1. Home
  2. CompTIA
  3. CAS-004

CompTIA Advanced Security Practitioner (CASP+)

Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :587 Q&As
  • Last Updated
    :Apr 28, 2024

CompTIA CompTIA Advanced Security Practitioner CAS-004 Questions & Answers

  • Question 1:

    A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.

    Which of the following should a security architect recommend?

    A. A DLP program to identify which files have customer data and delete them

    B. An ERP program to identify which processes need to be tracked

    C. A CMDB to report on systems that are not configured to security baselines

    D. A CRM application to consolidate the data and provision access based on the process and need

  • Question 2:

    As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver's licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation.

    Which of the following BEST describes this process?

    A. Deepfake

    B. Know your customer

    C. Identity proofing

    D. Passwordless

  • Question 3:

    A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack. Which of the following is the NEXT step of the incident response plan?

    A. Remediation

    B. Containment

    C. Response

    D. Recovery

  • Question 4:

    A recent data breach stemmed from unauthorized access to an employee's company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.

    Which of the following BEST mitigates inappropriate access and permissions issues?

    A. SIEM

    B. CASB

    C. WAF

    D. SOAR

  • Question 5:

    A security engineer is hardening a company's multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open:

    1.

    22

    2.

    25

    3.

    110

    4.

    137

    5.

    138

    6.

    139

    7.

    445

    Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company's distribution process.

    Which of the following would be the BEST solution to harden the system?

    A. Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.

    B. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.

    C. Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.

    D. Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.

  • Question 6:

    SIMULATION

    You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.

    The company's hardening guidelines indicate the following:

    1.

    There should be one primary server or service per device.

    2.

    Only default ports should be used.

    3.

    Non-secure protocols should be disabled.

    INSTRUCTIONS

    Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

    For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

    1.

    The IP address of the device

    2.

    The primary server or service of the device (Note that each IP should by associated with one service/port only)

    3.

    The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

    If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

    A. See explanation below.

    B. Place Holder

    C. Place Holder

    D. Place Holder

  • Question 7:

    A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market. Which of the following should the company implement to address the risk of system unavailability?

    A. User and entity behavior analytics

    B. Redundant reporting systems

    C. A self-healing system

    D. Application controls

  • Question 8:

    Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

    A. Biometric authenticators are immutable.

    B. The likelihood of account compromise is reduced.

    C. Zero trust is achieved.

    D. Privacy risks are minimized.

  • Question 9:

    A review of the past year's attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information.

    Which of the following would be BEST for the company to implement?

    A. A WAF

    B. An IDS

    C. A SIEM

    D. A honeypot

  • Question 10:

    A security architect is reviewing the following proposed corporate firewall architecture and configuration:

    Both firewalls are stateful and provide Layer 7 filtering and routing. The company has the following requirements:

    1.

    Web servers must receive all updates via HTTP/S from the corporate network.

    2.

    Web servers should not initiate communication with the Internet.

    3.

    Web servers should only connect to preapproved corporate database servers.

    4.

    Employees' computing devices should only connect to web services over ports 80 and 443.

    Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

    A. Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443

    B. Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443

    C. Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535

    D. Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535

    E. Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535

    F. Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.