CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 441:

  A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting?

  A. True positive
  B. False negative
  C. False positive
  D. True negative
  C. False positive

  ---

  Explanation

  When an EDR (Endpoint Detection and Response) system flags legitimate software as malicious, it is a false positive. This occurs when the EDR incorrectly identifies normal, non-malicious activity as a threat. The scenario described indicates that the development software was blocked even though there were no changes to the software, which suggests a false positive by the EDR system.

• Question 442:

  A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company's services to ensure false positives do not drop legitimate traffic. Which of the following would satisfy the requirement?

  A. NIDS
  B. NIPS
  C. WAF
  D. Reverse proxy
  A. NIDS

  ---

  Explanation

  https://subscription.packtpub.com/book/networking-and-servers/9781782174905/5/ch05lvl1sec38/differentiating-between-nids-and-nips

• Question 443:

  An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?

  A. The NTP server is set incorrectly for the developers.
  B. The CA has included the certificate in its CRL_
  C. The certificate is set for the wrong key usage.
  D. Each application is missing a SAN or wildcard entry on the certificate.
  C. The certificate is set for the wrong key usage.

  ---

  Explanation

• Question 444:

  A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations. Which of the following is the BEST course of action to help prevent this situation m the near future?

  A. Establish cross-account trusts to connect all VPCs via API for secure configuration scanning.
  B. Migrate the system to another larger, top-tier cloud provider and leverage the additional VPC peering flexibility.
  C. Implement a centralized network gateway to bridge network traffic between all VPCs.
  D. Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.
  A. Establish cross-account trusts to connect all VPCs via API for secure configuration scanning.

  ---

  Explanation

  The BEST course of action for the security analyst to help prevent a similar situation in the near future is to Establish cross-account trusts to connect all VPCs via API for secure configuration scanning (A). Cross-account trusts allow for VPCs to be securely connected for the purpose of secure configuration scanning, which can help to identify and remediate vulnerabilities within the system.

• Question 445:

  A healthcare company wants to increase the value of the data it collects on its patients by making the data available to third-party researchers for a fee. Which of the following BEST mitigates the risk to the company?

  A. Log all access to the data and correlate with the researcher.
  B. Anonymize identifiable information using keyed strings
  C. Ensure all data is encrypted in transit to the researcher.
  D. Ensure all researchers sign and abide by non-disclosure agreements.
  E. Sanitize date and time stamp information in the records.
  B. Anonymize identifiable information using keyed strings

  ---

  Explanation

  Anonymizing identifiable information reduces the risk of exposing personal data while still allowing researchers to analyze patterns and trends, making it the most effective mitigation when sharing patient data externally.

• Question 446:

  The Chief Information Security Officer (CISO) of a small, local bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually.

  Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

  A. Black-box testing
  B. Gray-box testing
  C. Red-team hunting
  D. White-box testing
  E. Blue-team exercises
  A. Black-box testing

  ---

  Explanation

  Black-box testing simulates an external attacker with no prior knowledge of the system, fulfilling compliance requirements while requiring minimal internal resource involvement from the organization.

• Question 447:

  During a recent breach, an attacker was able to get a user's login credentials by cracking a password that was retrieved via a stolen laptop. The attacker accessed the hashed passwords from the hard drive when it was connected to another device.

  Which of the following security measures could have helped prevent this account from being compromised?

  A. Host-based Intrusion Detection System
  B. Endpoint Detection and Response
  C. Host-based Firewall
  D. Full Disk Encryption
  D. Full Disk Encryption

  ---

  Explanation

  Full Disk Encryption ensures that the data on the laptop is encrypted at rest, preventing unauthorized access even if the device is stolen and its hard drive accessed externally. This aligns with CASP+ objective 3.5, which emphasizes implementing encryption to protect sensitive data against theft and compromise.

• Question 448:

  After the latest risk assessment, the Chief Information Security Officer (CISO) decides to meet with the development and security teams to find a way to reduce the security task workload. The CISO would like to:

  1.Have a solution that uses API to communicate with other security tools.

  2.Use the latest technology possible.

  3.Have the highest controls possible on the solution.

  Which of following is the BEST option to meet these requirements?

  A. EDR
  B. CSP
  C. SOAR
  D. CASB
  C. SOAR

  ---

  Explanation

  Security Orchestration, Automation, and Response (SOAR) solutions are designed to automate and streamline security operations in complex environments. By utilizing APIs, SOAR platforms can integrate with various security tools to enhance incident response processes, automate tasks, and improve overall efficiency. This aligns with the requirements of using the latest technology and having high control over the solution. SOAR's ability to orchestrate between different security solutions and automate responses to threats makes it the best option to reduce the security task workload while maintaining high controls.

• Question 449:

  A company wants to reduce its backup storage requirement and is undertaking a data cleanup project.

  Which of the following should a security administrator consider first when determining which data should be deleted?

  A. Retention schedules
  B. Classification levels
  C. Sanitization requirements
  D. Data labels
  E. File size
  A. Retention schedules

  ---

  Explanation

  Before determining which data should be deleted during a data cleanup project, it is critical to first review retention schedules. Retention schedules specify how long data must be retained to comply with legal, regulatory, or business

  requirements. Deleting data prematurely could result in non-compliance or the loss of important information. By consulting retention schedules, the security administrator ensures that data is deleted in a compliant and controlled manner,

  based on its retention policy. CASP+ highlights data retention management as a key element in data governance and security.

  References:

  CASP+ CAS-004 Exam Objectives: Domain 1.0

  Risk Management (Data Governance and Retention Policies)

  CompTIA CASP+ Study Guide: Data Retention, Deletion, and Compliance Requirements

• Question 450:

  A security engineer is hardening a company's multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open:

  1.22

  2.25

  3.110

  4.137

  5.138

  6.139

  7.445

  Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company's distribution process.

  Which of the following would be the BEST solution to harden the system?

  A. Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.
  B. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.
  C. Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.
  D. Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.
  B. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.

  ---

  Explanation