March Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam Questions and Answers

Questions 4

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

Options:

A.

Increased network latency

B.

Unavailable of key escrow

C.

Inability to selected AES-256 encryption

D.

Removal of user authentication requirements

Buy Now
Questions 5

A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:

CAS-004 Question 5

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

A) Personal health information: Inform the human resources department of the breach and review the DLP logs.

В) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.

C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.

D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 6

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

Options:

A.

E-discovery

B.

Review analysis

C.

Information governance

D.

Chain of custody

Buy Now
Questions 7

An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely. Which of the following features of these devices MOST likely led to this decision? (Select TWO.)

Options:

A.

Software-backed keystore

B.

Embedded cryptoprocessor

C.

Hardware-backed public key storage

D.

Support for stream ciphers

E.

Decentralized key management

F.

TPM 2.0 attestation services

Buy Now
Questions 8

A software house is developing a new application. The application has the following requirements:

Reduce the number of credential requests as much as possible

Integrate with social networks

Authenticate users

Which of the following is the BEST federation method to use for the application?

Options:

A.

WS-Federation

B.

OpenID

C.

OAuth

D.

SAML

Buy Now
Questions 9

An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic. The organization is not sure how well its products will be received. To address this issue, the organization needs to ensure that:

* System capacity is optimized.

* Cost is reduced.

Which of the following should be implemented to address these requirements? (Select TWO).

Options:

A.

Containerization

B.

Load balancer

C.

Microsegmentation

D.

Autoscaling

E.

CDN

F.

WAF

Buy Now
Questions 10

Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?

Options:

A.

Zigbee

B.

CAN

C.

DNP3

D.

Modbus

Buy Now
Questions 11

In order to save money, a company has moved its data to the cloud with a low-cost provider. The company did not perform a security review prior to the move; however, the company requires all of its data to be stored within the country where the headquarters is located. A new employee on the security team has been asked to evaluate the current provider against the most important requirements. The current cloud provider that the company is using offers:

• Only multitenant cloud hosting

• Minimal physical security

• Few access controls

• No access to the data center

The following information has been uncovered:

• The company is located in a known floodplain, which flooded last year.

• Government regulations require data to be stored within the country.

Which of the following should be addressed first?

Options:

A.

Update the disaster recovery plan to account for natural disasters.

B.

Establish a new memorandum of understanding with the cloud provider.

C.

Establish a new service-level agreement with the cloud provider.

D.

Provision services according to the appropriate legal requirements.

Buy Now
Questions 12

A cyberanalyst for a government agency is concerned about how Pll is protected A supervisor indicates that a Privacy Impact Assessment must be done. Which of the following describes a function of a Privacy Impact Assessment?

Options:

A.

To validate the project participants

B.

To identify the network ports

C.

To document residual risks

D.

To evaluate threat acceptance

Buy Now
Questions 13

A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways:

• Five numerical digits followed by a dash, followed by four numerical digits; or

• Five numerical digits

When one of these IOCs is identified, the online process stops working. Which of the following regular expressions should be implemented in the NIPS?

Options:

A.

^\d{4}(-\d{5})?$

B.

^\d{5}(-\d{4})?$

C.

^\d{5-4}$

D.

^\d{9}$

Buy Now
Questions 14

A security manager has written an incident response playbook for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook?

Options:

A.

Automated vulnerability scanning

B.

Centralized logging, data analytics, and visualization

C.

Threat hunting

D.

Threat emulation

Buy Now
Questions 15

A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

• The PostgreSQL server must only allow connectivity in the 10.1.2.0/24

subnet.

• The SSH daemon on the database server must be configured to listen

to port 4022.

• The SSH daemon must only accept connections from a Single

workstation.

• All host-based firewalls must be disabled on all workstations.

• All devices must have the latest updates from within the past eight

days.

• All HDDs must be configured to secure data at rest.

• Cleartext services are not allowed.

• All devices must be hardened when possible.

Instructions:

Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.

Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA ssh

CAS-004 Question 15

WAP A

CAS-004 Question 15

PC A

CAS-004 Question 15

Laptop A

CAS-004 Question 15

Switch A

CAS-004 Question 15

Switch B:

CAS-004 Question 15

Laptop B

CAS-004 Question 15

PC B

CAS-004 Question 15

PC C

CAS-004 Question 15

Server A

CAS-004 Question 15

CAS-004 Question 15

CAS-004 Question 15

CAS-004 Question 15

CAS-004 Question 15

Options:

Buy Now
Questions 16

A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?

Options:

A.

Develop an Nmap plug-in to detect the indicator of compromise.

B.

Update the organization's group policy.

C.

Include the signature in the vulnerability scanning tool.

D.

Deliver an updated threat signature throughout the EDR system

Buy Now
Questions 17

In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?

Options:

A.

Application-specific data assets

B.

Application user access management

C.

Application-specific logic and code

D.

Application/platform software

Buy Now
Questions 18

Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the

website and capturing tramc via Wire-shark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect

recommend?

Options:

A.

Adding more nodes to the web server clusters

B.

Changing the cipher algorithm used on the web server

C.

Implementing OCSP stapling on the server

D.

Upgrading to TLS 1.3

Buy Now
Questions 19

A security architect recommends replacing the company’s monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?

Options:

A.

Use a secrets management tool.

B.

‘Save secrets in key escrow.

C.

Store the secrets inside the Dockerfiles.

D.

Run all Dockerfles in a randomized namespace.

Buy Now
Questions 20

A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.

Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?

Options:

A.

True negative

B.

False negative

C.

False positive

D.

Non-automated response

Buy Now
Questions 21

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

Options:

A.

Properly configure a secure file transfer system to ensure file integrity.

B.

Have the external parties sign non-disclosure agreements before sending any images.

C.

Only share images with external parties that have worked with the firm previously.

D.

Utilize watermarks in the images that are specific to each external party.

Buy Now
Questions 22

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts most of the responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

Options:

A.

IaaS

B.

SaaS

C.

Faas

D.

PaaS

Buy Now
Questions 23

A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?

Options:

A.

ocsp

B.

CRL

C.

SAN

D.

CA

Buy Now
Questions 24

A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:

* www.mycompany.org

* www.mycompany.com

* campus.mycompany.com

* wiki. mycompany.org

The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

Options:

A.

Purchase one SAN certificate.

B.

Implement self-signed certificates.

C.

Purchase one certificate for each website.

D.

Purchase one wildcard certificate.

Buy Now
Questions 25

An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following

data:

• Clients successfully establish TLS connections to web services provided by the server.

• After establishing the connections, most client connections are renegotiated

• The renegotiated sessions use cipher suite SHR.

Which of the following is the MOST likely root cause?

Options:

A.

The clients disallow the use of modern cipher suites

B.

The web server is misconfigured to support HTTP/1.1.

C.

A ransomware payload dropper has been installed

D.

An entity is performing downgrade attacks on path

Buy Now
Questions 26

A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

Options:

A.

NAC

B.

WAF

C.

NIDS

D.

Reverse proxy

E.

NGFW

F.

Bastion host

Buy Now
Questions 27

In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

Options:

A.

cloud-native applications.

B.

containerization.

C.

serverless configurations.

D.

software-defined netWorking.

E.

secure access service edge.

Buy Now
Questions 28

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile

client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

• Mobile clients should verify the identity of all social media servers locally.

• Social media servers should improve TLS performance of their certificate status

• Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Buy Now
Questions 29

An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication?

Options:

A.

Perfect forward secrecy on both endpoints

B.

Shared secret for both endpoints

C.

Public keys on both endpoints

D.

A common public key on each endpoint

E.

A common private key on each endpoint

Buy Now
Questions 30

A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?

Options:

A.

NGFW for web traffic inspection and activity monitoring

B.

CSPM for application configuration control

C.

Targeted employee training and awareness exercises

D.

CASB for OAuth application permission control

Buy Now
Questions 31

A security analyst runs a vulnerability scan on a network administrator's workstation The network administrator has direct administrative access to the company's SSO web portal The vulnerability scan uncovers cntical vulnerabilities with equally high CVSS scores for the user's browser, OS, email client and an offline password manager Which of the following should the security analyst patch FIRST?

Options:

A.

Email client

B.

Password manager

C.

Browser

D.

OS

Buy Now
Questions 32

A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed. Which of the following is the MOST likely cause of the error?

Options:

A.

Lockout of privileged access account

B.

Duration of the BitLocker lockout period

C.

Failure of the Kerberos time drift sync

D.

Failure of TPM authentication

Buy Now
Questions 33

A security analyst for a managed service provider wants to implement the most up-to-date and effective security methodologies to provide clients with the best offerings. Which of the following resources

would the analyst MOST likely adopt?

Options:

A.

OSINT

B.

ISO

C.

MITRE ATT&CK

D.

OWASP

Buy Now
Questions 34

During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that

was running as a background process was no longer present. As a result, potentially useful evidence was lost. Which of the following should the security analyst have followed?

Options:

A.

Order of volatility

B.

Chain of custody

C.

Verification

D.

Secure storage

Buy Now
Questions 35

A security researcher detonated some malware in a lab environment and identified the following commands running from the EDR tool:

CAS-004 Question 35

With which of the following MITRE ATT&CK TTPs is the command associated? (Select TWO).

Options:

A.

Indirect command execution

B.

OS credential dumping

C.

Inhibit system recovery

D.

External remote services

E.

System information discovery

F.

Network denial of service

Buy Now
Questions 36

A security administrator wants to detect a potential forged sender claim in tt-e envelope of an email. Which of the following should the security administrator implement? (Select TWO).

Options:

A.

MX record

B.

DMARC

C.

SPF

D.

DNSSEC

E.

S/MIME

F.

TLS

Buy Now
Questions 37

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

Options:

A.

MD5-based envelope method

B.

HMAC SHA256

C.

PBKDF2

D.

PGP

Buy Now
Questions 38

A security analyst has been tasked with providing key information in the risk register. Which of the following outputs or results would be used to BEST provide the information needed to determine the

security posture for a risk decision? (Select TWO).

Options:

A.

Password cracker

B.

SCAP scanner

C.

Network traffic analyzer

D.

Vulnerability scanner

E.

Port scanner

F.

Protocol analyzer

Buy Now
Questions 39

A security consultant has been asked to recommend a secure network design that would:

• Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.

• Limit operational disruptions.

Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?

Options:

A.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.

B.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.

C.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.

D.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.

Buy Now
Questions 40

A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

Options:

A.

Certificate chain

B.

Root CA

C.

Certificate pinning

D.

CRL

E.

OCSP

Buy Now
Questions 41

A new, online file hosting service is being offered. The service has the following security requirements:

• Threats to customer data integrity and availability should be remediated first.

• The environment should be dynamic to match increasing customer demands.

• The solution should not interfere with customers" ability to access their data at anytime.

• Security analysts should focus on high-risk items.

Which of the following would BEST satisfy the requirements?

Options:

A.

Expanding the use of IPS and NGFW devices throughout the environment

B.

Increasing the number of analysts to Identify risks that need remediation

C.

Implementing a SOAR solution to address known threats

D.

Integrating enterprise threat feeds in the existing SIEM

Buy Now
Questions 42

An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?

Options:

A.

SLA

B.

ISA

C.

NDA

D.

MOU

Buy Now
Questions 43

A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

Options:

A.

Resource exhaustion

B.

Geographic location

C.

Control plane breach

D.

Vendor lock-in

Buy Now
Questions 44

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

Options:

A.

Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.

B.

Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.

C.

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

D.

Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.

Buy Now
Questions 45

A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.

Which of the following would provide the BEST boot loader protection?

Options:

A.

TPM

B.

HSM

C.

PKI

D.

UEFI/BIOS

Buy Now
Questions 46

Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.

Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

Options:

A.

Implement rate limiting on the API.

B.

Implement geoblocking on the WAF.

C.

Implement OAuth 2.0 on the API.

D.

Implement input validation on the API.

Buy Now
Questions 47

An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Options:

A.

Kerberos and TACACS

B.

SAML and RADIUS

C.

OAuth and OpenID

D.

OTP and 802.1X

Buy Now
Questions 48

A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.

Which of the following commands would be the BEST to run to view only active Internet connections?

Options:

A.

sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’

B.

sudo netstat -nlt -p | grep “ESTABLISHED”

C.

sudo netstat -plntu | grep -v “Foreign Address”

D.

sudo netstat -pnut -w | column -t -s $’\w’

E.

sudo netstat -pnut | grep -P ^tcp

Buy Now
Questions 49

A company is preparing to deploy a global service.

Which of the following must the company do to ensure GDPR compliance? (Choose two.)

Options:

A.

Inform users regarding what data is stored.

B.

Provide opt-in/out for marketing messages.

C.

Provide data deletion capabilities.

D.

Provide optional data encryption.

E.

Grant data access to third parties.

F.

Provide alternative authentication techniques.

Buy Now
Questions 50

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

Options:

A.

Monitor camera footage corresponding to a valid access request.

B.

Require both security and management to open the door.

C.

Require department managers to review denied-access requests.

D.

Issue new entry badges on a weekly basis.

Buy Now
Questions 51

In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company’s availability requirements. During a postmortem analysis, the following issues were highlighted:

1. International users reported latency when images on the web page were initially loading.

2. During times of report processing, users reported issues with inventory when attempting to place orders.

3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.

Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?

Options:

A.

Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance.

B.

Increase the bandwidth for the server that delivers images, use a CDN, change the database to a non-relational database, and split the ten API servers across two load balancers.

C.

Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load.

D.

Serve static-content object storage across different regions, increase the instance size on the managed relational database, and distribute the ten API servers across multiple regions.

Buy Now
Questions 52

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

Options:

A.

Scan the code with a static code analyzer, change privileged user passwords, and provide security training.

B.

Change privileged usernames, review the OS logs, and deploy hardware tokens.

C.

Implement MFA, review the application logs, and deploy a WAF.

D.

Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

Buy Now
Questions 53

An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

Options:

A.

Peer-to-peer secure communications enabled by mobile applications

B.

Proxied application data connections enabled by API gateways

C.

Microsegmentation enabled by software-defined networking

D.

VLANs enabled by network infrastructure devices

Buy Now
Questions 54

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

Options:

A.

Utilizing a trusted secrets manager

B.

Performing DAST on a weekly basis

C.

Introducing the use of container orchestration

D.

Deploying instance tagging

Buy Now
Questions 55

A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation:

graphic.linux_randomization.prg

Which of the following technologies would mitigate the manipulation of memory segments?

Options:

A.

NX bit

B.

ASLR

C.

DEP

D.

HSM

Buy Now
Questions 56

A security analyst is reviewing the following output:

CAS-004 Question 56

Which of the following would BEST mitigate this type of attack?

Options:

A.

Installing a network firewall

B.

Placing a WAF inline

C.

Implementing an IDS

D.

Deploying a honeypot

Buy Now
Questions 57

Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

Which of the following would be the BEST option to implement?

Options:

A.

Distributed connection allocation

B.

Local caching

C.

Content delivery network

D.

SD-WAN vertical heterogeneity

Buy Now
Questions 58

After a security incident, a network security engineer discovers that a portion of the company’s sensitive external traffic has been redirected through a secondary ISP that is not normally used.

Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

Options:

A.

Disable BGP and implement a single static route for each internal network.

B.

Implement a BGP route reflector.

C.

Implement an inbound BGP prefix list.

D.

Disable BGP and implement OSPF.

Buy Now
Questions 59

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

Which of the following historian server locations will allow the business to get the required reports in an ОТ and IT environment?

Options:

A.

In the ОТ environment, use a VPN from the IT environment into the ОТ environment.

B.

In the ОТ environment, allow IT traffic into the ОТ environment.

C.

In the IT environment, allow PLCs to send data from the ОТ environment to the IT environment.

D.

Use a screened subnet between the ОТ and IT environments.

Buy Now
Questions 60

A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is vulnerable to this active campaign.

Which of the following should the company use to make this determination?

Options:

A.

Threat hunting

B.

A system penetration test

C.

Log analysis within the SIEM tool

D.

The Cyber Kill Chain

Buy Now
Questions 61

A customer reports being unable to connect to a website at www.test.com to consume services. The customer notices the web application has the following published cipher suite:

CAS-004 Question 61

Which of the following is the MOST likely cause of the customer’s inability to connect?

Options:

A.

Weak ciphers are being used.

B.

The public key should be using ECDSA.

C.

The default should be on port 80.

D.

The server name should be test.com.

Buy Now
Questions 62

A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider’s network

Maintain compliance with company and regulatory guidelines

Detect and respond to insider threats, privileged user threats, and compromised accounts

Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these requirements?

Options:

A.

WAF

B.

CASB

C.

SWG

D.

DLP

Buy Now
Questions 63

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

The company can control what SaaS applications each individual user can access.

User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

Options:

A.

IAM gateway, MDM, and reverse proxy

B.

VPN, CASB, and secure web gateway

C.

SSL tunnel, DLP, and host-based firewall

D.

API gateway, UEM, and forward proxy

Buy Now
Questions 64

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

Options:

A.

Utilize code signing by a trusted third party.

B.

Implement certificate-based authentication.

C.

Verify MD5 hashes.

D.

Compress the program with a password.

E.

Encrypt with 3DES.

F.

Make the DACL read-only.

Buy Now
Questions 65

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Options:

A.

Implement a VPN for all APIs.

B.

Sign the key with DSA.

C.

Deploy MFA for the service accounts.

D.

Utilize HMAC for the keys.

Buy Now
Questions 66

A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.

Which of the following should the company use to prevent data theft?

Options:

A.

Watermarking

B.

DRM

C.

NDA

D.

Access logging

Buy Now
Questions 67

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

Options:

A.

0.5

B.

8

C.

50

D.

36,500

Buy Now
Questions 68

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

Options:

A.

The company will have access to the latest version to continue development.

B.

The company will be able to force the third-party developer to continue support.

C.

The company will be able to manage the third-party developer’s development process.

D.

The company will be paid by the third-party developer to hire a new development team.

Buy Now
Questions 69

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

The technician will define this threat as:

Options:

A.

a decrypting RSA using obsolete and weakened encryption attack.

B.

a zero-day attack.

C.

an advanced persistent threat.

D.

an on-path attack.

Buy Now
Questions 70

A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information.

Which of the following should the security engineer do to BEST manage the threats proactively?

Options:

A.

Join an information-sharing community that is relevant to the company.

B.

Leverage the MITRE ATT&CK framework to map the TTR.

C.

Use OSINT techniques to evaluate and analyze the threats.

D.

Update security awareness training to address new threats, such as best practices for data security.

Buy Now
Questions 71

A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.

Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

Options:

A.

Designing data protection schemes to mitigate the risk of loss due to multitenancy

B.

Implementing redundant stores and services across diverse CSPs for high availability

C.

Emulating OS and hardware architectures to blur operations from CSP view

D.

Purchasing managed FIM services to alert on detected modifications to covered data

Buy Now
Questions 72

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

Options:

A.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.

Required all laptops to connect to the VPN before accessing email.

C.

Implement cloud-based content filtering with sandboxing capabilities.

D.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Buy Now
Questions 73

A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

Options:

A.

Deploy an RA on each branch office.

B.

Use Delta CRLs at the branches.

C.

Configure clients to use OCSP.

D.

Send the new CRLs by using GPO.

Buy Now
Questions 74

A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.

Which of the following will allow the inspection of the data without multiple certificate deployments?

Options:

A.

Include all available cipher suites.

B.

Create a wildcard certificate.

C.

Use a third-party CA.

D.

Implement certificate pinning.

Buy Now
Questions 75

A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.

Which of the following techniques will MOST likely meet the business’s needs?

Options:

A.

Performing deep-packet inspection of all digital audio files

B.

Adding identifying filesystem metadata to the digital audio files

C.

Implementing steganography

D.

Purchasing and installing a DRM suite

Buy Now
Questions 76

A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

Which of the following solutions should the security architect recommend?

Options:

A.

Replace the current antivirus with an EDR solution.

B.

Remove the web proxy and install a UTM appliance.

C.

Implement a deny list feature on the endpoints.

D.

Add a firewall module on the current antivirus solution.

Buy Now
Questions 77

A security analyst observes the following while looking through network traffic in a company's cloud log:

CAS-004 Question 77

Which of the following steps should the security analyst take FIRST?

Options:

A.

Quarantine 10.0.5.52 and run a malware scan against the host.

B.

Access 10.0.5.52 via EDR and identify processes that have network connections.

C.

Isolate 10.0.50.6 via security groups.

D.

Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

Buy Now
Questions 78

A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

Options:

A.

SDLC

B.

OVAL

C.

IEEE

D.

OWASP

Buy Now
Questions 79

An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS components. of the following TPM structures enables this storage functionality?

Options:

A.

Endorsement tickets

B.

Clock/counter structures

C.

Command tag structures with MAC schemes

D.

Platform configuration registers

Buy Now
Questions 80

An enterprise is undergoing an audit to review change management activities when promoting code to production. The audit reveals the following:

• Some developers can directly publish code to the production environment.

• Static code reviews are performed adequately.

• Vulnerability scanning occurs on a regularly scheduled basis per policy.

Which of the following should be noted as a recommendation within the audit report?

Options:

A.

Implement short maintenance windows.

B.

Perform periodic account reviews.

C.

Implement job rotation.

D.

Improve separation of duties.

Buy Now
Questions 81

Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

Options:

A.

Modify the ACLS.

B.

Review the Active Directory.

C.

Update the marketing department's browser.

D.

Reconfigure the WAF.

Buy Now
Questions 82

A forensic investigator would use the foremost command for:

Options:

A.

cloning disks.

B.

analyzing network-captured packets.

C.

recovering lost files.

D.

extracting features such as email addresses

Buy Now
Questions 83

A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?

Options:

A.

Encryption in transit

B.

Legal issues

C.

Chain of custody

D.

Order of volatility

E.

Key exchange

Buy Now
Questions 84

A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company’s managed database, exposing customer information.

The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

Options:

A.

The pharmaceutical company

B.

The cloud software provider

C.

The web portal software vendor

D.

The database software vendor

Buy Now
Questions 85

A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.

When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ОТ network?

Options:

A.

Packets that are the wrong size or length

B.

Use of any non-DNP3 communication on a DNP3 port

C.

Multiple solicited responses over time

D.

Application of an unsupported encryption algorithm

Buy Now
Questions 86

A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

CAS-004 Question 86

As part of the image process, which of the following is the FIRST step the analyst should take?

Options:

A.

Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts

B.

Validate the final "Received" header against the DNS entry of the domain.

C.

Compare the 'Return-Path" and "Received" fields.

D.

Ignore the emails, as SPF validation is successful, and it is a false positive

Buy Now
Questions 87

A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?

Options:

A.

Eavesdropping

B.

On-path

C.

Cryptanalysis

D.

Code signing

E.

RF sidelobe sniffing

Buy Now
Questions 88

Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?

Options:

A.

The image must be password protected against changes.

B.

A hash value of the image must be computed.

C.

The disk containing the image must be placed in a seated container.

D.

A duplicate copy of the image must be maintained

Buy Now
Questions 89

city government's IT director was notified by the City council that the following cybersecurity requirements must be met to be awarded a large federal grant:

+ Logs for all critical devices must be retained for 365 days to enable monitoring and threat hunting.

+ All privileged user access must be tightly controlled and tracked to mitigate compromised accounts.

+ Ransomware threats and zero-day vulnerabilities must be quickly identified.

Which of the following technologies would BEST satisfy these requirements? (Select THREE).

Options:

A.

Endpoint protection

B.

Log aggregator

C.

Zero trust network access

D.

PAM

E.

Cloud sandbox

F.

SIEM

G.

NGFW

Buy Now
Questions 90

An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images. Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).

Options:

A.

Document interpolation

B.

Regular expression pattern matching

C.

Optical character recognition functionality

D.

Baseline image matching

E.

Advanced rasterization

F.

Watermarking

Buy Now
Questions 91

As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.

Which of the following BEST describes this kind of risk response?

Options:

A.

Risk rejection

B.

Risk mitigation

C.

Risk transference

D.

Risk avoidance

Buy Now
Questions 92

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.

Which of the following should the organization perform NEXT?

Options:

A.

Assess the residual risk.

B.

Update the organization’s threat model.

C.

Move to the next risk in the register.

D.

Recalculate the magnitude of impact.

Buy Now
Questions 93

A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system. Which of the following security responsibilities will the DevOps team need to perform?

Options:

A.

Securely configure the authentication mechanisms

B.

Patch the infrastructure at the operating system

C.

Execute port scanning against the services

D.

Upgrade the service as part of life-cycle management

Buy Now
Questions 94

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice.

Which of the following should the organization consider FIRST to address this requirement?

Options:

A.

Implement a change management plan to ensure systems are using the appropriate versions.

B.

Hire additional on-call staff to be deployed if an event occurs.

C.

Design an appropriate warm site for business continuity.

D.

Identify critical business processes and determine associated software and hardware requirements.

Buy Now
Questions 95

A security engineer needs 10 implement a CASB to secure employee user web traffic. A Key requirement is mat relevant event data must be collected from existing on-premises infrastructure components and consumed by me CASB to expand traffic visibility. The solution must be nighty resilient to network outages. Which of the following architectural components would BEST meet these requirements?

Options:

A.

Log collection

B.

Reverse proxy

C.

AWAF

D.

API mode

Buy Now
Questions 96

A security operations center analyst is investigating anomalous activity between a database server and an unknown external IP address and gathered the following data:

• dbadmin last logged in at 7:30 a.m. and logged out at 8:05 a.m.

• A persistent TCP/6667 connection to the external address was established at 7:55 a.m. The connection is still active.

• Other than bytes transferred to keep the connection alive, only a few kilobytes of data transfer every hour since the start of the connection.

• A sample outbound request payload from PCAP showed the ASCII content: "JOIN #community".

Which of the following is the MOST likely root cause?

Options:

A.

A SQL injection was used to exfiltrate data from the database server.

B.

The system has been hijacked for cryptocurrency mining.

C.

A botnet Trojan is installed on the database server.

D.

The dbadmin user is consulting the community for help via Internet Relay Chat.

Buy Now
Questions 97

A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation?

Options:

A.

Loss of governance

B.

Vendor lockout

C.

Compliance risk

D.

Vendor lock-in

Buy Now
Questions 98

The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

* Transaction being requested by unauthorized individuals.

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attackers using email to malware and ransomeware.

* Exfiltration of sensitive company information.

The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the boar’s concerns for this email migration?

Options:

A.

Data loss prevention

B.

Endpoint detection response

C.

SSL VPN

D.

Application whitelisting

Buy Now
Questions 99

The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal?

Options:

A.

BYOO

B.

CYOD

C.

COPE

D.

MDM

Buy Now
Questions 100

Given the following log snippet from a web server:

CAS-004 Question 100

Which of the following BEST describes this type of attack?

Options:

A.

SQL injection

B.

Cross-site scripting

C.

Brute-force

D.

Cross-site request forgery

Buy Now
Questions 101

An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PI I and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:

1) There will be a 520,000 per day revenue loss for each day the system is delayed going into production.

2) The inherent risk is high.

3) The residual risk is low.

4) There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

Options:

A.

Apply for a security exemption, as the risk is too high to accept.

B.

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

C.

Accept the risk, as compensating controls have been implemented to manage the risk.

D.

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

Buy Now
Questions 102

Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:

Options:

A.

when it is passed across a local network.

B.

in memory during processing

C.

when it is written to a system’s solid-state drive.

D.

by an enterprise hardware security module.

Buy Now
Questions 103

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

Options:

A.

SDLC attack

B.

Side-load attack

C.

Remote code signing

D.

Supply chain attack

Buy Now
Questions 104

A security engineer needs to select the architecture for a cloud database that will protect an organization's sensitive data. The engineer has a choice between a single-tenant or a multitenant database architecture offered by a cloud vendor. Which of the following best describes the security benefits of the single-tenant option? (Select two).

Options:

A.

Most cost-effective

B.

Ease of backup and restoration

C.

High degree of privacy

D.

Low resilience to side-channel attacks

E.

Full control and ability to customize

F.

Increased geographic diversity

Buy Now
Questions 105

A security engineer is assessing the security controls of loT systems that are no longer supported for updates and patching. Which of the following is the best mitigation for defending these loT systems?

Options:

A.

Disable administrator accounts

B.

Enable SELinux

C.

Enforce network segmentation

D.

Assign static IP addresses

Buy Now
Questions 106

A company has retained the services of a consultant to perform a security assessment. As part of the assessment the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks Which of the following would best enable this activity?

Options:

A.

ISAC

B.

OSINT

C.

CVSS

D.

Threat modeling

Buy Now
Questions 107

A network administrator who manages a Linux web server notices the following traffic:

http://corr.ptia.org/.../.../.../... /etc./shadow

Which of the following Is the BEST action for the network administrator to take to defend against this type of web attack?

Options:

A.

Validate the server certificate and trust chain.

B.

Validate the server input and append the input to the base directory path.

C.

Validate that the server is not deployed with default account credentials.

D.

Validate that multifactor authentication is enabled on the server for all user accounts.

Buy Now
Questions 108

An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?

Options:

A.

Use over-the-air updates to replace the private key

B.

Manufacture a new loT device with a redesigned SoC

C.

Replace the public portion of the loT key on its servers

D.

Release a patch for the SoC software

Buy Now
Questions 109

Which of the following technologies would benefit the most from the use of biometric readers proximity badge entry systems, and the use of hardware security tokens to access various environments and data entry systems?

Options:

A.

Deep learning

B.

Machine learning

C.

Nanotechnology

D.

Passwordless authentication

E.

Biometric impersonation

Buy Now
Questions 110

Which of the following is a security concern for DNP3?

Options:

A.

Free-form messages require support.

B.

Available function codes are not standardized.

C.

Authentication is not allocated.

D.

It is an open source protocol.

Buy Now
Questions 111

A security engineer is trying to identify instances of a vulnerability in an internally developed line of business software. The software is hosted at the company's internal data center. Although a standard vulnerability definition does not exist, the identification and remediation results should be tracked in the company's vulnerability management system. Which of the following should the engineer use to identify this vulnerability?

Options:

A.

SIEM

B.

CASB

C.

SCAP

D.

OVAL

Buy Now
Questions 112

An IT department is currently working to implement an enterprise DLP solution. Due diligence and best practices must be followed in regard to mitigating risk. Which of the following ensures that authorized modifications are well planned and executed?

Options:

A.

Risk management

B.

Network management

C.

Configuration management

D.

Change management

Buy Now
Questions 113

Which of the following best describes what happens if chain of custody is broken?

Options:

A.

Tracking record details are not properly labeled.

B.

Vital evidence could be deemed inadmissible.

C.

Evidence is not exhibited in the court of law.

D.

Evidence will need to be recollected.

Buy Now
Questions 114

A company underwent an audit in which the following issues were enumerated:

• Insufficient security controls for internet-facing services, such as VPN and extranet

• Weak password policies governing external access for third-party vendors

Which of the following strategies would help mitigate the risks of unauthorized access?

Options:

A.

2FA

B.

RADIUS

C.

Federation

D.

OTP

Buy Now
Questions 115

A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:

• Enterprise IT servers and supervisory industrial systems share the same subnet.

• Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.

• Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.

Which of the following re-architecture approaches would be best to reduce the company's risk?

Options:

A.

Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.

B.

Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field.

C.

Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum.

D.

Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.

Buy Now
Questions 116

A security architect is implementing a SOAR solution in an organization's cloud production environment to support detection capabilities. Which of the following will be the most likely benefit?

Options:

A.

Improved security operations center performance

B.

Automated firewall log collection tasks

C.

Optimized cloud resource utilization

D.

Increased risk visibility

Buy Now
Questions 117

A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops. Which of the following authenticator types would be most appropriate for the engineer to include in the design?

Options:

A.

TOTP token

B.

Device certificate

C.

Smart card

D.

Biometric

Buy Now
Questions 118

An employee's device was missing for 96 hours before being reported. The employee called the help desk to ask for another device Which of the following phases of the incident response cycle needs improvement?

Options:

A.

Containment

B.

Preparation

C.

Resolution

D.

Investigation

Buy Now
Questions 119

A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attacks Which of the following is the MOST important infrastructure security design element to prevent an outage7

Options:

A.

Supporting heterogeneous architecture

B.

Leveraging content delivery network across multiple regions

C.

Ensuring cloud autoscaling is in place

D.

Scaling horizontally to handle increases in traffic

Buy Now
Questions 120

During a review of events, a security analyst notes that several log entries from the FIM system identify changes to firewall rule sets. While coordinating a response to the FIM entries, the analyst receives alerts from the DLP system that indicate an employee is sending sensitive data to an external email address. Which of the following would be the most relevant to review in order to gain a better understanding of whether these events are associated with an attack?

Options:

A.

Configuration management tool

B.

Intrusion prevention system

C.

Mobile device management platform

D.

Firewall access control list

E.

NetFlow logs

Buy Now
Questions 121

The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold. Which of the following actions should the organization take to comply with the request?

Options:

A.

Preserve all communication matching the requested search terms

B.

Block communication with the customer while litigation is ongoing

C.

Require employees to be trained on legal record holds

D.

Request that all users do not delete any files

Buy Now
Questions 122

To bring digital evidence in a court of law the evidence must be:

Options:

A.

material

B.

tangible

C.

consistent

D.

conserved

Buy Now
Questions 123

A small bank is evaluating different methods to address and resolve the following requirements

" Must be able to store credit card data using the smallest amount of data possible

• Must be compliant with PCI DSS

• Must maintain confidentiality if one piece of the layer is compromised

Which of the following is the best solution for the bank?

Options:

A.

Scrubbing

B.

Tokenization

C.

Masking

D.

Homomorphic encryption

Buy Now
Questions 124

A security administrator needs to implement a security solution that will

• Limit the attack surface in case of an incident

• Improve access control for external and internal network security.

• Improve performance with less congestion on network traffic

Which of the following should the security administrator do?

Options:

A.

Integrate threat intelligence feeds into the FIM

B.

Update firewall rules to match new IP addresses in use

C.

Configure SIEM dashboards to provide alerts and visualizations

D.

Deploy DLP rules based on updated Pll formatting

Buy Now
Questions 125

A network security engineer is designing a three-tier web architecture that will allow a third-party vendor to perform the following audit functions within the organization's cloud environment

• Review communication between all infrastructure endpoints

• Identify unauthorized and malicious data patterns

• Perform automated, risk-mitigating configuration changes

Which of the following should the network security engineer include in the design to address these requirements?

Options:

A.

Network edge NIPS

B.

Centralized syslog

C.

Traffic mirroring

D.

Network flow

Buy Now
Questions 126

Signed applications reduce risks by:

Options:

A.

encrypting the application's data on the device.

B.

requiring the developer to use code-level hardening techniques.

C.

providing assurance that the application is using unmodified source code.

D.

costing the developer money to publish, which reduces the likelihood of malicious intent.

Buy Now
Questions 127

A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting?

Options:

A.

True positive

B.

False negative

C.

False positive

D.

True negative

Buy Now
Questions 128

A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be best to use as part of the process to support copyright protections of the document?

Options:

A.

Steganography

B.

E-signature

C.

Watermarking

D.

Cryptography

Buy Now
Questions 129

An organization does not have visibility into when company-owned assets are off network or not connected via a VPN. The lack of visibility prevents the organization from meeting security and operational objectives. Which of the following cloud-hosted solutions should the organization implement to help mitigate the risk?

Options:

A.

Antivirus

B.

UEBA

C.

EDR

D.

HIDS

Buy Now
Questions 130

A security architect must mitigate the risks from what is suspected to be an exposed, private cryptographic key. Which of the following is the best step to take?

Options:

A.

Revoke the certificate.

B.

Inform all the users of the certificate.

C.

Contact the company's Chief Information Security Officer.

D.

Disable the website using the suspected certificate.

E.

Alert the root CA.

Buy Now
Questions 131

After a cybersecurity incident, a judge found that a company did not conduct a proper forensic investigation. The company was ordered to pay penalties. Which of the following forensic steps would be best to prevent this from happening again?

Options:

A.

Evidence preservation

B.

Evidence verification

C.

Evidence collection

D.

Evidence analysis

Buy Now
Exam Code: CAS-004
Exam Name: CompTIA Advanced Security Practitioner (CASP+) Exam
Last Update: Mar 26, 2024
Questions: 439

PDF + Testing Engine

$66.4  $165.99

Testing Engine

$46  $114.99
buy now CAS-004 testing engine

PDF (Q&A)

$42  $104.99
buy now CAS-004 pdf