CompTIA CompTIA Advanced Security Practitioner CAS-004 Questions & Answers

• Question 31:

  A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. Which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

  A. X-Forwarded-Proto

  B. X-Forwarded-For

  C. Cache-Control

  D. Strict-Transport-Security

  E. Content-Security-Policy

  Correct Answer: B

• Question 32:

  An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS components. of the following TPM structures enables this storage functionality?

  A. Endorsement tickets

  B. Clock/counter structures

  C. Command tag structures with MAC schemes

  D. Platform configuration registers

  Correct Answer: D

• Question 33:

  A security analyst needs to recommend a remediation to the following threat:

  

  Which of the following actions should the security analyst propose to prevent this successful exploitation?

  A. Patch the system.

  B. Update the antivirus.

  C. Install a host-based firewall.

  D. Enable TLS 1.2.

  Correct Answer: A

• Question 34:

  A company is looking at sending historical backups containing customer PII to a cloud service provider to save on storage costs. Which of the following is the MOST important consideration before making this decision?

  A. Availability

  B. Data sovereignty

  C. Geography

  D. Vendor lock-in

  Correct Answer: B

• Question 35:

  A municipal department receives telemetry data from a third-party provider The server collecting telemetry sits in the municipal departments screened network and accepts connections from the third party over HTTPS. The daemon has a code execution vulnerability from a lack of input sanitization of out-of-bound messages, and therefore, the cybersecurity engineers would like to Implement nsk mitigations. Which of the following actions, if combined, would BEST prevent exploitation of this vulnerability? (Select TWO).

  A. Implementing a TLS inspection proxy on-path to enable monitoring and policy enforcement

  B. Creating a Linux namespace on the telemetry server and adding to it the servicing HTTP daemon

  C. Installing and configuring filesystem integrity monitoring service on the telemetry server

  D. Implementing an EDR and alert on Identified privilege escalation attempts to the SIEM

  E. Subscribing to a UTM service that enforces privacy controls between the internal network and the screened subnet

  F. Using the published data schema to monitor and block off nominal telemetry messages

  Correct Answer: CF

• Question 36:

  A company was recently infected by malware. During the root cause analysis. the company determined that several users were installing their own applications. TO prevent further compromises, the company has decided it will only allow authorized applications to run on its systems. Which Of the following should the company implement?

  A. Signing

  B. Access control

  C. HIPS

  D. Permit listing

  Correct Answer: D

• Question 37:

  A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt the data using the keys from the website. Which of the following should the security analyst recommend to protect the affected data?

  A. Key rotation

  B. Key revocation

  C. Key escrow

  D. Zeroization

  E. Cryptographic obfuscation

  Correct Answer: A

• Question 38:

  A security architect is tasked with scoping a penetration test that will start next month. The architect wants to define what security controls will be impacted. Which of the following would be the BEST document to consult?

  A. Rules of engagement

  B. Master service agreement

  C. Statement of work

  D. Target audience

  Correct Answer: C

• Question 39:

  A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which of the following would BEST achieve this objective?

  A. Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.

  B. Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies.

  C. Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.

  D. Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.

  Correct Answer: C

• Question 40:

  An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

  A. Peer review

  B. Regression testing

  C. User acceptance

  D. Dynamic analysis

  Correct Answer: A