CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 321:

  An organization needs to classify its systems and data in accordance with external requirements. Which of the following roles is best qualified to perform this task?

  A. Systems administrator
  B. Data owner
  C. Data processor
  D. Data custodian
  E. Data steward
  B. Data owner

  ---

  Explanation

• Question 322:

  A software development company makes Its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website. Which of the following would be the BEST technique to ensure the software the users download is the official software released by the company?

  A. Distribute the software via a third-party repository.
  B. Close the web repository and deliver the software via email.
  C. Email the software link to all customers.
  D. Display the SHA checksum on the website.
  D. Display the SHA checksum on the website.

  ---

  Explanation

• Question 323:

  A security manager is creating a standard configuration across all endpoints that handle sensitive data.

  Which of the following techniques should be included in the standard configuration to ensure the endpoints are hardened?

  A. Drive encryption
  B. Patch management
  C. Event logging
  D. Resource monitoring
  A. Drive encryption

  ---

  Explanation

  Drive encryption protects sensitive data at rest by ensuring unauthorized access cannot expose the data if the physical endpoint is compromised. Patch management is a necessary security control but does not specifically address endpoint

  hardening for sensitive data.

  Event logging aids in monitoring and incident detection but does not directly harden endpoints.

  Resource monitoring manages system performance and availability but is unrelated to data security.

  CASP+ Exam Objectives 2.1 ?Implement security measures for endpoint hardening.

• Question 324:

  A security team receives alerts regarding impossible travel and possible brute-force attacks after normal business hours. After reviewing more logs, the team determines that specific users were targeted and attempts were made to transfer data to an unknown site.

  Which of the following should the team do to help mitigate these issues?

  A. Create a firewall rule to prevent those users from accessing sensitive data
  B. Restrict uploading activity to only authorized sites.
  C. Enable packet captures to continue to run for the source and destination related to the file transfer
  D. Disable login activity for those users after business hours.
  B. Restrict uploading activity to only authorized sites.

• Question 325:

  SIMULATION

  You are about to enter the virtual environment.

  Once you have completed the item in the virtual environment, you will NOT be allowed to return to this item.

  Click Next to continue.

  

  DO NOT perform the following actions within the virtual environment. Making any of these changes will cause the virtual environment to fail and prevent proper scoring.

  1. Disabling ssh

  2. Disabling systemd

  3. Altering the network adapter 172.162.0.0

  4. Changing the password in the lab admin account

  Once you have completed the item in the virtual environment. you will NOT be allowed to return to this item.

  This system was recently patched following the exploitation of a vulnerability by an attacker to enable data exfiltration.

  Despite the vulnerability being patched, it is likely that a malicious TCP service is still running and the adversary has achieved persistence by creating a systemd service.

  Examples of commands to use:

  1. kill, killall

  2. lsof

  3. man, --help (use for assistance)

  4. netstat (useful flags: a, n, g, u)

  5. ps (useful flag: a)

  6. systemctl (to control systemd)

  Please note: the list of commands shown above is not exhaustive. All native commands are available.

  INSTRUSTIONS

  Using the following credentials:

  1. Username: labXXXadmin

  2. Password: XXXyyYzz!

  Investigate to identify indicators of compromise and then remediate them. You will need to make at least two changes:

  1. End the compromised process that is using a malicious TCP service.

  2. Remove the malicious persistence agent by disabling the service’s ability to start on boot.

  A. Check the answer in explanation below.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. Check the answer in explanation below.

  ---

  Explanation

  Find the malicious service and use “Killall” switch command to end the process.

• Question 326:

  A company recently deployed a SIEM and began importing logs from a firewall, a file server, a domain controller, a web server, and a laptop. A security analyst receives a series of SIEM alerts and prepares to respond. The following is the alert information:

  

  Which of the following should the security analyst do FIRST?

  A. Disable Administrator on abc-usa-fs1; the local account is compromised.
  B. Shut down the abc-usa-fs1 server; a plaintext credential is being used.
  C. Disable the jdoe account; it is likely compromised.
  D. Shut down abc-usa-fw01; the remote access VPN vulnerability is exploited.
  C. Disable the jdoe account; it is likely compromised.

  ---

  Explanation

  Multiple successful logon events involving the "jdoe" account across different systems within a short time frame indicate potential suspicious behavior. This repeated successful logon activity, especially across different servers (abc-usa-fs1, abc-ger-fs1, abc-web01), raises suspicions of a compromised account or potentially unauthorized access.

• Question 327:

  A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation. The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program. Which of the following will BEST accomplish the company's objectives?

  A. RASP
  B. SAST
  C. WAF
  D. CMS
  B. SAST

  ---

  Explanation

  to identify bug at the early stage of the SDLC

• Question 328:

  A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who are no longer with the organization. The legal department provided the security team with a list of search terms to investigate.

  This is an example of:

  A. due intelligence
  B. e-discovery.
  C. due care.
  D. legal hold.
  B. e-discovery.

  ---

  Explanation

• Question 329:

  An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed. Which of the following side-channel attacks did the team use?

  A. Differential power analysis
  B. Differential fault analysis
  C. Differential temperature analysis
  D. Differential timing analysis
  B. Differential fault analysis

  ---

  Explanation

  "Differential fault analysis (DFA) is a type of active side-channel attack in the field of cryptography, specifically cryptanalysis. The principle is to induce faults--unexpected environmental conditions--into cryptographic operations, to reveal their internal states."

  https://www.hitachi-hightech.com/global/products/science/tech/ana/thermal/descriptions/dta.html

• Question 330:

  A MSSP has taken on a large client that has government compliance requirements. Due to the sensitive nature of communications to its aerospace partners, the MSSP must ensure that all communications to and from the client web portal are secured by industry-standard asymmetric encryption methods. Which of the following should the MSSP configure to BEST meet this objective?

  A. ChaCha20
  B. RSA
  C. AES256
  D. RIPEMD
  B. RSA

  ---

  Explanation