CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 201:

  A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:

  1.Enforce MFA for RDP

  2.Ensure RDP connections are only allowed with secure ciphers.

  The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network- level firewalls Of ACLs.

  Which of the following should the security architect recommend to meet these requirements?

  A. Implement a reverse proxy for remote desktop with a secure cipher configuration enforced.
  B. Implement a bastion host with a secure cipher configuration enforced.
  C. Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP
  D. Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.
  C. Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP

  ---

  Explanation

• Question 202:

  An organization is deploying a container-based application that requires persistence of sensitive information on the filesystem. The filesystem will be deployed into a cloud environment. The information that will persist will include PHI (Protected Health Information).

  Which of the following solutions would be best to ensure confidentiality of information at rest?

  A. Triple DES
  B. AES-GCM
  C. RSA
  D. TLS
  E. RIPEMD
  B. AES-GCM

  ---

  Explanation

  AES-GCM (Advanced Encryption Standard - Galois/Counter Mode)is a symmetric encryption standard that provides bothconfidentialityandintegrity, making it ideal for encrypting sensitive information like PHI at rest in a cloud environment.

  Triple DESis outdated and less secure compared to modern standards like AES. RSAis an asymmetric encryption standard better suited for encrypting small data (e.g., keys) rather than bulk data like a filesystem. TLSis a protocol for securing data in transit, not at rest. RIPEMDis a cryptographic hash function and does not provide encryption, which is required to ensure confidentiality.

  References:

  CompTIA CASP+ Exam Objective 2.1: Implement cryptographic solutions to protect sensitive data. CASP+ Study Guide, 5th Edition, Chapter 9, Encryption Standards.

• Question 203:

  A company has expenenced negative publicity associated with users giving out their credentials accidentally or sharing intellectual secrets were not properly defined. The company recently implemented some new policies and is now testing

  their effectiveness. Over the last three months, the number of phishing victims-dropped from 100 to only two in the last test The DLP solution that was implemented catches potential material leaks, and the user responsible is retrained

  Personal email accounts and USB drives are restricted from the corporate network.

  Given the improvements, which of the following would a security engineer identify as being needed in a gap analysis?

  A. Additional corporate-wide training on phishing.
  B. A policy outlining what is and is not acceptable on social media.
  C. Notifications when a user falls victim to a phishing attack.
  D. Positive DLP preventions with stronger enforcement.
  B. A policy outlining what is and is not acceptable on social media.

  ---

  Explanation

• Question 204:

  A security administrator wants to detect a potential forged sender claim in the envelope of an email. Which of the following should the security administrator implement? (Choose two.)

  A. MX record
  B. DMARC
  C. SPF
  D. DNSSEC
  E. S/MIME
  F. TLS
  B. DMARC
  C. SPF

  ---

  Explanation

  DMARC (Domain-based Message Authentication, Reporting and Conformance)

  DMARC builds on the features of both SPF and DKIM (DomainKeys Identified Mail). It allows the sender's domain to specify that they use SPF, DKIM, or both, and what action to take (report, quarantine, or reject) if neither of those

  authentication methods pass. DMARC also provides a way for recipients to report back to senders about messages that pass and/or fail DMARC evaluation.

  SPF (Sender Policy Framework)

  SPF is an email authentication method designed to detect forged sender addresses during the delivery of the email. By creating an SPF record in the domain's DNS records, the domain administrator can specify which mail servers are allowed

  to send mail on behalf of the domain. The receiving mail server then checks this record to ensure the mail is coming from an authorized server.

• Question 205:

  A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.

  Which of the following techniques would be BEST suited for this requirement?

  A. Deploy SOAR utilities and runbooks.
  B. Replace the associated hardware.
  C. Provide the contractors with direct access to satellite telemetry data.
  D. Reduce link latency on the affected ground and satellite segments.
  A. Deploy SOAR utilities and runbooks.

  ---

  Explanation

• Question 206:

  A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.

  When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the network?

  A. Packets that are the wrong size or length
  B. Use of any non-DNP3 communication on a DNP3 port
  C. Multiple solicited responses over time
  D. Application of an unsupported encryption algorithm
  B. Use of any non-DNP3 communication on a DNP3 port

  ---

  Explanation

• Question 207:

  An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs. Which of the following programming languages is the MOST relevant for PLCs?

  A. Ladder logic
  B. Rust
  C. C
  D. Python
  E. Java
  A. Ladder logic

  ---

  Explanation

• Question 208:

  A company performs an annual attack surface analysis and identifies a large number of unexpected, external-facing systems. The Chief Information Security Officer (CISO) wishes to ensure this issue does not reoccur.

  Which of the following should the company do?

  A. Update the company's risk profile.
  B. Minimize errors in the risk assessment metrics.
  C. Continuously monitor key risk indicators.
  D. Reduce the costs associated with performing risk assessments.
  C. Continuously monitor key risk indicators.

  ---

  Explanation

  Option C (Continuously monitor key risk indicators): Continuously monitoring key risk indicators (KRIs) ensures real-time visibility of changes in the attack surface, allowing for prompt identification of unexpected systems and minimizing risk.

  Option A (Update the risk profile): Updating the risk profile reflects current risks but does not actively prevent the reoccurrence of unexpected systems.

  Option B (Minimize errors in metrics): Reducing errors in metrics is useful for accuracy but does not directly address attack surface management.

  Option D (Reduce assessment costs): Reducing costs does not mitigate or prevent the reoccurrence of external-facing systems.

  References:

  CompTIA CASP+ Exam Objective 1.4:Conduct ongoing monitoring of the attack surface and risk indicators. CASP+ Study Guide, 5th Edition, Chapter 2, Risk Management and Continuous Monitoring.

• Question 209:

  Signed applications reduce risks by:

  A. encrypting the application's data on the device
  B. requiring the developer to use code-level hardening techniques.
  C. providing assurance that the application is using unmodified source code.
  D. costing the developer money to publish, which reduces the likelihood of malicious intent.
  C. providing assurance that the application is using unmodified source code.

  ---

  Explanation

  Signing an application primarily ensures the integrity of the application and provides assurance that it hasn't been tampered with after signing.

• Question 210:

  A company's product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company's reputation in the market. Which of the following should the company implement to address the risk of system unavailability?

  A. User and entity behavior analytics
  B. Redundant reporting systems
  C. A self-healing system
  D. Application controls
  C. A self-healing system

  ---

  Explanation

  A self-healing system can automatically detect and recover from failures like failed API calls without human intervention. This approach helps ensure high availability and reliability, which is critical for customer-facing systems where downtime directly affects user experience and revenue.

  It addresses the risk of system unavailability by restoring service quickly and minimizing customer impact.