CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 411:

  A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed.

  Which of the following should the analyst use to create the list quickly?

  A. Business impact rating
  B. CVE dates
  C. CVSS scores
  D. OVAL
  C. CVSS scores

  ---

  Explanation

• Question 412:

  A company requires a task to be carried by more than one person concurrently. This is an example of:

  A. separation of d duties.
  B. dual control
  C. least privilege
  D. job rotation
  B. dual control

  ---

  Explanation

• Question 413:

  An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely

  Which of the following features of these devices MOST likely led to this decision? (Select TWO.)

  A. Software-backed keystore
  B. Embedded cryptoprocessor
  C. Hardware-backed public key storage
  D. Support for stream ciphers
  E. Decentralized key management
  F. TPM 2.0 attestation services
  B. Embedded cryptoprocessor
  C. Hardware-backed public key storage

  ---

  Explanation

• Question 414:

  During the migration of a company's human resources application to a PaaS provider, the Chief Privacy Officer (CPO) expresses concern the vendor's staff may be able to access data within the migrating application The application stack

  includes a multitier architecture and uses commercially available, vendor-supported software packages.

  Which of the following BEST addresses the CPO's concerns?

  A. Execute non-disclosure agreements and background checks on vendor staff
  B. Ensure the platform vendor implements data-at-rest encryption on its storage
  C. Enable MFA to the vendor's tier of the architecture
  D. Implement a CASB that tokenizes company data in transit to the migrated applications.
  D. Implement a CASB that tokenizes company data in transit to the migrated applications.

  ---

  Explanation

  https://www.omo.orQ/cloud/deliverables/CSCC-Miqratino-ApDlications-to-Public-Cloud-Sefvices-Roadmap-for-Success.pdf

• Question 415:

  A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

  1.Mobile clients should verity the identity of all social media servers locally.

  2.Social media servers should improve TLS performance of their certificate status.

  3.Social media servers should inform the client to only use HTTPS.

  Given the above requirements, which of the following should the company implement? (Choose two.)

  A. Quick UDP internet connection
  B. OCSP stapling
  C. Private CA
  D. DNSSEC
  E. CRL
  F. HSTS
  G. Distributed object model
  B. OCSP stapling
  F. HSTS

  ---

  Explanation

• Question 416:

  A security analyst is performing a review of a web application. During testing as a standard user, the following error log appears:

  

  Which of the following BEST describes the analyst's findings and a potential mitigation technique?

  A. The findings indicate unsecure references. All potential user input needs to be properly sanitized.
  B. The findings indicate unsecure protocols All cookies should be marked as HttpOnly.
  C. The findings indicate information disclosure. The displayed error message should be modified.
  D. The findings indicate a SQL injection. The database needs to be upgraded.
  C. The findings indicate information disclosure. The displayed error message should be modified.

  ---

  Explanation

• Question 417:

  A security engineer thinks the development team has been hard-coding sensitive environment variables in its code. Which of the following would BEST secure the company's CI/CD pipeline?

  A. Utilizing a trusted secrets manager
  B. Performing DAST on a weekly basis
  C. Introducing the use of container orchestration
  D. Deploying instance tagging
  A. Utilizing a trusted secrets manager

  ---

  Explanation

  https://about.gitlab.com/blog/2021/04/09/demystifying-ci-cd-variables/

• Question 418:

  The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold. Which of the following actions should the organization take to comply with the request?

  A. Preserve all communication matching the requested search terms
  B. Block communication with the customer while litigation is ongoing
  C. Require employees to be trained on legal record holds
  D. Request that all users do not delete any files
  A. Preserve all communication matching the requested search terms

  ---

  Explanation

  When a legal records hold is issued, the organization is required to preserve all documents and communications that may relate to the litigation. This includes emails, files, and any other form of communication that contains the requested search terms. It is a process of ensuring that this information is not deleted, altered, or otherwise tampered with.

• Question 419:

  During a forensics investigation, a security professional needs to identify ISO images in a computer system where the ISO extension has been purposely removed or replaced with another extension.

  Which of the following tools will accomplish this task?

  A. file
  B. Isof
  C. ldd
  D. OllyDbg
  A. file

  ---

  Explanation

  "In forensic analysis on Unix-like systems, the file utility examines the magic number and header information of a file to determine its true type, regardless of its filename or extension. This makes it invaluable when an adversary has renamed or stripped extensions from files to evade detection."

  CompTIA CASP+ Official Study Guide, Third Edition, Chapter 7: Forensics and Incident Response, p. 485. "Use the file command as part of your forensic toolkit to validate image files (e.g., ISO, E01) by their internal signatures. This approach is more reliable than relying on extensions or filenames alone."

  CompTIA CASP+ CAS-004 Exam Objectives (v7.1), Section 5.2: Forensic Analysis Techniques, p. 33. By leveraging the file utility's signature-based detection, the investigator can accurately identify ISO images even when their extensions have been altered or removed.

  References:

  CompTIA CASP+ Official Study Guide, Third Edition, p. 485

  CompTIA CASP+ CAS-004 Exam Objectives (v7.1), Section 5.2, p. 33

• Question 420:

  Following a Log4j outbreak, several network appliances were not managed and remained undetected despite an application inventory system being in place. Which of the following solutions should the security director recommend to best understand the composition of applications on unmanaged devices?

  A. Protocol analyzer
  B. Package monitoring
  C. Software bill of materials
  D. Fuzz testing
  C. Software bill of materials

  ---

  Explanation

  A Software Bill of Materials (SBOM) provides a comprehensive inventory of software components and libraries used in an application or device. It lists out all the dependencies and their versions, which is crucial for understanding the composition of applications, especially on unmanaged devices. In the context of the Log4j outbreak, having an SBOM would allow the security team to identify if any vulnerable versions of Log4j or other vulnerable software components are present on the unmanaged devices. This helps in assessing and mitigating risks associated with known vulnerabilities.