CompTIA CompTIA Advanced Security Practitioner CAS-004 Questions & Answers

• Question 21:

  A software company wants to build a platform by integrating with another company's established product. Which of the following provisions would be MOST important to include when drafting an agreement between the two companies?

  A. Data sovereignty

  B. Shared responsibility

  C. Source code escrow

  D. Safe harbor considerations

  Correct Answer: B

  When drafting an agreement between two companies, it is important to clearly define the responsibilities of each party. This is particularly relevant when a software company is looking to integrate with an established product. A shared responsibility agreement ensures that both parties understand their respective responsibilities and are able to work together efficiently and effectively. For example, the software company might be responsible for integrating the product and ensuring it meets user needs, while the established product provider might be responsible for providing ongoing support and maintenance. By outlining these responsibilities in the agreement, both parties can ensure that the platform is built and maintained successfully. References: CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 8, Working with Third Parties.

• Question 22:

  A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?

  A. Mirror the blobs at a local data center.

  B. Enable fast recovery on the storage account.

  C. Implement soft delete for blobs.

  D. Make the blob immutable.

  Correct Answer: C

  Soft delete allows blobs to be deleted, but the data remains accessible for a period of time before it is permanently deleted. This allows the company to delete blobs as needed, while still affording enough time for the backup process to complete. After the backup process is complete, the blobs can be permanently deleted.

• Question 23:

  An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data. Which of the following commands should

  the analyst run to BEST determine whether financial data was lost?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: B

• Question 24:

  A security operations center analyst is investigating anomalous activity between a database server and an unknown external IP address and gathered the following data:

  dbadmin last logged in at 7:30 a.m. and logged out at 8:05 a.m. A persistent TCP/6667 connection to the external address was established at 7:55 a.m.

  The connection is still active.

  Other than bytes transferred to keep the connection alive, only a few kilobytes of data transfer every hour since the start of the connection.

  A sample outbound request payload from PCAP showed the ASCII content:";JOIN #community".

  Which of the following is the MOST likely root cause?

  A. A SQL injection was used to exfiltrate data from the database server.

  B. The system has been hijacked for cryptocurrency mining.

  C. A botnet Trojan is installed on the database server.

  D. The dbadmin user is consulting the community for help via Internet Relay Chat.

  Correct Answer: C

• Question 25:

  Users are claiming that a web server is not accessible. A security engineer logs for the site. The engineer connects to the server and runs netstat -an and receives the following output:

  

  Which of the following is MOST likely happening to the server?

  A. Port scanning

  B. ARP spoofing

  C. Buffer overflow

  D. Denial of service

  Correct Answer: D

  A denial of service (DoS) attack is a malicious attempt to disrupt the normal functioning of a server by overwhelming it with requests or traffic1. One possible indicator of a DoS attack is a large number of connections from a single source IP address1. In this case, the output of netstat -an shows that there are many connections from 213.37.55.67 with different port numbers and in TIME WAIT state23. This suggests that the attacker is sending many SYN packets to initiate connections but not completing them, thus exhausting the server's resources and preventing legitimate users from accessing it1.

• Question 26:

  A security engineer notices the company website allows users to select which country they reside in, such as the following example:

  hitps://mycompany.com/main.php?Country=US

  Which of the following vulnerabilities would MOST likely affect this site?

  A. SQL injection

  B. Remote file inclusion

  C. Directory traversal

  D. Unsecure references

  Correct Answer: C

  In a directory traversal attack, an attacker attempts to access files or directories that are located outside the web root directory or intended area. The URL parameter "Country=US" could potentially be manipulated by an attacker to traverse directories and access files they shouldn't have access to.

• Question 27:

  An organization's finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.

  Which of the following commands should the analyst run to BEST determine whether financial data was lost?

  

  A. Option A

  B. Option B

  C. Option C

  D. Option D

  Correct Answer: C

• Question 28:

  An organization is establishing a new software assurance program to vet applications before they are introduced into the production environment, Unfortunately. many Of the applications are provided only as compiled binaries. Which Of the following should the organization use to analyze these applications? (Select TWO).

  A. Regression testing

  B. SAST

  C. Third-party dependency management

  D. IDE SAST

  E. Fuzz testing

  F. IAST

  Correct Answer: EF

• Question 29:

  An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?

  A. The NTP server is set incorrectly for the developers.

  B. The CA has included the certificate in its CRL_

  C. The certificate is set for the wrong key usage.

  D. Each application is missing a SAN or wildcard entry on the certificate.

  Correct Answer: C

• Question 30:

  An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:

  Protection from DoS attacks against its infrastructure and web applications is in place.

  Highly available and distributed DNS is implemented.

  Static content is cached in the CDN.

  A WAF is deployed inline and is in block mode.

  Multiple public clouds are utilized in an active-passive architecture.

  With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?

  A. The public cloud provider is applying QoS to the inbound customer traffic.

  B. The API gateway endpoints are being directly targeted.

  C. The site is experiencing a brute-force credential attack.

  D. A DDoS attack is targeted at the CDN.

  Correct Answer: C