CompTIA CompTIA Advanced Security Practitioner CAS-004 Questions & Answers

• Question 41:

  A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

  A. Implement strict three-factor authentication.

  B. Implement least privilege policies

  C. Switch to one-time or all user authorizations.

  D. Strengthen identify-proofing procedures

  Correct Answer: A

• Question 42:

  A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

  

  Which of the following MOST appropriate corrective action to document for this finding?

  A. The product owner should perform a business impact assessment regarding the ability to implement a WAF.

  B. The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

  C. The system administrator should evaluate dependencies and perform upgrade as necessary.

  D. The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

  Correct Answer: A

• Question 43:

  The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank's risk committee is to ensure:

  A. Budgeting for cybersecurity increases year over year.

  B. The committee knows how much work is being done.

  C. Business units are responsible for their own mitigation.

  D. The bank is aware of the status of cybersecurity risks

  Correct Answer: A

• Question 44:

  A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated Oss.

  Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure?

  A. Segment the systems to reduce the attack surface if an attack occurs

  B. Migrate the services to new systems with a supported and patched OS.

  C. Patch the systems to the latest versions of the existing OSs

  D. Install anti-malware. HIPS, and host-based firewalls on each of the systems

  Correct Answer: B

• Question 45:

  Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal?

  A. MOU

  B. NDA

  C. SLA

  D. ISA

  Correct Answer: A

• Question 46:

  A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

  

  As part of the image process, which of the following is the FIRST step the analyst should take?

  A. Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts

  B. Validate the final "Received" header against the DNS entry of the domain.

  C. Compare the 'Return-Path" and "Received" fields.

  D. Ignore the emails, as SPF validation is successful, and it is a false positive

  Correct Answer: B

• Question 47:

  An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely

  Which of the following features of these devices MOST likely led to this decision? (Select TWO.)

  A. Software-backed keystore

  B. Embedded cryptoprocessor

  C. Hardware-backed public key storage

  D. Support for stream ciphers

  E. Decentralized key management

  F. TPM 2.0 attestation services

  Correct Answer: BC

• Question 48:

  A security architect is given the following requirements to secure a rapidly changing enterprise with an increasingly distributed and remote workforce

  1.

  Cloud-delivered services

  2.

  Full network security stack

  3.

  SaaS application security management

  4.

  Minimal latency for an optimal user experience

  5.

  Integration with the cloud 1AM platform

  Which of the following is the BEST solution?

  A. Routing and Remote Access Service (RRAS)

  B. NGFW

  C. Managed Security Service Provider (MSSP)

  D. SASE

  Correct Answer: D

• Question 49:

  An HVAC contractor requested network connectivity permission to remotely support/troubleshoot equipment issues at a company location. Currently, the company does not have a process that allows vendors remote access to the corporate network.

  Which of the following solutions represents the BEST course of action to allow the contractor access?

  A. Add the vendor's equipment to the existing network Give the vendor access through the standard corporate VPN

  B. Give the vendor a standard desktop PC to attach the equipment to Give the vendor access through the standard corporate VPN

  C. Establish a certification process for the vendor Allow certified vendors access to the VDI to monitor and maintain the HVAC equipment

  D. Create a dedicated segment with no access to the corporate network Implement dedicated VPN hardware for vendor access

  Correct Answer: D

• Question 50:

  Which of the following controls primarily detects abuse of privilege but does not prevent it?

  A. Off-boarding

  B. Separation of duties

  C. Least privilege

  D. Job rotation

  Correct Answer: A