CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 141:

  A penetration tester discovers a condition that causes unexpected behavior in a web application. This results in the dump of the interpreter's debugging information, which includes the interpreter's version, full path of binary files, and the user ID running the process. Which of the following actions would best mitigate this risk?

  A. Include routines in the application for message handling.
  B. Adopt a compiled programming language instead.
  C. Perform SAST vulnerability scans on every build.
  D. Validate user-generated input.
  A. Include routines in the application for message handling.

  ---

  Explanation

  In this scenario, the web application is disclosing sensitive debugging information when an error occurs. To mitigate this risk, the best solution is to implement proper error message handling routines that ensure detailed debugging information is not exposed to users. Instead, the application should display generic error messages to the end-user while logging detailed information securely for internal troubleshooting. This approach reduces the risk of information disclosure, which is a common vulnerability in web applications. CASP+ emphasizes the importance of secure error handling as part of secure software development practices.

  References: CASP+ CAS-004 Exam Objectives: Domain 2.0

  Enterprise Security Operations (Secure Coding and Error Handling)

  CompTIA CASP+ Study Guide: Web Application Security and Proper Error Handling

• Question 142:

  Company management elects to cancel production. Which of the following risk strategies is the company using in this scenario?

  A. Avoidance
  B. Mitigation
  C. Rejection
  D. Acceptance
  A. Avoidance

  ---

  Explanation

  In this scenario, the company has elected to cancel the production of a product after reviewing regulatory requirements. This decision reflects a risk avoidance strategy, which involves taking action to eliminate exposure to a risk by not engaging in the activity that could lead to it. By canceling production, the company avoids the regulatory and compliance risks altogether. CASP+ defines risk avoidance as a risk management strategy that involves stopping or avoiding actions that expose the organization to unacceptable levels of risk.

  References: CASP+ CAS-004 Exam Objectives: Domain 1.0 Risk Management (Risk Avoidance) CompTIA CASP+ Study Guide: Risk Management Strategies and Risk Avoidance

• Question 143:

  A security administrator needs to implement a security solution that will

  1.Limit the attack surface in case of an incident

  2.Improve access control for external and internal network security.

  3.Improve performance with less congestion on network traffic

  Which of the following should the security administrator do?

  A. Integrate threat intelligence feeds into the FIM
  B. Update firewall rules to match new IP addresses in use
  C. Configure SIEM dashboards to provide alerts and visualizations
  D. Deploy DLP rules based on updated Pll formatting
  B. Update firewall rules to match new IP addresses in use

  ---

  Explanation

  Updating firewall rules to match new IP addresses in use will help to limit the attack surface in case of an incident by ensuring only legitimate traffic is allowed. It can also improve access control for external and internal network security by ensuring that only authorized entities can access certain resources, and may improve network performance by reducing unnecessary traffic (less congestion).

• Question 144:

  Which of the following controls primarily detects abuse of privilege but does not prevent it?

  A. Off-boarding
  B. Separation of duties
  C. Least privilege
  D. Job rotation
  D. Job rotation

  ---

  Explanation

  Job rotation is primarily a detective control that helps uncover abuse of privileges by periodically changing roles and responsibilities. When a different person assumes a role, they may identify irregularities or unauthorized actions taken by the previous individual. It does not prevent abuse, but it can reveal misuse over time.

• Question 145:

  SIMULATION

  As a security administrator, you are asked to harden a server running Red Hat Enterprise Server 5.5 64-bit.

  This server is being used as a DNS and time server. It is not used as a database, web server, or print server. There are no wireless connections to the server, and it does not need to print.

  The command window will be provided along with root access. You are connected via a secure shell with root access.

  You may query help for a list of commands.

  Instructions:

  You need to disable and turn off unrelated services and processes.

  It is possible to simulate a crash of your server session. The simulation can be reset, but the server cannot be rebooted. If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  A. Check the answer in explanation.
  B. PlaceHoder
  C. PlaceHoder
  D. PlaceHoder
  A. Check the answer in explanation.

  ---

  Explanation

  In Order to deactivate web services, database services and print service, we can do following things 1) deactivate its services /etc/init.d/apache2 stop /etc/init.d/mysqld stop 2) close ports for these services Web Server iptables -I INPUT -p tcp -m tcp --dport 443 -j REJECTservice iptables save Print Server iptables -I INPUT -p tcp -m tcp --dport 631 -j REJECTservice iptables save Database Server iptables -I INPUT -p tcp -m tcp --dport <> -j REJECTservice iptables save 3) Kill the process any running for the same ps -aef|grep mysql kill -9 <>

• Question 146:

  An application security engineer is performing a vulnerability assessment against a new web application that uses SAML. The engineer wants to identify potential authentication issues within the application. Which of the following methods would be most appropriate for the engineer to perform?

  A. Fuzz testing
  B. Static analysis
  C. Side-channel analysis
  D. Dynamic analysis
  D. Dynamic analysis

  ---

  Explanation

  Dynamic Analysis: This method involves testing the application while it is running to identify vulnerabilities that can be exploited in real-time. For a web application using SAML (Security Assertion Markup Language) for authentication, dynamic analysis allows the security engineer to simulate various authentication scenarios, including SAML assertions, to check for potential issues like SAML token manipulation, replay attacks, and other authentication-related vulnerabilities.

• Question 147:

  A hospital is deploying new imaging softwares that requires a web server for access to image for both local and remote users. The web server allows user authentication via secure LDAP. The information security officer wants to ensure the server does not allow unencrypted access to the imaging server by using Nmap to gather additional information. Given the following:

  1.The imaging server IP is 192.168.101.24

  2.The domain controller IP is 192.168.100.1

  3.The client machine IP is 192.168.200.37

  Which of the following should be used to confirm this is the only open post on the web server?

  A. nmap "p 80,443 192.168.101.24
  B. nmap "p 80,443,389,636 192.168.100.1
  C. nmap "p 80,389 192.168.200.37
  D. nmap "p" 192.168.101.24
  A. nmap "p 80,443 192.168.101.24

  ---

  Explanation

• Question 148:

  An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice. Which of the following should the organization consider FIRST to address this requirement?

  A. Implement a change management plan to ensure systems are using the appropriate versions.
  B. Hire additional on-call staff to be deployed if an event occurs.
  C. Design an appropriate warm site for business continuity.
  D. Identify critical business processes and determine associated software and hardware requirements.
  D. Identify critical business processes and determine associated software and hardware requirements.

  ---

  Explanation

  When developing a plan, the first thing to consider is the business process and their impact on operations. A warm site does not make sense even if it were to be first, as a warm site does not replicate in a manner that provides "moments notice" fail over.

• Question 149:

  A recent security audit identified multiple endpoints have the following vulnerabilities:

  1.Various unsecured open ports

  2.Active accounts for terminated personnel

  3.Endpoint protection software with legacy versions

  4.Overly permissive access rules

  Which of the following would BEST mitigate these risks? (Choose three).

  A. Local drive encryption
  B. Secure boot
  C. Address space layout randomization
  D. Unneeded services disabled
  E. Patching
  F. Logging
  G. Removal of unused accounts
  H. Enabling BIOS password
  D. Unneeded services disabled
  E. Patching
  G. Removal of unused accounts

  ---

  Explanation

• Question 150:

  During a software assurance assessment, an engineer notices the source code contains multiple instances of strcpy. which does not verify the buffer length.

  Which of the following solutions should be integrated into the SDLC process to reduce future risks?

  A. Require custom IDS/IPS detection signatures for each type of insecure function found.
  B. Perform a penetration test before moving to the next step of the SDLC.
  C. Update the company's secure coding policy to exclude insecure functions.
  D. Perform DAST/SAST scanning before handoff to another team.
  D. Perform DAST/SAST scanning before handoff to another team.

  ---

  Explanation

  Integrating SAST/DAST tools into the CI/CD pipeline ensures that code is automatically scanned with each build or release. Developers receive real-time alerts about insecure code, allowing them to fix issues promptly. Automated scanning reduces the likelihood of insecure functions being overlooked due to human error. SAST/DAST tools often maintain logs and reports, providing an audit trail of security assessments. Enforces the secure coding policy by actively detecting violations, rather than relying solely on developers' adherence.