CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 151:

  A new VM server (Web Server C) was spun up in the cloud and added to the load balancer to an existing web application (Application A) that does not require internet access. Sales users arereporting intermittent issues with this application when processing orders that require access to the warehouse department.

  Given the following information:

  1. Firewall rules: Existing rules do not account for Web Server C's IP address (10.2.0.92).

  2. Application A Security Group: Inbound rules and outbound rules are insufficient for the new server.

  The security team wants to minimize the firewall rule set by avoiding specific host rules whenever possible.

  Which of the following actions must be taken to resolve the issue and meet the security team's requirements?

  A. Reconfigure Web Server C to 10.2.0.62
  B. Modify the firewall rules to include the new IP address of Web Server C
  C. Alter the security group outbound rules to be more restrictive
  D. Change the security group inbound rules to include the new IP address of Web Server C
  B. Modify the firewall rules to include the new IP address of Web Server C

  ---

  Explanation

  The issue stems from Web Server C's new IP (10.2.0.92) not being included in thefirewall rules.

  To resolve the issue,modify the firewall rules to include the new IP range(e.g., 10.2.0.0/26) rather than adding a specific host rule, ensuring scalability and simplicity.

  Changing inbound or outbound security group rules would still miss the underlying issue of omitted IPs.

  Reconfiguring the IP is unnecessary when updating firewall rules is sufficient.

  References:

  CompTIA CASP+ Exam Objective 2.2: Implement network security solutions.

  CASP+ Study Guide, 5th Edition, Chapter 7, Network Security.

• Question 152:

  A company processes sensitive cardholder information that is stored in an internal production database and accessed by internet-facing web servers. The company's Chief Information Security Officer (CISO) is concerned with the risks related to sensitive data exposure and wants to implement tokenization of sensitive information at the record level. The company implements a one-to-many mapping of primary credit card numbers to temporary credit card numbers.

  Which of the following should the CISO consider in a tokenization system?

  A. Data field watermarking
  B. Field tagging
  C. Single-use translation
  D. Salted hashing
  C. Single-use translation

  ---

  Explanation

• Question 153:

  A Chief Information Security Officer (CISO) received a call from the Chief Executive Officer (CEO) about a data breach from the SOC lead around 9:00 a.m. At 10:00 a.m. The CEO informs the CISO that a breach of the firm is being reported on national news. Upon investigation, it is determined that a network administrator has reached out to a vendor prior to the breach for information on a security patch that failed to be installed. Which of the following should the CISO do to prevent this from happening again?

  A. Properly triage events based on brand imaging and ensure the CEO is on the call roster.
  B. Create an effective communication plan and socialize it with all employees.
  C. Send out a press release denying the breach until more information can be obtained.
  D. Implement a more robust vulnerability identification process.
  B. Create an effective communication plan and socialize it with all employees.

  ---

  Explanation

  To prevent similar issues from occurring again, the CISO should create an effective communication plan and ensure all employees are aware of it. A clear communication plan ensures that critical security information, such as breaches or vulnerabilities, is promptly communicated to the right stakeholders (e.g., the CEO) in a timely manner, preventing situations where the media reports on breaches before internal teams are fully informed. CASP+ emphasizes the importance of having structured communication protocols during security incidents to ensure accurate and timely responses.

  References: CASP+ CAS-004 Exam Objectives: Domain 2.0 Enterprise Security Operations (Incident Communication Plans) CompTIA CASP+ Study Guide: Developing and Implementing Effective Incident Communication Plans

• Question 154:

  An analyst reviews the following output collected during the execution of a web application security assessment: Which of the following attacks would be most likely to succeed, given the output?

  

  A. NULL and unauthenticated cipher downgrade attack
  B. Availability attack from manipulation of associated authentication data
  C. Padding oracle attack
  D. On-path forced renegotiation to insecure ciphers
  C. Padding oracle attack

  ---

  Explanation

  Based on the output in the image, which shows weak cipher suites and vulnerabilities related to encryption padding, the padding oracle attack is the most likely. This type of attack exploits the way padding errors are handled during decryption,

  potentially allowing an attacker to decrypt sensitive information. The weak cipher suites and lack of forward secrecy further increase the likelihood of such an attack succeeding. CASP+ highlights padding oracle attacks as critical

  vulnerabilities, particularly in environments where weak encryption protocols are used.

  References:

  CASP+ CAS-004 Exam Objectives: Domain 2.0

  Enterprise Security Operations (Encryption and Padding Oracle Attacks)

  CompTIA CASP+ Study Guide: Cryptographic Attacks and Cipher Vulnerabilities

• Question 155:

  An analyst needs to evaluate all images and documents that are publicly shared on a website.

  Which of the following would be the best tool to evaluate the metadata of these files?

  A. OllyDbg
  B. ExifTool
  C. Volatility
  D. Ghidra
  B. ExifTool

• Question 156:

  During the development process, the team identifies major components that need to be rewritten. As a result, the company hires a security consultant to help address major process issues. Which of the following should the consultant recommend to best prevent these issues from reoccurring in the future?

  A. Implementing a static analysis tool within the CI/CD system
  B. Configuring a dynamic application security testing tool
  C. Performing software composition analysis on all third-party components
  D. Utilizing a risk-based threat modeling approach on new projects
  E. Setting up an interactive application security testing tool
  D. Utilizing a risk-based threat modeling approach on new projects

  ---

  Explanation

  A risk-based threat modeling approach is the best recommendation to prevent the recurrence of major process issues during the development lifecycle. Threat modeling identifies potential security threats, vulnerabilities, and design flaws early in the development process by focusing on the specific risks posed to the system. By proactively identifying and addressing security concerns before they escalate, the development team can avoid the need for significant rewrites and ensure that security is embedded into the design of new projects. CASP+ emphasizes threat modeling as a critical activity to improve secure development practices.

  References: CASP+ CAS-004 Exam Objectives: Domain 2.0 Enterprise Security Operations (Threat Modeling and Risk-Based Security Approaches) CompTIA CASP+ Study Guide: Threat Modeling and Secure Development Lifecycle

• Question 157:

  The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company's data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored. Which of the following would meet these requirements?

  A. Near-field communication
  B. Short Message Service
  C. Geofencing
  D. Bluetooth
  C. Geofencing

  ---

  Explanation

  Geofencing is a technology that allows you to set up virtual boundaries or geographic zones and trigger actions when a mobile device enters or exits those predefined areas. In this case, you can set up a geofence around the sensitive area of the data center, and when a mobile device enters that area, it can trigger an alert to be sent to the security team and optionally notify the individual entering the area that their access has been logged and monitored. Geofencing is commonly used for location-based security and notifications.

• Question 158:

  A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. Which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

  A. X-Forwarded-Proto
  B. X-Forwarded-For
  C. Cache-Control
  D. Strict-Transport-Security
  E. Content-Security-Policy
  B. X-Forwarded-For

  ---

  Explanation

• Question 159:

  A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service. Which of the following AES modes should the security administrator recommend given these requirements?

  A. CTR
  B. ECB
  C. OF8
  D. GCM
  D. GCM

  ---

  Explanation

  Galois/Counter Mode (GCM) is an AES mode of operation that provides both confidentiality and data integrity. It is well-suited for processing streams of data, making it ideal for streaming video services. GCM is known for its strong cryptographic security and good performance, which aligns with the legacy cipher's characteristics and the streaming service's requirements.

• Question 160:

  A security analyst is examining a former employee's laptop for suspected evidence of suspicious activity. The analyst uses dd during the investigation.

  Which of the following best explains why the analyst is using this tool?

  A. To capture an image of the hard drive
  B. To reverse engineer binary programs
  C. To recover deleted logs from the laptop
  D. To deduplicate unnecessary data from the hard drive
  A. To capture an image of the hard drive

  ---

  Explanation

  The dd tool creates a bit-for-bit copy of a hard drive, preserving its contents exactly as they are. This is essential for forensic analysis, as it ensures the integrity of evidence. This aligns with CASP+ objective 5.2, which emphasizes forensic tools and techniques for preserving and analyzing digital evidence.