CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 111:

  Which of the following is a benefit of using steganalysis techniques in forensic response?

  A. Breaking a symmetric cipher used in secure voice communications
  B. Determining the frequency of unique attacks against DRM-protected media
  C. Maintaining chain of custody for acquired evidence
  D. Identifying least significant bit encoding of data in a .wav file
  D. Identifying least significant bit encoding of data in a .wav file

  ---

  Explanation

• Question 112:

  An organization's existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently, the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.

  Which of the following designs would be BEST for the CISO to use?

  A. Adding a second redundant layer of alternate vendor VPN concentrators
  B. Using Base64 encoding within the existing site-to-site VPN connections
  C. Distributing security resources across VPN sites
  D. Implementing IDS services with each VPN concentrator
  E. Transitioning to a container-based architecture for site-based services
  A. Adding a second redundant layer of alternate vendor VPN concentrators

  ---

  Explanation

  If on VPN concentrator goes down due to a zero day threat, having a redundant VPN concentrator of a different vendor should keep you going.

• Question 113:

  A security manager wants to implement a policy that will management with the ability to monitor employees' activities with minimum impact to productivity. Which of the following policies Is BEST suited for this scenario?

  A. Separation of duties
  B. Mandatory vacations
  C. Least privilege
  D. Incident response
  B. Mandatory vacations

  ---

  Explanation

• Question 114:

  An organization is rolling out a robust vulnerability management system to monitor SCADA devices on the network. Which of the following scan types should be used to monitor these system types?

  A. Web application
  B. Agent
  C. Passive
  D. Authenticated
  C. Passive

  ---

  Explanation

  Passive scanning is the safest approach for SCADA systems to avoid disrupting their operations. It detects vulnerabilities by analyzing network traffic without directly interacting with the systems, aligning with CASP+ objective 4.2, which focuses on securing critical systems and reducing risks during vulnerability management.

• Question 115:

  A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?

  A. Mirror the blobs at a local data center.
  B. Enable fast recovery on the storage account.
  C. Implement soft delete for blobs.
  D. Make the blob immutable.
  C. Implement soft delete for blobs.

  ---

  Explanation

  Soft delete allows blobs to be deleted, but the data remains accessible for a period of time before it is permanently deleted. This allows the company to delete blobs as needed, while still affording enough time for the backup process to complete. After the backup process is complete, the blobs can be permanently deleted.

• Question 116:

  A Chief Information Security Officer (CISO) reviewed data from a cyber exercise that examined all aspects of the company's response plan. Which of the following best describes what the CISO reviewed?

  A. An after-action report
  B. A tabletop exercise
  C. A system security plan
  D. A disaster recovery plan
  A. An after-action report

  ---

  Explanation

  An after-action report is a document that summarizes the performance of a team during a cybersecurity incident. It is used to review all aspects of the incident response plan, including what was done correctly, what needs improvement, and how the team responded to the incident. The CISO's review of data from a cyber exercise would typically result in an after-action report, which helps in improving future responses to incidents.

• Question 117:

  An analyst is evaluating the security of a web application that does not hold sensitive or financial data. The application requires users to have a minimum password length of 12 characters. One of the characters must be capitalized, and one must be a number. To reset the password, the user is asked to provide the birthplace, birthdate, and mother's maiden name. When all of these are entered correctly, a new password is emailed to the user. Which of the following should concern the analyst the MOST?

  A. The security answers may be determined via online reconnaissance.
  B. The password is too long, which may encourage users to write the password down.
  C. The password should include a special character.
  D. The minimum password length is too short.
  A. The security answers may be determined via online reconnaissance.

  ---

  Explanation

• Question 118:

  A security engineer at a manufacturing facility is trying to determine whether any of the OT devices are susceptible to a recently announced vulnerability. Which of the following is the best way for the engineer to detect exploitable vulnerabilities?

  A. Utilize a passive vulnerability scanner on the network.
  B. Compare deployed equipment to the CVE disclosure.
  C. Perform threat hunting on the OT segment.
  D. Review software inventory for vulnerable versions.
  D. Review software inventory for vulnerable versions.

  ---

  Explanation

• Question 119:

  An organization mat provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of sell-healing that includes monitoring performance and available resources. When me system detects an issue, the self-healing process is supposed to restart pans of me software.

  During the incident, when me self-healing system attempted to restart the services, available disk space on the data drive to restart all the services was inadequate. The self- healing system did not detect that some services did not fully restart and declared me system as fully operational. Which of the following BEST describes me reason why the silent failure occurred?

  A. The system logs rotated prematurely.
  B. The disk utilization alarms are higher than what me service restarts require.
  C. The number of nodes in me self-healing cluster was healthy,
  D. Conditional checks prior to the service restart succeeded.
  B. The disk utilization alarms are higher than what me service restarts require.

  ---

  Explanation

• Question 120:

  A software development company is implementing a SaaS-based password vault for customers to use. The requirements for the password vault include:

  1. Vault encryption using a variable bloc and key size

  2. Resistance to brute-force attacks

  Which of the following should be implemented to meet these requirements? (Choose two.)

  A. PBKDF2
  B. RC5
  C. AES
  D. P256
  E. ECDSA
  F. RIPEMD
  A. PBKDF2
  C. AES

  ---

  Explanation

  PBKDF2 (Password-Based Key Derivation Function 2) strengthens passwords against brute-force attacks.

  AES (Advanced Encryption Standard) supports variable block and key sizes, making it ideal for secure encryption. RC5, P256, and ECDSA are not relevant to password vault requirements. RIPEMD is a hashing algorithm and does not meet the criteria for encryption or brute-force resistance.

  References:

  CompTIA CASP+ Exam Objective 2.1: Implement cryptographic technologies. CASP+ Study Guide, 5th Edition, Chapter 9, Cryptographic Tools.