CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 421:

  A municipal department receives telemetry data from a third-party provider The server collecting telemetry sits in the municipal departments screened network and accepts connections from the third party over HTTPS. The daemon has a code execution vulnerability from a lack of input sanitization of out-of-bound messages, and therefore, the cybersecurity engineers would like to Implement nsk mitigations. Which of the following actions, if combined, would BEST prevent exploitation of this vulnerability? (Select TWO).

  A. Implementing a TLS inspection proxy on-path to enable monitoring and policy enforcement
  B. Creating a Linux namespace on the telemetry server and adding to it the servicing HTTP daemon
  C. Installing and configuring filesystem integrity monitoring service on the telemetry server
  D. Implementing an EDR and alert on Identified privilege escalation attempts to the SIEM
  E. Subscribing to a UTM service that enforces privacy controls between the internal network and the screened subnet
  F. Using the published data schema to monitor and block off nominal telemetry messages
  C. Installing and configuring filesystem integrity monitoring service on the telemetry server
  F. Using the published data schema to monitor and block off nominal telemetry messages

  ---

  Explanation

• Question 422:

  A control systems analyst is reviewing the defensive posture of engineering workstations on the shop floor. Upon evaluation, the analyst makes the following observations:

  1. Unsupported, end-of-life operating systems were still prevalent on the shop floor.

  2. There are no security controls for systems with supported operating systems.

  3. There is little uniformity of installed software among the workstations.

  Which of the following would have the greatest impact on the attack surface?

  A. Deploy antivirus software to all of the workstations.
  B. Increase the level of monitoring on the workstations.
  C. Utilize network-based allow and block lists.
  D. Harden all of the engineering workstations using a common strategy.
  D. Harden all of the engineering workstations using a common strategy.

  ---

  Explanation

  Hardening the engineering workstations using a consistent strategy would have the greatest impact on reducing the attack surface. The workstations are running outdated and unsupported operating systems, with no security controls, and inconsistent software installations, which significantly increases the risk of exploitation. Hardening involves applying patches, reducing unnecessary software, disabling unused services, and ensuring uniform security controls across all systems. By addressing these vulnerabilities and inconsistencies, the overall security posture improves significantly, which aligns with CASP+ best practices on reducing attack surfaces by standardizing and securing endpoint configurations.

  References: CASP+ CAS-004 Exam Objectives: Domain 1.0 Risk Management (Vulnerability Management, System Hardening) CompTIA CASP+ Study Guide: Hardening Techniques and Attack Surface Reduction

• Question 423:

  A software company wants to build a platform by integrating with another company's established product. Which of the following provisions would be MOST important to include when drafting an agreement between the two companies?

  A. Data sovereignty
  B. Shared responsibility
  C. Source code escrow
  D. Safe harbor considerations
  B. Shared responsibility

  ---

  Explanation

  When drafting an agreement between two companies, it is important to clearly define the responsibilities of each party. This is particularly relevant when a software company is looking to integrate with an established product. A shared responsibility agreement ensures that both parties understand their respective responsibilities and are able to work together efficiently and effectively. For example, the software company might be responsible for integrating the product and ensuring it meets user needs, while the established product provider might be responsible for providing ongoing support and maintenance. By outlining these responsibilities in the agreement, both parties can ensure that the platform is built and maintained successfully.

  References: CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 8, Working with Third Parties.

• Question 424:

  A company hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements:

  The credentials used to publish production software to the container registry should be stored in a secure location.

  Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

  Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

  A. TPM
  B. Local secure password file
  C. MFA
  D. Key vault
  D. Key vault

  ---

  Explanation

  https://docs.microsoft.com/en-us/windows/security/information-protection/tpm/tpm-fundamentals

• Question 425:

  An organization wants to perform a scan of all its systems against best practice security configurations.

  Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.)

  A. ARF
  B. XCCDF
  C. CPE
  D. CVE
  E. CVSS
  F. OVAL
  B. XCCDF
  F. OVAL

  ---

  Explanation

  https://www.govinfo.gov/content/pkg/GOVPUB-C13-9ecd8eae582935c93d7f410e955dabb6/pdf/GOVPUB-C139ecd8eae582935c93d7f410e955dabb6.pdf (p.12)

• Question 426:

  A healthcare system recently suffered from a ransomware incident As a result the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Select THREE).

  A. SD-WAN
  B. PAM
  C. Remote access VPN
  D. MFA
  E. Network segmentation
  F. BGP
  G. NAC
  B. PAM
  C. Remote access VPN
  E. Network segmentation

  ---

  Explanation

• Question 427:

  While performing mandatory monthly patch updates on a production application server, the security analyst reports an instance of buffer overflow for a new application that was migrated to the cloud and is also publicly exposed. Security policy requires that only internal users have access to the application. Which of the following should the analyst implement to mitigate the issues reported? (Choose two.)

  A. Configure firewall rules to block all external traffic.
  B. Enable input validation for all fields.
  C. Enable automatic updates to be installed on all servers.
  D. Configure the security group to enable external traffic.
  E. Set up a DLP policy to alert for exfiltration on all application servers.
  F. Enable nightly vulnerability scans.
  A. Configure firewall rules to block all external traffic.
  B. Enable input validation for all fields.

  ---

  Explanation

• Question 428:

  During a phishing exercise, a few privileged users ranked high on the failure list. The enterprise would like to ensure that privileged users have an extra security-monitoring control in place. Which of the following is the MOST likely solution?

  A. A WAF to protect web traffic
  B. User and entity behavior analytics
  C. Requirements to change the local password
  D. A gap analysis
  B. User and entity behavior analytics

  ---

  Explanation

• Question 429:

  An organization does not have visibility into when company-owned assets are off network or not connected via a VPN. The lack of visibility prevents the organization from meeting security and operational objectives. Which of the following cloud-hosted solutions should the organization implement to help mitigate the risk?

  A. Antivirus
  B. UEBA
  C. EDR
  D. HIDS
  C. EDR

  ---

  Explanation

  Endpoint Detection and Response (EDR) solutions provide continuous monitoring and response to advanced threats. They can help mitigate the risk of not having visibility into off-network activities by detecting, investigating, and responding to suspicious activities on endpoints, regardless of their location.

• Question 430:

  Which of the following is the best reason to maintain visibility into vendor supply chains?

  A. To circumvent interdiction of shipments by nation-state actors
  B. To prevent clandestine tampering with components in transit
  C. To comply with import/export legal regulations
  D. To ensure the lowest possible price is quoted
  B. To prevent clandestine tampering with components in transit

  ---

  Explanation