ExamGecko
Search Search Login
Home Home / CompTIA / CAS-004

CompTIA CAS-004 Practice Test - Questions Answers, Page 6

Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCH Which of the following is MOST likely the root cause?
Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the BEST option to implement?
An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?
A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive. Based on the output above, from which of the following process IDs can the analyst begin an investigation?
in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services. Each user will have a unique allow list defined for access. The system will construct one-to-one subject/object access paths dynamically. Which of the following architectural designs should the organization use to meet these requirements?
A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios: Unauthorized insertions into application development environments Authorized insiders making unauthorized changes to environment configurations Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

Question 51

Report
Export
Collapse

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

A.
Deploy an RA on each branch office.
A.
Deploy an RA on each branch office.
Answers
B.
Use Delta CRLs at the branches.
B.
Use Delta CRLs at the branches.
Answers
C.
Configure clients to use OCSP.
C.
Configure clients to use OCSP.
Answers
D.
Send the new CRLs by using GPO.
D.
Send the new CRLs by using GPO.
Answers
Suggested answer: C

Explanation:

OCSP (Online Certificate Status Protocol) is a protocol that allows clients to check the revocation status of certificates in real time by querying an OCSP responder server. This would enable the organization to determine whether it is vulnerable to the active campaign utilizing a specific vulnerability, as it would show if any certificates have been compromised or revoked. Deploying an RA (registration authority) on each branch office may not help with checking the revocation status of certificates, as an RA is responsible for verifying the identity of certificate applicants, not issuing or revoking certificates. Using Delta CRLs (certificate revocation lists) at the branches may not provide timely or accurate information on certificate revocation status, as CRLs are updated periodically and may not reflect the latest changes. Implementing an inbound BGP (Border Gateway Protocol) prefix list may not help with checking the revocation status of certificates, as BGP is a protocol for routing network traffic between autonomous systems, not verifying certificates. Verified

Reference: https://www.comptia.org/blog/what-is-ocsp https://partners.comptia.org/docs/default-source/resources/casp-content-guide

Question 52

Report
Export
Collapse

After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used.

Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

A.
Disable BGP and implement a single static route for each internal network.
A.
Disable BGP and implement a single static route for each internal network.
Answers
B.
Implement a BGP route reflector.
B.
Implement a BGP route reflector.
Answers
C.
Implement an inbound BGP prefix list.
C.
Implement an inbound BGP prefix list.
Answers
D.
Disable BGP and implement OSPF.
D.
Disable BGP and implement OSPF.
Answers
Suggested answer: C

Explanation:

Defenses against BGP hijacks include IP prefix filtering, meaning IP address announcements are sent and accepted only from a small set of well-defined autonomous systems, and monitoring Internet traffic to identify signs of abnormal traffic flows.

Question 53

Report
Export
Collapse

A company's SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.

Which of the following should the company use to make this determination?

A.
Threat hunting
A.
Threat hunting
Answers
B.
A system penetration test
B.
A system penetration test
Answers
C.
Log analysis within the SIEM tool
C.
Log analysis within the SIEM tool
Answers
D.
The Cyber Kill Chain
D.
The Cyber Kill Chain
Answers
Suggested answer: B

Explanation:

The security analyst should remove the cipher TLS_DHE_DSS_WITH_RC4_128_SHA to support the business requirements, as it is considered weak and vulnerable to on-path attacks. RC4 is an outdated stream cipher that has been deprecated by major browsers and protocols due to its flaws and weaknesses. The other ciphers are more secure and compliant with secure-by-design principles and PCI DSS. Verified

Reference: https://www.comptia.org/blog/what-is-a-cipher https://partners.comptia.org/docs/default-source/resources/casp-content-guide

Question 54

Report
Export
Collapse

A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider's network

Maintain compliance with company and regulatory guidelines

Detect and respond to insider threats, privileged user threats, and compromised accounts

Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these requirements?

A.
WAF
A.
WAF
Answers
B.
CASB
B.
CASB
Answers
C.
SWG
C.
SWG
Answers
D.
DLP
D.
DLP
Answers
Suggested answer: D

Explanation:

DLP (data loss prevention) is a solution that can meet the following requirements: identify sensitive data in the provider's network, maintain compliance with company and regulatory guidelines, detect and respond to insider threats, privileged user threats, and compromised accounts, and enforce data-centric security, such as encryption, tokenization, and access control. DLP can monitor, classify, and protect data in motion, at rest, or in use, and prevent unauthorized disclosure or exfiltration. WAF (web application firewall) is a solution that can protect web applications from common attacks, such as SQL injection or cross-site scripting, but it does not address the requirements listed. CASB (cloud access security broker) is a solution that can enforce policies and controls for accessing cloud services and applications, but it does not address the requirements listed. SWG (secure web gateway) is a solution that can monitor and filter web traffic to prevent malicious or unauthorized access, but it does not address the requirements listed. Verified

Reference: https://www.comptia.org/blog/what-is-data-loss-prevention https://partners.comptia.org/docs/default-source/resources/casp-content-guid

Question 55

Report
Export
Collapse

A security engineer estimates the company's popular web application experiences 100 attempted breaches per day. In the past four years, the company's data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

A.
0.5
A.
0.5
Answers
B.
8
B.
8
Answers
C.
50
C.
50
Answers
D.
36,500
D.
36,500
Answers
Suggested answer: A

Explanation:

The ARO (annualized rate of occurrence) for successful breaches is the number of times an event is expected to occur in a year. To calculate the ARO for successful breaches, the engineer can divide the number of breaches by the number of years. In this case, the company's data has been breached two times in four years, so the ARO is 2 / 4 = 0.5. The other options are incorrect calculations. Verified

Reference: https://www.comptia.org/blog/what-is-risk-management https://partners.comptia.org/docs/default-source/resources/casp-content-guide

Question 56

Report
Export
Collapse

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:

1- The network supports core applications that have 99.99% uptime.

2- Configuration updates to the SD-WAN routers can only be initiated from the management service.

3- Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the requirements?

A.
Reverse proxy, stateful firewalls, and VPNs at the local sites
A.
Reverse proxy, stateful firewalls, and VPNs at the local sites
Answers
B.
IDSs, WAFs, and forward proxy IDS
B.
IDSs, WAFs, and forward proxy IDS
Answers
C.
DoS protection at the hub site, mutual certificate authentication, and cloud proxy
C.
DoS protection at the hub site, mutual certificate authentication, and cloud proxy
Answers
D.
IPSs at the hub, Layer 4 firewalls, and DLP
D.
IPSs at the hub, Layer 4 firewalls, and DLP
Answers
Suggested answer: C

Question 57

Report
Export
Collapse

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

A.
Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
A.
Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
Answers
B.
Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
B.
Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
Answers
C.
Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.
C.
Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.
Answers
D.
Implement EDR, keep users in the local administrators group, and enable user behavior analytics.
D.
Implement EDR, keep users in the local administrators group, and enable user behavior analytics.
Answers
Suggested answer: B

Explanation:

PAM (Privileged Access Management) is a solution that can increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. By implementing PAM, removing users from the local administrators group, and prompting users for explicit approval when elevated privileges are required, the security engineer can reduce the attack surface, prevent unauthorized access, and enforce the principle of least privilege. Implementing PAM, keeping users in the local administrators group, and enabling local administrator account monitoring may not provide enough control or visibility over local administrator accounts, as users could still abuse or compromise their privileges. Implementing EDR (Endpoint Detection and Response) may not provide enough control or visibility over local administrator accounts, as EDR is mainly focused on detecting and responding to threats, not managing privileges. Enabling user behavior analytics may not provide enough control or visibility over local administrator accounts, as user behavior analytics is mainly focused on identifying anomalies or risks in user activity, not managing privileges. Verified

Reference: https://www.comptia.org/blog/what-is-pam https://partners.comptia.org/docs/default-source/resources/casp-content-guide

Question 58

Report
Export
Collapse

A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

A.
Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.
A.
Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.
Answers
B.
Take an MD5 hash of the server.
B.
Take an MD5 hash of the server.
Answers
C.
Delete all PHI from the network until the legal department is consulted.
C.
Delete all PHI from the network until the legal department is consulted.
Answers
D.
Consult the legal department to determine the legal requirements.
D.
Consult the legal department to determine the legal requirements.
Answers
Suggested answer: A

Question 59

Report
Export
Collapse

A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output:


The penetration testers MOST likely took advantage of:

A.
A TOC/TOU vulnerability
A.
A TOC/TOU vulnerability
Answers
B.
A plain-text password disclosure
B.
A plain-text password disclosure
Answers
C.
An integer overflow vulnerability
C.
An integer overflow vulnerability
Answers
D.
A buffer overflow vulnerability
D.
A buffer overflow vulnerability
Answers
Suggested answer: A

Question 60

Report
Export
Collapse

A financial institution has several that currently employ the following controls:

* The severs follow a monthly patching cycle.

* All changes must go through a change management process.

* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

A.
Require more than one approver for all change management requests.
A.
Require more than one approver for all change management requests.
Answers
B.
Implement file integrity monitoring with automated alerts on the servers.
B.
Implement file integrity monitoring with automated alerts on the servers.
Answers
C.
Disable automatic patch update capabilities on the servers
C.
Disable automatic patch update capabilities on the servers
Answers
D.
Enhanced audit logging on the jump servers and ship the logs to the SIEM.
D.
Enhanced audit logging on the jump servers and ship the logs to the SIEM.
Answers
Suggested answer: B
Total 510 questions
Go to page: of 51
ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms