CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 451:

  A security analyst has concerns about malware on an endpoint. The malware is unable to detonate by modifying the kernel response to various system calls. As a test, the analyst modifies a Windows server to respond to system calls as if it was a Linux server. In another test, the analyst modifies the operating system to prevent the malware from identifying target files. Which of the following techniques is the analyst MOST likely using?

  A. Honeypot
  B. Deception
  C. Simulators
  D. Sandboxing
  B. Deception

  ---

  Explanation

• Question 452:

  A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials. Which of the following features will enable the business to meet this objective?

  A. Simultaneous Authentication of Equals
  B. Enhanced open
  C. Perfect forward secrecy
  D. Extensible Authentication Protocol
  A. Simultaneous Authentication of Equals

  ---

  Explanation

• Question 453:

  Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

  A. Determine the optimal placement of hot/warm sites within the enterprise architecture.
  B. Create new processes for identified gaps in continuity planning.
  C. Establish new staff roles and responsibilities for continuity of operations.
  D. Assess the effectiveness of documented processes against a realistic scenario.
  D. Assess the effectiveness of documented processes against a realistic scenario.

  ---

  Explanation

• Question 454:

  A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that have hit the company. The data indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful. Which of the following should the CSO implement?

  A. Simulating a spam campaign
  B. Conducting a sanctioned vishing attack
  C. Performing a risk assessment
  D. Executing a penetration test
  A. Simulating a spam campaign

  ---

  Explanation

  A spam campaign is a mass distribution of unsolicited or fraudulent emails that may contain malicious links, attachments, or requests. Spam campaigns are often used by attackers to deliver ransomware, which is a type of malware that

  encrypts the victim's data and demands a ransom for its decryption. Simulating a spam campaign would allow the Chief Security Officer (CSO) to evaluate whether the training has been successful in reducing the number of successful

  ransomware attacks that have hit the company, because it would:

  Test the employees' ability to recognize and avoid clicking on fake or malicious emails, which is one of the main vectors for ransomware infection. Measure the effectiveness of the training by comparing the click-through rate and the infection

  rate before and after the training.

  Provide feedback and reinforcement to the employees by informing them of their performance and reminding them of the best practices for email security.

• Question 455:

  An architect is designing security scheme for an organization that is concerned about APTs. Any proposed architecture must meet the following requirements:

  1.Services must be able to be reconstituted quickly from a known-good state.

  2.Network services must be designed to ensure multiple diverse layers of redundancy.

  3.Defensive and responsive actions must be automated to reduce human operator demands.

  Which of the following designs must be considered to ensure the architect meets these requirements? (Choose three.)

  A. Increased efficiency by embracing advanced caching capabilities
  B. Geographic distribution of critical data and services
  C. Hardened and verified container usage
  D. Emulated hardware architecture usage
  E. Establishment of warm and hot sites for continuity of operations
  F. Heterogeneous architecture
  G. Deployment of IPS services that can identify and block malicious traffic
  H. Implementation and configuration of a SOAR
  B. Geographic distribution of critical data and services
  E. Establishment of warm and hot sites for continuity of operations
  H. Implementation and configuration of a SOAR

  ---

  Explanation

  The designs that must be considered to ensure the architect meets these requirements are:

  1.Network services must be designed to ensure multiple diverse layers of redundancy.

  2.Establishment of warm and hot sites for continuity of operations.

  Implementation and configuration of a SOAR (Security Orchestration, Automation and Response) system to automate defensive and responsive actions to reduce human operator demands.

  Heterogeneous architecture refers to the use of different types of hardware and software in a system. It is not related to the design of network services to ensure multiple diverse layers of redundancy.

• Question 456:

  In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

  A. Network security
  B. Physical security
  C. OS security
  D. Host infrastructure
  C. OS security

  ---

  Explanation

• Question 457:

  After a lengthy exercise manually analyzing various types of logs related to a security breach, a security team was able to tie the activity to specific employees.

  Which of the following should the team implement to help streamline this process moving forward?

  A. UEBA
  B. HSM
  C. HIPS
  D. XDR
  E. OPSEC training
  A. UEBA

  ---

  Explanation

  UEBA (User and Entity Behavior Analytics) uses machine learning and advanced analytics to detect abnormal patterns of behavior, such as unusual access or actions by employees. Implementing UEBA automates the analysis of logs and identifies suspicious activities, significantly reducing the manual effort required.

  Option B (HSM) is incorrect because a hardware security module is used for secure key management, not log analysis.

  Option C (HIPS) is incorrect because a host intrusion prevention system focuses on preventing attacks on endpoints rather than log analysis.

  Option D (XDR) extends threat detection and response across multiple domains, but it is broader in scope and does not focus specifically on user behavior analysis.

  Option E (OPSEC training) is valuable for educating employees but does not streamline the breach investigation process.

  References:

  CompTIA CASP+ Exam Objective 4.4: Implement security operations tools and automation solutions. CASP+ Study Guide, 5th Edition, Chapter 10, Security Operations and Behavioral Analysis.

• Question 458:

  A security analyst is reviewing the following output:

  

  Which of the following would BEST mitigate this type of attack?

  A. Installing a network firewall
  B. Placing a WAF inline
  C. Implementing an IDS
  D. Deploying a honeypot
  B. Placing a WAF inline

  ---

  Explanation

• Question 459:

  An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities. Which of the following service models best meets these requirements?

  A. PaaS
  B. SaaS
  C. IaaS
  D. MaaS
  A. PaaS

  ---

  Explanation

  In this scenario, the organization is looking to deploy a containerized application in the cloud and wants the infrastructure to automatically scale without handling patch management. A Platform as a Service (PaaS) model is the best fit because it allows developers to focus on the application and its deployment, while the cloud provider manages the underlying infrastructure, including patching and scaling. PaaS supports container orchestration, enabling automated scaling based on demand, and offloads most operational responsibilities to the provider. This is in contrast to Infrastructure as a Service (IaaS), which requires more direct management of the infrastructure, including patching. CASP+ highlights PaaS as a service model that minimizes operational overhead for security operations teams.

  References: CASP+ CAS-004 Exam Objectives: Domain 3.0 Enterprise Security Architecture (Cloud Service Models) CompTIA CASP+ Study Guide: Cloud Computing and PaaS Benefits

• Question 460:

  An organization recently experienced a ransomware attack. The security team leader is concerned about the attack reoccurring. However, no further security measures have been implemented. Which of the following processes can be used to identify potential prevention recommendations?

  A. Detection
  B. Remediation
  C. Preparation
  D. Recovery
  C. Preparation

  ---

  Explanation