CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 331:

  A penetration tester is testing a company's login form for a web application using a list of known usernames and a common password list. According to a brute-force utility, the penetration tester needs to provide the tool with the proper headers, POST URL with variable names, and the error string returned with an improper login. Which of the following would BEST help the tester to gather this information? (Choose two.)

  A. The new source feature of the web browser
  B. The logs from the web server
  C. The inspect feature from the web browser
  D. A tcpdump from the web server
  E. An HTTP interceptor
  F. The website certificate viewed via the web browser
  C. The inspect feature from the web browser
  E. An HTTP interceptor

  ---

  Explanation

• Question 332:

  Application owners are reporting performance issues with traffic using port 1433 from the cloud environment. A security administrator has various pcap files to analyze the data between the related source and destination servers. Which of the following tools should be used to help troubleshoot the issue?

  A. Fuzz testing
  B. Wireless vulnerability scan
  C. Exploit framework
  D. Password cracker
  E. Protocol analyzer
  E. Protocol analyzer

  ---

  Explanation

  A protocol analyzer, such as Wireshark, is a tool used to capture and analyze network traffic. It allows security administrators to inspect individual packets, understand the traffic flow, and identify any unusual patterns or issues that may be impacting performance, such as high latency or unusual volume of traffic on a specific port.

• Question 333:

  A system engineer is reviewing output from a web application vulnerability scan. The engineer has determined data is entering the application from an untrusted source and is being used to construct a query dynamically. Which of the following code snippets would BEST protect the application against an SQL injection attack?

  

  A. String input = request.getParameter ("SegNo"); String characterPattern = "[0-9a-zA-Z]" If (! Input. Matches (characterPattern)) out.println ("Invalid Input");
  C. catch (Exception e) if (log.isDebugEnabled ()) log.debug (context, EVENTS.ADHOC, "CaughtInvalidGSMException Exception --" + e.tostring ());
  A. String input = request.getParameter ("SegNo"); String characterPattern = "[0-9a-zA-Z]" If (! Input. Matches (characterPattern)) out.println ("Invalid Input");

  ---

  Explanation

• Question 334:

  During a remodel, a company's computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

  Which of the following processes would BEST satisfy this requirement?

  A. Monitor camera footage corresponding to a valid access request.
  B. Require both security and management to open the door.
  C. Require department managers to review denied-access requests.
  D. Issue new entry badges on a weekly basis.
  A. Monitor camera footage corresponding to a valid access request.

  ---

  Explanation

  https://www.getkisi.com/access-control

• Question 335:

  A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution

  within the environment must be used to control the data from leaving the environment.

  Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?

  A. NAC to control authorized endpoints
  B. FIM on the servers storing the data
  C. A jump box in the screened subnet
  D. A general VPN solution to the primary network
  C. A jump box in the screened subnet

  ---

  Explanation

• Question 336:

  A security architect is designing a solution for a new customer who requires significant security capabilities in its environment. The customer has provided the architect with the following set of requirements:

  Capable of early detection of advanced persistent threats. Must be transparent to users and cause no performance degradation. Allow integration with production and development networks seamlessly. Enable the security team to hunt and investigate live exploitation techniques.

  Which of the following technologies BEST meets the customer's requirements for security capabilities?

  A. Threat Intelligence
  B. Deception software
  C. Centralized logging
  D. Sandbox detonation
  B. Deception software

  ---

  Explanation

  Deception software is a technology that creates realistic but fake assets (such as servers, applications, data, etc.) that mimic the real environment and lure attackers into interacting with them. By doing so, deception software can help detect advanced persistent threats (APTs) that may otherwise evade traditional security tools12. Deception software can also provide valuable insights into the attacker's tactics, techniques, and procedures (TTPs) by capturing their actions and behaviors on the decoys13. Deception software can meet the customer's requirements for security capabilities because: It is capable of early detection of APTs by creating attractive targets for them and alerting security teams when they are engaged12. It is transparent to users and causes no performance degradation because it does not interfere with legitimate traffic or resources13. It allows integration with production and development networks seamlessly because it can create decoys that match the network topology and configuration13. It enables the security team to hunt and investigate live exploitation techniques because it can record and analyze the attacker's activities on the decoys13.

• Question 337:

  A security administrator wants to implement an MDM solution to secure access to company email and files in a BYOD environment The solution must support the following requirements:

  1.Company administrators should not have access to employee's personal information.

  2.A rooted or jailbroken device should not have access to company sensitive information.

  Which of the following BEST addresses the associated risks?

  A. Codesigning
  B. VPN
  C. FDE
  D. Containerization
  D. Containerization

  ---

  Explanation

• Question 338:

  A security analyst is reviewing the following pseudo-output snippet after running the command less /tmp/file,tmp.

  

  The information above was obtained from a public-facing website and used to identify military assets. Which of the following should be implemented to reduce the risk of a similar compromise?

  A. Deploy a solution to sanitize geotagging information
  B. Install software to wipe data remnants on servers
  C. Enforce proper input validation on mission-critical software
  D. Implement a digital watermarking solution
  A. Deploy a solution to sanitize geotagging information

  ---

  Explanation

  This would strip GPS coordinates and other sensitive metadata from images or files before uploading them to public-facing websites

• Question 339:

  A user in the finance department uses a laptop to store a spreadsheet that contains confidential financial information for the company.

  Which of the following would be the best way to protect the file while the user brings the laptop between locations? (Choose two)

  A. Encrypt the hard drive with full disk encryption.
  B. Back up the file to an encrypted flash drive.
  C. Place an ACL on the file to only allow access to specified users.
  D. Store the file in the user profile.
  E. Place an ACL on the file to deny access to everyone.
  F. Enable access logging on the file.
  A. Encrypt the hard drive with full disk encryption.
  B. Back up the file to an encrypted flash drive.

  ---

  Explanation

  To protect confidential financial information on a laptop that is frequently moved between locations, full disk encryption (FDE) is a strong security measure that ensures that all data on thehard drive is encrypted. This means that if the laptop is lost or stolen, the data remains inaccessible without the encryption key. Additionally, backing up the file to an encrypted flash drive provides an extra layer of security and ensures that there is a secure copy of the file in case the laptop is compromised.

• Question 340:

  A company's Chief Information Officer wants to implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide information on attempted attacks, and provide analysis of malicious activities to determine termine the processes or users involved.

  Which of the following would provide this information?

  A. HIPS
  B. UEBA
  C. HIDS
  D. NIDS
  C. HIDS

  ---

  Explanation

  https://www.sciencedirect.com/topics/computer-science/host-based-intrusion-detection-systems