to focus on the application and its deployment, while the cloud provider manages the underlying infrastructure, including patching and scaling. PaaS supports container orchestration, enabling automated scaling based on demand, and offloads most operational responsibilities to the provider. This is in contrast to Infrastructure as a Service (IaaS), which requires more direct management of the infrastructure, including patching. CASP+ highlights PaaS as a service model that minimizes operational overhead for security operations teams.

CASP+ CAS-004 Exam Objectives: Domain 3.0 -- Enterprise Security Architecture (Cloud Service Models)

CompTIA CASP+ Study Guide: Cloud Computing and PaaS Benefits

Question 466

Report
Export
Collapse

A security architect examines a section of code and discovers the following:

Which of the following changes should the security architect require before approving the code for release?

A.
Allow only alphanumeric characters for the username.
A.
Allow only alphanumeric characters for the username.
Answers
B.
Make the password variable longer to support more secure passwords.
B.
Make the password variable longer to support more secure passwords.
Answers
C.
Prevent more than 20 characters from being entered.
C.
Prevent more than 20 characters from being entered.
Answers
D.
Add a password parameter to the checkUserExists function.
D.
Add a password parameter to the checkUserExists function.
Answers
Suggested answer: C

Explanation:

The code snippet presents a buffer size risk where the user input (username) is accepted without limiting the number of characters, potentially leading to buffer overflow vulnerabilities. The best solution is to implement input validation that limits the input to a maximum of 20 characters, matching the buffer size defined in the code. This prevents overflow attacks by ensuring that user input does not exceed the allocated memory space. Other options, like adding more parameters or allowing alphanumeric characters, do not directly address the root cause of buffer overflow vulnerabilities. CASP+ stresses the importance of proper input validation and bounds checking as critical security measures.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Input Validation and Buffer Overflow Prevention)

CompTIA CASP+ Study Guide: Secure Coding Practices and Input Validation Techniques

Question 467

Report
Export
Collapse

A control systems analyst is reviewing the defensive posture of engineering workstations on the shop floor. Upon evaluation, the analyst makes the following observations:

* Unsupported, end-of-life operating systems were still prevalent on the shop floor.

* There are no security controls for systems with supported operating systems.

* There is little uniformity of installed software among the workstations.

Which of the following would have the greatest impact on the attack surface?

A.
Deploy antivirus software to all of the workstations.
A.
Deploy antivirus software to all of the workstations.
Answers
B.
Increase the level of monitoring on the workstations.
B.
Increase the level of monitoring on the workstations.
Answers
C.
Utilize network-based allow and block lists.
C.
Utilize network-based allow and block lists.
Answers
D.
Harden all of the engineering workstations using a common strategy.
D.
Harden all of the engineering workstations using a common strategy.
Answers
Suggested answer: D

Explanation:

Hardening the engineering workstations using a consistent strategy would have the greatest impact on reducing the attack surface. The workstations are running outdated and unsupported operating systems, with no security controls, and inconsistent software installations, which significantly increases the risk of exploitation. Hardening involves applying patches, reducing unnecessary software, disabling unused services, and ensuring uniform security controls across all systems. By addressing these vulnerabilities and inconsistencies, the overall security posture improves significantly, which aligns with CASP+ best practices on reducing attack surfaces by standardizing and securing endpoint configurations.

CASP+ CAS-004 Exam Objectives: Domain 1.0 -- Risk Management (Vulnerability Management, System Hardening)

CompTIA CASP+ Study Guide: Hardening Techniques and Attack Surface Reduction

Question 468

Report
Export
Collapse

A DNS forward lookup zone named complia.org must:

* Ensure the DNS is protected from on-path attacks.

* Ensure zone transfers use mutual authentication and are authenticated and negotiated.

Which of the following should the security architect configure to meet these requirements? (Select two).

A.
Public keys
A.
Public keys
Answers
B.
Conditional forwarders
B.
Conditional forwarders
Answers
C.
Root hints
C.
Root hints
Answers
D.
DNSSEC
D.
DNSSEC
Answers
E.
CNAME records
E.
CNAME records
Answers
F.
SRV records
F.
SRV records
Answers
Suggested answer: A, D

Explanation:

To protect DNS from on-path attacks and ensure that zone transfers are mutually authenticated and secure, the security architect should configure DNSSEC and Public keys. DNSSEC (Domain Name System Security Extensions) provides protection against DNS spoofing by digitally signing DNS data to ensure its integrity. Public keys are crucial for mutual authentication during zone transfers, ensuring that only authorized parties can exchange DNS zone data. Together, these options help meet both the requirements of securing DNS queries and authenticating zone transfers with cryptographic integrity.

CASP+ CAS-004 Exam Objectives: Domain 3.0 -- Enterprise Security Architecture (DNS Security)

CompTIA CASP+ Study Guide: DNSSEC Implementation and Use of Public Keys

Question 469

Report
Export
Collapse

A company recently migrated its critical web application to a cloud provider's environment. As part of the company's risk management program, the company intends to conduct an external penetration test. According to the scope of work and the rules of engagement, the penetration tester will validate the web application's security and check for opportunities to expose sensitive company information in the newly migrated cloud environment. Which of the following should be the first consideration prior to engaging in the test?

A.
Prepare a redundant server to ensure the critical web application's availability during the test.
A.
Prepare a redundant server to ensure the critical web application's availability during the test.
Answers
B.
Obtain agreement between the company and the cloud provider to conduct penetration testing.
B.
Obtain agreement between the company and the cloud provider to conduct penetration testing.
Answers
C.
Ensure the latest patches and signatures are deployed on the web server.
C.
Ensure the latest patches and signatures are deployed on the web server.
Answers
D.
Create an NDA between the external penetration tester and the company.
D.
Create an NDA between the external penetration tester and the company.
Answers
Suggested answer: B

Explanation:

Before conducting a penetration test in a cloud environment, it is critical to first obtain permission from the cloud service provider. Cloud providers often have strict rules about penetration testing to avoid unintended service disruptions or violations of service agreements. Without this agreement, the company could face legal or operational consequences. This aligns with CASP+ best practices, which emphasize the importance of securing approval and understanding shared responsibility models in cloud environments before engaging in security testing.

CASP+ CAS-004 Exam Objectives: Domain 1.0 -- Risk Management (Penetration Testing in Cloud Environments)

CompTIA CASP+ Study Guide: Cloud Security and Legal Considerations for Penetration Testing

Question 470

Report
Export
Collapse

A security team is concerned with attacks that are taking advantage of return-oriented programming against the company's public-facing applications. Which of the following should the company implement on the public-facing servers?

A.
IDS
A.
IDS
Answers
B.
ASLR
B.
ASLR
Answers
C.
TPM
C.
TPM
Answers
D.
HSM
D.
HSM
Answers
Suggested answer: B

Explanation:

Address Space Layout Randomization (ASLR) is a security feature that randomizes the memory addresses used by system and application processes, making return-oriented programming (ROP) attacks more difficult to exploit. ROP relies on predictable memory locations, and ASLR disrupts this predictability by randomizing memory locations at runtime. Implementing ASLR on public-facing servers helps mitigate this attack vector. CASP+ recommends leveraging memory protection mechanisms like ASLR to defend against advanced exploitation techniques like ROP.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Memory Protection Mechanisms)

CompTIA CASP+ Study Guide: Memory Exploit Mitigations and ASLR

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms