CAS-004 CompTIA SecurityX Certification Exam is now Stable and With Pass Result | Test Your Knowledge for Free

CAS-004 Practice Questions

CompTIA SecurityX Certification Exam

Last Update 1 day ago
Total Questions : 619

Dive into our fully updated and stable CAS-004 practice test platform, featuring all the latest CompTIA CASP exam questions added this week. Our preparation tool is more than just a CompTIA study aid; it's a strategic advantage.

Our free CompTIA CASP practice questions crafted to reflect the domains and difficulty of the actual exam. The detailed rationales explain the 'why' behind each answer, reinforcing key concepts about CAS-004. Use this test to pinpoint which areas you need to focus your study on.

CAS-004 PDF

$43.75
~~$124.99~~

Add to Cart

CAS-004 Testing Engine

$50.75
~~$144.99~~

Add to Cart

CAS-004 PDF + Testing Engine

$63.7
~~$181.99~~

Add to Cart

Question # 136

Which of the following testing plans is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions?

Options:

Disaster recovery checklist

Tabletop exercise

Full interruption test

Parallel test

Discussion 0

Question # 137

Which of the following indicates when a company might not be viable after a disaster?

Options:

Maximum tolerable downtime

Recovery time objective

Mean time to recovery

Annual loss expectancy

Discussion 0

Question # 138

A software company is developing an application in which data must be encrypted with a cipher that requires the following:

* Initialization vector

* Low latency

* Suitable for streaming

Which of the following ciphers should the company use?

Options:

Cipher feedback

Cipher block chaining message authentication code

Cipher block chaining

Electronic codebook

Discussion 0

Question # 139

A pharmaceutical company was recently compromised by ransomware. Given the following EDR output from the process investigation:

Question # 139

On which of the following devices and processes did the ransomware originate?

Options:

cpt-ws018, powershell.exe

cpt-ws026, DearCry.exe

cpt-ws002, NO-AV.exe

cpt-ws026, NO-AV.exe

cpt-ws002, DearCry.exe

Discussion 0

Question # 140

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Options:

Deploying a WAF signature

Fixing the PHP code

Changing the web server from HTTPS to HTTP

UsingSSLv3

Changing the code from PHP to ColdFusion

Updating the OpenSSL library

Discussion 0

Answer:

A, F

Explanation:

Deploying a web application firewall (WAF) signature is a way to detect and block attempts to exploit the Heartbleed vulnerability on the web server. A WAF signature is a pattern that matches a known attack vector, such as a malicious heartbeat request. By deploying a WAF signature, the company can protect its web application from Heartbleed attacks until the underlying vulnerability is fixed.

Updating the OpenSSL library is the ultimate way to fix and mitigate the Heartbleed vulnerability. The OpenSSL project released version 1.0.1g on April 7, 2014, which patched the bug by adding a bounds check to the heartbeat function. By updating the OpenSSL library on the web server, the company can eliminate the vulnerability and prevent any future exploitation.

Fixing the PHP code is not a way to resolve or mitigate the Heartbleed vulnerability, because the vulnerability is not in the PHP code, but in the OpenSSL library that handles the SSL/TLS encryption for the web server.

Changing the web server from HTTPS to HTTP is not a way to resolve or mitigate the Heartbleed vulnerability, because it would expose all the web traffic to eavesdropping and tampering by attackers. HTTPS provides confidentiality, integrity, and authentication for web communications, and should not be disabled for security reasons.

Using SSLv3 is not a way to resolve or mitigate the Heartbleed vulnerability, because SSLv3 is an outdated and insecure protocol that has been deprecated and replaced by TLS. SSLv3 does not support modern cipher suites, encryption algorithms, or security features, and is vulnerable to various attacks, such as POODL

Changing the code from PHP to ColdFusion is not a way to resolve or mitigate the Heartbleed vulnerability, because the vulnerability is not related to the programming language of the web application, but to the OpenSSL library that handles the SSL/TLS encryption for the web server.

https://owasp.org/www-community/vulnerabilities/Heartbleed_Bug

https://heartbleed.com/

Question # 141

A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

Options:

Resource exhaustion

Geographic location

Control plane breach

Vendor lock-in

Discussion 0

Question # 142

A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components. Which of the following should the company implement to ensure the architecture is portable?

Options:

Virtualized emulators

Type 2 hypervisors

Orchestration

Containerization

Discussion 0

Question # 143

Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Select TWO).

Options:

proxy

Tunneling

VDI

MDM

RDP

MAC address randomization

Discussion 0

Question # 144

Company A acquired Company

During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition, Company A is requiring the following:

• Before the merger is complete, users from both companies should use a single set of usernames and passwords.

• Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.

• Users from Company B should be able to access Company A's available resources.

Which of the following are the BEST solutions? (Select TWO).

Options:

Installing new Group Policy Object policies

Establishing one-way trust from Company B to Company A

Enabling multifactor authentication

Implementing attribute-based access control

Installing Company A's Kerberos systems in Company B's network

Updating login scripts

Discussion 0

Question # 145

A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

Options:

Implement iterative software releases.

Revise the scope of the project to use a waterfall approach

Change the scope of the project to use the spiral development methodology.

Perform continuous integration.

Discussion 0

Question # 146

A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

Options:

Certificate chain

Root CA

Certificate pinning

CRL

OCSP

Discussion 0

Question # 147

A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Select THREE).

Options:

Least privilege

VPN

Policy automation

PKI

Firewall

Continuous validation

Continuous integration

Discussion 0

Answer:

A, C, F

Explanation:

Least privilege, policy automation, and continuous validation are some of the key elements that need to be implemented to achieve the objective of transitioning to a zero trust architecture. Zero trust architecture is a security model that assumes no implicit trust for any entity or resource, regardless of their location or ownership. Zero trust architecture requires verifying every request and transaction before granting access or allowing data transfer. Zero trust architecture also requires minimizing the attack surface and reducing the risk of lateral movement by attackers.

Least privilege is a principle that states that every entity or resource should only have the minimum level of access or permissions necessary to perform its function. Least privilege can help enforce granular and dynamic policies that limit the exposure and impact of potential breaches. Least privilege can also help prevent privilege escalation and abuse by malicious insiders or compromised accounts.

Policy automation is a process that enables the creation, enforcement, and management of security policies using automated tools and workflows. Policy automation can help simplify and streamline the implementation of zero trust architecture by reducing human errors, inconsistencies, and delays. Policy automation can also help adapt to changing conditions and requirements by updating and applying policies in real time.

Continuous validation is a process that involves verifying the identity, context, and risk level of every request and transaction throughout its lifecycle. Continuous validation can help ensure that only authorized and legitimate requests and transactions are allowed to access or transfer data. Continuous validation can also help detect and respond to anomalies or threats by revoking access or terminating sessions if the risk level changes.

VPN is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. VPN stands for Virtual Private Network, which is a technology that creates a secure tunnel between a device and a network over the internet. VPN can provide confidentiality, integrity, and authentication for network communications, but it does not providezero trust security by itself. VPN still relies on network-based perimeters and does not verify every request or transaction at a granular level.

PKI is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. PKI stands for Public Key Infrastructure, which is a system that manages the creation, distribution, and verification of certificates. Certificates are digital documents that contain public keys and identity information of their owners. Certificates can be used to prove the identity and authenticity of the certificate holders, as well as to encrypt and sign data. PKI can provide encryption and authentication for data communications, but it does not provide zero trust security by itself. PKI still relies on trusted authorities and does not verify every request or transaction at a granular level.

Firewall is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. Firewall is a device or software that monitors and controls incoming and outgoing network traffic based on predefined rules. Firewall can provide protection against unauthorized or malicious network access, but it does not provide zero trust security by itself. Firewall still relies on network-based perimeters and does not verify every request or transaction at a granular level.

Continuous integration is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. Continuous integration is a software development practice that involves merging code changes from multiple developers into a shared repository frequently and automatically. Continuous integration can help improve the quality, reliability, and performance of software products, but it does not provide zero trust security by itself. Continuous integration still relies on code-based quality assurance and does not verify every request or transaction at a granular level.

H. IaaS is not an element that needs to be implemented to achieve the objective of transitioning to a zero trust architecture. IaaS stands for Infrastructure as a Service, which is a cloud computing model that provides virtualized computing resources over the internet. IaaS can provide scalability, flexibility, and cost-efficiency for IT infrastructure, but it does not provide zero trust security by itself. IaaS still relies on cloud-based security controls and does not verify every request or transaction at a granular level.

Question # 148

A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in

the service being unavailable. V•Vh1ch of the following would BEST prevent this scenario from happening again?

Options:

Performing routine tabletop exercises

Implementing scheduled, full interruption tests

Backing up system log reviews

Performing department disaster recovery walk-throughs

Discussion 0

Question # 149

A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:

• Maintain customer trust

• Minimize data leakage

• Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

Options:

Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.

Disable file exchange, enable watermarking, and enable the user authentication requirement.

Enable end-to-end encryption, disable video recording, and disable file exchange.

Enable watermarking, enable the user authentication requirement, and disable video recording.

Discussion 0

Question # 150

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form Of web identity validation

• Encryption of all web transactions

• The strongest encryption in-transit

• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.

• The company wants to minimize total expenditure.

• The company wants to minimize complexity

Which of the following should the company implement on its new website? (Select TWO).

Options:

Wildcard certificate

EV certificate

Mutual authentication

Certificate pinning

SSO

HSTS

Discussion 0

Get CAS-004 dumps and pass your exam in 24 hours!

Pre-Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 65pass65

CAS-004 CompTIA SecurityX Certification Exam is now Stable and With Pass Result | Test Your Knowledge for Free

CAS-004 Practice Questions

CAS-004 PDF

CAS-004 Testing Engine

CAS-004 PDF + Testing Engine

Options:

Options:

Options:

Options:

Options:

Answer:

Explanation:

Options:

Options:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Options:

Options:

Answer:

Explanation:

Options:

Options:

Options:

Answer:

Explanation:

Free Exams Sample Questions

We Accept

Secure Site

Customer Review

Money Back Guarantee