CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 301:

  A security manager wants to standardize security settings, firmware, and software across a heterogeneous environment. Which of the following can be used in combination to meet these goals? (Choose three).

  A. Attestation services
  B. TPM
  C. HIPS software
  D. OOB management software
  E. Group Policy
  F. EDR software
  G. MDM software
  D. OOB management software
  E. Group Policy
  G. MDM software

  ---

  Explanation

• Question 302:

  A security architect wants to ensure a remote host's identity and decides that pinning the X.509 certificate to the device is the most effective solution.

  Which of the following must happen first?

  A. Use Distinguished Encoding Rules (DER) for the certificate.
  B. Extract the private key from the certificate.
  C. Use an out-of-band method to obtain the certificate
  D. Compare the retrieved certificate with the embedded certificate.
  C. Use an out-of-band method to obtain the certificate

• Question 303:

  An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?

  A. An additional layer of encryption
  B. A third-party, data integrity monitoring solution
  C. A complete backup that is created before moving the data
  D. Additional application firewall rules specific to the migration
  A. An additional layer of encryption

  ---

  Explanation

• Question 304:

  The Chief Executive Officer of an online retailer notices a sudden drop in sales A security analyst at the retailer detects a redirection of unsecure web traffic to a competitor's site Which of the following would best prevent this type of attack?

  A. Enabling HSTS
  B. Configuring certificate pinning
  C. Enforcing DNSSEC
  D. Deploying certificate stapling
  A. Enabling HSTS

  ---

  Explanation

  HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. Enabling HSTS would prevent attackers from redirecting users from a secure site to an unsecure or malicious one.

• Question 305:

  An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase. The security officer interviews several business units and

  discovers an unsanctioned cloud storage provider was used to share marketing materials with potential customers.

  Which of the following services would be BEST for the security officer to recommend to the company?

  A. NIDS
  B. HIPS
  C. CASB
  D. SFTP
  C. CASB

  ---

  Explanation

• Question 306:

  Company A acquired Company . During an audit, a security engineer found Company B's environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A's security program.

  Which of the following risk-handling techniques was used?

  A. Accept
  B. Avoid
  C. Transfer
  D. Mitigate
  D. Mitigate

  ---

  Explanation

  https://www.pivotpointsecurity.com/blog/risk-tolerance-in-business/

• Question 307:

  A security analyst has been provided the following partial Snort IDS rule to review and add into the company's Snort IDS to identify a CVE:

  

  alert tcp any any -> $HOME_NET 3389 (flow:to_server,established; content:"MS_T120|00|"; fasc_pattern:only)

  Which of the following should the analyst recommend to mitigate this type of vulnerability?

  A. IPSec rules
  B. OS patching
  C. Two-factor authentication
  D. TCP wrappers
  B. OS patching

  ---

  Explanation

  Regular operating system patching is critical to mitigating vulnerabilities. When a Snort IDS rule is provided to identify a CVE, it typically means there is a known vulnerability that can be exploited. Keeping systems updated with the latest patches helps to close off these vulnerabilities and protect against exploitation.

• Question 308:

  A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal?

  A. Utilize the SAN certificate to enable a single certificate for all regions.
  B. Deploy client certificates to all devices in the network.
  C. Configure certificate pinning inside the application.
  D. Enable HSTS on the application's server side for all communication.
  C. Configure certificate pinning inside the application.

  ---

  Explanation

  Certificate pinning is a technique that embeds one or more trusted certificates or public keys inside an application, and verifies that any certificate presented by a server matches one of those certificates or public keys. Certificate pinning can

  prevent on-path attacks, such as man-in-the-middle (MITM) attacks, which intercept and modify the communication between a client and a server.

  Configuring certificate pinning inside the application would allow the mobile application developer to create a global, highly scalable, secure chat application that is not susceptible to on-path attacks while the user is traveling in potentially

  hostile regions, because it would:

  Ensure that only trusted servers can communicate with the application, by rejecting any server certificate that does not match one of the pinned certificates or public keys.

  Protect the confidentiality, integrity, and authenticity of the chat messages, by preventing any attacker from intercepting, modifying, or impersonating them. Enhance the security of the application by reducing its reliance on external factors,

  such as certificate authorities (CAs), certificate revocation lists (CRLs), or online certificate status protocol (OCSP).

• Question 309:

  The information security manager at a 24-hour manufacturing facility is reviewing a contract for potential risks to the organization. The contract pertains to the support of printers and multifunction devices during non-standard business hours. Which of the following will the security manager most likely identify as a risk?

  A. Print configurations settings for locked print jobs
  B. The lack of an NDA with the company that supports its devices
  C. The lack of an MSA to govern other services provided by the service provider
  D. The lack of chain of custody for devices prior to deployment at the company
  B. The lack of an NDA with the company that supports its devices

  ---

  Explanation

  A non-disclosure agreement (NDA) is crucial when external parties are provided access to sensitive company devices or information. The absence of an NDA poses a risk that confidential information could be disclosed by the service provider. Therefore, ensuring an NDA is in place with the company that supports sensitive devices would be a key risk identified in the contract.

• Question 310:

  The results of an internal audit indicate several employees reused passwords that were previously included in a published list of compromised passwords. The company has the following employee password policy:

  

  Which of the following should be implemented to best address the password reuse issue? (Choose two.)

  A. Increase the minimum age to two days.
  B. Increase the history to 20.
  C. Increase the character length to 12.
  D. Add case-sensitive requirements to character class.
  E. Decrease the maximum age to 30 days.
  F. Remove the complexity requirements.
  G. Increase the maximum age to 120 days.
  A. Increase the minimum age to two days.
  B. Increase the history to 20.

  ---

  Explanation