CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 221:

  Which of the following ensures that certain inbound traffic from third-party vendors is restricted from being sourced from high-risk countries?

  A. Microsegmentation
  B. Supply chain visibility
  C. Geocoded firewall rules
  D. Source code reviews
  C. Geocoded firewall rules

  ---

  Explanation

  Geocoded firewall rules filter traffic based on geographic location (IP-based). They allow or deny inbound and outbound connections by country, making them effective for restricting access from high-risk or banned regions.

  Key purpose:

  Control third-party/vendor access by limiting connections to approved geographic regions.

  Why Option C is correct: It directly reduces risk by blocking traffic from high-risk countries while maintaining necessary access for approved regions.

  Why others are incorrect: Microsegmentation focuses on internal network isolation, not geographic filtering.

  Supply chain visibility provides monitoring, not traffic control.

  Source code reviews address code vulnerabilities, not network-level access control.

• Question 222:

  A company with customers in the United States and Europe wants to ensure its content is delivered to end users with low latency. Content includes both sensitive and public information. The company's data centers are located on the West Coast of the United States. Users on the East Coast of the United States and users in Europe are experiencing slow application response. Which of the following would allow the company to improve application response quickly?

  A. Installing reverse caching proxies in both data centers and implementing proxy auto scaling
  B. Using HTTPS to serve sensitive content and HTTP for public content
  C. Using colocation services in regions where the application response is slow
  D. Implementing a CDN and forcing all traffic through the CDN
  D. Implementing a CDN and forcing all traffic through the CDN

  ---

  Explanation

  A Content Delivery Network (CDN) is designed to serve content to end-users with high availability and high performance. By implementing a CDN, the company can distribute the content across multiple geographically dispersed servers, thereby reducing latency for users far from the West Coast data centers, including those on the East Coast of the United States and in Europe.

• Question 223:

  Which of the following technologies would benefit the most from the use of biometric readers proximity badge entry systems, and the use of hardware security tokens to access various environments and data entry systems?

  A. Deep learning
  B. Machine learning
  C. Nanotechnology
  D. Passwordless authentication
  E. Biometric impersonation
  D. Passwordless authentication

  ---

  Explanation

  Passwordless authentication is an authentication method that does not require the user to enter a password. Instead, it relies on alternative forms of verification, such as biometric readers (fingerprint or facial recognition), proximity badge entry systems, and hardware security tokens. These technologies provide a means to authenticate users with higher assurance levels and would benefit the most from the use of the mentioned devices and methods.

• Question 224:

  Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:

  A. when it is passed across a local network.
  B. in memory during processing
  C. when it is written to a system's solid-state drive.
  D. by an enterprise hardware security module.
  B. in memory during processing

  ---

  Explanation

• Question 225:

  The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week Agile sprints. Which of the following would BEST meet the requirement?

  A. An open-source automation server
  B. A static code analyzer
  C. Trusted open-source libraries
  D. A single code repository for all developers
  B. A static code analyzer

  ---

  Explanation

• Question 226:

  A cybersecunty analyst receives a ticket that indicates a potential incident is occurring. There has been a large increase in log files generated by a website containing a `Contact Us' form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign or if this is a potential incident.

  Which of the following would BEST assist the analyst?

  A. Ensuring proper input validation is configured on the `Contact Us' form
  B. Deploying a WAF in front of the public website
  C. Checking for new rules from the inbound network IPS vendor
  D. Running the website log files through a log reduction and analysis tool
  B. Deploying a WAF in front of the public website

  ---

  Explanation

  By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. While a proxy server protects a client machine's identity by using an intermediary, a WAF is a type of reverse-proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server

• Question 227:

  A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation.

  The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program.

  Which of the following will BEST accomplish the company's objectives?

  A. RASP
  B. SAST
  C. WAF
  D. CMS
  B. SAST

  ---

  Explanation

  Static application security testing (SAST) is a method of analyzing the source code of an application for vulnerabilities and weaknesses before it is deployed. SAST can help identify security issues earlier in the development process, reducing the time and cost of remediation. Dynamic application security testing (DAST) is a method of testing the functionality and behavior of an application at runtime for vulnerabilities and weaknesses. DAST can cover public-facing application components, but it cannot detect issues in the source code or in serverless applications. Runtime application self-protection (RASP) is a technology that monitors and protects an application from attacks in real time by embedding security features into the application code or runtime environment. RASP can help prevent exploitation of vulnerabilities, but it cannot identify or fix them. A web application firewall (WAF) is a device or software that filters and blocks malicious web traffic from reaching an application. A WAF can help protect an application from common attacks, but it cannot detect or fix vulnerabilities in the application code or in serverless applications.

  References: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 3: Enterprise Security Operations, Objective 3.4: Conduct security assessments using appropriate tools

• Question 228:

  A forensic investigator started the process of gathering evidence on a laptop in response to an incident. The investigator took a snapshot of the hard drive, copied relevant log files, and then performed a memory dump. Which of the following steps in the process should have occurred FIRST?

  A. Preserve secure storage.
  B. Clone the disk.
  C. Collect the most volatile data.
  D. Copy the relevant log files.
  C. Collect the most volatile data.

  ---

  Explanation

  The first step in forensic analysis is to collect the most volatile data, which is the information that would be lost when the power is turned off or the system is rebooted. This includes the contents of memory (RAM) and other temporary data that are stored in caches or buffers. A memory dump captures this data and should be done before other less volatile data is collected, like hard drive images or log files, to ensure the most accurate and comprehensive capture of the system's state at the time of the incident.

• Question 229:

  Users from the marketing department (192.168.0.1/24) are reporting performance issues with an on-premises application server (192.168.0.9). The application server should only be accessed internally. A security analyst reviews various logs and finds the following information:

  

  Which of the following should the security analyst perform next to improve performance and ensure the application server is secured as required?

  A. Configure NGFW to deny access from subnets not in 192.168.0.0/24.
  B. Modify the cloud security group rules to deny all external traffic to 192.168.0.9.
  C. Update the IDS/IPS software with the latest OS/firmware to ensure all brute-force attacks are prevented.
  D. Update the DLP system to include policies for data exfiltration attempts on the application server.
  A. Configure NGFW to deny access from subnets not in 192.168.0.0/24.

• Question 230:

  ACSP, which wants to compete in the market, has been approaching companies in an attempt to gain business, The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

  A. Resource exhaustion
  B. Geographic location
  C. Control plane breach
  D. Vendor lock-in
  D. Vendor lock-in

  ---

  Explanation