CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 461:

  A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer's company. The network already includes a SEIM and a NIPS and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

  A. DLP
  B. Mail gateway
  C. Data flow enforcement
  D. UTM
  A. DLP

  ---

  Explanation

• Question 462:

  A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

  A. Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.
  B. Take an MD5 hash of the server.
  C. Delete all PHI from the network until the legal department is consulted.
  D. Consult the legal department to determine the legal requirements.
  D. Consult the legal department to determine the legal requirements.

  ---

  Explanation

  When PHI is discovered in an unexpected or unsecured location, the next appropriate step is to involve the legal department. They can assess regulatory obligations, potential compliance violations (e.g., under HIPAA), and guide the appropriate response, such as reporting requirements, forensic analysis, or containment.

  Taking technical action (like deletion or isolation) before legal consultation can lead to evidence tampering or non-compliance with regulatory reporting timelines.

• Question 463:

  A startup software company recently updated its development strategy to incorporate the Software Development Life Cycle, including revamping the quality assurance and release processes for gold builds. Which of the following would most likely be developed FIRST as part of the overall strategy?

  A. Security requirements
  B. Code signing
  C. Application vetting
  D. Secure coding standards
  A. Security requirements

  ---

  Explanation

• Question 464:

  A security analyst is trying to identify the source of a recent data loss incident The analyst has reviewed all the logs for the time surrounding the incident and identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application.

  Which of the following tools should the analyst use NEXT?

  A. Software decompiler
  B. Network enumerator
  C. Log reduction and analysis tool
  D. Static code analysis
  D. Static code analysis

  ---

  Explanation

• Question 465:

  A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert. Based on this information, the security

  analyst acknowledges this alert. Which of the following event classifications is MOST likely the reason for this action?

  A. True negative
  B. False negative
  C. False positive
  D. Non-automated response
  C. False positive

  ---

  Explanation

• Question 466:

  A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Choose three.)

  A. Temporal
  B. Availability
  C. Integrity
  D. Confidentiality
  E. Base
  F. Environmental
  G. Impact
  H. Attack vector
  A. Temporal
  E. Base
  F. Environmental

  ---

  Explanation

• Question 467:

  A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:

  1.Must have a minimum of 15 characters

  2.Must use one number

  3.Must use one capital letter

  4.Must not be one of the last 12 passwords used

  Which of the following policies should be added to provide additional security?

  A. Shared accounts
  B. Password complexity
  C. Account lockout
  D. Password history
  E. Time-based logins
  C. Account lockout

  ---

  Explanation

  https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/account-lockout-threshold

• Question 468:

  An organization is concerned with a critical legacy application that is only supported on an end-of-life operating system. The organization would like to limit network communication from this device to only a select number of other devices.

  Which of the following primary and compensating controls should the organization use to reduce risk? (Choose two)

  A. Host-based firewalls
  B. UEBA
  C. HIDS
  D. Antivirus
  E. EDR
  F. SEDs
  A. Host-based firewalls
  C. HIDS

• Question 469:

  SIMULATION

  A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

  1. The PostgreSQL server must only allow connectivity in the 10.1.2.0/24 subnet.

  2. The SSH daemon on the database server must be configured to listen to port 4022.

  3. The SSH daemon must only accept connections from a single workstation.

  4. All host-based firewalls must be disabled on all workstations.

  5. All devices must have the latest updates from within the past eight days.

  6. All HDDs must be configured to secure data at rest.

  7. Cleartext services are not allowed.

  8. All devices must be hardened when possible.

  INSTRUCTIONS

  Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.

  Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the PostgreSQL database via SSH.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  

  

  A. Check the answer in explanation below.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. Check the answer in explanation below.

  ---

  Explanation

  

• Question 470:

  A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application. Which of the following is the MOST likely cause?

  A. The user agent client is not compatible with the WAF.
  B. A certificate on the WAF is expired.
  C. HTTP traffic is not forwarding to HTTPS to decrypt.
  D. Old, vulnerable cipher suites are still being used.
  C. HTTP traffic is not forwarding to HTTPS to decrypt.

  ---

  Explanation

  

  https://aws.amazon.com/premiumsupport/knowledge-center/waf-block-http-requests-no-user-agent/