CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 501:

  A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:

  

  Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

  A. Personal health information: Inform the human resources department of the breach and review the DLP logs.
  B. Account history; Inform the relationship managers of the breach and create new accounts for the affected users.
  C. Customer IDs: Inform the customer service department of the breach and work to change the account numbers.
  D. PAN: Inform the legal department of the breach and look for this data in dark web monitoring.
  D. PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

  ---

  Explanation

• Question 502:

  An organization has been notified of a breach related to its sensitive data The point of compromise is the use of weak encryption algorithms on a web server that provides access to a legacy API The organization had previously decided to

  accept the nsk of using weak algorithms due to the cost to continually develop the legacy platform.

  Other system owners need to be aware of the increased likelihood of this threat.

  Which of the following should be reviewed by the CERT and presented to system owners to ensure a proper nsk analysis is performed?

  A. Lessons learned
  B. Incident log
  C. Risk register
  D. Root-cause analysis
  E. Gap analysis
  A. Lessons learned

  ---

  Explanation

• Question 503:

  Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

  Which of the following would be the BEST option to implement?

  A. Distributed connection allocation
  B. Local caching
  C. Content delivery network
  D. SD-WAN vertical heterogeneity
  C. Content delivery network

  ---

  Explanation

• Question 504:

  A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:

  1.www.mycompany.org

  2.www.mycompany.com

  3.campus.mycompany.com

  4.wiki. mycompany.org

  The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

  A. Purchase one SAN certificate.
  B. Implement self-signed certificates.
  C. Purchase one certificate for each website.
  D. Purchase one wildcard certificate.
  A. Purchase one SAN certificate.

  ---

  Explanation

• Question 505:

  SIMULATION

  Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to conduct this review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more

  restrictive. Given the following information answer the questions below:

  User Subnet: 192.168.1.0/24 Server Subnet: 192.168.2.0/24 Finance Subnet:192.168.3.0/24

  Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order columns. Firewall ACLs are read from the top down

  Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue.

  Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.

  Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue.

  Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.

  Check the solution below.

  

  A. Check the answer in explanation.
  B. PlaceHoder
  C. PlaceHoder
  D. PlaceHoder
  A. Check the answer in explanation.

  ---

  Explanation

  Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue.

  The rule shown in the image below is the rule in question. It is not working because the action is set to Deny.

  This needs to be set to Permit.

  Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications.

  The web servers rule is shown in the image below. Port 80 (HTTP) needs to be changed to port 443 for HTTPS (HTTP over SSL).

  Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue.

  The SQL Server rule is shown in the image below. It is not working because the protocol is wrong. It should be TCP, not UDP.

  Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed.

  The network time rule is shown in the image below.

  However, this rule is not being used because the `any' rule shown below allows all traffic and the rule is placed above the network time rule. To block all other traffic, the `any' rule needs to be set to Deny, not Permit and the rule needs to be

  placed below all the other rules (it needs to be placed at the bottom of the list to the rule is enumerated last).

• Question 506:

  Which of the following indicates when a company might not be viable after a disaster?

  A. Maximum tolerable downtime
  B. Recovery time objective
  C. Mean time to recovery
  D. Annual loss expectancy
  A. Maximum tolerable downtime

  ---

  Explanation

• Question 507:

  A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

  A. Certificate chain
  B. Root CA
  C. Certificate pinning
  D. CRL
  E. OCSP
  B. Root CA

  ---

  Explanation

  The developer would most likely implement a Root CA in the autonomous vehicle's software. A Root CA is the top-level authority in a PKI that issues and validates certificates for subordinate CAs or end entities. A Root CA can be self-signed

  and embedded in the vehicle's software, which would reduce the need for external communication and verification. A Root CA would also enable the vehicle to use digital signatures and encryption for secure communication with other vehicles

  or infrastructure. Verified

  References:

  https://cse.iitkgp.ac.in/~abhij/publications/PKI++.pdf https://www.digicert.com/blog/connected-cars-need-security-use-pki https://ieeexplore.ieee.org/document/9822667/

• Question 508:

  An application engineer is using the Swagger framework to leverage REST APIs to authenticate endpoints. The engineer is receiving HTTP 403 responses. Which of the following should the engineer do to correct this issue? (Choose two.)

  A. Obtain a security token.
  B. Obtain a public key.
  C. Leverage Kerberos for authentication
  D. Leverage OAuth for authentication.
  E. Leverage LDAP for authentication.
  F. Obtain a hash value.
  A. Obtain a security token.
  D. Leverage OAuth for authentication.

  ---

  Explanation

  Obtain a security token: HTTP 403 responses typically indicate that the request is authenticated but the user does not have the necessary permissions to access the endpoint. Obtaining a security token is a common method for authenticating

  requests. This token is usually required by the API to verify that the requestor has the proper access rights.

  Leverage OAuth for authentication: OAuth is a widely used authentication framework that allows an application to obtain limited access to user accounts on an HTTP service. It is commonly used for token-based authentication, and leveraging

  OAuth would help in obtaining the necessary tokens and permissions to access the API endpoints.

• Question 509:

  A company is acquiring a competitor, and the security team is performing due diligence activities on the competitor prior to the acquisition. The team found a recent compliance audit of the competitor's environment that shows a mature security infrastructure, but it lacks a cohesive policy and process framework. Based on the audit findings, the security team determines the competitor's existing security capabilities are sufficient, but they will need to incorporate additional security policies. Which of the following risk management strategies is the security team recommending?

  A. Mitigate and avoid
  B. Transfer and accept
  C. Avoid and transfer
  D. Accept and mitigate
  D. Accept and mitigate

  ---

  Explanation

  The security team is accepting the risk that the competitor's existing security policies and procedures are not comprehensive enough. However, the team is also mitigating this risk by implementing additional security policies.

• Question 510:

  The Chief Executive Officer (CEO) of a small wholesaler with low margins is concerned about the use of a newly developed artificial intelligence algorithm being used in the organization's marketing tool. The tool can make automated purchasing approval decisions based on data provided by customers and collected from the Internet. Which of the following is MOST likely the concern? (Choose two.)

  A. Required computing power
  B. Cost to maintain
  C. Customer privacy
  D. Adversarial attacks
  E. Information bias
  F. Customer approval speed
  C. Customer privacy
  E. Information bias

  ---

  Explanation