ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 50

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?
An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

Question 491

Report
Export
Collapse

A security analyst received a report that a suspicious flash drive was picked up in the office's waiting area, located beyond the secured door. The analyst investigated the drive and found malware designed to harvest and transmit credentials. Security cameras in the area where the flash drive was discovered showed a vendor representative dropping the drive. Which of the following should the analyst recommend as an additional way to identify anyone who enters the building, in the event the camera system fails?

A.
Employee badge logs
A.
Employee badge logs
Answers
B.
Phone call logs
B.
Phone call logs
Answers
C.
Vehicle registration logs
C.
Vehicle registration logs
Answers
D.
Visitor logs
D.
Visitor logs
Answers
Suggested answer: D

Explanation:

Visitor logs would be the best additional method for identifying individuals who enter the building in the event of a camera system failure. Visitor logs track who enters and exits a secured facility, providing a record that can be cross-referenced with security events, like the discovery of a suspicious flash drive. In this case, reviewing the visitor logs could help identify the vendor representative who dropped the flash drive. CASP+ highlights the importance of physical security measures, such as logging and auditing access to facilities, to complement digital security controls.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Physical Security and Access Control Logs)

CompTIA CASP+ Study Guide: Physical Security and Incident Response Procedures

Question 492

Report
Export
Collapse

An internal security audit determines that Telnet is currently being used within the environment to manage network switches. Which of the following tools should be utilized to identify credentials in plaintext that are used to log in to these devices?

A.
Fuzzer
A.
Fuzzer
Answers
B.
Network traffic analyzer
B.
Network traffic analyzer
Answers
C.
HTTP interceptor
C.
HTTP interceptor
Answers
D.
Port scanner
D.
Port scanner
Answers
E.
Password cracker
E.
Password cracker
Answers
Suggested answer: B

Explanation:

A network traffic analyzer (also known as a packet sniffer) is the best tool to identify credentials being transmitted in plaintext, such as those used in Telnet sessions. Since Telnet transmits data without encryption, a network traffic analyzer can capture the traffic between the client and the network switches, revealing sensitive information, including login credentials, in clear text. This tool helps identify insecure protocols and enables remediation by switching to encrypted alternatives like SSH. CASP+ highlights the importance of using secure protocols and tools like traffic analyzers to identify vulnerabilities in network communications.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Network Traffic Analysis and Insecure Protocols)

CompTIA CASP+ Study Guide: Monitoring Network Traffic for Plaintext Credentials

Question 493

Report
Export
Collapse

A security architect is reviewing the following organizational specifications for a new application:

* Be sessionless and API-based

* Accept uploaded documents with Pll, so all storage must be ephemeral

* Be able to scale on-demand across multiple nodes

* Restrict all network access except for the TLS port

Which of the following ways should the architect recommend the application be deployed in order to meet security and organizational infrastructure requirements?

A.
Utilizing the cloud container service
A.
Utilizing the cloud container service
Answers
B.
On server instances with autoscaling groups
B.
On server instances with autoscaling groups
Answers
C.
Using scripted delivery
C.
Using scripted delivery
Answers
D.
With a content delivery network
D.
With a content delivery network
Answers
Suggested answer: A

Explanation:

A cloud container service is the best way to meet the security and organizational infrastructure requirements described. Containers are sessionless, scalable, and can enforce ephemeral storage, which ensures that sensitive data like Personally Identifiable Information (PII) is only stored temporarily. Containers also restrict access to only necessary ports, such as TLS, and can easily scale across multiple nodes to handle varying workloads. CASP+ emphasizes the use of containers in modern, scalable, and secure application deployments, especially for API-based, sessionless applications that require flexible scaling and network security controls.

CASP+ CAS-004 Exam Objectives: Domain 3.0 -- Enterprise Security Architecture (Containers and Cloud Services for Secure Application Deployment)

CompTIA CASP+ Study Guide: Deploying Scalable and Secure Applications with Containers

Question 494

Report
Export
Collapse

A Chief Information Security Officer (CISO) received a call from the Chief Executive Officer (CEO) about a data breach from the SOC lead around 9:00 a.m. At 10:00 a.m. The CEO informs the CISO that a breach of the firm is being reported on national news. Upon investigation, it is determined that a network administrator has reached out to a vendor prior to the breach for information on a security patch that failed to be installed. Which of the following should the CISO do to prevent this from happening again?

A.
Properly triage events based on brand imaging and ensure the CEO is on the call roster.
A.
Properly triage events based on brand imaging and ensure the CEO is on the call roster.
Answers
B.
Create an effective communication plan and socialize it with all employees.
B.
Create an effective communication plan and socialize it with all employees.
Answers
C.
Send out a press release denying the breach until more information can be obtained.
C.
Send out a press release denying the breach until more information can be obtained.
Answers
D.
Implement a more robust vulnerability identification process.
D.
Implement a more robust vulnerability identification process.
Answers
Suggested answer: B

Explanation:

To prevent similar issues from occurring again, the CISO should create an effective communication plan and ensure all employees are aware of it. A clear communication plan ensures that critical security information, such as breaches or vulnerabilities, is promptly communicated to the right stakeholders (e.g., the CEO) in a timely manner, preventing situations where the media reports on breaches before internal teams are fully informed. CASP+ emphasizes the importance of having structured communication protocols during security incidents to ensure accurate and timely responses.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Incident Communication Plans)

CompTIA CASP+ Study Guide: Developing and Implementing Effective Incident Communication Plans

Question 495

Report
Export
Collapse

A company is migrating its data center to the cloud. Some hosts had been previously isolated, but a risk assessment convinced the engineering team to reintegrate the systems. Because the systems were isolated, the risk associated with vulnerabilities was low. Which of the following should the security team recommend be performed before migrating these servers to the cloud?

A.
Performing patching and hardening
A.
Performing patching and hardening
Answers
B.
Deploying host and network IDS
B.
Deploying host and network IDS
Answers
C.
Implementing least functionality and time-based access
C.
Implementing least functionality and time-based access
Answers
D.
Creating a honeypot and adding decoy files
D.
Creating a honeypot and adding decoy files
Answers
Suggested answer: A

Explanation:

Before migrating previously isolated systems to the cloud, it is essential to perform patching and hardening. These systems may have been neglected while isolated, so updating them with the latest security patches and applying hardening measures (such as disabling unnecessary services and implementing strict access controls) is crucial to reduce vulnerabilities. This ensures that the systems are secure before they are exposed to the wider cloud environment. CASP+ emphasizes the importance of securing systems through patch management and hardening before integrating them into more exposed environments like the cloud.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Patching, Hardening, and Cloud Migration Security)

CompTIA CASP+ Study Guide: Securing and Hardening Systems Before Cloud Migration

Question 496

Report
Export
Collapse

A security analyst is participating in a risk assessment and is helping to calculate the exposure factor associated with various systems and processes within the organization. Which of the following resources would be most useful to calculate the exposure factor in this scenario?

A.
Gap analysis
A.
Gap analysis
Answers
B.
Business impact analysis
B.
Business impact analysis
Answers
C.
Risk register
C.
Risk register
Answers
D.
Information security policy
D.
Information security policy
Answers
E.
Lessons learned
E.
Lessons learned
Answers
Suggested answer: B

Explanation:

A business impact analysis (BIA) is the most useful resource for calculating the exposure factor in a risk assessment. The BIA helps identify the criticality of systems and processes and quantifies the potential financial and operational impact of vulnerabilities being exploited. By understanding the business impact, the security team can more accurately determine the exposure factor, which is the proportion of an asset's value that is at risk in the event of a security incident. CASP+ highlights the role of BIAs in understanding risk exposure and supporting effective risk management decisions.

CASP+ CAS-004 Exam Objectives: Domain 1.0 -- Risk Management (Business Impact Analysis and Risk Exposure)

CompTIA CASP+ Study Guide: Business Impact Analysis for Risk Assessment

Question 497

Report
Export
Collapse

Two companies that recently merged would like to unify application access between the companies, without initially merging internal authentication stores. Which of the following technical strategies would best meet this objective?

A.
Federation
A.
Federation
Answers
B.
RADIUS
B.
RADIUS
Answers
C.
TACACS+
C.
TACACS+
Answers
D.
MFA
D.
MFA
Answers
E.
ABAC
E.
ABAC
Answers
Suggested answer: A

Explanation:

Federation is the best strategy for unifying application access between two companies without merging their internal authentication stores. Federation allows users from different organizations to authenticate and access resources using their existing credentials through trusted third-party identity providers. This enables seamless access without the need to merge or consolidate internal authentication systems. CASP+ emphasizes federation as a key technology for enabling cross-organizational authentication while maintaining the integrity of separate identity stores.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (Federated Identity and Authentication)

CompTIA CASP+ Study Guide: Federated Identity Management for Mergers and Cross-Company Access

Question 498

Report
Export
Collapse

A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written. Which of the following methods should the company use?

A.
SAST
A.
SAST
Answers
B.
DAST
B.
DAST
Answers
C.
Fuzz testing
C.
Fuzz testing
Answers
D.
Intercepting proxy
D.
Intercepting proxy
Answers
Suggested answer: A

Explanation:

Static Application Security Testing (SAST) is the best method for validating code as it is written. SAST analyzes the source code or binaries of an application for vulnerabilities before the code is executed, allowing developers to identify and fix security flaws early in the development process. This method integrates into the development environment and provides real-time feedback, which is critical for ensuring secure coding practices from the start. CASP+ highlights the importance of SAST in secure software development lifecycles (SDLCs) as a proactive measure to prevent security issues before the code is deployed.

CASP+ CAS-004 Exam Objectives: Domain 2.0 -- Enterprise Security Operations (SAST for Secure Code Validation)

CompTIA CASP+ Study Guide: Secure Software Development and Static Code Analysis

Question 499

Report
Export
Collapse

A mobile device hardware manufacturer receives the following requirements from a company that wants to produce and sell a new mobile platform:

*The platform should store biometric data.

*The platform should prevent unapproved firmware from being loaded.

* A tamper-resistant, hardware-based counter should track if unapproved firmware was loaded.

Which of the following should the hardware manufacturer implement? (Select three).

A.
ASLR
A.
ASLR
Answers
B.
NX
B.
NX
Answers
C.
eFuse
C.
eFuse
Answers
D.
SED
D.
SED
Answers
E.
SELinux
E.
SELinux
Answers
F.
Secure boot
F.
Secure boot
Answers
G.
Shell restriction
G.
Shell restriction
Answers
H.
Secure enclave
H.
Secure enclave
Answers
Suggested answer: C, F, H

Explanation:

To meet the mobile platform security requirements, the manufacturer should implement the following technologies:

eFuse: This hardware feature helps track and prevent unauthorized firmware by physically 'blowing' fuses to record events, such as firmware tampering, making it impossible to revert to older, unapproved firmware.

Secure boot: This ensures that only trusted and authorized firmware can be loaded during the boot process, preventing malicious or unauthorized software from running.

Secure enclave: A secure enclave is used to store sensitive information like biometric data in a hardware-isolated environment, protecting it from tampering or unauthorized access.

These three solutions provide the tamper resistance, secure firmware validation, and protection of sensitive data required for the platform. CASP+ emphasizes the use of hardware-based security features for protecting sensitive information and enforcing secure boot processes in embedded and mobile systems.

CASP+ CAS-004 Exam Objectives: Domain 3.0 -- Enterprise Security Architecture (Secure Hardware and Firmware Protection)

CompTIA CASP+ Study Guide: Hardware Security Features (eFuse, Secure Boot, Secure Enclave)

Question 500

Report
Export
Collapse

The primary advantage of an organization creating and maintaining a vendor risk registry is to:

A.
define the risk assessment methodology.
A.
define the risk assessment methodology.
Answers
B.
study a variety of risks and review the threat landscape.
B.
study a variety of risks and review the threat landscape.
Answers
C.
ensure that inventory of potential risk is maintained.
C.
ensure that inventory of potential risk is maintained.
Answers
D.
ensure that all assets have low residual risk.
D.
ensure that all assets have low residual risk.
Answers
Suggested answer: C

Explanation:

The primary advantage of creating and maintaining a vendor risk registry is to ensure that an inventory of potential risks is maintained. A vendor risk registry helps organizations keep track of the risks associated with third-party vendors, especially as they may introduce vulnerabilities or non-compliance issues. By maintaining this registry, the organization can continuously monitor and manage vendor-related risks in a structured way, improving its overall security posture. CASP+ emphasizes the importance of vendor risk management in an organization's broader risk management strategy.

CASP+ CAS-004 Exam Objectives: Domain 1.0 -- Risk Management (Vendor Risk Management)

CompTIA CASP+ Study Guide: Third-Party Risk Management and Risk Registries

Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms