CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 481:

  An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely

  Which of the following features of these devices MOST likely led to this decision? (Select TWO.)

  A. Software-backed keystore

  B. Embedded cryptoprocessor

  C. Hardware-backed public key storage

  D. Support for stream ciphers

  E. Decentralized key management

  F. TPM 2.0 attestation services

  Correct Answer: BC

• Question 482:

  A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

  A. Implement strict three-factor authentication.

  B. Implement least privilege policies

  C. Switch to one-time or all user authorizations.

  D. Strengthen identify-proofing procedures

  Correct Answer: A

• Question 483:

  An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

  A. Peer review

  B. Regression testing

  C. User acceptance

  D. Dynamic analysis

  Correct Answer: A

• Question 484:

  A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

  

  Which of the following MOST appropriate corrective action to document for this finding?

  A. The product owner should perform a business impact assessment regarding the ability to implement a WAF.

  B. The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

  C. The system administrator should evaluate dependencies and perform upgrade as necessary.

  D. The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

  Correct Answer: A

• Question 485:

  A company was recently infected by malware. During the root cause analysis. the company determined that several users were installing their own applications. TO prevent further compromises, the company has decided it will only allow authorized applications to run on its systems. Which Of the following should the company implement?

  A. Signing

  B. Access control

  C. HIPS

  D. Permit listing

  Correct Answer: D

• Question 486:

  A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which of the following would BEST achieve this objective?

  A. Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.

  B. Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies.

  C. Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.

  D. Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.

  Correct Answer: C

• Question 487:

  A security architect is tasked with scoping a penetration test that will start next month. The architect wants to define what security controls will be impacted. Which of the following would be the BEST document to consult?

  A. Rules of engagement

  B. Master service agreement

  C. Statement of work

  D. Target audience

  Correct Answer: C

• Question 488:

  A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt the data using the keys from the website. Which of the following should the security analyst recommend to protect the affected data?

  A. Key rotation

  B. Key revocation

  C. Key escrow

  D. Zeroization

  E. Cryptographic obfuscation

  Correct Answer: A

• Question 489:

  A company wants to improve Its active protection capabilities against unknown and zero- day malware. Which of the following Is the MOST secure solution?

  A. NIDS

  B. Application allow list

  C. Sandbox detonation

  D. Endpoint log collection

  E. HIDS

  Correct Answer: B

• Question 490:

  Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

  A. Remote provider BCDR

  B. Cloud provider BCDR

  C. Alternative provider BCDR

  D. Primary provider BCDR

  Correct Answer: B