Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

CAS-004 CompTIA SecurityX Certification Exam Questions and Answers

Questions 4

A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed. Which of the following is the MOST likely cause of the error?

Options:

A.

Lockout of privileged access account

B.

Duration of the BitLocker lockout period

C.

Failure of the Kerberos time drift sync

D.

Failure of TPM authentication

Buy Now
Questions 5

An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following

data:

• Clients successfully establish TLS connections to web services provided by the server.

• After establishing the connections, most client connections are renegotiated

• The renegotiated sessions use cipher suite SHR.

Which of the following is the MOST likely root cause?

Options:

A.

The clients disallow the use of modern cipher suites

B.

The web server is misconfigured to support HTTP/1.1.

C.

A ransomware payload dropper has been installed

D.

An entity is performing downgrade attacks on path

Buy Now
Questions 6

The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

Options:

A.

SLA

B.

ISA

C.

Permissions and access

D.

Rules of engagement

Buy Now
Questions 7

An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

CAS-004 Question 7

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

Options:

A.

Password cracker

B.

Port scanner

C.

Account enumerator

D.

Exploitation framework

Buy Now
Questions 8

An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication?

Options:

A.

Perfect forward secrecy on both endpoints

B.

Shared secret for both endpoints

C.

Public keys on both endpoints

D.

A common public key on each endpoint

E.

A common private key on each endpoint

Buy Now
Questions 9

A software development company makes Its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website. Which of the following would be the BEST technique to ensure the software the users download is the official software released by the company?

Options:

A.

Distribute the software via a third-party repository.

B.

Close the web repository and deliver the software via email.

C.

Email the software link to all customers.

D.

Display the SHA checksum on the website.

Buy Now
Questions 10

During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that

was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

Options:

A.

Order of volatility

B.

Chain of custody

C.

Verification

D.

Secure storage

Buy Now
Questions 11

A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is that

the traffic is occurring on a non-standard port (TCP 40322). Which of the following commands should the security engineer use FIRST to find the malicious process?

Options:

A.

tcpdump

B.

netstar

C.

tasklist

D.

traceroute

E.

ipconfig

Buy Now
Questions 12

A security administrator wants to detect a potential forged sender claim in tt-e envelope of an email. Which of the following should the security administrator implement? (Select TWO).

Options:

A.

MX record

B.

DMARC

C.

SPF

D.

DNSSEC

E.

S/MIME

F.

TLS

Buy Now
Questions 13

An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic. The organization is not sure how well its products will be received. To address this issue, the organization needs to ensure that:

* System capacity is optimized.

* Cost is reduced.

Which of the following should be implemented to address these requirements? (Select TWO).

Options:

A.

Containerization

B.

Load balancer

C.

Microsegmentation

D.

Autoscaling

E.

CDN

F.

WAF

Buy Now
Questions 14

Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the

website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect

recommend?

Options:

A.

Adding more nodes to the web server clusters

B.

Changing the cipher algorithm used on the web server

C.

Implementing OCSP stapling on the server

D.

Upgrading to TLS 1.3

Buy Now
Questions 15

A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client's systems?

Options:

A.

The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.

B.

The change control board must review and approve a submission.

C.

The information system security officer provides the systems engineer with the system updates.

D.

The security engineer asks the project manager to review the updates for the client's system.

Buy Now
Questions 16

A software company is developing an application in which data must be encrypted with a cipher that requires the following:

* Initialization vector

* Low latency

* Suitable for streaming

Which of the following ciphers should the company use?

Options:

A.

Cipher feedback

B.

Cipher block chaining message authentication code

C.

Cipher block chaining

D.

Electronic codebook

Buy Now
Questions 17

A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.

Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?

Options:

A.

True negative

B.

False negative

C.

False positive

D.

Non-automated response

Buy Now
Questions 18

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

Options:

A.

Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.

B.

Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.

C.

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

D.

Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.

Buy Now
Questions 19

A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:

* www.mycompany.org

* www.mycompany.com

* campus.mycompany.com

* wiki. mycompany.org

The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

Options:

A.

Purchase one SAN certificate.

B.

Implement self-signed certificates.

C.

Purchase one certificate for each website.

D.

Purchase one wildcard certificate.

Buy Now
Questions 20

Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?

Options:

A.

Key escrow

B.

TPM

C.

Trust models

D.

Code signing

Buy Now
Questions 21

Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

Options:

A.

Remote provider BCDR

B.

Cloud provider BCDR

C.

Alternative provider BCDR

D.

Primary provider BCDR

Buy Now
Questions 22

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.

Which of the following commands should the analyst run to BEST determine whether financial data was lost?

CAS-004 Question 22

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 23

A security analyst is reviewing the following vulnerability assessment report:

CAS-004 Question 23

Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?

Options:

A.

Server1

B.

Server2

C.

Server 3

D.

Servers

Buy Now
Questions 24

A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

CAS-004 Question 24

Which of the following would BEST mitigate this vulnerability?

Options:

A.

Network intrusion prevention

B.

Data encoding

C.

Input validation

D.

CAPTCHA

Buy Now
Questions 25

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

CAS-004 Question 25

The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

CAS-004 Question 25

Which of the following is an appropriate security control the company should implement?

Options:

A.

Restrict directory permission to read-only access.

B.

Use server-side processing to avoid XSS vulnerabilities in path input.

C.

Separate the items in the system call to prevent command injection.

D.

Parameterize a query in the path variable to prevent SQL injection.

Buy Now
Questions 26

A software development company is building a new mobile application for its social media platform. The company wants to gain its Users' rust by reducing the risk of on-path attacks between the mobile client and its servers and

by implementing stronger digital trust. To support users’ trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

* Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Buy Now
Questions 27

In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

Options:

A.

cloud-native applications.

B.

containerization.

C.

serverless configurations.

D.

software-defined netWorking.

E.

secure access service edge.

Buy Now
Questions 28

A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs

in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

Options:

A.

Reviewing video from IP cameras within the facility

B.

Reconfiguring the SIEM connectors to collect data from the perimeter network hosts

C.

Implementing integrity checks on endpoint computing devices

D.

Looking for privileged credential reuse on the network

Buy Now
Questions 29

A cloud security architect has been tasked with finding a solution for hardening VMS. The solution must meet the following requirements:

• Data needs to be stored outside of the VMS.

• No unauthorized modifications to the VMS are allowed

• If a change needs to be done, a new VM needs to be deployed.

Which of the following is the BEST solution?

Options:

A.

Immutable system

B.

Data loss prevention

C.

Storage area network

D.

Baseline template

Buy Now
Questions 30

A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems. Some of the requirements are:

• Handle an increase in customer demand of resources

• Provide quick and easy access to information

• Provide high-quality streaming media

• Create a user-friendly interface

Which of the following actions should be taken FIRST?

Options:

A.

Deploy high-availability web servers.

B.

Enhance network access controls.

C.

Implement a content delivery network.

D.

Migrate to a virtualized environment.

Buy Now
Questions 31

An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization's new email system provide?

Options:

A.

DLP

B.

Encryption

C.

E-discovery

D.

Privacy-level agreements

Buy Now
Questions 32

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate undefined

Which of the following is the root cause of this issue?

Options:

A.

iOS devices have an empty root certificate chain by default.

B.

OpenSSL is not configured to support PKCS#12 certificate files.

C.

The VPN client configuration is missing the CA private key.

D.

The iOS keychain imported only the client public and private keys.

Buy Now
Questions 33

In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial Information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees?

Options:

A.

Data scrubbing

B.

Field masking

C.

Encryption in transit

D.

Metadata

Buy Now
Questions 34

An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the

signature failing?

Options:

A.

The NTP server is set incorrectly for the developers

B.

The CA has included the certificate in its CRL.

C.

The certificate is set for the wrong key usage.

D.

Each application is missing a SAN or wildcard entry on the certificate

Buy Now
Questions 35

A forensic investigator would use the foremost command for:

Options:

A.

cloning disks.

B.

analyzing network-captured packets.

C.

recovering lost files.

D.

extracting features such as email addresses

Buy Now
Questions 36

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

Code Snippet 1

CAS-004 Question 36

Code Snippet 2

CAS-004 Question 36

Vulnerability 1:

SQL injection

Cross-site request forgery

Server-side request forgery

Indirect object reference

Cross-site scripting

Fix 1:

Perform input sanitization of the userid field.

Perform output encoding of queryResponse,

Ensure usex:ia belongs to logged-in user.

Inspect URLS and disallow arbitrary requests.

Implement anti-forgery tokens.

Vulnerability 2

1) Denial of service

2) Command injection

3) SQL injection

4) Authorization bypass

5) Credentials passed via GET

Fix 2

A) Implement prepared statements and bind

variables.

B) Remove the serve_forever instruction.

C) Prevent the "authenticated" value from being overridden by a GET parameter.

D) HTTP POST should be used for sensitive parameters.

E) Perform input sanitization of the userid field.

Options:

Buy Now
Questions 37

A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ‘’Contact US’’ form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident. Which of the following would BEST assist the analyst?

Options:

A.

Ensuring proper input validation is configured on the ‘’Contact US’’ form

B.

Deploy a WAF in front of the public website

C.

Checking for new rules from the inbound network IPS vendor

D.

Running the website log files through a log reduction and analysis tool

Buy Now
Questions 38

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:

- Protection from DoS attacks against its infrastructure and web applications is in place.

- Highly available and distributed DNS is implemented.

- Static content is cached in the CDN.

- A WAF is deployed inline and is in block mode.

- Multiple public clouds are utilized in an active-passive architecture.

With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?

Options:

A.

The public cloud provider is applying QoS to the inbound customer traffic.

B.

The API gateway endpoints are being directly targeted.

C.

The site is experiencing a brute-force credential attack.

D.

A DDoS attack is targeted at the CDN.

Buy Now
Questions 39

Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

Options:

A.

Modify the ACLS.

B.

Review the Active Directory.

C.

Update the marketing department's browser.

D.

Reconfigure the WAF.

Buy Now
Questions 40

A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

CAS-004 Question 40

Which of the following should the security analyst perform?

Options:

A.

Contact the security department at the business partner and alert them to the email event.

B.

Block the IP address for the business partner at the perimeter firewall.

C.

Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.

D.

Configure the email gateway to automatically quarantine all messages originating from the business partner.

Buy Now
Questions 41

A security architect is tasked with scoping a penetration test that will start next month. The architect wants to define what security controls will be impacted. Which of the following would be the BEST document to consult?

Options:

A.

Rules of engagement

B.

Master service agreement

C.

Statement of work

D.

Target audience

Buy Now
Questions 42

A security architect is given the following requirements to secure a rapidly changing enterprise with an increasingly distributed and remote workforce

• Cloud-delivered services

• Full network security stack

• SaaS application security management

• Minimal latency for an optimal user experience

• Integration with the cloud 1AM platform

Which of the following is the BEST solution?

Options:

A.

Routing and Remote Access Service (RRAS)

B.

NGFW

C.

Managed Security Service Provider (MSSP)

D.

SASE

Buy Now
Questions 43

An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization’s headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:

Low latency for all mobile users to improve the users’ experience

SSL offloading to improve web server performance

Protection against DoS and DDoS attacks

High availability

Which of the following should the organization implement to BEST ensure all requirements are met?

Options:

A.

A cache server farm in its datacenter

B.

A load-balanced group of reverse proxy servers with SSL acceleration

C.

A CDN with the origin set to its datacenter

D.

Dual gigabit-speed Internet connections with managed DDoS prevention

Buy Now
Questions 44

A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:

Support all phases of the SDLC.

Use tailored website portal software.

Allow the company to build and use its own gateway software.

Utilize its own data management platform.

Continue using agent-based security tools.

Which of the following cloud-computing models should the CIO implement?

Options:

A.

SaaS

B.

PaaS

C.

MaaS

D.

IaaS

Buy Now
Questions 45

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

Options:

A.

Properly configure a secure file transfer system to ensure file integrity.

B.

Have the external parties sign non-disclosure agreements before sending any images.

C.

Only share images with external parties that have worked with the firm previously.

D.

Utilize watermarks in the images that are specific to each external party.

Buy Now
Questions 46

A security engineer is hardening a company’s multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open:

22

25

110

137

138

139

445

Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company’s distribution process.

Which of the following would be the BEST solution to harden the system?

Options:

A.

Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.

B.

Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.

C.

Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.

D.

Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.

Buy Now
Questions 47

A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.

Which of the following BEST describes the type of malware the solution should protect against?

Options:

A.

Worm

B.

Logic bomb

C.

Fileless

D.

Rootkit

Buy Now
Questions 48

A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee’ PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

Options:

A.

The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.

B.

The DHCP server has a reservation for the PC’s MAC address for the wired interface.

C.

The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.

D.

The DHCP server is unavailable, so no IP address is being sent back to the PC.

Buy Now
Questions 49

A security manager has written an incident response playbook for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook?

Options:

A.

Automated vulnerability scanning

B.

Centralized logging, data analytics, and visualization

C.

Threat hunting

D.

Threat emulation

Buy Now
Questions 50

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Options:

A.

Deploying a WAF signature

B.

Fixing the PHP code

C.

Changing the web server from HTTPS to HTTP

D.

UsingSSLv3

E.

Changing the code from PHP to ColdFusion

F.

Updating the OpenSSL library

Buy Now
Questions 51

A security analyst for a managed service provider wants to implement the most up-to-date and effective security methodologies to provide clients with the best offerings. Which of the following resources

would the analyst MOST likely adopt?

Options:

A.

OSINT

B.

ISO

C.

MITRE ATT&CK

D.

OWASP

Buy Now
Questions 52

A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:

• Access to critical web services at the edge must be redundant and highly available.

• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.

• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.

Which of the following solutions BEST meets these requirements?

Options:

A.

Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider

B.

Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.

C.

Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.

D.

Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.

Buy Now
Questions 53

A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:

post /malicious. php

User-Agent: Malicious Tool V 1.0

Host: www.rcalicious.com

The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?

Options:

A.

User-Agent: Malicious Tool.*

B.

www\. malicious\. com\/malicious. php

C.

POST /malicious\. php

D.

Hose: [a-2] *\.malicious\.com

E.

malicious. *

Buy Now
Questions 54

A security architect recommends replacing the company’s monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?

Options:

A.

Use a secrets management tool.

B.

‘Save secrets in key escrow.

C.

Store the secrets inside the Dockerfiles.

D.

Run all Dockerfles in a randomized namespace.

Buy Now
Questions 55

A security architect Is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been Implemented to prevent these types of risks?

Options:

A.

Code reviews

B.

Supply chain visibility

C.

Software audits

D.

Source code escrows

Buy Now
Questions 56

A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?

Options:

A.

ocsp

B.

CRL

C.

SAN

D.

CA

Buy Now
Questions 57

Which of the following is the best way to protect the website browsing history for an executive who travels to foreign countries where internet usage is closely monitored?

Options:

A.

DoH

B.

EAP-TLS

C.

Geofencing

D.

Private browsing mode

Buy Now
Questions 58

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badgeto access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.

Which of the following should the security team recommend FIRST?

Options:

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Buy Now
Questions 59

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

Options:

A.

E-discovery

B.

Review analysis

C.

Information governance

D.

Chain of custody

Buy Now
Questions 60

In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?

Options:

A.

Application-specific data assets

B.

Application user access management

C.

Application-specific logic and code

D.

Application/platform software

Buy Now
Questions 61

The Chief Information Security Officer (CISO) at a software company is trying to document the technical and security requirements needed to connect the company’s network to an external system. The additional requirements include procedural and planning information. Which of the following should the CISO use to best accomplish this objective?

Options:

A.

MOA

B.

NDA

C.

SLA

D.

ISA

Buy Now
Questions 62

Which of the following is a risk associated with SDN?

Options:

A.

Expanded attack surface

B.

Increased hardware management costs

C.

Reduced visibility of scaling capabilities

D.

New firmware vulnerabilities

Buy Now
Questions 63

A security consultant has been asked to recommend a secure network design that would:

• Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.

• Limit operational disruptions.

Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?

Options:

A.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.

B.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.

C.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.

D.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.

Buy Now
Questions 64

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form Of web identity validation

• Encryption of all web transactions

• The strongest encryption in-transit

• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.

• The company wants to minimize total expenditure.

• The company wants to minimize complexity

Which of the following should the company implement on its new website? (Select TWO).

Options:

A.

Wildcard certificate

B.

EV certificate

C.

Mutual authentication

D.

Certificate pinning

E.

SSO

F.

HSTS

Buy Now
Questions 65

A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal?

Options:

A.

Utilize the SAN certificate to enable a single certificate for all regions.

B.

Deploy client certificates to all devices in the network.

C.

Configure certificate pinning inside the application.

D.

Enable HSTS on the application's server side for all communication.

Buy Now
Questions 66

An organization is concerned with a critical legacy application that is only supported on an end-of-life operating system. The organization would like to limit network communication from this device to only a select number of other devices. Which of the following primary and compensating controls should the organization use to reduce risk? (Select two).

Options:

A.

Host-based firewalls

B.

UEBA

C.

HIDS

D.

Antivirus

E.

EDR

F.

SEDs

Buy Now
Questions 67

The information security manager at a 24-hour manufacturing facility is reviewing a contract for potential risks to the organization. The contract pertains to the support of printers and multifunction devices during non-standard business hours. Which of the following will the security manager most likely identify as a risk?

Options:

A.

Print configurations settings for locked print jobs

B.

The lack of an NDA with the company that supports its devices

C.

The lack of an MSA to govern other services provided by the service provider

D.

The lack of chain of custody for devices prior to deployment at the company

Buy Now
Questions 68

A security engineer needs to ensure production containers are automatically scanned for vulnerabilities before they are accepted into the production environment. Which of the following should the engineer use to automatically incorporate vulnerability scanning on every commit?

Options:

A.

Code repository

B.

CI/CD pipeline

C.

Integrated development environment

D.

Container orchestrator

Buy Now
Questions 69

A company is migrating its data center to the cloud. Some hosts had been previously isolated, but a risk assessment convinced the engineering team to reintegrate the systems. Because the systems were isolated, the risk associated with vulnerabilities was low. Which of the following should the security team recommend be performed before migrating these servers to the cloud?

Options:

A.

Performing patching and hardening

B.

Deploying host and network IDS

C.

Implementing least functionality and time-based access

D.

Creating a honeypot and adding decoy files

Buy Now
Questions 70

A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process. Which of the following presents the most risk to the development life cycle and lo the ability to deliver the security tool on time?

Options:

A.

Deep learning language barriers

B.

Big Data processing required for maturity

C.

Secure, multiparty computation requirements

D.

Computing capabilities available to the developer

Buy Now
Questions 71

A company is developing an application that will be used to perform e-commerce transactions for a subscription-based service. The application must be able to use previously saved payment methods to perform recurring transactions. Which of the following is the most appropriate?

Options:

A.

Tokenization through an HSM

B.

Self-encrypting disks with field-level encryption

C.

NX/XN implementation to minimize data retention

D.

Token-based access for application users

E.

Address space layout randomization

Buy Now
Questions 72

A company has integrated source code from a subcontractor into its security product. The subcontractor is located in an adversarial country and has informed the company of a requirement to escrow the source code with the subcontractor’s government. Which of the following is a potential security risk arising from this situation?

Options:

A.

Development of zero-day exploits based on the source code

B.

Legal action to force disclosure of the source code

C.

Sale of source code to competitors during a buyout

D.

Publication of the source code on the internet

Buy Now
Questions 73

A recent audit discovered that multiple employees had been using their badges to walk through the secured data center to get to the employee break room. Most of the employees were given access during a previous project, but the access was not removed in a timely manner when the project was complete. Which of the following would reduce the likelihood of this scenario occurring again?

Options:

A.

Create an automated quarterly attestation process that requires management approval for data center access and removes unapproved access.

B.

Require all employees to sign an AUP that prohibits accessing the data center without an active service ticket number.

C.

Remove all access to the data center badge readers and only re-add employees with a valid business purpose for entering the floor.

D.

Implement time-of-day restrictions on the data center badge readers and create automated alerts for unapproved swipe attempts.

Buy Now
Questions 74

Which of the following provides the best solution for organizations that want to securely back up the MFA seeds for its employees in a central, offline location with minimal

management overhead?

Options:

A.

Key escrow service

B.

Secrets management

C.

Encrypted database

D.

Hardware security module

Buy Now
Questions 75

An organization handles sensitive information that must be displayed on call center technicians’ screens to verify the identities of remote callers. The technicians use three randomly selected fields of information to complete the identity verification. Some of the fields contain PII that are unique identifiers for the remote callers. Which of the following should be implemented to identify remote callers while also reducing the risk that technicians could improperly use the identification information?

Options:

A.

Data masking

B.

Encryption

C.

Tokenization

D.

Scrubbing

Buy Now
Questions 76

A security architect is working with a new customer to find a vulnerability assessment solution that meets the following requirements:

• Fast scanning

• The least false positives possible

• Signature-based

• A low impact on servers when performing a scan

In addition, the customer has several screened subnets, VLANs, and branch offices. Which of the following will best meet the customer's needs?

Options:

A.

Authenticated scanning

B.

Passive scanning

C.

Unauthenticated scanning

D.

Agent-based scanning

Buy Now
Questions 77

A security architect examines a section of code and discovers the following:

CAS-004 Question 77

Which of the following changes should the security architect require before approving the code for release?

Options:

A.

Allow only alphanumeric characters for the username.

B.

Make the password variable longer to support more secure passwords.

C.

Prevent more than 20 characters from being entered.

D.

Add a password parameter to the checkUserExists function.

Buy Now
Questions 78

A security engineer is reviewing Apache web server logs and has identified the following pattern in the log:

GET https://example.com/image5/../../etc/passwd HTTP/1.1 200 OK

The engineer has also reviewed IDS and firewall logs and established a correlation to an external IP address. Which of the following can be determined regarding the vulnerability and response?

Options:

A.

A cross-site scripting attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to REST API.

B.

A cross-site request forgery attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to HTTP POST commands.

C.

A directory traversal attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to the filesystem.

D.

A brute-force authentication attempt was successful, and the system should implement salting as part of the password hashing algorithm.

Buy Now
Questions 79

A common industrial protocol has the following characteristics:

• Provides for no authentication/security

• Is often implemented in a client/server relationship

• Is implemented as either RTU or TCP/IP

Which of the following is being described?

Options:

A.

Profinet

B.

Modbus

C.

Zigbee

D.

Z-Wave

Buy Now
Questions 80

An organization requires a contractual document that includes

• An overview of what is covered

• Goals and objectives

• Performance metrics for each party

• A review of how the agreement is managed by all parties

Which of the following BEST describes this type of contractual document?

Options:

A.

SLA

B.

BAA

C.

NDA

D.

ISA

Buy Now
Questions 81

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

Options:

A.

Data loss detection, reverse proxy, EDR, and PGP

B.

VDI, proxy, CASB, and DRM

C.

Watermarking, forward proxy, DLP, and MFA

D.

Proxy, secure VPN, endpoint encryption, and AV

Buy Now
Questions 82

An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Options:

A.

Kerberos and TACACS

B.

SAML and RADIUS

C.

OAuth and OpenID

D.

OTP and 802.1X

Buy Now
Questions 83

An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?

Options:

A.

Use over-the-air updates to replace the private key

B.

Manufacture a new loT device with a redesigned SoC

C.

Replace the public portion of the loT key on its servers

D.

Release a patch for the SoC software

Buy Now
Questions 84

A DNS forward lookup zone named complia.org must:

• Ensure the DNS is protected from on-path attacks.

• Ensure zone transfers use mutual authentication and are authenticated and negotiated.

Which of the following should the security architect configure to meet these requirements? (Select two).

Options:

A.

Public keys

B.

Conditional forwarders

C.

Root hints

D.

DNSSEC

E.

CNAME records

F.

SRV records

Buy Now
Questions 85

A cyberanalyst for a government agency is concerned about how Pll is protected A supervisor indicates that a Privacy Impact Assessment must be done. Which of the following describes a function of a Privacy Impact Assessment?

Options:

A.

To validate the project participants

B.

To identify the network ports

C.

To document residual risks

D.

To evaluate threat acceptance

Buy Now
Questions 86

The results of an internal audit indicate several employees reused passwords that were previously included in a published list of compromised passwords. The company has the following employee password policy:

CAS-004 Question 86

Which of the following should be implemented to best address the password reuse issue? (Select two).

Options:

A.

Increase the minimum age to two days.

B.

Increase the history to 20.

C.

Increase the character length to 12.

D.

Add case-sensitive requirements to character class.

E.

Decrease the maximum age to 30 days.

F.

Remove the complexity requirements

Buy Now
Questions 87

An ISP is receiving reports from a portion of its customers who state that typosquatting is occurring when they type in a portion of the URL for the ISP's website. The reports state that customers are being directed to an advertisement website that is asking for personal information.The security team has verified the DNS system is returning proper results and has no known lOCs. Which of the following should the security team implement to best mitigate this situation?

Options:

A.

DNSSEC

B.

DNS filtering

C.

Multifactor authentication

D.

Self-signed certificates

E.

Revocation of compromised certificates

Buy Now
Questions 88

An organization wants to implement an access control system based on its data classification policy that includes the following data types:

Confidential

Restricted

Internal

Public

The access control system should support SSO federation to map users into groups. Each group should only access systems that process and store data at the classification assigned to the group. Which of the following should the organization implement to enforce its requirements with minimal impact to systems and resources?

Options:

A.

A tagging strategy in which all resources are assigned a tag based on the data classification type, and a system that enforces attribute-based access control.

B.

Role-based access control that maps data types to internal roles, which are defined in the human resources department's source of truth system.

C.

Network microsegmentation based on data types, and a network access control system enforcing mandatory access control based on the user principal.

D.

A rule-based access control strategy enforced by the SSO system with rules managed by the internal LDAP and applied on a per-system basis.

Buy Now
Questions 89

A new VM server (Web Server C) was spun up in the cloud and added to the load balancer to an existing web application (Application A) that does not require internet access. Sales users arereporting intermittent issues with this application when processing orders that require access to the warehouse department.

Given the following information:

Firewall rules: Existing rules do not account for Web Server C’s IP address (10.2.0.92).

Application A Security Group: Inbound rules and outbound rules are insufficient for the new server.

The security team wants to minimize the firewall rule set by avoiding specific host rules whenever possible. Which of the following actions must be taken to resolve the issue and meet the security team's requirements?

Options:

A.

Reconfigure Web Server C to 10.2.0.62

B.

Modify the firewall rules to include the new IP address of Web Server C

C.

Alter the security group outbound rules to be more restrictive

D.

Change the security group inbound rules to include the new IP address of Web Server C

Buy Now
Questions 90

loCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming. Which of the following would be the most appropriate recommendation?

Options:

A.

FIM

B.

SASE

C.

UEBA

D.

CSPM

E.

EAP

Buy Now
Questions 91

An organization is working to secure its development process to ensure developers cannot deploy artifacts directly into the production environment. Which of the following security practice recommendations would be the best to accomplish this objective?

Options:

A.

Implement least privilege access to all systems.

B.

Roll out security awareness training for all users.

C.

Set up policies and systems with separation of duties.

D.

Enforce job rotations for all developers and administrators.

E.

Utilize mandatory vacations for all developers.

F.

Review all access to production systems on a quarterly basis.

Buy Now
Questions 92

A security engineer would like to control configurations on mobile devices while fulfilling the following requirements:

• Support and control Apple and Android devices.

• The device must be corporate-owned.

Which of the following would enable the engineer to meet these requirements? (Select two).

Options:

A.

Create a group policy to lock down mobile devices.

B.

Update verbiage in the acceptable use policy for the internet.

C.

Implement an MDM solution.

D.

Implement a captive portal solution.

E.

Update policy to prohibit the use of BYOD devices.

F.

Implement a RADIUS solution.

Buy Now
Questions 93

A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:

• Enterprise IT servers and supervisory industrial systems share the same subnet.

• Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.

• Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.

Which of the following re-architecture approaches would be best to reduce the company's risk?

Options:

A.

Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.

B.

Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field.

C.

Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum.

D.

Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.

Buy Now
Questions 94

During the development process, the team identifies major components that need to be rewritten. As a result, the company hires a security consultant to help address major process issues. Which of the following should the consultant recommend tobestprevent these issues from reoccurring in the future?

Options:

A.

Implementing a static analysis tool within the CI/CD system

B.

Configuring a dynamic application security testing tool

C.

Performing software composition analysis on all third-party components

D.

Utilizing a risk-based threat modeling approach on new projects

E.

Setting up an interactive application security testing tool

Buy Now
Questions 95

During a review of events, a security analyst notes that several log entries from the FIM system identify changes to firewall rule sets. While coordinating a response to the FIM entries, the analyst receives alerts from the DLP system that indicate an employee is sending sensitive data to an external email address. Which of the following would be the most relevant to review in order to gain a better understanding of whether these events are associated with an attack?

Options:

A.

Configuration management tool

B.

Intrusion prevention system

C.

Mobile device management platform

D.

Firewall access control list

E.

NetFlow logs

Buy Now
Questions 96

A company would like to move its payment card data to a cloud provider. Which of the following solutions will best protect account numbers from unauthorized disclosure?

Options:

A.

Storing the data in an encoded file

B.

Implementing database encryption at rest

C.

Only storing tokenized card data

D.

Implementing data field masking

Buy Now
Questions 97

Which of the following is record-level encryption commonly used to do?

Options:

A.

Protect database fields

B.

Protect individual files

C.

Encrypt individual packets

D.

Encrypt the master boot record

Buy Now
Questions 98

During a vendor assessment, an analyst reviews a listing of the complementary user entity controls included in the audit report. Which of the following is the most important aspect to consider when reviewing this list with the security team?

Options:

A.

How the organization will implement and monitor the user entity controls

B.

How the CSP performs the controls on behalf of the user entity

C.

How the organization should monitor the CSP's execution of the user entity controls

D.

How the user entity will audit the CSP's implementation of the user entity controls

Buy Now
Questions 99

A security manager is creating a standard configuration across all endpoints that handle sensitive data. Which of the following techniques should be included in the standard configuration to ensure the endpoints are hardened?

Options:

A.

Drive encryption

B.

Patch management

C.

Event logging

D.

Resource monitoring

Buy Now
Questions 100

During a forensics investigation, a security professional needs to identify ISO images in a computer system where the ISO extension has been purposely removed or replaced with another extension. Which of the following tools will accomplish this task?

Options:

A.

file

B.

Isof

C.

ldd

D.

OllyDbg

Buy Now
Questions 101

A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

Options:

A.

X-Forwarded-Proto

B.

X-Forwarded-For

C.

Cache-Control

D.

Strict-Transport-Security

E.

Content-Security-Policy

Buy Now
Questions 102

A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

Options:

A.

Community cloud service model

B.

Multinency SaaS

C.

Single-tenancy SaaS

D.

On-premises cloud service model

Buy Now
Questions 103

A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue. Which of the following security configurations is MOST likely the cause of the error?

Options:

A.

HSTS

B.

TLS 1.2

C.

Certificate pinning

D.

Client authentication

Buy Now
Questions 104

When managing and mitigating SaaS cloud vendor risk, which of the following responsibilities belongs to the client?

Options:

A.

Data

B.

Storage

C.

Physical security

D.

Network

Buy Now
Questions 105

Which of the following is the best reason for obtaining file hashes from a confiscated laptop?

Options:

A.

To prevent metadata tampering on each file

B.

To later validate the integrity of each file

C.

To generate unique identifiers for each file

D.

To preserve the chain of custody of files

Buy Now
Questions 106

Users from the marketing department (192.168.0.1/24) are reporting performance issues with an on-premises application server (192.168.0.9). The application server should only be accessed internally. A security analyst reviews various logs and finds the following information:

CAS-004 Question 106

Which of the following should the security analyst perform next to improve performance and ensure the application server is secured as required?

Options:

A.

Configure NGFW to deny access from subnets not in 192.168.0.0/24.

B.

Modify the cloud security group rules to deny all external traffic to 192.168.0.9.

C.

Update the IDS/IPS software with the latest OS/firmware to ensure all brute-force attacks are prevented.

D.

Update the DLP system to include policies for data exfiltration attempts on the application server.

Buy Now
Questions 107

A CRM company leverages a CSP PaaS service to host and publish its SaaS product. Recently, a large customer requested that all infrastructure components must meet strict regulatory requirements, including configuration management, patch management, and life-cycle management. Which of the following organizations is responsible for ensuring those regulatory requirements are met?

Options:

A.

The CRM company

B.

The CRM company's customer

C.

The CSP

D.

The regulatory body

Buy Now
Questions 108

An application security engineer is performing a vulnerability assessment against a new web application that uses SAML. The engineer wants to identify potential authentication issues within the application. Which of the following methods would be most appropriate for the engineer to perform?

Options:

A.

Fuzz testing

B.

Static analysis

C.

Side-channel analysis

D.

Dynamic analysis

Buy Now
Questions 109

A security administrator is assessing the risk associated with using a software tool built by a small start-up company to provide product pricing updates. Which of the following risks would most likely be a factor?

Options:

A.

Privacy concerns

B.

Vendor viability

C.

Regulatory compliance

D.

Geographic location

Buy Now
Questions 110

A security architect must mitigate the risks from what is suspected to be an exposed, private cryptographic key. Which of the following is the best step to take?

Options:

A.

Revoke the certificate.

B.

Inform all the users of the certificate.

C.

Contact the company's Chief Information Security Officer.

D.

Disable the website using the suspected certificate.

E.

Alert the root CA.

Buy Now
Questions 111

An application engineer is using the Swagger framework to leverage REST APIs to authenticate endpoints. The engineer is receiving HTTP 403 responses. Which of the following should the engineer do to correct this issue? (Select two).

Options:

A.

Obtain a security token.

B.

Obtain a public key.

C.

Leverage Kerberos for authentication

D.

Leverage OAuth for authentication.

E.

Leverage LDAP for authentication.

F.

Obtain a hash value.

Buy Now
Questions 112

During a recent breach, an attacker was able to get a user's login credentials by cracking a password that was retrieved via a stolen laptop. The attacker accessed the hashed passwords from the hard drive when it was connected to another device. Which of the following security measures could have helped prevent this account from being compromised?

Options:

A.

Host-based Intrusion Detection System

B.

Endpoint Detection and Response

C.

Host-based Firewall

D.

Full Disk Encryption

Buy Now
Questions 113

Which of the following should an organization implement to prevent unauthorized API key sharing?

Options:

A.

OTP

B.

Encryption

C.

API gateway

D.

HSM

Buy Now
Questions 114

A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed Data on this network must be protected at the same level of each clearance holder The need to know must be vended by the data owner Which of the following should the security officer do to meet these requirements?

Options:

A.

Create a rule lo authorize personnel only from certain IPs to access the files

B.

Assign labels to the files and require formal access authorization

C.

Assign attributes to each file and allow authorized users to share the files

D.

Assign roles to users and authorize access to files based on the roles

Buy Now
Questions 115

A small bank is evaluating different methods to address and resolve the following requirements

" Must be able to store credit card data using the smallest amount of data possible

• Must be compliant with PCI DSS

• Must maintain confidentiality if one piece of the layer is compromised

Which of the following is the best solution for the bank?

Options:

A.

Scrubbing

B.

Tokenization

C.

Masking

D.

Homomorphic encryption

Buy Now
Questions 116

A company has moved its sensitive workloads lo the cloud and needs to ensure high availability and resiliency of its web-based application. The cloud architecture team was given the following requirements

• The application must run at 70% capacity at all times

• The application must sustain DoS and DDoS attacks.

• Services must recover automatically.

Which of the following should the cloud architecture team implement? (Select THREE).

Options:

A.

Read-only replicas

B.

BCP

C.

Autoscaling

D.

WAF

E.

CDN

F.

Encryption

G.

Continuous snapshots

Buy Now
Questions 117

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.

Which of the following is t he NEXT step of the incident response plan?

Options:

A.

Remediation

B.

Containment

C.

Response

D.

Recovery

Buy Now
Questions 118

A threat analyst notices the following URL while going through the HTTP logs.

CAS-004 Question 118

Which of the following attack types is the threat analyst seeing?

Options:

A.

SQL injection

B.

CSRF

C.

Session hijacking

D.

XSS

Buy Now
Questions 119

A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials. Which of the following features will enable the business to meet this objective?

Options:

A.

Simultaneous Authentication of Equals

B.

Enhanced open

C.

Perfect forward secrecy

D.

Extensible Authentication Protocol

Buy Now
Questions 120

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the timeof the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

Options:

A.

Software Decomplier

B.

Network enurrerator

C.

Log reduction and analysis tool

D.

Static code analysis

Buy Now
Questions 121

The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal?

Options:

A.

BYOO

B.

CYOD

C.

COPE

D.

MDM

Buy Now
Questions 122

A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations. Which of the following is the BEST course of action to help prevent this situation m the near future?

Options:

A.

Establish cross-account trusts to connect all VPCs via API for secure configuration scanning.

B.

Migrate the system to another larger, top-tier cloud provider and leverage the additional VPC peering flexibility.

C.

Implement a centralized network gateway to bridge network traffic between all VPCs.

D.

Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.

Buy Now
Questions 123

An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented.

Which of the following processes can be used to identify potential prevention recommendations?

Options:

A.

Detection

B.

Remediation

C.

Preparation

D.

Recovery

Buy Now
Questions 124

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

Options:

A.

Increased network latency

B.

Unavailable of key escrow

C.

Inability to selected AES-256 encryption

D.

Removal of user authentication requirements

Buy Now
Questions 125

A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.

* Transactions being required by unauthorized individual

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attacker using email to distribute malware and ransom ware.

* Exfiltration of sensitivity company information.

The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board’s concerns for this email migration?

Options:

A.

Data loss prevention

B.

Endpoint detection response

C.

SSL VPN

D.

Application whitelisting

Buy Now
Questions 126

A security is assisting the marketing department with ensuring the security of the organization’s social media platforms. The two main concerns are:

The Chief marketing officer (CMO) email is being used department wide as the username

The password has been shared within the department

Which of the following controls would be BEST for the analyst to recommend?

Options:

A.

Configure MFA for all users to decrease their reliance on other authentication.

B.

Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.

C.

Create multiple social media accounts for all marketing user to separate their actions.

D.

Ensue the password being shared is sufficiently and not written down anywhere.

Buy Now
Questions 127

A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?

Options:

A.

Mirror the blobs at a local data center.

B.

Enable fast recovery on the storage account.

C.

Implement soft delete for blobs.

D.

Make the blob immutable.

Buy Now
Questions 128

An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS components. of the following TPM structures enables this storage functionality?

Options:

A.

Endorsement tickets

B.

Clock/counter structures

C.

Command tag structures with MAC schemes

D.

Platform configuration registers

Buy Now
Questions 129

An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely. Which of the following features of these devices MOST likely led to this decision? (Select TWO.)

Options:

A.

Software-backed keystore

B.

Embedded cryptoprocessor

C.

Hardware-backed public key storage

D.

Support for stream ciphers

E.

Decentralized key management

F.

TPM 2.0 attestation services

Buy Now
Questions 130

Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann hasdistilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

Options:

A.

Traffic interceptor log analysis

B.

Log reduction and visualization tools

C.

Proof of work analysis

D.

Ledger analysis software

Buy Now
Questions 131

Users are reporting intermittent access issues with & new cloud application that was recently added to the network. Upon investigation, he scary administrator notices the human resources department Is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

Options:

A.

Modify the ACLs.

B.

Review the Active Directory.

C.

Update the marketing department's browser.

D.

Reconfigure the WAF.

Buy Now
Questions 132

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data. Which of the following commands should the analyst run tobestdetermine whether financial data was lost?

Options:

A.

grep -v '^4[0-9]{12}(?:[0-9]{3})?$' file

B.

grep '^4[0-9]{12}(?:[0-9]{3})?$' file

C.

grep '^6(?:011|5[0-9]{2})[0-9]{12}?' file

D.

grep -v '^6(?:011|5[0-9]{2})[0-9]{12}?' file

Buy Now
Questions 133

A developer implement the following code snippet.

CAS-004 Question 133

Which of the following vulnerabilities does the code snippet resolve?

Options:

A.

SQL inject

B.

Buffer overflow

C.

Missing session limit

D.

Information leakage

Buy Now
Questions 134

Which of the following indicates when a company might not be viable after a disaster?

Options:

A.

Maximum tolerable downtime

B.

Recovery time objective

C.

Mean time to recovery

D.

Annual loss expectancy

Buy Now
Questions 135

An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?

Options:

A.

An additional layer of encryption

B.

A third-party data integrity monitoring solution

C.

A complete backup that is created before moving the data

D.

Additional application firewall rules specific to the migration

Buy Now
Questions 136

A cloud security architect has been tasked with selecting the appropriate solution given the following:

* The solution must allow the lowest RTO possible.

* The solution must have the least shared responsibility possible.

« Patching should be a responsibility of the CSP.

Which of the following solutions can BEST fulfill the requirements?

Options:

A.

Paas

B.

laas

C.

Private

D.

Saas

Buy Now
Questions 137

A mobile administrator is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are applied to managed devices:

CAS-004 Question 137

Which of the following mobile configuration settings is the mobile administrator verifying?

Options:

A.

Service set identifier authentication

B.

Wireless network auto joining

C.

802.1X with mutual authentication

D.

Association MAC address randomization

Buy Now
Questions 138

Which of the following testing plans is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions?

Options:

A.

Disaster recovery checklist

B.

Tabletop exercise

C.

Full interruption test

D.

Parallel test

Buy Now
Questions 139

A consultant needs access to a customer's cloud environment. The customer wants to enforce the following engagement requirements:

• All customer data must remain under the control of the customer at all times.

• Third-party access to the customer environment must be controlled by the customer.

• Authentication credentials and access control must be under the customer's control.

Which of the following should the consultant do to ensure all customer requirements are satisfied when accessing the cloud environment?

Options:

A.

use the customer's SSO with read-only credentials and share data using the customer's provisioned secure network storage

B.

use the customer-provided VDI solution to perform work on the customer's environment.

C.

Provide code snippets to the customer and have the customer run code and securely deliver its output

D.

Request API credentials from the customer and only use API calls to access the customer's environment.

Buy Now
Questions 140

Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

Options:

A.

Determine the optimal placement of hot/warm sites within the enterprise architecture.

B.

Create new processes for identified gaps in continuity planning.

C.

Establish new staff roles and responsibilities for continuity of operations.

D.

Assess the effectiveness of documented processes against a realistic scenario.

Buy Now
Questions 141

In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

Options:

A.

Network security

B.

Physical security

C.

OS security

D.

Host infrastructure

Buy Now
Questions 142

A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

Options:

A.

Implement iterative software releases.

B.

Revise the scope of the project to use a waterfall approach

C.

Change the scope of the project to use the spiral development methodology.

D.

Perform continuous integration.

Buy Now
Questions 143

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

Options:

A.

SDLC attack

B.

Side-load attack

C.

Remote code signing

D.

Supply chain attack

Buy Now
Questions 144

The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

* Transaction being requested by unauthorized individuals.

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attackers using email to malware and ransomeware.

* Exfiltration of sensitive company information.

The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the boar’s concerns for this email migration?

Options:

A.

Data loss prevention

B.

Endpoint detection response

C.

SSL VPN

D.

Application whitelisting

Buy Now
Questions 145

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

CAS-004 Question 145

CAS-004 Question 145

Options:

Buy Now
Questions 146

In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company’s availability requirements. During a postmortem analysis, the following issues were highlighted:

1. International users reported latency when images on the web page were initially loading.

2. During times of report processing, users reported issues with inventory when attempting to place orders.

3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.

Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?

Options:

A.

Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance.

B.

Increase the bandwidth for the server that delivers images, use a CDN, change the database to a non-relational database, and split the ten API servers across two load balancers.

C.

Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load.

D.

Serve static-content object storage across different regions, increase the instance size on the managed relational database, and distribute the ten API servers across multiple regions.

Buy Now
Questions 147

A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.

Which of the following would satisfy the requirement?

Options:

A.

NIDS

B.

NIPS

C.

WAF

D.

Reverse proxy

Buy Now
Questions 148

A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization.

Which of the following actions would BEST resolve the issue? (Choose two.)

Options:

A.

Conduct input sanitization.

B.

Deploy a SIEM.

C.

Use containers.

D.

Patch the OS

E.

Deploy a WAF.

F.

Deploy a reverse proxy

G.

Deploy an IDS.

Buy Now
Questions 149

While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

Options:

A.

Pay the ransom within 48 hours.

B.

Isolate the servers to prevent the spread.

C.

Notify law enforcement.

D.

Request that the affected servers be restored immediately.

Buy Now
Questions 150

UESTION NO: 36

Which of the following is a benefit of using steganalysis techniques in forensic response?

Options:

A.

Breaking a symmetric cipher used in secure voice communications

B.

Determining the frequency of unique attacks against DRM-protected media

C.

Maintaining chain of custody for acquired evidence

D.

Identifying least significant bit encoding of data in a .wav file

Buy Now
Questions 151

A security engineer was auditing an organization’s current software development practice and discovered that multiple open-source libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops.

Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Options:

A.

Perform additional SAST/DAST on the open-source libraries.

B.

Implement the SDLC security guidelines.

C.

Track the library versions and monitor the CVE website for related vulnerabilities.

D.

Perform unit testing of the open-source libraries.

Buy Now
Questions 152

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Options:

A.

Execute never

B.

No-execute

C.

Total memory encryption

D.

Virtual memory encryption

Buy Now
Questions 153

A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information.

Which of the following should the security engineer do to BEST manage the threats proactively?

Options:

A.

Join an information-sharing community that is relevant to the company.

B.

Leverage the MITRE ATT&CK framework to map the TTR.

C.

Use OSINT techniques to evaluate and analyze the threats.

D.

Update security awareness training to address new threats, such as best practices for data security.

Buy Now
Questions 154

A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

Options:

A.

SDLC

B.

OVAL

C.

IEEE

D.

OWASP

Buy Now
Questions 155

Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.

Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

Options:

A.

Implement rate limiting on the API.

B.

Implement geoblocking on the WAF.

C.

Implement OAuth 2.0 on the API.

D.

Implement input validation on the API.

Buy Now
Questions 156

A company is preparing to deploy a global service.

Which of the following must the company do to ensure GDPR compliance? (Choose two.)

Options:

A.

Inform users regarding what data is stored.

B.

Provide opt-in/out for marketing messages.

C.

Provide data deletion capabilities.

D.

Provide optional data encryption.

E.

Grant data access to third parties.

F.

Provide alternative authentication techniques.

Buy Now
Questions 157

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.

Based on RPO requirements, which of the following recommendations should the management team make?

Options:

A.

Leave the current backup schedule intact and pay the ransom to decrypt the data.

B.

Leave the current backup schedule intact and make the human resources fileshare read-only.

C.

Increase the frequency of backups and create SIEM alerts for IOCs.

D.

Decrease the frequency of backups and pay the ransom to decrypt the data.

Buy Now
Questions 158

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options:

A.

TPM

B.

Local secure password file

C.

MFA

D.

Key vault

Buy Now
Questions 159

CAS-004 Question 159

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Options:

Buy Now
Questions 160

A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.

Which of the following should the company use to prevent data theft?

Options:

A.

Watermarking

B.

DRM

C.

NDA

D.

Access logging

Buy Now
Questions 161

A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

CAS-004 Question 161

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

Options:

A.

65

B.

77

C.

83

D.

87

Buy Now
Questions 162

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room.The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

Options:

A.

Monitor camera footage corresponding to a valid access request.

B.

Require both security and management to open the door.

C.

Require department managers to review denied-access requests.

D.

Issue new entry badges on a weekly basis.

Buy Now
Questions 163

A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.

After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?

Options:

A.

Protecting

B.

Permissive

C.

Enforcing

D.

Mandatory

Buy Now
Questions 164

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

Which of the following historian server locations will allow the business to get the required reports in an ОТ and IT environment?

Options:

A.

In the ОТ environment, use a VPN from the IT environment into the ОТ environment.

B.

In the ОТ environment, allow IT traffic into the ОТ environment.

C.

In the IT environment, allow PLCs to send data from the ОТ environment to the IT environment.

D.

Use a screened subnet between the ОТ and IT environments.

Buy Now
Questions 165

A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.

Which of the following techniques would be BEST suited for this requirement?

Options:

A.

Deploy SOAR utilities and runbooks.

B.

Replace the associated hardware.

C.

Provide the contractors with direct access to satellite telemetry data.

D.

Reduce link latency on the affected ground and satellite segments.

Buy Now
Questions 166

A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation:

graphic.linux_randomization.prg

Which of the following technologies would mitigate the manipulation of memory segments?

Options:

A.

NX bit

B.

ASLR

C.

DEP

D.

HSM

Buy Now
Questions 167

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Options:

A.

Lattice-based cryptography

B.

Quantum computing

C.

Asymmetric cryptography

D.

Homomorphic encryption

Buy Now
Questions 168

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.

Which of the following will MOST likely secure the data on the lost device?

Options:

A.

Require a VPN to be active to access company data.

B.

Set up different profiles based on the person’s risk.

C.

Remotely wipe the device.

D.

Require MFA to access company applications.

Buy Now
Questions 169

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

CAS-004 Question 169

Which of the following ciphers should the security analyst remove to support the business requirements?

Options:

A.

TLS_AES_128_CCM_8_SHA256

B.

TLS_DHE_DSS_WITH_RC4_128_SHA

C.

TLS_CHACHA20_POLY1305_SHA256

D.

TLS_AES_128_GCM_SHA256

Buy Now
Questions 170

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Which of the following is MOST likely the root cause?

Options:

A.

The client application is testing PFS.

B.

The client application is configured to use ECDHE.

C.

The client application is configured to use RC4.

D.

The client application is configured to use AES-256 in GCM.

Buy Now
Questions 171

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

Options:

A.

Scan the code with a static code analyzer, change privileged user passwords, and provide security training.

B.

Change privileged usernames, review the OS logs, and deploy hardware tokens.

C.

Implement MFA, review the application logs, and deploy a WAF.

D.

Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

Buy Now
Questions 172

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

Options:

A.

Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.

B.

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

C.

Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

D.

Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

Buy Now
Questions 173

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

Options:

A.

Utilizing a trusted secrets manager

B.

Performing DAST on a weekly basis

C.

Introducing the use of container orchestration

D.

Deploying instance tagging

Buy Now
Questions 174

A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

CAS-004 Question 174

Which of the following would BEST mitigate this vulnerability?

Options:

A.

CAPTCHA

B.

Input validation

C.

Data encoding

D.

Network intrusion prevention

Buy Now
Questions 175

A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

Which of the following solutions should the security architect recommend?

Options:

A.

Replace the current antivirus with an EDR solution.

B.

Remove the web proxy and install a UTM appliance.

C.

Implement a deny list feature on the endpoints.

D.

Add a firewall module on the current antivirus solution.

Buy Now
Questions 176

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

Options:

A.

A trusted platform module

B.

A hardware security module

C.

A localized key store

D.

A public key infrastructure

Buy Now
Questions 177

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

Options:

A.

0.5

B.

8

C.

50

D.

36,500

Buy Now
Questions 178

A security analyst notices a number of SIEM events that show the following activity:

CAS-004 Question 178

Which of the following response actions should the analyst take FIRST?

Options:

A.

Disable powershell.exe on all Microsoft Windows endpoints.

B.

Restart Microsoft Windows Defender.

C.

Configure the forward proxy to block 40.90.23.154.

D.

Disable local administrator privileges on the endpoints.

Buy Now
Questions 179

An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

Options:

A.

Peer-to-peer secure communications enabled by mobile applications

B.

Proxied application data connections enabled by API gateways

C.

Microsegmentation enabled by software-defined networking

D.

VLANs enabled by network infrastructure devices

Buy Now
Questions 180

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

Options:

A.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.

Required all laptops to connect to the VPN before accessing email.

C.

Implement cloud-based content filtering with sandboxing capabilities.

D.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Buy Now
Questions 181

Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

Options:

A.

Key sharing

B.

Key distribution

C.

Key recovery

D.

Key escrow

Buy Now
Questions 182

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

Options:

A.

Utilize code signing by a trusted third party.

B.

Implement certificate-based authentication.

C.

Verify MD5 hashes.

D.

Compress the program with a password.

E.

Encrypt with 3DES.

F.

Make the DACL read-only.

Buy Now
Questions 183

A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.

Which of the following techniques will MOST likely meet the business’s needs?

Options:

A.

Performing deep-packet inspection of all digital audio files

B.

Adding identifying filesystem metadata to the digital audio files

C.

Implementing steganography

D.

Purchasing and installing a DRM suite

Buy Now
Questions 184

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

Options:

A.

Deploy an RA on each branch office.

B.

Use Delta CRLs at the branches.

C.

Configure clients to use OCSP.

D.

Send the new CRLs by using GPO.

Buy Now
Questions 185

A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.

Which of the following would be BEST to proceed with the transformation?

Options:

A.

An on-premises solution as a backup

B.

A load balancer with a round-robin configuration

C.

A multicloud provider solution

D.

An active-active solution within the same tenant

Buy Now
Exam Code: CAS-004
Exam Name: CompTIA SecurityX Certification Exam
Last Update: Jul 12, 2025
Questions: 619

PDF + Testing Engine

$57.75  $164.99

Testing Engine

$43.75  $124.99
buy now CAS-004 testing engine

PDF (Q&A)

$36.75  $104.99
buy now CAS-004 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 15 Jul 2025