ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 49

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

Question 481

Report
Export
Collapse

After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst create to address future incidents?

A.
Root cause analysis
A.
Root cause analysis
Answers
B.
Communication plan
B.
Communication plan
Answers
C.
Runbook
C.
Runbook
Answers
D.
Lessons learned
D.
Lessons learned
Answers
Suggested answer: C

Explanation:

A runbook is a detailed guide that provides step-by-step instructions on how to respond to specific types of incidents. It is used by the SOC team to ensure a consistent, organized, and efficient response to incidents. In this case, after the incident investigation, creating a runbook would help standardize the response process for future security incidents, enabling the team to act quickly and effectively. CASP+ emphasizes the importance of having detailed runbooks for incident response as part of an organization's overall incident response strategy.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Incident Response and Runbooks)

CompTIA CASP+ Study Guide: Incident Response Procedures and Runbooks

Question 482

Report
Export
Collapse

An analyst reviews the following output collected during the execution of a web application security assessment:

Which of the following attacks would be most likely to succeed, given the output?

A.
NULL and unauthenticated cipher downgrade attack
A.
NULL and unauthenticated cipher downgrade attack
Answers
B.
Availability attack from manipulation of associated authentication data
B.
Availability attack from manipulation of associated authentication data
Answers
C.
Padding oracle attack
C.
Padding oracle attack
Answers
D.
On-path forced renegotiation to insecure ciphers
D.
On-path forced renegotiation to insecure ciphers
Answers
Suggested answer: C

Explanation:

Based on the output in the image, which shows weak cipher suites and vulnerabilities related to encryption padding, the padding oracle attack is the most likely. This type of attack exploits the way padding errors are handled during decryption, potentially allowing an attacker to decrypt sensitive information. The weak cipher suites and lack of forward secrecy further increase the likelihood of such an attack succeeding. CASP+ highlights padding oracle attacks as critical vulnerabilities, particularly in environments where weak encryption protocols are used.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Encryption and Padding Oracle Attacks)

CompTIA CASP+ Study Guide: Cryptographic Attacks and Cipher Vulnerabilities

Question 483

Report
Export
Collapse

A company has been the target of LDAP injections, as well as brute-force, whaling, and spear-phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords. Which of the following additional controls should the company deploy?

A.
Two-factor authentication
A.
Two-factor authentication
Answers
B.
Identity proofing
B.
Identity proofing
Answers
C.
Challenge questions
C.
Challenge questions
Answers
D.
Live identity verification
D.
Live identity verification
Answers
Suggested answer: A

Explanation:

While the company has implemented Single Sign-On (SSO) with strong passwords, additional security controls are required to mitigate attacks such as LDAP injections, brute-force, whaling, and spear-phishing. Two-factor authentication (2FA) provides an additional layer of security by requiring users to provide two different forms of authentication (e.g., a password and a security token or a biometric factor), reducing the likelihood of unauthorized access even if passwords are compromised. CASP+ emphasizes the importance of using multi-factor authentication mechanisms to strengthen access control and protect against such attacks.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Access Control and Multi-factor Authentication)

CompTIA CASP+ Study Guide: Implementing Two-Factor Authentication for System Access

Question 484

Report
Export
Collapse

An application security engineer is performing a vulnerability assessment against a new web application that uses SAML. The engineer wants to identify potential authentication issues within the application. Which of the following methods would be most appropriate for the engineer to perform?

A.
Fuzz testing
A.
Fuzz testing
Answers
B.
Static analysis
B.
Static analysis
Answers
C.
Side-channel analysis
C.
Side-channel analysis
Answers
D.
Dynamic analysis
D.
Dynamic analysis
Answers
Suggested answer: D

Explanation:

In this case, the security engineer is assessing a web application that uses SAML, and dynamic analysis (also known as DAST -- Dynamic Application Security Testing) is the most appropriate method to identify potential authentication issues. Dynamic analysis tests the application in a runtime environment, allowing the engineer to identify vulnerabilities that arise during actual application execution, such as SAML misconfigurations or other authentication weaknesses. This is more effective for finding authentication issues compared to static analysis, which only reviews code without execution. CASP+ highlights the importance of dynamic testing in identifying real-world vulnerabilities, especially in web applications.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Dynamic Testing for Web Applications)

CompTIA CASP+ Study Guide: Authentication Testing in Web Applications with Dynamic Analysis

Question 485

Report
Export
Collapse

A company's Chief Information Security Officer wants to prevent the company from being the target of ransomware. The company's IT assets need to be protected. Which of the following are the most secure options to address these concerns? (Select three).

A.
Antivirus
A.
Antivirus
Answers
B.
EDR
B.
EDR
Answers
C.
Sand boxing
C.
Sand boxing
Answers
D.
Application control
D.
Application control
Answers
E.
Host-based firewall
E.
Host-based firewall
Answers
F.
IDS
F.
IDS
Answers
G.
SIEM
G.
SIEM
Answers
H.
Strong authentication
H.
Strong authentication
Answers
Suggested answer: B, C, D

Explanation:

To prevent ransomware attacks and protect IT assets, the most secure options are:

Endpoint Detection and Response (EDR): Provides advanced threat detection, real-time monitoring, and response capabilities, which can help identify and mitigate ransomware attacks before they spread.

Sandboxing: Isolates suspicious files or software in a controlled environment where they can be analyzed for malicious behavior without affecting production systems.

Application Control: Ensures that only whitelisted, trusted applications can run, which can prevent ransomware from executing unauthorized or malicious code. Together, these controls provide a robust defense against ransomware by addressing detection, isolation, and prevention. CASP+ emphasizes the importance of combining detection and prevention strategies to mitigate sophisticated attacks like ransomware.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Endpoint Protection, Ransomware Mitigation)

CompTIA CASP+ Study Guide: Mitigating Ransomware with EDR, Sandboxing, and Application Control

Question 486

Report
Export
Collapse

A security administrator is setting up a virtualization solution that needs to run services from a single host. Each service should be the only one running in its environment. Each environment needs to have its own operating system as a base but share the kernel version and properties of the running host. Which of the following technologies would best meet these requirements?

A.
Containers
A.
Containers
Answers
B.
Type 1 hypervisor
B.
Type 1 hypervisor
Answers
C.
Type 2 hypervisor
C.
Type 2 hypervisor
Answers
D.
Virtual desktop infrastructure
D.
Virtual desktop infrastructure
Answers
E.
Emulation
E.
Emulation
Answers
Suggested answer: A

Explanation:

The most appropriate technology for this virtualization solution is containers. Containers allow multiple services to run on a single host with isolated environments, while sharing the same kernel version and properties of the host operating system. Each container has its own instance of the operating system and runs independently from the others, meeting the requirement for separate environments with their own OS. Containers are more lightweight than full hypervisors and are ideal for running microservices in isolated environments. CASP+ emphasizes the use of containers in scenarios where services need to be isolated but share the same host OS kernel.

CASP+ CAS-004 Exam Objectives: Domain 3.0 -- Enterprise Security Architecture (Virtualization Technologies, Containers)

CompTIA CASP+ Study Guide: Virtualization and Containerization for Isolated Services

Question 487

Report
Export
Collapse

During the development process, the team identifies major components that need to be rewritten. As a result, the company hires a security consultant to help address major process issues. Which of the following should the consultant recommend to best prevent these issues from reoccurring in the future?

A.
Implementing a static analysis tool within the CI/CD system
A.
Implementing a static analysis tool within the CI/CD system
Answers
B.
Configuring a dynamic application security testing tool
B.
Configuring a dynamic application security testing tool
Answers
C.
Performing software composition analysis on all third-party components
C.
Performing software composition analysis on all third-party components
Answers
D.
Utilizing a risk-based threat modeling approach on new projects
D.
Utilizing a risk-based threat modeling approach on new projects
Answers
E.
Setting up an interactive application security testing tool
E.
Setting up an interactive application security testing tool
Answers
Suggested answer: D

Explanation:

A risk-based threat modeling approach is the best recommendation to prevent the recurrence of major process issues during the development lifecycle. Threat modeling identifies potential security threats, vulnerabilities, and design flaws early in the development process by focusing on the specific risks posed to the system. By proactively identifying and addressing security concerns before they escalate, the development team can avoid the need for significant rewrites and ensure that security is embedded into the design of new projects. CASP+ emphasizes threat modeling as a critical activity to improve secure development practices.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Threat Modeling and Risk-Based Security Approaches)

CompTIA CASP+ Study Guide: Threat Modeling and Secure Development Lifecycle

Question 488

Report
Export
Collapse

A company wants to reduce its backup storage requirement and is undertaking a data cleanup project. Which of the following should a security administrator consider first when determining which data should be deleted?

A.
Retention schedules
A.
Retention schedules
Answers
B.
Classification levels
B.
Classification levels
Answers
C.
Sanitization requirements
C.
Sanitization requirements
Answers
D.
Data labels
D.
Data labels
Answers
E.
File size
E.
File size
Answers
Suggested answer: A

Explanation:

Before determining which data should be deleted during a data cleanup project, it is critical to first review retention schedules. Retention schedules specify how long data must be retained to comply with legal, regulatory, or business requirements. Deleting data prematurely could result in non-compliance or the loss of important information. By consulting retention schedules, the security administrator ensures that data is deleted in a compliant and controlled manner, based on its retention policy. CASP+ highlights data retention management as a key element in data governance and security.

CASP+ CAS-004 Exam Objectives: Domain 1.0 -- Risk Management (Data Governance and Retention Policies)

CompTIA CASP+ Study Guide: Data Retention, Deletion, and Compliance Requirements

Question 489

Report
Export
Collapse

Which of the following security features do email signatures provide?

A.
Non-repudiation
A.
Non-repudiation
Answers
B.
Body encryption
B.
Body encryption
Answers
C.
Code signing
C.
Code signing
Answers
D.
Sender authentication
D.
Sender authentication
Answers
E.
Chain of custody
E.
Chain of custody
Answers
Suggested answer: A

Explanation:

Email signatures provide non-repudiation, which ensures that the sender of an email cannot deny having sent it. A digital signature, when attached to an email, uses cryptographic techniques to verify the sender's identity and confirm the authenticity of the message. This feature helps establish trust by preventing tampering and ensuring the integrity of the communication. CASP+ emphasizes the role of digital signatures in ensuring non-repudiation in secure communication protocols.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Non-repudiation and Digital Signatures)

CompTIA CASP+ Study Guide: Email Security and Non-repudiation with Digital Signatures

Question 490

Report
Export
Collapse

The IT team suggests the company would save money by using self-signed certificates, but the security team indicates the company must use digitally signed third-party certificates. Which of the following is a valid reason to pursue the security team's recommendation?

A.
PKCS #10 is still preferred over PKCS #12.
A.
PKCS #10 is still preferred over PKCS #12.
Answers
B.
Private-key CSR signage prevents on-path interception.
B.
Private-key CSR signage prevents on-path interception.
Answers
C.
There is more control in using a local certificate over a third-party certificate.
C.
There is more control in using a local certificate over a third-party certificate.
Answers
D.
There is minimal benefit in using a certificate revocation list.
D.
There is minimal benefit in using a certificate revocation list.
Answers
Suggested answer: B

Explanation:

Digitally signed third-party certificates provide greater security assurance because they are verified by trusted Certificate Authorities (CAs) and offer protection against on-path (man-in-the-middle) interception. Private-key Certificate Signing Request (CSR) signage helps ensure that communication cannot be intercepted or modified by malicious actors. Self-signed certificates, on the other hand, are not trusted outside the local environment and do not provide the same level of protection against on-path attacks. CASP+ emphasizes the security benefits of using third-party-signed certificates for securing communications over public networks.

CASP+ CAS-004 Exam Objectives: Domain 3.0 -- Enterprise Security Architecture (PKI, SSL/TLS Certificates)

CompTIA CASP+ Study Guide: The Role of Certificate Authorities in Secure Communication

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms