Valentine Day Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 2493360325

Good News !!! CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam is now Stable and With Pass Result

CAS-004 Practice Exam Questions and Answers

CompTIA Advanced Security Practitioner (CASP+) Exam

Last Update 3 days ago
Total Questions : 343

CAS-004 is stable now with all latest exam questions are added 3 days ago. Just download our Full package and start your journey with CompTIA Advanced Security Practitioner (CASP+) Exam certification. All these CompTIA CAS-004 practice exam questions are real and verified by our Experts in the related industry fields.

CAS-004 PDF

CAS-004 PDF (Printable)
$48
$119.99

CAS-004 Testing Engine

CAS-004 PDF (Printable)
$56
$139.99

CAS-004 PDF + Testing Engine

CAS-004 PDF (Printable)
$70.8
$176.99
Question # 1

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?

Options:

A.  

Investigating a potential threat identified in logs related to the identity management system

B.  

Updating the identity management system to use discretionary access control

C.  

Beginning research on two-factor authentication to later introduce into the identity management system

D.  

Working with procurement and creating a requirements document to select a new IAM system/vendor

Discussion 0
Question # 2

A company's Chief Information Officer wants to Implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide Information on attempted attacks, and provide analysis of malicious activities to determine the processes or users Involved. Which of the following would provide this information?

Options:

A.  

HIPS

B.  

UEBA

C.  

HlDS

D.  

NIDS

Discussion 0
Question # 3

An organization is assessing the security posture of a new SaaS CRM system that handles sensitive Pll and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:

1- There will be a $20,000 per day revenue loss for each day the system is delayed going into production.

2- The inherent risk is high.

3- The residual risk is low.

4- There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

Options:

A.  

Apply for a security exemption, as the risk is too high to accept.

B.  

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

C.  

Accept the risk, as compensating controls have been implemented to manage the risk.

D.  

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

Discussion 0
Question # 4

A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials. Which of the following features will enable the business to meet this objective?

Options:

A.  

Simultaneous Authentication of Equals

B.  

Enhanced open

C.  

Perfect forward secrecy

D.  

Extensible Authentication Protocol

Discussion 0
Question # 5

A security architect is designing a solution for a new customer who requires significant security capabilities in its environment. The customer has provided the architect with the following set of requirements:

* Capable of early detection of advanced persistent threats.

* Must be transparent to users and cause no performance degradation.

+ Allow integration with production and development networks seamlessly.

+ Enable the security team to hunt and investigate live exploitation techniques.

Which of the following technologies BEST meets the customer's requirements for security capabilities?

A.  

Threat Intelligence

B.  

Deception software

C.  

Centralized logging

D.  

Sandbox detonation

Options:

Discussion 0
Question # 6

A healthcare system recently suffered from a ransomware incident As a result the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Select THREE).

Options:

A.  

SD-WAN

B.  

PAM

C.  

Remote access VPN

D.  

MFA

E.  

Network segmentation

F.  

BGP

G.  

NAC

Discussion 0
Question # 7

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

Options:

A.  

The company will have access to the latest version to continue development.

B.  

The company will be able to force the third-party developer to continue support.

C.  

The company will be able to manage the third-party developer’s development process.

D.  

The company will be paid by the third-party developer to hire a new development team.

Discussion 0
Question # 8

A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.

Which of the following should the company use to prevent data theft?

Options:

A.  

Watermarking

B.  

DRM

C.  

NDA

D.  

Access logging

Discussion 0
Question # 9

Which of the following is the MOST important cloud-specific risk from the CSP’s viewpoint?

Options:

A.  

Isolation control failure

B.  

Management plane breach

C.  

Insecure data deletion

D.  

Resource exhaustion

Discussion 0
Question # 10

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options:

A.  

TPM

B.  

Local secure password file

C.  

MFA

D.  

Key vault

Discussion 0
Question # 11

An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.

Which of the following is the MOST cost-effective solution?

Options:

A.  

Move the server to a cloud provider.

B.  

Change the operating system.

C.  

Buy a new server and create an active-active cluster.

D.  

Upgrade the server with a new one.

Discussion 0
Question # 12

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

Options:

A.  

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.  

Required all laptops to connect to the VPN before accessing email.

C.  

Implement cloud-based content filtering with sandboxing capabilities.

D.  

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Discussion 0
Question # 13

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

Which of the following historian server locations will allow the business to get the required reports in an ОТ and IT environment?

Options:

A.  

In the ОТ environment, use a VPN from the IT environment into the ОТ environment.

B.  

In the ОТ environment, allow IT traffic into the ОТ environment.

C.  

In the IT environment, allow PLCs to send data from the ОТ environment to the IT environment.

D.  

Use a screened subnet between the ОТ and IT environments.

Discussion 0
Question # 14

A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:

Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

Options:

A.  

Add the objects of concern to the default context.

B.  

Set the devices to enforcing

C.  

Create separate domain and context files for irc.

D.  

Rebuild the policy, reinstall, and test.

Discussion 0
Question # 15

A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system. Which of the following security responsibilities will the DevOps team need to perform?

Options:

A.  

Securely configure the authentication mechanisms

B.  

Patch the infrastructure at the operating system

C.  

Execute port scanning against the services

D.  

Upgrade the service as part of life-cycle management

Discussion 0
Question # 16

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

Options:

A.  

Scan the code with a static code analyzer, change privileged user passwords, and provide security training.

B.  

Change privileged usernames, review the OS logs, and deploy hardware tokens.

C.  

Implement MFA, review the application logs, and deploy a WA

F.  

D.  

Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

Discussion 0
Question # 17

A company wants to improve Its active protection capabilities against unknown and zero-day malware. Which of the following Is the MOST secure solution?

Options:

A.  

NIDS

B.  

Application allow list

C.  

Sandbox detonation

D.  

Endpoint log collection

E.  

HIDS

Discussion 0
Question # 18

A recent data breach stemmed from unauthorized access to an employee’s company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.

Which of the following BEST mitigates inappropriate access and permissions issues?

Options:

A.  

SIEM

B.  

CASB

C.  

WAF

D.  

SOAR

Discussion 0
Question # 19

Which of the following are risks associated with vendor lock-in? (Choose two.)

Options:

A.  

The client can seamlessly move data.

B.  

The vendor can change product offerings.

C.  

The client receives a sufficient level of service.

D.  

The client experiences decreased quality of service.

E.  

The client can leverage a multicloud approach.

F.  

The client experiences increased interoperability.

Discussion 0
Question # 20

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

Question # 20

Which of the following ciphers should the security analyst remove to support the business requirements?

Options:

A.  

TLS_AES_128_CCM_8_SHA256

B.  

TLS_DHE_DSS_WITH_RC4_128_SHA

C.  

TLS_CHACHA20_POLY1305_SHA256

D.  

TLS_AES_128_GCM_SHA256

Discussion 0
Question # 21

A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements:

♦ Work at the application layer

♦ Send alerts on attacks from both privileged and malicious users

♦ Have a very low false positive

Which of the following should the architect recommend?

Options:

A.  

FIM

B.  

WAF

C.  

NIPS

D.  

DAM

E.  

UTM

Discussion 0
Question # 22

An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

Options:

A.  

Peer-to-peer secure communications enabled by mobile applications

B.  

Proxied application data connections enabled by API gateways

C.  

Microsegmentation enabled by software-defined networking

D.  

VLANs enabled by network infrastructure devices

Discussion 0
Question # 23

A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

Options:

A.  

X-Forwarded-Proto

B.  

X-Forwarded-For

C.  

Cache-Control

D.  

Strict-Transport-Security

E.  

Content-Security-Policy

Discussion 0
Question # 24

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.

Which of the following phases establishes the identification and prioritization of critical systems and functions?

Options:

A.  

Review a recent gap analysis.

B.  

Perform a cost-benefit analysis.

C.  

Conduct a business impact analysis.

D.  

Develop an exposure factor matrix.

Discussion 0
Question # 25

A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

Question # 25

Which of the following MOST appropriate corrective action to document for this finding?

Options:

A.  

The product owner should perform a business impact assessment regarding the ability to implement a WA

F.  

B.  

The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

C.  

The system administrator should evaluate dependencies and perform upgrade as necessary.

D.  

The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

Discussion 0
Question # 26

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Options:

A.  

Execute never

B.  

No-execute

C.  

Total memory encryption

D.  

Virtual memory encryption

Discussion 0
Question # 27

A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.

Which of the following will allow the inspection of the data without multiple certificate deployments?

Options:

A.  

Include all available cipher suites.

B.  

Create a wildcard certificate.

C.  

Use a third-party C

A.  

D.  

Implement certificate pinning.

Discussion 0
Question # 28

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Options:

A.  

Lattice-based cryptography

B.  

Quantum computing

C.  

Asymmetric cryptography

D.  

Homomorphic encryption

Discussion 0
Question # 29

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

Options:

A.  

Create a full inventory of information and data assets.

B.  

Ascertain the impact of an attack on the availability of crucial resources.

C.  

Determine which security compliance standards should be followed.

D.  

Perform a full system penetration test to determine the vulnerabilities.

Discussion 0
Question # 30

A municipal department receives telemetry data from a third-party provider The server collecting telemetry sits in the municipal departments screened network and accepts connections from the third party over HTTPS. The daemon has a code execution vulnerability from a lack of input sanitization of out-of-bound messages, and therefore, the cybersecurity engineers would like to Implement nsk mitigations. Which of the following actions, if combined, would BEST prevent exploitation of this vulnerability? (Select TWO).

Options:

A.  

Implementing a TLS inspection proxy on-path to enable monitoring and policy enforcement

B.  

Creating a Linux namespace on the telemetry server and adding to it the servicing HTTP daemon

C.  

Installing and configuring filesystem integrity monitoring service on the telemetry server

D.  

Implementing an EDR and alert on Identified privilege escalation attempts to the SIEM

E.  

Subscribing to a UTM service that enforces privacy controls between the internal network and the screened subnet

F.  

Using the published data schema to monitor and block off nominal telemetry messages

Discussion 0
Question # 31

A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:

Must have a minimum of 15 characters

Must use one number

Must use one capital letter

Must not be one of the last 12 passwords used

Which of the following policies should be added to provide additional security?

Options:

A.  

Shared accounts

B.  

Password complexity

C.  

Account lockout

D.  

Password history

E.  

Time-based logins

Discussion 0
Question # 32

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

Options:

A.  

Utilize code signing by a trusted third party.

B.  

Implement certificate-based authentication.

C.  

Verify MD5 hashes.

D.  

Compress the program with a password.

E.  

Encrypt with 3DES.

F.  

Make the DACL read-only.

Discussion 0
Question # 33

Which of the following controls primarily detects abuse of privilege but does not prevent it?

Options:

A.  

Off-boarding

B.  

Separation of duties

C.  

Least privilege

D.  

Job rotation

Discussion 0
Question # 34

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

Options:

A.  

A trusted platform module

B.  

A hardware security module

C.  

A localized key store

D.  

A public key infrastructure

Discussion 0
Question # 35

A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?

Options:

A.  

Accept

B.  

Avoid

C.  

Transfer

D.  

Mitigate

Discussion 0
Question # 36

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

Options:

A.  

Data loss detection, reverse proxy, EDR, and PGP

B.  

VDI, proxy, CASB, and DRM

C.  

Watermarking, forward proxy, DLP, and MFA

D.  

Proxy, secure VPN, endpoint encryption, and AV

Discussion 0
Question # 37

A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

Options:

A.  

Inherent

Low

B.  

Mitigated

C.  

Residual

D.  

Transferred

Discussion 0
Question # 38

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.

Which of the following is t he NEXT step of the incident response plan?

Options:

A.  

Remediation

B.  

Containment

C.  

Response

D.  

Recovery

Discussion 0
Question # 39

A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODB

C.  

The following query behavior was captured:

Question # 39

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

A) Personal health information: Inform the human resources department of the breach and review the DLP logs.

В) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.

C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.

D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 40

A software development company makes Its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website. Which of the following would be the BEST technique to ensure the software the users download is the official software released by the company?

Options:

A.  

Distribute the software via a third-party repository.

B.  

Close the web repository and deliver the software via email.

C.  

Email the software link to all customers.

D.  

Display the SHA checksum on the website.

Discussion 0
Question # 41

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.

Which of the following commands should the analyst run to BEST determine whether financial data was lost?

Question # 41

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Question # 42

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:

Unstructured data being exfiltrated after an employee leaves the organization

Data being exfiltrated as a result of compromised credentials

Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

Options:

A.  

Mobile device management, remote wipe, and data loss detection

B.  

Conditional access, DoH, and full disk encryption

C.  

Mobile application management, MFA, and DRM

D.  

Certificates, DLP, and geofencing

Discussion 0
Question # 43

The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal?

Options:

A.  

BYOO

B.  

CYOD

C.  

COPE

D.  

MDM

Discussion 0
Question # 44

A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.

A security engineer is concerned about the security of the solution and notes the following.

* The critical devise send cleartext logs to the aggregator.

* The log aggregator utilize full disk encryption.

* The log aggregator sends to the analysis server via port 80.

* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.

* The data is compressed and encrypted prior to being achieved in the cloud.

Which of the following should be the engineer’s GREATEST concern?

Options:

A.  

Hardware vulnerabilities introduced by the log aggregate server

B.  

Network bridging from a remote access VPN

C.  

Encryption of data in transit

D.  

Multinancy and data remnants in the cloud

Discussion 0
Question # 45

A financial institution has several that currently employ the following controls:

* The severs follow a monthly patching cycle.

* All changes must go through a change management process.

* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

Options:

A.  

Require more than one approver for all change management requests.

B.  

Implement file integrity monitoring with automated alerts on the servers.

C.  

Disable automatic patch update capabilities on the servers

D.  

Enhanced audit logging on the jump servers and ship the logs to the SIEM.

Discussion 0
Question # 46

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

Options:

A.  

Text editor

B.  

OOXML editor

C.  

Event Viewer

D.  

XML style sheet

E.  

SCAP tool

F.  

Debugging utility

Discussion 0
Question # 47

A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

• The PostgreSQL server must only allow connectivity in the 10.1.2.0/24

subnet.

• The SSH daemon on the database server must be configured to listen

to port 4022.

• The SSH daemon must only accept connections from a Single

workstation.

• All host-based firewalls must be disabled on all workstations.

• All devices must have the latest updates from within the past eight

days.

• All HDDs must be configured to secure data at rest.

• Cleartext services are not allowed.

• All devices must be hardened when possible.

Instructions:

Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.

Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA ssh

Question # 47

WAP A

Question # 47

PC A

Question # 47

Laptop A

Question # 47

Switch A

Question # 47

Switch B:

Question # 47

Laptop B

Question # 47

PC B

Question # 47

PC C

Question # 47

Server A

Question # 47

Question # 47

Question # 47

Question # 47

Question # 47

Options:

Discussion 0
Question # 48

A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?

Options:

A.  

Hybrid IaaS solution in a single-tenancy cloud

B.  

Pass solution in a multinency cloud

C.  

SaaS solution in a community cloud

D.  

Private SaaS solution in a single tenancy cloud.

Discussion 0
Question # 49

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Options:

A.  

Deploying a WAF signature

B.  

Fixing the PHP code

C.  

Changing the web server from HTTPS to HTTP

D.  

UsingSSLv3

E.  

Changing the code from PHP to ColdFusion

F.  

Updating the OpenSSL library

Discussion 0
Question # 50

An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images. Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).

Options:

A.  

Document interpolation

B.  

Regular expression pattern matching

C.  

Optical character recognition functionality

D.  

Baseline image matching

E.  

Advanced rasterization

F.  

Watermarking

Discussion 0
Question # 51

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Options:

A.  

Implement a VPN for all APIs.

B.  

Sign the key with DS

A.  

C.  

Deploy MFA for the service accounts.

D.  

Utilize HMAC for the keys.

Discussion 0
Question # 52

A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee’ PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

Options:

A.  

The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.

B.  

The DHCP server has a reservation for the PC’s MAC address for the wired interface.

C.  

The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.

D.  

The DHCP server is unavailable, so no IP address is being sent back to the P

C.  

Discussion 0
Question # 53

A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.

Which of the following should a security architect recommend?

Options:

A.  

A DLP program to identify which files have customer data and delete them

B.  

An ERP program to identify which processes need to be tracked

C.  

A CMDB to report on systems that are not configured to security baselines

D.  

A CRM application to consolidate the data and provision access based on the process and need

Discussion 0
Question # 54

An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS components. of the following TPM structures enables this storage functionality?

Options:

A.  

Endorsement tickets

B.  

Clock/counter structures

C.  

Command tag structures with MAC schemes

D.  

Platform configuration registers

Discussion 0
Question # 55

An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic. The organization is not sure how well its products will be received. To address this issue, the organization needs to ensure that:

* System capacity is optimized.

* Cost is reduced.

Which of the following should be implemented to address these requirements? (Select TWO).

Options:

A.  

Containerization

B.  

Load balancer

C.  

Microsegmentation

D.  

Autoscaling

E.  

CDN

F.  

WAF

Discussion 0
Question # 56

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

The company can control what SaaS applications each individual user can access.

User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

Options:

A.  

IAM gateway, MDM, and reverse proxy

B.  

VPN, CASB, and secure web gateway

C.  

SSL tunnel, DLP, and host-based firewall

D.  

API gateway, UEM, and forward proxy

Discussion 0
Question # 57

Company A acquired Company В. During an audit, a security engineer found Company B’s environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A’s security program.

Which of the following risk-handling techniques was used?

Options:

A.  

Accept

B.  

Avoid

C.  

Transfer

D.  

Mitigate

Discussion 0
Question # 58

An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted C

A.  

Which of the following is MOST likely the cause of the signature failing?

Options:

A.  

The NTP server is set incorrectly for the developers.

B.  

The CA has included the certificate in its CRL_

C.  

The certificate is set for the wrong key usage.

D.  

Each application is missing a SAN or wildcard entry on the certificate.

Discussion 0
Question # 59

A host on a company’s network has been infected by a worm that appears to be spreading via SM

B.  

A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?

Options:

A.  

Turn off the infected host immediately.

B.  

Run a full anti-malware scan on the infected host.

C.  

Modify the smb.conf file of the host to prevent outgoing SMB connections.

D.  

Isolate the infected host from the network by removing all network connections.

Discussion 0
Question # 60

Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.

Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

Options:

A.  

Implement rate limiting on the API.

B.  

Implement geoblocking on the WA

F.  

C.  

Implement OAuth 2.0 on the API.

D.  

Implement input validation on the API.

Discussion 0
Question # 61

A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication.

Which of the following technologies would BEST meet this need?

Options:

A.  

Faraday cage

B.  

WPA2 PSK

C.  

WPA3 SAE

D.  

WEP 128 bit

Discussion 0
Question # 62

An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Options:

A.  

Kerberos and TACACS

B.  

SAML and RADIUS

C.  

OAuth and OpenID

D.  

OTP and 802.1X

Discussion 0
Question # 63

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

Options:

A.  

Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.

B.  

Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

C.  

Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

D.  

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’s rating. Report finding units that rely on the suppliers and the various risk teams.

Discussion 0
Question # 64

A company Invested a total of $10 million lor a new storage solution Installed across live on-site datacenters. Fitly percent of the cost of this Investment was for solid-state storage. Due to the high rate of wear on this storage, the company Is estimating that 5% will need to be replaced per year. Which of the following is the ALE due to storage replacement?

Options:

A.  

$50,000

B.  

$125,000

C.  

$250,000

D.  

$500.000

E.  

$51,000,000

Discussion 0
Question # 65

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

Options:

A.  

0.5

B.  

8

C.  

50

D.  

36,500

Discussion 0
Question # 66

A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.

Which of the following should be modified to prevent the issue from reoccurring?

Options:

A.  

Recovery point objective

B.  

Recovery time objective

C.  

Mission-essential functions

D.  

Recovery service level

Discussion 0
Question # 67

A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?

Options:

A.  

Eavesdropping

B.  

On-path

C.  

Cryptanalysis

D.  

Code signing

E.  

RF sidelobe sniffing

Discussion 0
Question # 68

An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PI I and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:

1) There will be a 520,000 per day revenue loss for each day the system is delayed going into production.

2) The inherent risk is high.

3) The residual risk is low.

4) There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

Options:

A.  

Apply for a security exemption, as the risk is too high to accept.

B.  

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

C.  

Accept the risk, as compensating controls have been implemented to manage the risk.

D.  

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

Discussion 0
Question # 69

Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

Options:

A.  

Remote provider BCDR

B.  

Cloud provider BCDR

C.  

Alternative provider BCDR

D.  

Primary provider BCDR

Discussion 0
Question # 70

A security analyst needs to recommend a remediation to the following threat:

Question # 70

Which of the following actions should the security analyst propose to prevent this successful exploitation?

Options:

A.  

Patch the system.

B.  

Update the antivirus.

C.  

Install a host-based firewall.

D.  

Enable TLS 1.2.

Discussion 0
Question # 71

A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.

Which of the following offers an authoritative decision about whether the evidence was obtained legally?

Options:

A.  

Lawyers

B.  

Court

C.  

Upper management team

D.  

Police

Discussion 0
Question # 72

A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs:

Question # 72

The security engineer looks at the UTM firewall rules and finds the following:

Question # 72

Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?

Options:

A.  

Contact the email service provider and ask if the company IP is blocked.

B.  

Confirm the email server certificate is installed on the corporate computers.

C.  

Make sure the UTM certificate is imported on the corporate computers.

D.  

Create an IMAPS firewall rule to ensure email is allowed.

Discussion 0
Question # 73

A security analyst observes the following while looking through network traffic in a company's cloud log:

Question # 73

Which of the following steps should the security analyst take FIRST?

Options:

A.  

Quarantine 10.0.5.52 and run a malware scan against the host.

B.  

Access 10.0.5.52 via EDR and identify processes that have network connections.

C.  

Isolate 10.0.50.6 via security groups.

D.  

Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

Discussion 0
Question # 74

Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

Options:

A.  

Traffic interceptor log analysis

B.  

Log reduction and visualization tools

C.  

Proof of work analysis

D.  

Ledger analysis software

Discussion 0
Question # 75

A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for

the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which

of the following would BEST achieve this objective?

Options:

A.  

Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.

B.  

Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies.

C.  

Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.

D.  

Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.

Discussion 0
Question # 76

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:

1. The network supports core applications that have 99.99% uptime.

2. Configuration updates to the SD-WAN routers can only be initiated from the management service.

3. Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the requirements?

Options:

A.  

Reverse proxy, stateful firewalls, and VPNs at the local sites

B.  

IDSs, WAFs, and forward proxy IDS

C.  

DoS protection at the hub site, mutual certificate authentication, and cloud proxy

D.  

IPSs at the hub, Layer 4 firewalls, and DLP

Discussion 0
Question # 77

An enterprise is undergoing an audit to review change management activities when promoting code to production. The audit reveals the following:

• Some developers can directly publish code to the production environment.

• Static code reviews are performed adequately.

• Vulnerability scanning occurs on a regularly scheduled basis per policy.

Which of the following should be noted as a recommendation within the audit report?

Options:

A.  

Implement short maintenance windows.

B.  

Perform periodic account reviews.

C.  

Implement job rotation.

D.  

Improve separation of duties.

Discussion 0
Question # 78

An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack?

Options:

A.  

A turbine would overheat and cause physical harm.

B.  

The engineers would need to go to the historian.

C.  

The SCADA equipment could not be maintained.

D.  

Data would be exfiltrated through the data diodes.

Discussion 0
Question # 79

A company security engineer arrives at work to face the following scenario:

1) Website defacement

2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand

3) A Job offer from the company's competitor

4) A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data

Which of the following threat actors Is MOST likely involved?

Options:

A.  

Organized crime

B.  

Script kiddie

C.  

APT/nation-state

D.  

Competitor

Discussion 0
Question # 80

As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver’s licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation.

Which of the following BEST describes this process?

Options:

A.  

Deepfake

B.  

Know your customer

C.  

Identity proofing

D.  

Passwordless

Discussion 0
Question # 81

A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.

Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

Options:

A.  

Union filesystem overlay

B.  

Cgroups

C.  

Linux namespaces

D.  

Device mapper

Discussion 0
Question # 82

An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?

Options:

A.  

SLA

B.  

ISA

C.  

NDA

D.  

MOU

Discussion 0
Question # 83

A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.

Which of the following commands would be the BEST to run to view only active Internet connections?

Options:

A.  

sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’

B.  

sudo netstat -nlt -p | grep “ESTABLISHED”

C.  

sudo netstat -plntu | grep -v “Foreign Address”

D.  

sudo netstat -pnut -w | column -t -s $’\w’

E.  

sudo netstat -pnut | grep -P ^tcp

Discussion 0
Question # 84

A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.

Which of the following would BEST safeguard the APIs? (Choose two.)

Options:

A.  

Bot protection

B.  

OAuth 2.0

C.  

Input validation

D.  

Autoscaling endpoints

E.  

Rate limiting

F.  

CSRF protection

Discussion 0
Question # 85

An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.

Which of the following describes the administrator’s discovery?

Options:

A.  

A vulnerability

B.  

A threat

C.  

A breach

D.  

A risk

Discussion 0
Get CAS-004 dumps and pass your exam in 24 hours!

Free Exams Sample Questions