CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 261:

  After a cybersecurity incident, a judge found that a company did not conduct a proper forensic investigation. The company was ordered to pay penalties. Which of the following forensic steps would be best to prevent this from happening again?

  A. Evidence preservation
  B. Evidence verification
  C. Evidence collection
  D. Evidence analysis
  A. Evidence preservation

  ---

  Explanation

  Proper forensic investigation requires that evidence is preserved in a manner that maintains its integrity and reliability. To prevent legal issues such as penalties for not conducting a proper forensic investigation, the first and most crucial step is to ensure that evidence is preserved so that it can be verified, collected, and analyzed correctly. This involves making sure that the evidence is not tampered with or altered from the time it is identified until it is presented in a legal proceeding.

• Question 262:

  A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

  1.The highest form of web identity validation

  2.Encryption of all web transactions

  3.The strongest encryption in-transit

  4.Logical separation based on data sensitivity

  Other things that should be considered include:

  1.The company operates multiple other websites that use encryption.

  2.The company wants to minimize total expenditure.

  3.The company wants to minimize complexity.

  Which of the following should the company implement on its new website? (Choose two.)

  A. Wildcard certificate
  B. EV certificate
  C. Mutual authentication
  D. Certificate pinning
  E. SSO
  F. HSTS
  B. EV certificate
  F. HSTS

  ---

  Explanation

• Question 263:

  A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?

  A. ocsp
  B. CRL
  C. SAN
  D. CA
  C. SAN

  ---

  Explanation

  The administrator should use SAN certificates to support multiple domain names while minimizing the amount of certificates needed. SAN stands for Subject Alternative Name, which is an extension of a certificate that allows it to include multiple fully-qualified domain names (FQDNs) within the same certificate. For example, a SAN certificate can secure www.example.com, www.example.net, and mail.example.org with one certificate. SAN certificates can reduce the cost and complexity of managing multiple certificates for different domains. SAN certificates can also support wildcard domains, such as *.example.com, which can cover any subdomain under that domain. Verified

  References: https://www.techtarget.com/searchsecurity/definition/Subject-Alternative-Name https://www.techtarget.com/searchsecurity/definition/wildcard-certificate https://www.nexcess.net/help/what-is-a-multi-domain-ssl-certificate/

• Question 264:

  IoCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming. Which of the following would be the most appropriate recommendation?

  A. FIM
  B. SASE
  C. UEBA
  D. CSPM
  E. EAP
  C. UEBA

  ---

  Explanation

  UEBA focuses on analyzing the behaviors of users and entities within the network to identify anomalies that may indicate security threats. Unlike signature-based detection, which relies on known patterns of malicious activity, UEBA uses machine learning and advanced analytics to detect deviations from normal behavior. This approach can identify new and unknown threats that do not match existing signatures, thus addressing the limitation of missing IoCs that signature-based systems might overlook

• Question 265:

  After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BVOD policy. However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log:

  Wed 12 Dec 2020 10:00:03 Unknown sources is now enabled on this device.

  Which of the following is the MOST likely reason for the successful attack?

  A. Lack of MDM controls
  B. Jailbreaking
  C. Sideloading
  D. Lack of application segmentation
  A. Lack of MDM controls

  ---

  Explanation

• Question 266:

  A security architect is given the following requirements to secure a rapidly changing enterprise with an increasingly distributed and remote workforce

  1.Cloud-delivered services

  2.Full network security stack

  3.SaaS application security management

  4.Minimal latency for an optimal user experience

  5.Integration with the cloud 1AM platform

  Which of the following is the BEST solution?

  A. Routing and Remote Access Service (RRAS)
  B. NGFW
  C. Managed Security Service Provider (MSSP)
  D. SASE
  D. SASE

  ---

  Explanation

• Question 267:

  The Chief Information Security Officer (CISO) of a new company is looking for a comprehensive assessment of the company's application services Which of the following would provide the MOST accurate number of weaknesses?

  A. White-box penetration test
  B. Internal vulnerability scanning
  C. Internal controls audit
  D. Third-party red-team engagement
  A. White-box penetration test

  ---

  Explanation

• Question 268:

  To bring digital evidence in a court of law the evidence must be: A. material

  B. tangible

  C. consistent

  D. conserved

  Correct Answer. A
  A

  ---

  Explanation

  In the context of legal proceedings, "material" evidence refers to evidence that is relevant and has a significant impact on the case at hand. For digital evidence to be admissible in court, it must be material, meaning it must relate directly to the case and contribute to proving or disproving a key aspect of the case. Material evidence helps establish the facts and is crucial for the court's decision-making process.

• Question 269:

  A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs:

  

  The security engineer looks at the UTM firewall rules and finds the following:

  

  Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?

  A. Contact the email service provider and ask if the company IP is blocked.
  B. Confirm the email server certificate is installed on the corporate computers.
  C. Make sure the UTM certificate is imported on the corporate computers.
  D. Create an IMAPS firewall rule to ensure email is allowed.
  C. Make sure the UTM certificate is imported on the corporate computers.

  ---

  Explanation

  Although firewall rule ID 58 allows IMAPS traffic (port 993) from VLAN 20, TLS decryption is enabled. This means the UTM intercepts and inspects the encrypted IMAPS traffic using its own certificate. If the UTM certificate is not trusted or installed on the corporate computers, the IMAPS client (such as Outlook or Thunderbird) will reject the connection due to an untrusted certificate.

  Therefore, to allow secure IMAPS communication to work properly with TLS inspection, the UTM's TLS certificate must be imported and trusted on the corporate endpoints.

• Question 270:

  An online video shows a company's Chief Executive Officer (CEO) making a company announcement. The CEO, however, did not make the announcement. Which of the following BEST describes this attack?

  A. Identity theft
  B. Deepfake
  C. Website defacement
  D. Social engineering
  B. Deepfake

  ---

  Explanation