CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 251:

  A systems engineer is reviewing output from a web application vulnerability scan. The engineer has determined data is entenng the application from an untrusted source and is being used to construct a query dynamically. Which of the following code snippets would BEST protect the application against an SQL injection attack?

  A. String input = request.getParameter ("SeqNo"); String characterPattern = "[0-9a0zA-Z] If (! input. Matches (characterPattern)) { out.println ("Invalid Input"); }
  B. Cinput type= "text" maxlength= "30" name= "ecsChangePwdForm" size= "40" readonly= "true" value= ''/>
  C. catch (Exception e) { if (log.isDebugEnabled()) log.debug (context, EVENTS.ADHOC, "Caught InvalidGSMException Exception --" + e.toString() ); }
  B. Cinput type= "text" maxlength= "30" name= "ecsChangePwdForm" size= "40" readonly= "true" value= ''/>

  ---

  Explanation

• Question 252:

  An executive has decided to move a company's customer-facing application to the cloud after experiencing a lengthy power outage at a locally managed service provider's data center. The executive would like a solution that can be implemented as soon as possible. Which of the following will BEST prevent similar issues when the service is running in the cloud? (Choose two.)

  A. Placing the application instances in different availability zones
  B. Restoring the snapshot and starting the new application instance from a different zone
  C. Enabling autoscaling based on application instance usage
  D. Having several application instances running in different VPCs
  E. Using the combination of block storage and multiple CDNs in each application instance
  F. Setting up application instances in multiple regions
  A. Placing the application instances in different availability zones
  F. Setting up application instances in multiple regions

  ---

  Explanation

• Question 253:

  SIMULATION

  You have received a report that some users are unable to use their personal devices to authenticate to a protected corporate website. The users have stated that no changes have been made on their personal devices since the last time they were able to authenticate successfully.

  INSTRUCTIONS

  Examine the device health policy for the MFA solution, the MFA usage logs, and the device telemetry. Using that information:

  Select the policy/policies that were violated.

  Select the telemetry log(s) that explain the policy violations.

  

  

  

  

  

  

  

  

  

  

  

  

  

  

  A. Check the answer in explanation.
  B. PlaceHoder
  C. PlaceHoder
  D. PlaceHoder
  A. Check the answer in explanation.

  ---

  Explanation

  The enabled policies shown in the device health policy are Anonymous networks, Operating systems, Authentication methods, and User location. The Browser policy and New user policy are disabled, so they cannot be the cause of the failed authentications. The allowed user locations are NORTHAMERICA-REGION-7, NORTHAMERICA-REGION-10, NORTHAMERICA-REGION-11, and NORTHAMERICA-REGION-12. The operating system policy blocks Android 8.1.0 and below, iOS 13.7 and below, Windows 7 and below, Chrome OS, and BlackBerry. The MFA usage log shows four unsuccessful users: Jacob and Jane with Deny - context, and Bob and Jenny with Time-out.

  3. His device is running iOS 13.0, which is below the minimum allowed iOS version. Therefore, Jacob violates the Operating systems policy. Jane corresponds to Log 11. Her device is running iOS 14.4.2, which is allowed, but her location is NORTHAMERICA-REGION-2, which is not in the approved list. Therefore, Jane violates the User location policy.

  Bob and Jenny should not be selected as policy violations. Their results are Time-out, which indicates the MFA push request did not complete successfully, but does not by itself prove that a policy was violated. Because the task asks for the policies that were violated and the telemetry logs that explain those violations, only the entries with clear policy mismatches should be selected.

  Final Answer Policies violated:

  Operating systems

  User location Telemetry logs:

  Log 3

  Log 11

• Question 254:

  A new requirement for legislators has forced a government security team to develop a validation process to verify the integrity of a downloaded file and the sender of the file. Which of the following is the BEST way for the security team to comply with this requirement?

  A. Digital signature
  B. Message hash
  C. Message digest
  D. Message authentication code
  A. Digital signature

  ---

  Explanation

  It provides both the needed data integrity and sender authentication using asymmetric cryptography, ensuring compliance with the stated requirement. A digital signature is a cryptographic technique that allows the sender of a file to sign it with their private key and the receiver to verify it with the sender's public key. This ensures the integrity and authenticity of the file, as well as the non-repudiation of the sender. A message hash or a message digest is a one-way function that produces a fixed- length output from an input, but it does not provide any information about the sender. A message authentication code (MAC) is a symmetric-key technique that allows both the sender and the receiver to generate and verify a code using a shared secret key, but it does not provide non-repudiation.

  References: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 2: Enterprise Security Architecture, Objective 2.1: Apply cryptographic techniques

• Question 255:

  During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels. Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

  A. Spawn a shell using sudo and an escape string such as sudo vim -c `!sh'.
  B. Perform ASIC password cracking on the host.
  C. Read the /etc/passwd file to extract the usernames.
  D. Initiate unquoted service path exploits.
  E. Use the UNION operator to extract the database schema.
  A. Spawn a shell using sudo and an escape string such as sudo vim -c `!sh'.

  ---

  Explanation

  https://docs.rapid7.com/insightvm/elevating-permissions/

• Question 256:

  A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells. Which of the following techniques will MOST likely meet the business's needs?

  A. Performing deep-packet inspection of all digital audio files
  B. Adding identifying filesystem metadata to the digital audio files
  C. Implementing steganography
  D. Purchasing and installing a DRM suite
  C. Implementing steganography

  ---

  Explanation

• Question 257:

  A company has received threat intelligence about bad routes being advertised. The company has also been receiving reports of degraded internet activity. When looking at the routing table on the edge router, a security engineer discovers the following:

  

  Which of the following can the company implement to prevent receiving bad routes from peers, while still allowing dynamic updates?

  A. OSPF prefix list
  B. BGP prefix list
  C. EIGRP prefix list
  D. DNS
  B. BGP prefix list

  ---

  Explanation

• Question 258:

  An organization is creating requirements for new laptops that will be issued to staff One of the company's key security objectives is to ensure the laptops nave hardware-enforced data-at-rest protection tied to permanent hardware identities. The laptops must also provide attestation for secure boot processes To meet these demands, which of the following BEST represent the features that should be included in the requirements set? (Select TWO.)

  A. TPM2.0e
  B. Opal support
  C. MicroSD token authenticator
  D. TLS1.3
  E. Shim and GRUB
  F. ARMv7 with TrustZone
  A. TPM2.0e
  B. Opal support

  ---

  Explanation

• Question 259:

  A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.

  Which of the following would be BEST to proceed with the transformation?

  A. An on-premises solution as a backup
  B. A load balancer with a round-robin configuration
  C. A multicloud provider solution
  D. An active-active solution within the same tenant
  C. A multicloud provider solution

  ---

  Explanation

  An active-active cluster does nothing if the cloud provider goes down. One of the main features of multi-cloud is redundancy. https://www.cloudflare.com/learning/cloud/what-is-multicloud/

• Question 260:

  An organization must implement controls that are aligned with its financial requirements; specifically, the organization is looking to implement the following:

  1.Financial transactions that require one reviewer

  2.Audits of funds disbursements

  3.Cross-training of employees

  Which of the following controls will address the organization's requirements?

  A. Change management
  B. Job rotation
  C. Least privilege
  D. Separation of duties
  D. Separation of duties

  ---

  Explanation