Summer Sale - Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dpm65

CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam Questions and Answers

Questions 4

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

Options:

A.

Data loss detection, reverse proxy, EDR, and PGP

B.

VDI, proxy, CASB, and DRM

C.

Watermarking, forward proxy, DLP, and MFA

D.

Proxy, secure VPN, endpoint encryption, and AV

Buy Now
Questions 5

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

Options:

A.

A trusted platform module

B.

A hardware security module

C.

A localized key store

D.

A public key infrastructure

Buy Now
Questions 6

A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider’s network

Maintain compliance with company and regulatory guidelines

Detect and respond to insider threats, privileged user threats, and compromised accounts

Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these requirements?

Options:

A.

WAF

B.

CASB

C.

SWG

D.

DLP

Buy Now
Questions 7

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:

1. The network supports core applications that have 99.99% uptime.

2. Configuration updates to the SD-WAN routers can only be initiated from the management service.

3. Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the requirements?

Options:

A.

Reverse proxy, stateful firewalls, and VPNs at the local sites

B.

IDSs, WAFs, and forward proxy IDS

C.

DoS protection at the hub site, mutual certificate authentication, and cloud proxy

D.

IPSs at the hub, Layer 4 firewalls, and DLP

Buy Now
Questions 8

An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

Options:

A.

Peer-to-peer secure communications enabled by mobile applications

B.

Proxied application data connections enabled by API gateways

C.

Microsegmentation enabled by software-defined networking

D.

VLANs enabled by network infrastructure devices

Buy Now
Questions 9

A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

CAS-004 Question 9

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

Options:

A.

65

B.

77

C.

83

D.

87

Buy Now
Questions 10

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options:

A.

TPM

B.

Local secure password file

C.

MFA

D.

Key vault

Buy Now
Questions 11

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Options:

A.

Lattice-based cryptography

B.

Quantum computing

C.

Asymmetric cryptography

D.

Homomorphic encryption

Buy Now
Questions 12

A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.

Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

Options:

A.

Union filesystem overlay

B.

Cgroups

C.

Linux namespaces

D.

Device mapper

Buy Now
Questions 13

A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.

Which of the following should the company use to make this determination?

Options:

A.

Threat hunting

B.

A system penetration test

C.

Log analysis within the SIEM tool

D.

The Cyber Kill Chain

Buy Now
Questions 14

A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

Which of the following solutions should the security architect recommend?

Options:

A.

Replace the current antivirus with an EDR solution.

B.

Remove the web proxy and install a UTM appliance.

C.

Implement a deny list feature on the endpoints.

D.

Add a firewall module on the current antivirus solution.

Buy Now
Questions 15

A security analyst is reviewing the following output:

CAS-004 Question 15

Which of the following would BEST mitigate this type of attack?

Options:

A.

Installing a network firewall

B.

Placing a WAF inline

C.

Implementing an IDS

D.

Deploying a honeypot

Buy Now
Questions 16

A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.

Which of the following encryption methods should the cloud security engineer select during the implementation phase?

Options:

A.

Instance-based

B.

Storage-based

C.

Proxy-based

D.

Array controller-based

Buy Now
Questions 17

An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.

Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

Options:

A.

Deploy a SOAR tool.

B.

Modify user password history and length requirements.

C.

Apply new isolation and segmentation schemes.

D.

Implement decoy files on adjacent hosts.

Buy Now
Questions 18

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

Options:

A.

The company will have access to the latest version to continue development.

B.

The company will be able to force the third-party developer to continue support.

C.

The company will be able to manage the third-party developer’s development process.

D.

The company will be paid by the third-party developer to hire a new development team.

Buy Now
Questions 19

A threat hunting team receives a report about possible APT activity in the network.

Which of the following threat management frameworks should the team implement?

Options:

A.

NIST SP 800-53

B.

MITRE ATT&CK

C.

The Cyber Kill Chain

D.

The Diamond Model of Intrusion Analysis

Buy Now
Questions 20

A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

Options:

A.

SDLC

B.

OVAL

C.

IEEE

D.

OWASP

Buy Now
Questions 21

A company is preparing to deploy a global service.

Which of the following must the company do to ensure GDPR compliance? (Choose two.)

Options:

A.

Inform users regarding what data is stored.

B.

Provide opt-in/out for marketing messages.

C.

Provide data deletion capabilities.

D.

Provide optional data encryption.

E.

Grant data access to third parties.

F.

Provide alternative authentication techniques.

Buy Now
Questions 22

A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information.

Which of the following should the security engineer do to BEST manage the threats proactively?

Options:

A.

Join an information-sharing community that is relevant to the company.

B.

Leverage the MITRE ATT&CK framework to map the TTR.

C.

Use OSINT techniques to evaluate and analyze the threats.

D.

Update security awareness training to address new threats, such as best practices for data security.

Buy Now
Questions 23

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

Options:

A.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.

Required all laptops to connect to the VPN before accessing email.

C.

Implement cloud-based content filtering with sandboxing capabilities.

D.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Buy Now
Questions 24

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:

Unauthorized insertions into application development environments

Authorized insiders making unauthorized changes to environment configurations

Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

Options:

A.

Perform static code analysis of committed code and generate summary reports.

B.

Implement an XML gateway and monitor for policy violations.

C.

Monitor dependency management tools and report on susceptible third-party libraries.

D.

Install an IDS on the development subnet and passively monitor for vulnerable services.

E.

Model user behavior and monitor for deviations from normal.

F.

Continuously monitor code commits to repositories and generate summary logs.

Buy Now
Questions 25

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

Options:

A.

Deploy an RA on each branch office.

B.

Use Delta CRLs at the branches.

C.

Configure clients to use OCSP.

D.

Send the new CRLs by using GPO.

Buy Now
Questions 26

Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the

website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect

recommend?

Options:

A.

Adding more nodes to the web server clusters

B.

Changing the cipher algorithm used on the web server

C.

Implementing OCSP stapling on the server

D.

Upgrading to TLS 1.3

Buy Now
Questions 27

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select THREE).

Options:

A.

Temporal

B.

Availability

C.

Integrity

D.

Confidentiality

E.

Base

F.

Environmental

G.

Impact

Buy Now
Questions 28

In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

Options:

A.

cloud-native applications.

B.

containerization.

C.

serverless configurations.

D.

software-defined netWorking.

E.

secure access service edge.

Buy Now
Questions 29

A cloud security architect has been tasked with finding a solution for hardening VMS. The solution must meet the following requirements:

• Data needs to be stored outside of the VMS.

• No unauthorized modifications to the VMS are allowed

• If a change needs to be done, a new VM needs to be deployed.

Which of the following is the BEST solution?

Options:

A.

Immutable system

B.

Data loss prevention

C.

Storage area network

D.

Baseline template

Buy Now
Questions 30

A security analyst for a managed service provider wants to implement the most up-to-date and effective security methodologies to provide clients with the best offerings. Which of the following resources

would the analyst MOST likely adopt?

Options:

A.

OSINT

B.

ISO

C.

MITRE ATT&CK

D.

OWASP

Buy Now
Questions 31

An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?

Options:

A.

SLA

B.

ISA

C.

NDA

D.

MOU

Buy Now
Questions 32

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

Options:

A.

Properly configure a secure file transfer system to ensure file integrity.

B.

Have the external parties sign non-disclosure agreements before sending any images.

C.

Only share images with external parties that have worked with the firm previously.

D.

Utilize watermarks in the images that are specific to each external party.

Buy Now
Questions 33

A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

Options:

A.

Resource exhaustion

B.

Geographic location

C.

Control plane breach

D.

Vendor lock-in

Buy Now
Questions 34

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

Options:

A.

MD5-based envelope method

B.

HMAC SHA256

C.

PBKDF2

D.

PGP

Buy Now
Questions 35

A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in

the service being unavailable. V•Vh1ch of the following would BEST prevent this scenario from happening again?

Options:

A.

Performing routine tabletop exercises

B.

Implementing scheduled, full interruption tests

C.

Backing up system log reviews

D.

Performing department disaster recovery walk-throughs

Buy Now
Questions 36

A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed. Which of the following is the MOST likely cause of the error?

Options:

A.

Lockout of privileged access account

B.

Duration of the BitLocker lockout period

C.

Failure of the Kerberos time drift sync

D.

Failure of TPM authentication

Buy Now
Questions 37

A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

Options:

A.

NAC

B.

WAF

C.

NIDS

D.

Reverse proxy

E.

NGFW

F.

Bastion host

Buy Now
Questions 38

An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization's new email system provide?

Options:

A.

DLP

B.

Encryption

C.

E-discovery

D.

Privacy-level agreements

Buy Now
Questions 39

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

Options:

A.

Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.

B.

Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.

C.

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

D.

Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.

Buy Now
Questions 40

Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition, Company A is requiring the following:

• Before the merger is complete, users from both companies should use a single set of usernames and passwords.

• Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.

• Users from Company B should be able to access Company A's available resources.

Which of the following are the BEST solutions? (Select TWO).

Options:

A.

Installing new Group Policy Object policies

B.

Establishing one-way trust from Company B to Company A

C.

Enabling multifactor authentication

D.

Implementing attribute-based access control

E.

Installing Company A's Kerberos systems in Company B's network

F.

Updating login scripts

Buy Now
Questions 41

A new, online file hosting service is being offered. The service has the following security requirements:

• Threats to customer data integrity and availability should be remediated first.

• The environment should be dynamic to match increasing customer demands.

• The solution should not interfere with customers" ability to access their data at anytime.

• Security analysts should focus on high-risk items.

Which of the following would BEST satisfy the requirements?

Options:

A.

Expanding the use of IPS and NGFW devices throughout the environment

B.

Increasing the number of analysts to Identify risks that need remediation

C.

Implementing a SOAR solution to address known threats

D.

Integrating enterprise threat feeds in the existing SIEM

Buy Now
Questions 42

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer

facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead

and be resistant to offline password attacks. Which of the following should the security consultant recommend?

Options:

A.

WPA2-Preshared Key

B.

WPA3-Enterprise

C.

WPA3-Personal

D.

WPA2-Enterprise

Buy Now
Questions 43

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process ‘memory location. Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Options:

A.

Execute never

B.

Noexecute

C.

Total memory encryption

D.

Virtual memory protection

Buy Now
Questions 44

In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?

Options:

A.

Application-specific data assets

B.

Application user access management

C.

Application-specific logic and code

D.

Application/platform software

Buy Now
Questions 45

Which of the following testing plans is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions?

Options:

A.

Disaster recovery checklist

B.

Tabletop exercise

C.

Full interruption test

D.

Parallel test

Buy Now
Questions 46

A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?

Options:

A.

NGFW for web traffic inspection and activity monitoring

B.

CSPM for application configuration control

C.

Targeted employee training and awareness exercises

D.

CASB for OAuth application permission control

Buy Now
Questions 47

Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Select TWO).

Options:

A.

proxy

B.

Tunneling

C.

VDI

D.

MDM

E.

RDP

F.

MAC address randomization

Buy Now
Questions 48

A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?

Options:

A.

The SD-WAN provider would not be able to handle the organization's bandwidth requirements.

B.

The operating costs of the MPLS network are too high for the organization.

C.

The SD-WAN provider uses a third party for support.

D.

Internal IT staff will not be able to properly support remote offices after the migration.

Buy Now
Questions 49

A company has decided that only administrators are permitted to use PowerShell on their Windows computers. Which of the following is the BEST way for an administrator to implement this decision?

Options:

A.

Monitor the Application and Services Logs group within Windows Event Log.

B.

Uninstall PowerSheII from all workstations.

C.

Configure user settings in Group Policy.

D.

Provide user education and training.

E.

Block PowerSheII via HIDS.

Buy Now
Questions 50

A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

Options:

A.

Implement iterative software releases.

B.

Revise the scope of the project to use a waterfall approach

C.

Change the scope of the project to use the spiral development methodology.

D.

Perform continuous integration.

Buy Now
Questions 51

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts most of the responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

Options:

A.

IaaS

B.

SaaS

C.

Faas

D.

PaaS

Buy Now
Questions 52

A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.

Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?

Options:

A.

True negative

B.

False negative

C.

False positive

D.

Non-automated response

Buy Now
Questions 53

A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Select THREE).

Options:

A.

Least privilege

B.

VPN

C.

Policy automation

D.

PKI

E.

Firewall

F.

Continuous validation

G.

Continuous integration

Buy Now
Questions 54

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form Of web identity validation

• Encryption of all web transactions

• The strongest encryption in-transit

• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.

• The company wants to minimize total expenditure.

• The company wants to minimize complexity

Which of the following should the company implement on its new website? (Select TWO).

Options:

A.

Wildcard certificate

B.

EV certificate

C.

Mutual authentication

D.

Certificate pinning

E.

SSO

F.

HSTS

Buy Now
Questions 55

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Options:

A.

Deploying a WAF signature

B.

Fixing the PHP code

C.

Changing the web server from HTTPS to HTTP

D.

UsingSSLv3

E.

Changing the code from PHP to ColdFusion

F.

Updating the OpenSSL library

Buy Now
Questions 56

A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

• The PostgreSQL server must only allow connectivity in the 10.1.2.0/24

subnet.

• The SSH daemon on the database server must be configured to listen

to port 4022.

• The SSH daemon must only accept connections from a Single

workstation.

• All host-based firewalls must be disabled on all workstations.

• All devices must have the latest updates from within the past eight

days.

• All HDDs must be configured to secure data at rest.

• Cleartext services are not allowed.

• All devices must be hardened when possible.

Instructions:

Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.

Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA ssh

CAS-004 Question 56

WAP A

CAS-004 Question 56

PC A

CAS-004 Question 56

Laptop A

CAS-004 Question 56

Switch A

CAS-004 Question 56

Switch B:

CAS-004 Question 56

Laptop B

CAS-004 Question 56

PC B

CAS-004 Question 56

PC C

CAS-004 Question 56

Server A

CAS-004 Question 56

CAS-004 Question 56

CAS-004 Question 56

CAS-004 Question 56

CAS-004 Question 56

Options:

Buy Now
Questions 57

A security administrator wants to detect a potential forged sender claim in tt-e envelope of an email. Which of the following should the security administrator implement? (Select TWO).

Options:

A.

MX record

B.

DMARC

C.

SPF

D.

DNSSEC

E.

S/MIME

F.

TLS

Buy Now
Questions 58

In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

Options:

A.

Network security

B.

Physical security

C.

OS security

D.

Host infrastructure

Buy Now
Questions 59

A cloud security architect has been tasked with selecting the appropriate solution given the following:

* The solution must allow the lowest RTO possible.

* The solution must have the least shared responsibility possible.

« Patching should be a responsibility of the CSP.

Which of the following solutions can BEST fulfill the requirements?

Options:

A.

Paas

B.

laas

C.

Private

D.

Saas

Buy Now
Questions 60

An multinational organization was hacked, and the incident response team's timely action prevented a major disaster Following the event, the team created an after action report. Which of the following is the primary goal of an after action review?

Options:

A.

To gather evidence for subsequent legal action

B.

To determine the identity of the attacker

C.

To identify ways to improve the response process

D.

To create a plan of action and milestones

Buy Now
Questions 61

An ISP is receiving reports from a portion of its customers who state that typosquatting is occurring when they type in a portion of the URL for the ISP's website. The reports state that customers are being directed to an advertisement website that is asking for personal information. The security team has verified the DNS system is returning proper results and has no known lOCs. Which of the following should the security team implement to best mitigate this situation?

Options:

A.

DNSSEC

B.

DNS filtering

C.

Multifactor authentication

D.

Self-signed certificates

E.

Revocation of compromised certificates

Buy Now
Questions 62

A company with multiple locations has taken a cloud-only approach to its infrastructure The company does not have standard vendors or systems resulting in a mix of various solutions put in place by each location The Chief Information Security Officer wants to ensure that the internal security team has visibility into all platforms Which of the following best meets this objective?

Options:

A.

Security information and event management

B.

Cloud security posture management

C.

SNMFV2 monitoring and log aggregation

D.

Managed detection and response services from a third party

Buy Now
Questions 63

A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops. Which of the following authenticator types would be most appropriate for the engineer to include in the design?

Options:

A.

TOTP token

B.

Device certificate

C.

Smart card

D.

Biometric

Buy Now
Questions 64

Which of the following technologies would benefit the most from the use of biometric readers proximity badge entry systems, and the use of hardware security tokens to access various environments and data entry systems?

Options:

A.

Deep learning

B.

Machine learning

C.

Nanotechnology

D.

Passwordless authentication

E.

Biometric impersonation

Buy Now
Questions 65

A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attacks Which of the following is the MOST important infrastructure security design element to prevent an outage7

Options:

A.

Supporting heterogeneous architecture

B.

Leveraging content delivery network across multiple regions

C.

Ensuring cloud autoscaling is in place

D.

Scaling horizontally to handle increases in traffic

Buy Now
Questions 66

A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs.

CAS-004 Question 66

Which of the following should the company do next to mitigate the risk of a compromise from these attacks?

Options:

A.

Restrict HTTP methods.

B.

Perform parameterized queries.

C.

Implement input sanitization.

D.

Validate content types.

Buy Now
Questions 67

A security analyst has been tasked with assessing a new API The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities Which of the following should the analyst use to achieve this goal?

Options:

A.

Static analysis

B.

Input validation

C.

Fuzz testing

D.

Post-exploitation

Buy Now
Questions 68

A company recently deployed a SIEM and began importing logs from a firewall, a file server, a domain controller a web server, and a laptop. A security analyst receives a series of SIEM alerts and prepares to respond. The following is the alert information:

CAS-004 Question 68

Which of the following should the security analyst do FIRST?

Options:

A.

Disable Administrator on abc-uaa-fsl, the local account is compromised

B.

Shut down the abc-usa-fsl server, a plaintext credential is being used

C.

Disable the jdoe account, it is likely compromised

D.

Shut down abc-usa-fw01; the remote access VPN vulnerability is exploited

Buy Now
Questions 69

A new requirement for legislators has forced a government security team to develop a validation process to verify the integrity of a downloaded file and the sender of the file Which of the following is the BEST way for the security team to comply with this requirement?

Options:

A.

Digital signature

B.

Message hash

C.

Message digest

D.

Message authentication code

Buy Now
Questions 70

An employee's device was missing for 96 hours before being reported. The employee called the help desk to ask for another device Which of the following phases of the incident response cycle needs improvement?

Options:

A.

Containment

B.

Preparation

C.

Resolution

D.

Investigation

Buy Now
Questions 71

A security engineer is trying to identify instances of a vulnerability in an internally developed line of business software. The software is hosted at the company's internal data center. Although a standard vulnerability definition does not exist, the identification and remediation results should be tracked in the company's vulnerability management system. Which of the following should the engineer use to identify this vulnerability?

Options:

A.

SIEM

B.

CASB

C.

SCAP

D.

OVAL

Buy Now
Questions 72

An organization performed a risk assessment and discovered that less than 50% of its employees have been completing security awareness training. Which of the following should the Chief Information Security Officer highlight as an area of Increased vulnerability in a report to the management team?

Options:

A.

Social engineering

B.

Third-party compromise

C.

APT targeting

D.

Pivoting

Buy Now
Questions 73

in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?

Options:

A.

Risk transfer

B.

Risk mitigation

C.

Risk acceptance

D.

Risk avoidance

Buy Now
Questions 74

To bring digital evidence in a court of law the evidence must be:

Options:

A.

material

B.

tangible

C.

consistent

D.

conserved

Buy Now
Questions 75

A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation Part of this transformation involves a move to cloud servers to ensure a scalable, high-performance, online user experience The current architecture includes:

• Directory servers

• Web servers

• Database servers

• Load balancers

• Cloud-native VPN concentrator

• Remote access server

The MSP must secure this environment similarly to the infrastructure on premises Which of the following should the MSP put in place to BEST meet this objective? (Select THREE)

Options:

A.

Content delivery network

B.

Virtual next-generation firewall

C.

Web application firewall

D.

Software-defined WAN

E.

External vulnerability scans

F.

Containers

G.

Microsegmentation

Buy Now
Questions 76

A technician accidentally deleted the secret key that was corresponding to the public key pinned to a busy online magazine. To remedy the situation, the technician obtained a new certificate with a different key. However, paying subscribers were locked out of the website until the key-pinning policy expired. Which of the following alternatives should the technician adopt to prevent a similar issue in the future?

Options:

A.

Registration authority

B.

Certificate revocation list

C.

Client authentication

D.

Certificate authority authorization

Buy Now
Questions 77

A security engineer is assessing the security controls of loT systems that are no longer supported for updates and patching. Which of the following is the best mitigation for defending these loT systems?

Options:

A.

Disable administrator accounts

B.

Enable SELinux

C.

Enforce network segmentation

D.

Assign static IP addresses

Buy Now
Questions 78

A security administrator wants to enable a feature that would prevent a compromised encryption key from being used to decrypt all the VPN traffic. Which of the following should the security administrator use?

Options:

A.

Salsa20 cipher

B.

TLS-based VPN

C.

PKI-based IKE IPSec negotiation

D.

Perfect forward secrecy

Buy Now
Questions 79

A security engineer needs to implement a cost-effective authentication scheme for a new web-based application that requires:

•Rapid authentication

•Flexible authorization

•Ease of deployment

•Low cost but high functionality

Which of the following approaches best meets these objectives?

Options:

A.

Kerberos

B.

EAP

C.

SAML

D.

OAuth

E.

TACACS+

Buy Now
Questions 80

A cyberanalyst has been tasked with recovering PDF files from a provided image file. Which of the following is the best file-carving tool for PDF recovery?

Options:

A.

objdump

B.

Strings

C.

dd

D.

Foremost

Buy Now
Questions 81

A network administrator who manages a Linux web server notices the following traffic:

https://corr.ptia.org/.../.../.../... /etc./shadow

Which of the following Is the BEST action for the network administrator to take to defend against this type of web attack?

Options:

A.

Validate the server certificate and trust chain.

B.

Validate the server input and append the input to the base directory path.

C.

Validate that the server is not deployed with default account credentials.

D.

Validate that multifactor authentication is enabled on the server for all user accounts.

Buy Now
Questions 82

A bank hired a security architect to improve its security measures against the latest threats The solution must meet the following requirements

• Recognize and block fake websites

• Decrypt and scan encrypted traffic on standard and non-standard ports

• Use multiple engines for detection and prevention

• Have central reporting

Which of the following is the BEST solution the security architect can propose?

Options:

A.

CASB

B.

Web filtering

C.

NGFW

D.

EDR

Buy Now
Questions 83

A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be best to use as part of the process to support copyright protections of the document?

Options:

A.

Steganography

B.

E-signature

C.

Watermarking

D.

Cryptography

Buy Now
Questions 84

A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:

• Enterprise IT servers and supervisory industrial systems share the same subnet.

• Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.

• Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.

Which of the following re-architecture approaches would be best to reduce the company's risk?

Options:

A.

Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.

B.

Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field.

C.

Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum.

D.

Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.

Buy Now
Questions 85

A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that have hit the company. The data Indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful. Which of the following should the CSO implement?

Options:

A.

Simulating a spam campaign

B.

Conducting a sanctioned vishing attack

C.

Performing a risk assessment

D.

Executing a penetration test

Buy Now
Questions 86

A company has retained the services of a consultant to perform a security assessment. As part of the assessment the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks Which of the following would best enable this activity?

Options:

A.

ISAC

B.

OSINT

C.

CVSS

D.

Threat modeling

Buy Now
Questions 87

During a network defense engagement, a red team is able to edit the following registry key:

CAS-004 Question 87

Which of the following tools is the red team using to perform this action?

Options:

A.

PowerShell

B.

SCAP scanner

C.

Network vulnerability scanner

D.

Fuzzer

Buy Now
Questions 88

A software development company wants to ensure that users can confirm the software is legitimate when installing it. Which of the following is the best way for the company to achieve this security objective?

Options:

A.

Code signing

B.

Non-repudiation

C.

Key escrow

D.

Private keys

Buy Now
Questions 89

A senior security analyst is helping the development team improve the security of an application that is being developed. The developers use third-party libraries and applications. The software in development used old, third-party packages that were not replaced before market distribution. Which of the following should be implemented into the SDLC to resolve the issue?

Options:

A.

Software composition analysis

B.

A SCAP scanner

C.

ASAST

D.

A DAST

Buy Now
Questions 90

Signed applications reduce risks by:

Options:

A.

encrypting the application's data on the device.

B.

requiring the developer to use code-level hardening techniques.

C.

providing assurance that the application is using unmodified source code.

D.

costing the developer money to publish, which reduces the likelihood of malicious intent.

Buy Now
Questions 91

A hospital has fallen behind with patching known vulnerabilities due to concerns that patches may cause disruptions in the availability of data and impact patient care. The hospital does not have a tracking solution in place to audit whether systems have been updated or to track the length of time between notification of the weakness and patch completion Since tracking is not in place the hospital lacks accountability with regard to who is responsible for these activities and the timeline of patching efforts. Which of the following should the hospital do first to mitigate this risk?

Options:

A.

Complete a vulnerability analysis

B.

Obtain guidance from the health ISAC

C.

Purchase a ticketing system for auditing efforts

D.

Ensure CVEs are current

E.

Train administrators on why patching is important

Buy Now
Questions 92

After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BYOD policy. However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log:

CAS-004 Question 92

Which of the following is the most likely reason for the successful attack?

Options:

A.

Lack of MDM controls

B.

Auto-join hotspots enabled

C.

Sideloading

D.

Lack of application segmentation

Buy Now
Questions 93

The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:

CAS-004 Question 93

During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?

Options:

A.

Evasion

B.

Persistence

C.

Collection

D.

Lateral movement

Buy Now
Questions 94

A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

Options:

A.

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

B.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

C.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

D.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

Buy Now
Questions 95

Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

Options:

A.

Remote provider BCDR

B.

Cloud provider BCDR

C.

Alternative provider BCDR

D.

Primary provider BCDR

Buy Now
Questions 96

A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:

Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

Options:

A.

Add the objects of concern to the default context.

B.

Set the devices to enforcing

C.

Create separate domain and context files for irc.

D.

Rebuild the policy, reinstall, and test.

Buy Now
Questions 97

A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee’ PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

Options:

A.

The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.

B.

The DHCP server has a reservation for the PC’s MAC address for the wired interface.

C.

The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.

D.

The DHCP server is unavailable, so no IP address is being sent back to the PC.

Buy Now
Questions 98

A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.

Which of the following scan types will provide the systems administrator with the MOST accurate information?

Options:

A.

A passive, credentialed scan

B.

A passive, non-credentialed scan

C.

An active, non-credentialed scan

D.

An active, credentialed scan

Buy Now
Questions 99

A company based in the United States holds insurance details of EU citizens. Which of the following must be adhered to when processing EU citizens' personal, private, and confidential data?

Options:

A.

The principle of lawful, fair, and transparent processing

B.

The right to be forgotten principle of personal data erasure requests

C.

The non-repudiation and deniability principle

D.

The principle of encryption, obfuscation, and data masking

Buy Now
Questions 100

Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?

Options:

A.

Zigbee

B.

CAN

C.

DNP3

D.

Modbus

Buy Now
Questions 101

A security operations center analyst is investigating anomalous activity between a database server and an unknown external IP address and gathered the following data:

• dbadmin last logged in at 7:30 a.m. and logged out at 8:05 a.m.

• A persistent TCP/6667 connection to the external address was established at 7:55 a.m. The connection is still active.

• Other than bytes transferred to keep the connection alive, only a few kilobytes of data transfer every hour since the start of the connection.

• A sample outbound request payload from PCAP showed the ASCII content: "JOIN #community".

Which of the following is the MOST likely root cause?

Options:

A.

A SQL injection was used to exfiltrate data from the database server.

B.

The system has been hijacked for cryptocurrency mining.

C.

A botnet Trojan is installed on the database server.

D.

The dbadmin user is consulting the community for help via Internet Relay Chat.

Buy Now
Questions 102

A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.

Which of the following solutions does this describe?

Options:

A.

Full tunneling

B.

Asymmetric routing

C.

SSH tunneling

D.

Split tunneling

Buy Now
Questions 103

A security engineer notices the company website allows users following example:

hitps://mycompany.com/main.php?Country=US

Which of the following vulnerabilities would MOST likely affect this site?

Options:

A.

SQL injection

B.

Remote file inclusion

C.

Directory traversal -

D.

Unsecure references

Buy Now
Questions 104

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.

Which of the following is t he NEXT step of the incident response plan?

Options:

A.

Remediation

B.

Containment

C.

Response

D.

Recovery

Buy Now
Questions 105

A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials. Which of the following features will enable the business to meet this objective?

Options:

A.

Simultaneous Authentication of Equals

B.

Enhanced open

C.

Perfect forward secrecy

D.

Extensible Authentication Protocol

Buy Now
Questions 106

A recent data breach stemmed from unauthorized access to an employee’s company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.

Which of the following BEST mitigates inappropriate access and permissions issues?

Options:

A.

SIEM

B.

CASB

C.

WAF

D.

SOAR

Buy Now
Questions 107

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

CAS-004 Question 107

CAS-004 Question 107

Options:

Buy Now
Questions 108

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

Options:

A.

Increased network latency

B.

Unavailable of key escrow

C.

Inability to selected AES-256 encryption

D.

Removal of user authentication requirements

Buy Now
Questions 109

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

Options:

A.

Text editor

B.

OOXML editor

C.

Event Viewer

D.

XML style sheet

E.

SCAP tool

F.

Debugging utility

Buy Now
Questions 110

A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

Options:

A.

Inherent

B.

Low

C.

Mitigated

D.

Residual.

E.

Transferred

Buy Now
Questions 111

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data. Which of the following commands should

the analyst run to BEST determine whether financial data was lost?

CAS-004 Question 111

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 112

Users are claiming that a web server is not accessible. A security engineer logs for the site. The engineer connects to the server and runs netstat -an and receives the following output:

CAS-004 Question 112Which of the following is MOST likely happening to the server?

Options:

A.

Port scanning

B.

ARP spoofing

C.

Buffer overflow

D.

Denial of service

Buy Now
Questions 113

A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company’s managed database, exposing customer information.

The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

Options:

A.

The pharmaceutical company

B.

The cloud software provider

C.

The web portal software vendor

D.

The database software vendor

Buy Now
Questions 114

An analyst received a list of IOCs from a government agency. The attack has the following characteristics:

1. The attack starts with bulk phishing.

2. If a user clicks on the link, a dropper is downloaded to the computer.

3. Each of the malware samples has unique hashes tied to the user.

The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use?

Options:

A.

Update the incident response plan.

B.

Blocklist the executable.

C.

Deploy a honeypot onto the laptops.

D.

Detonate in a sandbox.

Buy Now
Questions 115

A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ‘’Contact US’’ form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident. Which of the following would BEST assist the analyst?

Options:

A.

Ensuring proper input validation is configured on the ‘’Contact US’’ form

B.

Deploy a WAF in front of the public website

C.

Checking for new rules from the inbound network IPS vendor

D.

Running the website log files through a log reduction and analysis tool

Buy Now
Questions 116

city government's IT director was notified by the City council that the following cybersecurity requirements must be met to be awarded a large federal grant:

+ Logs for all critical devices must be retained for 365 days to enable monitoring and threat hunting.

+ All privileged user access must be tightly controlled and tracked to mitigate compromised accounts.

+ Ransomware threats and zero-day vulnerabilities must be quickly identified.

Which of the following technologies would BEST satisfy these requirements? (Select THREE).

Options:

A.

Endpoint protection

B.

Log aggregator

C.

Zero trust network access

D.

PAM

E.

Cloud sandbox

F.

SIEM

G.

NGFW

Buy Now
Questions 117

An organization requires a contractual document that includes

• An overview of what is covered

• Goals and objectives

• Performance metrics for each party

• A review of how the agreement is managed by all parties

Which of the following BEST describes this type of contractual document?

Options:

A.

SLA

B.

BAA

C.

NDA

D.

ISA

Buy Now
Questions 118

A threat analyst notices the following URL while going through the HTTP logs.

CAS-004 Question 118

Which of the following attack types is the threat analyst seeing?

Options:

A.

SQL injection

B.

CSRF

C.

Session hijacking

D.

XSS

Buy Now
Questions 119

An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?

Options:

A.

The NTP server is set incorrectly for the developers.

B.

The CA has included the certificate in its CRL_

C.

The certificate is set for the wrong key usage.

D.

Each application is missing a SAN or wildcard entry on the certificate.

Buy Now
Questions 120

A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

CAS-004 Question 120

Which of the following would BEST mitigate this vulnerability?

Options:

A.

Network intrusion prevention

B.

Data encoding

C.

Input validation

D.

CAPTCHA

Buy Now
Questions 121

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by re reducing the risk of on-path attacks between the mobile client and its servers and

by implementing stronger digital trust. To support users’ trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

+ Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Buy Now
Questions 122

Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.

Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?

Options:

A.

Drive wiping

B.

Degaussing

C.

Purging

D.

Physical destruction

Buy Now
Questions 123

A review of the past year’s attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information.

Which of the following would be BEST for the company to implement?

Options:

A.

A WAF

B.

An IDS

C.

A SIEM

D.

A honeypot

Buy Now
Questions 124

A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?

Options:

A.

Eavesdropping

B.

On-path

C.

Cryptanalysis

D.

Code signing

E.

RF sidelobe sniffing

Buy Now
Questions 125

A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

Options:

A.

X-Forwarded-Proto

B.

X-Forwarded-For

C.

Cache-Control

D.

Strict-Transport-Security

E.

Content-Security-Policy

Buy Now
Questions 126

A software company wants to build a platform by integrating with another company's established product. Which of the following provisions would be MOST important to include when drafting an agreement between the two companies?

Options:

A.

Data sovereignty

B.

Shared responsibility

C.

Source code escrow

D.

Safe harbor considerations

Buy Now
Questions 127

An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:

* Be based on open-source Android for user familiarity and ease.

* Provide a single application for inventory management of physical assets.

* Permit use of the camera be only the inventory application for the purposes of scanning

* Disallow any and all configuration baseline modifications.

* Restrict all access to any device resource other than those requirement ?

Options:

A.

Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.

B.

Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.

C.

Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove unnecessary functions via MDL, configure to block network access, and perform integration testing

D.

Build and install an Android middleware policy with requirements added, copy the file into/ user/init, and then built the inventory application.

Buy Now
Questions 128

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Options:

A.

Implement a VPN for all APIs.

B.

Sign the key with DSA.

C.

Deploy MFA for the service accounts.

D.

Utilize HMAC for the keys.

Buy Now
Questions 129

A security engineer was auditing an organization’s current software development practice and discovered that multiple open-source libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops.

Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Options:

A.

Perform additional SAST/DAST on the open-source libraries.

B.

Implement the SDLC security guidelines.

C.

Track the library versions and monitor the CVE website for related vulnerabilities.

D.

Perform unit testing of the open-source libraries.

Buy Now
Questions 130

A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.

Which of the following would satisfy the requirement?

Options:

A.

NIDS

B.

NIPS

C.

WAF

D.

Reverse proxy

Buy Now
Questions 131

Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

Which of the following would be the BEST option to implement?

Options:

A.

Distributed connection allocation

B.

Local caching

C.

Content delivery network

D.

SD-WAN vertical heterogeneity

Buy Now
Questions 132

Which of the following are risks associated with vendor lock-in? (Choose two.)

Options:

A.

The client can seamlessly move data.

B.

The vendor can change product offerings.

C.

The client receives a sufficient level of service.

D.

The client experiences decreased quality of service.

E.

The client can leverage a multicloud approach.

F.

The client experiences increased interoperability.

Buy Now
Questions 133

An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Options:

A.

Kerberos and TACACS

B.

SAML and RADIUS

C.

OAuth and OpenID

D.

OTP and 802.1X

Buy Now
Exam Code: CAS-004
Exam Name: CompTIA Advanced Security Practitioner (CASP+) Exam
Last Update: Jul 14, 2024
Questions: 444

PDF + Testing Engine

$56  $159.99

Testing Engine

$42  $119.99
buy now CAS-004 testing engine

PDF (Q&A)

$35  $99.99
buy now CAS-004 pdf
dumpsmate guaranteed to pass
24/7 Customer Support

DumpsMate's team of experts is always available to respond your queries on exam preparation. Get professional answers on any topic of the certification syllabus. Our experts will thoroughly satisfy you.

Site Secure

mcafee secure

TESTED 21 Jul 2024