CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 341:

  A security analyst observes the following while looking through network traffic in a company's cloud log:

  

  Which of the following steps should the security analyst take FIRST?

  A. Quarantine 10.0.5.52 and run a malware scan against the host.
  B. Access 10.0.5.52 via EDR and identify processes that have network connections.
  C. Isolate 10.0.50.6 via security groups.
  D. Investigate web logs on 10.0.50.6 to determine if this is normal traffic.
  B. Access 10.0.5.52 via EDR and identify processes that have network connections.

  ---

  Explanation

• Question 342:

  A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:

  1.Maintain customer trust

  2.Minimize data leakage

  3.Ensure non-repudiation

  Which of the following would be the BEST set of recommendations from the security architect?

  A. Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.
  B. Disable file exchange, enable watermarking, and enable the user authentication requirement.
  C. Enable end-to-end encryption, disable video recording, and disable file exchange.
  D. Enable watermarking, enable the user authentication requirement, and disable video recording.
  A. Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.

  ---

  Explanation

  Verified

  References: https://www.rev.com/blog/marketing/follow-these-7-video-conferencing-security-best-practices https://www.paloaltonetworks.com/blog/2020/04/network-video-conferencing- security/ https://www.megameeting.com/news/best-practices-secure-video-conferencing/

• Question 343:

  A security administrator wants to enable a feature that would prevent a compromised encryption key from being used to decrypt all the VPN traffic. Which of the following should the security administrator use?

  A. Salsa20 cipher
  B. TLS-based VPN
  C. PKI-based IKE IPSec negotiation
  D. Perfect forward secrecy
  D. Perfect forward secrecy

  ---

  Explanation

  Perfect forward secrecy (PFS) is a feature in cryptographic systems that ensures that session keys derived from long-term keys are not compromised even if the long-term keys are compromised in the future. In the context of VPNs, PFS ensures that each session key used for encryption is unique to that session and not derived from the VPN server's long-term private key alone. This means that if an attacker obtains the server's private key later on, they cannot use it to decrypt past VPN sessions because those session keys were derived separately and are not accessible from the compromised private key. Thus, PFS protects VPN traffic from retrospective decryption by ensuring that compromise of a longterm key does not compromise past session keys.

• Question 344:

  A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company's managed database, exposing customer information.

  The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

  A. The pharmaceutical company
  B. The cloud software provider
  C. The web portal software vendor
  D. The database software vendor
  A. The pharmaceutical company

  ---

  Explanation

• Question 345:

  A social media company wants to change encryption ciphers after identifying weaknesses in the implementation of the existing ciphers. The company needs the new ciphers to meet the following requirements:

  1. Utilize less RAM than competing ciphers.

  2. Be more CPU-efficient than previous ciphers.

  3. Require customers to use TLS 1.3 while broadcasting video or audio.

  Which of the following is the best choice for the social media company?

  A. IDEA-CBC
  B. AES-GCM
  C. ChaCha20-Poly1305
  D. Camellia-CBC
  C. ChaCha20-Poly1305

  ---

  Explanation

• Question 346:

  A security engineer evaluates the overall security of a custom mobile gaming application and notices that developers are bringing in a large number of open-source packages without appropriate patch management. Which of the following would the engineer most likely recommend for uncovering known vulnerabilities in the packages?

  A. Leverage an exploitation framework to uncover vulnerabilities.
  B. Use fuzz testing to uncover potential vulnerabilities in the application.
  C. Utilize a software composition analysis tool to report known vulnerabilities.
  D. Reverse engineer the application to look for vulnerable code paths.
  E. Analyze the use of an HTTP intercepting proxy to dynamically uncover issues.
  C. Utilize a software composition analysis tool to report known vulnerabilities.

  ---

  Explanation

• Question 347:

  A technology company developed an in-house chat application that is used only by developers. An open-source library within the application has been deprecated. The facts below are provided:

  1.The cost of replacing this system is nominal.

  2.The system provides no revenue to the business.

  3.The system is not a critical part of the business.

  Which of the following is the best risk mitigation strategy?

  A. Transfer the risk, since developers prefer using this chat application over alternatives.
  B. Accept the risk, since any system disruption will only impact developers.
  C. Avoid the risk by shutting down this application and migrating to another chat platform.
  D. Mitigate the risk by purchasing an EDR and configuring network ACLs.
  C. Avoid the risk by shutting down this application and migrating to another chat platform.

  ---

  Explanation

  Avoiding the risk by shutting down the application and migrating to a supported, alternative platform is the most effective option based on the provided scenario. The application is non-critical, provides no revenue, and replacing it has a nominal cost, making risk avoidance the ideal choice. This aligns with the CASP+ objective of implementing risk strategies (1.3) and emphasizes prioritizing cost-effective and practical solutions over maintaining deprecated or vulnerable systems.

• Question 348:

  Company A is merging with Company

  B. Company A is a small, local company. Company B has a large, global presence. The two companies have a lot of duplication in their IT systems processes, and procedures. On the new Chief Information Officer's (ClO's) first day, a fire breaks out at Company B's mam data center. Which of the following actions should the CIO take first?

  A. Determine whether the incident response plan has been tested at both companies, and use it to respond
  B. Review the incident response plans, and engage the disaster recovery plan while relying on the IT leaders from both companies.
  C. Ensure hot. warm, and mobile disaster recovery sites are available, and give an update to the companies' leadership teams
  D. Initiate Company A's IT systems processes and procedures, assess the damage, and perform a BIA
  B. Review the incident response plans, and engage the disaster recovery plan while relying on the IT leaders from both companies.

  ---

  Explanation

  In the event of a fire at the main data center, the immediate action should be to review and engage the disaster recovery plan. This is to ensure the continuity of business operations. The CIO should coordinate with IT leaders from both companies to ensure a unified response. Assessing the damage and planning for recovery are crucial, and leveraging the expertise from both companies can help streamline the process.

• Question 349:

  A security analyst is reviewing the following output from a vulnerability scan from an organization's internet-facing web services:

  

  Which of the following indicates a susceptibility whereby an attacker can take advantage of the trust relationship between the client and the server?

  A. Line 06
  B. Line 10
  C. Line 13
  D. Line 17
  E. Line 18
  D. Line 17

  ---

  Explanation

  -

  OCSP (Online Certificate Status Protocol) Used by clients to check the revocation status of digital certificates.

  -

  Must-Staple Extension: A certificate extension that tells clients the server must provide a stapled OCSP response during the TLS handshake. Without this extension, clients may not require an OCSP stapled response.

  -

  An attacker could perform a Man-in-the-Middle (MitM) attack using a revoked certificate without the client being aware.

  -

  Attackers can exploit the absence of OCSP Must-Staple to use revoked certificates.

  -

  Clients trust the server's certificate but can't verify its revocation status effectively.

• Question 350:

  A senior cybersecurity engineer is solving a digital certificate issue in which the CA denied certificate issuance due to failed subject identity validation. At which of the following steps within the PKI enrollment process would the denial have occurred?

  A. RA
  B. OCSP
  C. CA
  D. IdP
  A. RA

  ---

  Explanation