ExamGecko
Home / CompTIA / CAS-004 / List of questions
Ask Question

CompTIA CAS-004 Practice Test - Questions Answers, Page 37

List of questions

Question 361

Report
Export
Collapse

A bank hired a security architect to improve its security measures against the latest threats The solution must meet the following requirements

• Recognize and block fake websites

• Decrypt and scan encrypted traffic on standard and non-standard ports

• Use multiple engines for detection and prevention

• Have central reporting

Which of the following is the BEST solution the security architect can propose?

CASB
CASB
Web filtering
Web filtering
NGFW
NGFW
EDR
EDR
Suggested answer: C

Explanation:

A next-generation firewall (NGFW) is a device or software that provides advanced network security features beyond the traditional firewall functions. A NGFW can provide the following capabilities:

Recognize and block fake websites, using URL filtering and reputation-based analysis Decrypt and scan encrypted traffic on standard and non-standard ports, using SSL/TLS inspection and deep packet inspection

Use multiple engines for detection and prevention, such as antivirus, intrusion prevention system (IPS), application control, and sandboxing Have central reporting, using a unified management console and dashboard A cloud access security broker (CASB) is a device or software that acts as an intermediary between cloud service users and cloud service providers. A CASB can provide various security functions such as visibility, compliance, data security, and threat protection, but it does not provide all the capabilities of a NGFW. Web filtering is a technique that blocks or allows web access based on predefined criteria such as categories, keywords, or reputation. Web filtering can help recognize and block fake websites, but it does not provide all the capabilities of a NGFW. Endpoint detection and response (EDR) is a technology that monitors and analyzes the activity and behavior of endpoints such as computers or

mobile devices. EDR can help detect and respond to advanced threats, but it does not provide all the capabilities of a NGFW. Reference: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 2: Enterprise Security Architecture, Objective 2.2: Select appropriate hardware and software solutions

asked 02/10/2024
Fahim Thanawala
43 questions

Question 362

Report
Export
Collapse

A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation Part of this transformation involves a move to cloud servers to ensure a scalable, high-performance, online user experience The current architecture includes:

• Directory servers

• Web servers

• Database servers

• Load balancers

• Cloud-native VPN concentrator

• Remote access server

The MSP must secure this environment similarly to the infrastructure on premises Which of the following should the MSP put in place to BEST meet this objective? (Select THREE)

Content delivery network
Content delivery network
Virtual next-generation firewall
Virtual next-generation firewall
Web application firewall
Web application firewall
Software-defined WAN
Software-defined WAN
External vulnerability scans
External vulnerability scans
Containers
Containers
Microsegmentation
Microsegmentation
Suggested answer: B, C, G

Explanation:

A virtual next-generation firewall (vNGFW) is a software version of a NGFW that can be deployed on cloud servers to provide advanced network security features. A vNGFW can help secure the cloud environment similarly to the infrastructure on premises by providing functions such as URL filtering, SSL/TLS inspection, deep packet inspection, antivirus, IPS, application control, and sandboxing. A web application firewall (WAF) is a device or software that filters and blocks malicious web traffic from reaching an application. A WAF can help secure the web servers in the cloud environment by protecting them from common attacks such as SQL injection, cross-site scripting (XSS), and cross-site

request forgery (CSRF). Microsegmentation is a technique that divides a network into smaller segments or zones based on criteria such as identity, role, or function. Microsegmentation can help secure the cloud environment by isolating different types of servers and applying granular security policies to each segment.

A content delivery network (CDN) is a distributed system of servers that delivers web content to users based on their geographic location, the origin of the content, and the performance of the network. A CDN can help improve the availability and performance of web applications by caching content closer to the users, reducing latency and bandwidth consumption. However, a CDN does not provide the same level of security as a vNGFW or a WAF. Software-defined WAN (SD-WAN) is a technology that uses software to manage the connectivity and routing of wide area network (WAN) traffic across multiple links or carriers. SD-WAN can help improve the reliability and efficiency of

WAN connections by dynamically selecting the best path for each application based on factors such as bandwidth, latency, cost, and quality of service (QoS). However, SD-WAN does not provide the same level of security as a vNGFW or a WAF. External vulnerability scans are assessments that identify and report on the vulnerabilities and weaknesses of an IT system from an external perspective. External vulnerability scans can help improve the security posture of an IT system by providing visibility into its exposure to potential threats. However, external vulnerability scans do not provide the same level of protection as a vNGFW or a WAF. Containers are units of software that package an application and its dependencies into a standardized format that can run on any platform or environment. Containers can help improve the portability and scalability of applications by allowing them to run independently from the underlying infrastructure. However, containers do not provide the same level of security as microsegmentation. Reference: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 2: Enterprise Security Architecture,

Objective 2.3: Implement solutions for the secure use of cloud services

asked 02/10/2024
Freddie Lewis
33 questions

Question 363

Report
Export
Collapse

A company recently deployed a SIEM and began importing logs from a firewall, a file server, a domain controller a web server, and a laptop. A security analyst receives a series of SIEM alerts and prepares to respond. The following is the alert information:

CompTIA CAS-004 image Question 363 94331 10022024175035000000

Which of the following should the security analyst do FIRST?

Disable Administrator on abc-uaa-fsl, the local account is compromised
Disable Administrator on abc-uaa-fsl, the local account is compromised
Shut down the abc-usa-fsl server, a plaintext credential is being used
Shut down the abc-usa-fsl server, a plaintext credential is being used
Disable the jdoe account, it is likely compromised
Disable the jdoe account, it is likely compromised
Shut down abc-usa-fw01; the remote access VPN vulnerability is exploited
Shut down abc-usa-fw01; the remote access VPN vulnerability is exploited
Suggested answer: C

Explanation:

Based on the SIEM alerts, the security analyst should first disable the jdoe account, as it is likely compromised by an attacker. The alerts show that the jdoe account successfully logged on to the abcusa-fsl server, which is a file server, and then initiated SMB (445) traffic to the abc-web01 server, which is a web server. This indicates that the attacker may be trying to exfiltrate data from the file server to the web server. Disabling the jdoe account would help stop this unauthorized activity and prevent further damage.

Disabling Administrator on abc-usa-fsl, the local account is compromised, is not the first action to take, as it is not clear from the alerts if the local account is compromised or not. The alert shows that there was a successful logon event for Administrator on abc-usa-fsl, but it does not specify if it was a local or domain account, or if it was authorized or not. Moreover, disabling the local account would not stop the SMB traffic from jdoe to abc-web01.

Shutting down the abc-usa-fsl server, a plaintext credential is being used, is not the first action to take, as it is not clear from the alerts if a plaintext credential is being used or not. The alert shows

that there was RDP (3389) traffic from abc-admin1-logon to abc-usa-fsl, but it does not specify if the credential was encrypted or not. Moreover, shutting down the file server would disrupt its normal operations and affect other users.

Shutting down abc-usa-fw01; the remote access VPN vulnerability is exploited, is not the first action to take, as it is not clear from the alerts if the remote access VPN vulnerability is exploited or not. The alert shows that there was FTP (21) traffic from abc-usa-dcl to abc-web01, but it does not specify if it was related to the VPN or not. Moreover, shutting down the firewall would expose the network to other threats and affect other services. Reference: What is SIEM? | Microsoft Security, What is a SIEM Alert? | Cofense

asked 02/10/2024
KENEILWE DITHLAGE
42 questions

Question 364

Report
Export
Collapse

A web service provider has just taken on a very large contract that comes with requirements that are currently not being implemented in order to meet contractual requirements, the company must achieve the following thresholds

• 99 99% uptime

• Load time in 3 seconds

• Response time = <1 0 seconds

Starting with the computing environment, which of the following should a security engineer recommend to BEST meet the requirements? (Select THREE)

Installing a firewall at corporate headquarters
Installing a firewall at corporate headquarters
Deploying a content delivery network
Deploying a content delivery network
Implementing server clusters
Implementing server clusters
Employing bare-metal loading of applications
Employing bare-metal loading of applications
Lowering storage input/output
Lowering storage input/output
Implementing RAID on the backup servers
Implementing RAID on the backup servers
Utilizing redundant power for all developer workstations
Utilizing redundant power for all developer workstations
Ensuring technological diversity on critical servers
Ensuring technological diversity on critical servers
Suggested answer: B, C, E

Explanation:

To meet the contractual requirements of the web service provider, a security engineer should recommend the following actions:

Deploying a content delivery network (CDN): A CDN is a distributed system of servers that delivers web content to users based on their geographic location, the origin of the content, and the performance of the network. A CDN can help improve the uptime, load time, and response time of web services by caching content closer to the users, reducing latency and bandwidth consumption. A CDN can also help mitigate distributed denial-of-service (DDoS) attacks by absorbing or filtering malicious traffic before it reaches the origin servers, reducing the impact on the web service availability12.

Implementing server clusters: A server cluster is a group of servers that work together to provide high availability, scalability, and load balancing for web services. A server cluster can help improve the uptime, load time, and response time of web services by distributing the workload across multiple servers, reducing the risk of single points of failure and performance bottlenecks. A server cluster can also help recover from failures by automatically switching to another server in case of a malfunction34.

Lowering storage input/output (I/O): Storage I/O is the amount of data that can be read from or written to a storage device in a given time. Storage I/O can affect the performance of web services by limiting the speed of data transfer between the servers and the storage devices. Lowering storage I/O can help improve the load time and response time of web services by reducing the latency and congestion of data access. Lowering storage I/O can be achieved by using faster storage devices, such as solid-state drives (SSDs), optimizing the storage layout and configuration, such as using RAID or striping, and caching frequently accessed data in memory5 .

Installing a firewall at corporate headquarters is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services.

A firewall is a device or software that filters and blocks unwanted network traffic based on predefined rules. A firewall can help improve the security of web services by preventing unauthorized access and attacks, but it may also introduce additional latency and complexity to the network.

Employing bare-metal loading of applications is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services.

Bare-metal loading is a technique that allows applications to run directly on hardware without an operating system or a hypervisor. Bare-metal loading can help improve the performance and efficiency of applications by eliminating the overhead and interference of other software layers, but it may also increase the difficulty and cost of deployment and maintenance.

Implementing RAID on the backup servers is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services.

RAID (redundant array of independent disks) is a technique that combines multiple disks into a logical unit that provides improved performance, reliability, or both. RAID can help improve the availability and security of backup data by protecting it from disk failures or corruption, but it may also introduce additional complexity and overhead to the backup process.

Utilizing redundant power for all developer workstations is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services. Redundant power is a technique that provides multiple sources of power for an IT system in case one fails. Redundant power can help improve the availability and reliability of developer workstations by preventing them from losing power due to outages or surges, but it may also increase the cost and energy consumption of the system.

Ensuring technological diversity on critical servers is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services. Technological diversity is a technique that uses different types of hardware, software, or platforms in an IT environment. Technological diversity can help improve resilience by reducing single points of failure and increasing compatibility, but it may also introduce additional complexity and inconsistency to the environment.


asked 02/10/2024
AshokBabu Kumili
43 questions

Question 365

Report
Export
Collapse

A security architect is working with a new customer to find a vulnerability assessment solution that meets the following requirements:

* Fast scanning

* The least false positives possible

* Signature-based

* A low impact on servers when performing a scan

In addition, the customer has several screened subnets, VLANs, and branch offices. Which of the following will best meet the customer's needs?

Authenticated scanning
Authenticated scanning
Passive scanning
Passive scanning
Unauthenticated scanning
Unauthenticated scanning
Agent-based scanning
Agent-based scanning
Suggested answer: D

Explanation:

Agent-based scanning is best suited for environments with multiple subnets, VLANs, and branch offices, as described. It allows for fast scanning with fewer false positives, and since the agents are installed on the servers, they tend to have a lower impact on performance. This type of scanning also facilitates signature-based scanning, which is one of the customer's requirements.

asked 02/10/2024
Juan Araya
36 questions

Question 366

Report
Export
Collapse

A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs.

CompTIA CAS-004 image Question 366 94334 10022024175035000000

Which of the following should the company do next to mitigate the risk of a compromise from these attacks?

Restrict HTTP methods.
Restrict HTTP methods.
Perform parameterized queries.
Perform parameterized queries.
Implement input sanitization.
Implement input sanitization.
Validate content types.
Validate content types.
Suggested answer: A

Explanation:

Restricting HTTP methods can mitigate the risk of network-based attacks against an online store by limiting the types of HTTP requests that the server will accept, thus reducing the attack surface. This is a common method to prevent web-based attacks such as Cross-Site Scripting (XSS) and SQL Injection.

asked 02/10/2024
Andrey Scherbakov
39 questions

Question 367

Report
Export
Collapse

A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be best to use as part of the process to support copyright protections of the document?

Steganography
Steganography
E-signature
E-signature
Watermarking
Watermarking
Cryptography
Cryptography
Suggested answer: A

Explanation:

Steganography is the practice of hiding a secret message within another object, in such a way that others cannot discern the presence or contents of the hidden message. It is often used for watermarking to embed a covert sign of ownership in a proprietary document without adding any visible identifying attributes.

asked 02/10/2024
Bright Ngobeni
40 questions

Question 368

Report
Export
Collapse

An ISP is receiving reports from a portion of its customers who state that typosquatting is occurring when they type in a portion of the URL for the ISP's website. The reports state that customers are being directed to an advertisement website that is asking for personal information. The security team has verified the DNS system is returning proper results and has no known lOCs. Which of the following should the security team implement to best mitigate this situation?

DNSSEC
DNSSEC
DNS filtering
DNS filtering
Multifactor authentication
Multifactor authentication
Self-signed certificates
Self-signed certificates
Revocation of compromised certificates
Revocation of compromised certificates
Suggested answer: A

Explanation:

DNS Security Extensions (DNSSEC) adds a layer of security to the DNS lookup and response process which can prevent users from being redirected to fraudulent websites, a common goal of typosquatting. DNSSEC ensures that the DNS data has not been modified from its original state and is especially useful if the DNS system is returning proper results and there are no known Indicators of Compromise (IoCs). It uses digital signatures and public-key encryption to provide authentication for DNS data.

asked 02/10/2024
Pradap Singh
32 questions

Question 369

Report
Export
Collapse

An IT department is currently working to implement an enterprise DLP solution. Due diligence and best practices must be followed in regard to mitigating risk. Which of the following ensures that authorized modifications are well planned and executed?

Risk management
Risk management
Network management
Network management
Configuration management
Configuration management
Change management
Change management
Suggested answer: D

Explanation:

Change management is a systematic approach to dealing with the transition or transformation of an organization's goals, processes, or technologies. In the context of implementing a Data Loss Prevention (DLP) solution and ensuring that authorized modifications are well-planned and executed, change management is critical. It ensures that changes are introduced in a controlled and coordinated manner to minimize the impact on service quality and mitigate risks associated with the changes.

asked 02/10/2024
Baheilu Tekelu
38 questions

Question 370

Report
Export
Collapse

The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:

CompTIA CAS-004 image Question 370 94338 10022024175035000000

During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?

Evasion
Evasion
Persistence
Persistence
Collection
Collection
Lateral movement
Lateral movement
Suggested answer: B

Explanation:

The MITRE ATT&CK framework for ICS (Industrial Control Systems) details various tactics and techniques that may be used by adversaries. In the scenario described, the presence of unexpected firmware versions with a checksum that does not match the official vendor firmware indicates that the firmware has been modified. In the MITRE ATT&CK framework for ICS, this falls under the 'Persistence' tactic, as it demonstrates an adversary's ability to maintain their foothold within the environment through unauthorized modification of device firmware.

asked 02/10/2024
Aung Nyi Nyi Win
30 questions
Total 564 questions
Go to page: of 57
Search

Related questions