CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 401:

  A security engineer was auditing an organization's current software development practice and discovered that multiple open-source libraries were Integrated into the organization's software. The organization currently performs SAST and DAST on the software it develops.

  Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

  A. Perform additional SAST/DAST on the open-source libraries.
  B. Implement the SDLC security guidelines.
  C. Track the library versions and monitor the CVE website for related vulnerabilities.
  D. Perform unit testing of the open-source libraries.
  C. Track the library versions and monitor the CVE website for related vulnerabilities.

  ---

  Explanation

• Question 402:

  Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application- level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

  A. laaS
  B. SaaS
  C. FaaS
  D. PaaS
  D. PaaS

  ---

  Explanation

• Question 403:

  Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?

  A. Zigbee
  B. CAN
  C. DNP3
  D. Modbus
  A. Zigbee

  ---

  Explanation

  https://urgentcomm.com/2007/11/01/connecting-on-a-personal-level/

• Question 404:

  A security auditor needs to review the manner in which an entertainment streaming device operates The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output:

  

  The best option for the auditor to use NEXT is:

  A. a SCAP assessment
  B. reverse engineering
  C. fuzzing
  D. network interception
  A. a SCAP assessment

  ---

  Explanation

• Question 405:

  After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst create to address future incidents?

  A. Root cause analysis
  B. Communication plan
  C. Runbook
  D. Lessons learned
  C. Runbook

  ---

  Explanation

  A runbook is a detailed guide that provides step-by-step instructions on how to respond to specific types of incidents. It is used by the SOC team to ensure a consistent, organized, and efficient response to incidents. In this case, after the incident investigation, creating a runbook would help standardize the response process for future security incidents, enabling the team to act quickly and effectively. CASP+ emphasizes the importance of having detailed runbooks for incident response as part of an organization's overall incident response strategy.

  References: CASP+ CAS-004 Exam Objectives: Domain 2.0 Enterprise Security Operations (Incident Response and Runbooks) CompTIA CASP+ Study Guide: Incident Response Procedures and Runbooks

• Question 406:

  The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal?

  A. BYOO
  B. CYOD
  C. COPE
  D. MDM
  D. MDM

  ---

  Explanation

• Question 407:

  An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.

  Which of the following should the organization perform NEXT?

  A. Assess the residual risk.
  B. Update the organization's threat model.
  C. Move to the next risk in the register.
  D. Recalculate the magnitude of impact.
  A. Assess the residual risk.

  ---

  Explanation

• Question 408:

  Which of the following communication protocols is used to create PANs with small, low-power digital radios and supports a large number of nodes?

  A. Zigbee
  B. Wi-Fi
  C. CAN
  D. Modbus
  E. DNP3
  A. Zigbee

  ---

  Explanation

• Question 409:

  A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time. Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

  A. The company will have access to the latest version to continue development.
  B. The company will be able to force the third-party developer to continue support.
  C. The company will be able to manage the third-party developer's development process.
  D. The company will be paid by the third-party developer to hire a new development team.
  A. The company will have access to the latest version to continue development.

  ---

  Explanation

• Question 410:

  A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line. Which of the following commands would be the BEST to run to view only active Internet connections?

  A. sudo netstat -antu | grep "LISTEN" | awk `{print$5}'
  B. sudo netstat -nlt -p | grep "ESTABLISHED"
  C. sudo netstat -plntu | grep -v "Foreign Address"
  D. sudo netstat -pnut -w | column -t -s $'\w'
  E. sudo netstat -pnut | grep -P ^tcp
  E. sudo netstat -pnut | grep -P ^tcp

  ---

  Explanation

  https://www.codegrepper.com/code-examples/shell/netstat+find+port