CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 191:

  A partner organization is requesting that a security administrator exchange S/MIME certificates for email between the two organizations. The partner organization is most likely trying to:

  A. utilize digital signatures to ensure data integrity.
  B. reduce the amount of impersonation spam the organization receives.
  C. enable a more decentralized IT infrastructure.
  D. eliminate the organization's business email compromise risks.
  A. utilize digital signatures to ensure data integrity.

  ---

  Explanation

• Question 192:

  A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:

  1.POST /malicious.php

  2.User-Agent: Malicious Tool V 1.0

  3.Host: www.malicious.com

  The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?

  A. User-Agent: Malicious Tool.*
  B. www\.malicious\.com\/malicious.php
  C. Post /malicious\.php
  D. Host: [a-z]*\.malicious\.com
  E. malicious.*
  D. Host: [a-z]*\.malicious\.com

  ---

  Explanation

• Question 193:

  A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client's systems?

  A. The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.
  B. The change control board must review and approve a submission.
  C. The information system security officer provides the systems engineer with the system updates.
  D. The security engineer asks the project manager to review the updates for the client's system.
  B. The change control board must review and approve a submission.

  ---

  Explanation

• Question 194:

  A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed. Data on this network must be protected at the same level of each clearance holder. The need to know must be verified by the data owner. Which of the following should the security officer do to meet these requirements?

  A. Create a rule to authorize personnel only from certain IPs to access the files.
  B. Assign labels to the files and require formal access authorization.
  C. Assign attributes to each file and allow authorized users to share the files.
  D. Assign roles to users and authorize access to files based on the roles.
  B. Assign labels to the files and require formal access authorization.

  ---

  Explanation

  This option aligns with the principle of using security clearances and a "need to know" basis to control access to sensitive information. By labeling files and requiring formal access authorization, the security officer can ensure that only personnel with the appropriate clearance level and a legitimate need to access the data are granted permission. This approach helps maintain the confidentiality and security of the information.

• Question 195:

  An organization's senior security architect would like to develop cyberdefensive strategies based on standardized adversary techniques, tactics, and procedures commonly observed. Which of the following would BEST support this objective?

  A. OSINT analysis
  B. The Diamond Model of Intrusion Analysis
  C. MITRE ATTandCK
  D. Deepfake generation
  E. Closed-source intelligence reporting
  C. MITRE ATTandCK

  ---

  Explanation

• Question 196:

  A software company decides to study and implement some new security features in the software it develops in C++ language. Developers are trying to find a way to avoid a malicious process that can access another process's execution area. Which of the following techniques can the developers do?

  A. Enable NX.
  B. Move to Java.
  C. Execute SAST.
  D. Implement memory encryption.
  A. Enable NX.

  ---

  Explanation

• Question 197:

  A company's software developers have indicated that the security team takes too long to perform application security tasks. A security analyst plans to improve the situation by implementing security into the SDLC. The developers have the following requirements:

  1.The solution must be able to initiate SQL injection and reflected XSS attacks.

  2.The solution must ensure the application is not susceptible to memory leaks.

  Which of the following should be implemented to meet these requirements? (Choose two.)

  A. Side-channel analysis
  B. Protocol scanner
  C. HTTP interceptor
  D. DAST
  E. Fuzz testing
  F. SAST
  G. SCAP
  D. DAST
  F. SAST

  ---

  Explanation

  DAST (Dynamic Application Security Testing): DAST is a type of black-box testing that involves testing an application in its running state. It can initiate SQL injection and reflected XSS attacks by simulating these attacks against the live application to identify vulnerabilities. This meets the first requirement of initiating SQL injection and reflected XSS attacks.

  SAST (Static Application Security Testing): SAST is a type of white-box testing that involves analyzing the source code of an application. It can detect vulnerabilities related to memory management, such as memory leaks, by examining the code for issues that could lead to such problems. This meets the second requirement of ensuring the application is not susceptible to memory leaks.

• Question 198:

  A security architect is implementing a SOAR solution in an organization's cloud production environment to support detection capabilities. Which of the following will be the most likely benefit?

  A. Improved security operations center performance
  B. Automated firewall log collection tasks
  C. Optimized cloud resource utilization
  D. Increased risk visibility
  A. Improved security operations center performance

  ---

  Explanation

  Implementing a SOAR (Security Orchestration, Automation, and Response) solution in a cloud production environment is primarily aimed at enhancing the performance of the security operations center (SOC). SOAR tools integrate with various security technologies and automate repetitive tasks such as incident response, threat detection, and remediation. By automating these tasks, SOAR frees up SOC analysts to focus on more complex security issues, reduces response times to incidents, improves incident prioritization, and overall enhances the efficiency and effectiveness of the SOC.

• Question 199:

  Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

  A. Modify the ACLs.
  B. Review the Active Directory.
  C. Update the marketing department's browser.
  D. Reconfigure the WAF.
  A. Modify the ACLs.

  ---

  Explanation

• Question 200:

  Which of the following technologies allows CSPs to add encryption across multiple data storages?

  A. Symmetric encryption
  B. Homomorphic encryption
  C. Data dispersion
  D. Bit splitting
  C. Data dispersion

  ---

  Explanation

  Data dispersion involves breaking down data into smaller, often encrypted, chunks and distributing them across various storage locations. This provides both redundancy and a form of security, as a single storage compromise wouldn't reveal the entire dataset. The encryption aspect is often integrated into the data dispersion process to ensure the confidentiality of the distributed fragments.