CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 181:

  DRAG DROP

  Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all.

  Select and Place:

  

  

  Explanation

• Question 182:

  A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation?

  A. Loss of governance
  B. Vendor lockout
  C. Compliance risk
  D. Vendor lock-in
  C. Compliance risk

  ---

  Explanation

• Question 183:

  A company would like to move its payment card data to a cloud provider. Which of the following solutions will best protect account numbers from unauthorized disclosure?

  A. Storing the data in an encoded file
  B. Implementing database encryption at rest
  C. Only storing tokenized card data
  D. Implementing data field masking
  C. Only storing tokenized card data

  ---

  Explanation

  Tokenization is the best solution to protect payment card data from unauthorized disclosure when moving to the cloud. Tokenization replaces sensitive card data with unique identifiers (tokens) that have no exploitable value outside the

  tokenization system. Even if the data is compromised, the attacker would not obtain actual card numbers. This is in line with PCI DSS requirements for protecting payment card information. Other solutions like encryption at rest or field

  masking help, but tokenization provides the strongest protection by ensuring that card data is not stored at all.

  References:

  CASP+ CAS-004 Exam Objectives: Domain 1.0

  Risk Management (Tokenization and PCI DSS Compliance)

  CompTIA CASP+ Study Guide: Data Protection Techniques (Tokenization)

• Question 184:

  A small software company deployed a new web application after a network security scan found no vulnerabilities. A customer using this application reported malicious activity believed to be associated with the application. During an investigation, the company discovered that the customer closed the browser tab and connected to another application, using the same credentials on both platforms.

  Which of the following detection methods should the software company implement before deploying the next version?

  A. Multifactor authentication
  B. Static application code scanning
  C. Stronger password policy
  D. A SIEM
  D. A SIEM

  ---

  Explanation

  A SIEM (Security Information and Event Management) system is a tool that collects and analyzes security data from a variety of sources, such as network logs, application logs, and security devices. SIEM systems can be used to detect

  suspicious activity, such as unusual login patterns or failed loginhttps://www.examtopics.com/exams/comptia/cas-004/view/# attempts.

  Why not A. Multifactor authentication (MFA)?

  MFA enhances security by requiring multiple methods of verification to prove identity when logging in. While MFA can prevent unauthorized access due to stolen or guessed credentials, it doesn't address session management issues or

  customer's credentials were compromised.

• Question 185:

  A user logged in to a web application. Later, a SOC analyst noticed the user logged in to systems after normal business hours. The end user confirms the log-ins after hours were unauthorized. Following an investigation, the SOC analyst determined that the web server was running an outdated version of OpenSSL. No other suspicious user log-ins were found.

  Which of the following describes what happened and how to fix it?

  A. A downgrade attack occurred. Any use of old, outdated software should be disallowed.
  B. The attacker obtained the systems' private keys. New key pairs must be generated.
  C. Malware is present on the client machine. A full OS needs to be reinstalled.
  D. The user fell for a phishing attack. The end user must attend security training.
  A. A downgrade attack occurred. Any use of old, outdated software should be disallowed.

  ---

  Explanation

  A downgrade attack likely exploited the outdated OpenSSL version, allowing the attacker to bypass secure encryption and impersonate the user. Upgrading to a secure version of OpenSSL and disabling older versions is critical. This aligns with CASP+ objective 1.5, emphasizing the importance of securing cryptographic implementations.

• Question 186:

  A company has been the target of LDAP injections, as well as brute-force, whaling, and spear-phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords. Which of the following additional controls should the company deploy?

  A. Two-factor authentication
  B. Identity proofing
  C. Challenge questions
  D. Live identity verification
  A. Two-factor authentication

  ---

  Explanation

  While the company has implemented Single Sign-On (SSO) with strong passwords, additional security controls are required to mitigate attacks such as LDAP injections, brute-force, whaling, and spear-phishing. Two-factor authentication (2FA) provides an additional layer of security by requiring users to provide two different forms of authentication (e.g., a password and a security token or a biometric factor), reducing the likelihood of unauthorized access even if passwords are compromised. CASP+ emphasizes the importance of using multi-factor authentication mechanisms to strengthen access control and protect against such attacks.

  References: CASP+ CAS-004 Exam Objectives: Domain 2.0 Enterprise Security Operations (Access Control and Multi-factor Authentication) CompTIA CASP+ Study Guide: Implementing Two-Factor Authentication for System Access

• Question 187:

  A company recently deployed a SIEM and began importing logs from a firewall, a file server, a domain controller a web server, and a laptop. A security analyst receives a series of SIEM alerts and prepares to respond. The following is the alert information:

  

  Which of the following should the security analyst do FIRST?

  A. Disable Administrator on abc-uaa-fsl, the local account is compromised
  B. Shut down the abc-usa-fsl server, a plaintext credential is being used
  C. Disable the jdoe account, it is likely compromised
  D. Shut down abc-usa-fw01; the remote access VPN vulnerability is exploited
  C. Disable the jdoe account, it is likely compromised

  ---

  Explanation

  Based on the SIEM alerts, the security analyst should first disable the jdoe account, as it is likely compromised by an attacker. The alerts show that the jdoe account successfully logged on to the abc-usa-fsl server, which is a file server, and then initiated SMB (445) traffic to the abc-web01 server, which is a web server. This indicates that the attacker may be trying to exfiltrate data from the file server to the web server. Disabling the jdoe account would help stop this unauthorized activity and prevent further damage. Disabling Administrator on abc-usa-fsl, the local account is compromised, is not the first action to take, as it is not clear from the alerts if the local account is compromised or not. The alert shows that there was a successful logon event for Administrator on abc-usa-fsl, but it does not specify if it was a local or domain account, or if it was authorized or not. Moreover, disabling the local account would not stop the SMB traffic from jdoe to abcweb01. Shutting down the abc-usa-fsl server, a plaintext credential is being used, is not the first action to take, as it is not clear from the alerts if a plaintext credential is being used or not. The alert shows that there was RDP (3389) traffic from abcadmin1-logon to abc-usa-fsl, but it does not specify if the credential was encrypted or not. Moreover, shutting down the file server would disrupt its normal operations and affect other users. Shutting down abc-usa-fw01; the remote access VPN vulnerability is exploited, is not the first action to take, as it is not clear from the alerts if the remote access VPN vulnerability is exploited or not. The alert shows that there was FTP (21) traffic from abc-usa-dcl to abc- web01, but it does not specify if it was related to the VPN or not. Moreover, shutting down the firewall would expose the network to other threats and affect other services.

  References: What is SIEM? | Microsoft Security, What is a SIEM Alert? | Cofense

• Question 188:

  The Chief Information Security Officer (CISO) is working with a new company and needs a legal "document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

  A. SLA
  B. ISA
  C. Permissions and access
  D. Rules of engagement
  D. Rules of engagement

  ---

  Explanation

  Rules of engagement are legal documents that should be signed by all parties involved in an assessment to ensure they understand their roles and responsibilities. Rules of engagement define the scope, objectives, methods, deliverables,

  limitations, and expectations of an assessment project. They also specify the legal and ethical boundaries, communication channels, escalation procedures, and reporting formats for the assessment. Rules of engagement help to avoid

  misunderstandings, conflicts, or liabilities during or after an assessment.

  References: [CompTIA CASP+ Study Guide, Second Edition, page 34]

• Question 189:

  A company has moved its sensitive workloads lo the cloud and needs to ensure high availability and resiliency of its web-based application. The cloud architecture team was given the following requirements

  The application must run at 70% capacity at all times The application must sustain DoS and DDoS attacks. Services must recover automatically.

  Which of the following should the cloud architecture team implement? (Select THREE).

  A. Read-only replicas
  B. BCP
  C. Autoscaling
  D. WAF
  E. CDN
  F. Encryption
  G. Continuous snapshots
  H. Containenzation
  C. Autoscaling
  D. WAF
  E. CDN

  ---

  Explanation

• Question 190:

  A security engineer is performing a routine audit of a company's decommissioned devices. The current process involves a third-party firm removing the hard drive from a company device, wiping it using a seven-pass software, placing it back

  into the device, and tagging the device for reuse or disposal. The audit reveals sensitive information is present in the hard drive cluster tips.

  Which of the following should the third-party firm implement NEXT to ensure all data is permanently removed?

  A. Degauss the drives using a commercial tool.
  B. Scramble the file allocation table
  C. Wipe the drives using a 21-pass overwrite
  D. Disable the logic board using high-voltage input
  A. Degauss the drives using a commercial tool.

  ---

  Explanation

  Erasing your hard drive with a degaussing tool prevents your information from being accessed by anyone, which helps prevent different and unfortunate events, such as employee theft, media loss dunng transport, and improper media destruction.

  https://potomacecycle com/what-does-it-mean-to-degauss-a-hard-drive