1. Home
  2. CompTIA
  3. CAS-004

CompTIA Advanced Security Practitioner (CASP+)

Exam Details

  • Exam Code
    :CAS-004
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :587 Q&As
  • Last Updated
    :May 07, 2024

CompTIA CompTIA Advanced Security Practitioner CAS-004 Questions & Answers

  • Question 511:

    A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:

    1.

    Enforce MFA for RDP

    2.

    Ensure RDP connections are only allowed with secure ciphers.

    The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network- level firewalls Of ACLs.

    Which of the following should the security architect recommend to meet these requirements?

    A. Implement a reverse proxy for remote desktop with a secure cipher configuration enforced.

    B. Implement a bastion host with a secure cipher configuration enforced.

    C. Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP

    D. Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.

  • Question 512:

    A healthcare system recently suffered from a ransomware incident As a result the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges? (Select THREE).

    A. SD-WAN

    B. PAM

    C. Remote access VPN

    D. MFA

    E. Network segmentation

    F. BGP

    G. NAC

  • Question 513:

    A company wants to improve Its active protection capabilities against unknown and zero- day malware. Which of the following Is the MOST secure solution?

    A. NIDS

    B. Application allow list

    C. Sandbox detonation

    D. Endpoint log collection

    E. HIDS

  • Question 514:

    Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

    A. Remote provider BCDR

    B. Cloud provider BCDR

    C. Alternative provider BCDR

    D. Primary provider BCDR

  • Question 515:

    Which of the following is required for an organization to meet the ISO 27018 standard?

    A. All Pll must be encrypted.

    B. All network traffic must be inspected.

    C. GDPR equivalent standards must be met

    D. COBIT equivalent standards must be met

  • Question 516:

    A company launched a new service and created a landing page within its website network for users to access the service. Per company policy, all websites must utilize encryption for any authentication pages. A junior network administrator proceeded to use an outdated procedure to order new certificates. Afterward, customers are reporting the following error when accessing a new web page: NET:ERR_CERT_COMMON_NAME_INVALID. Which of the following BEST describes what the administrator should do NEXT?

    A. Request a new certificate with the correct subject alternative name that includes the new websites.

    B. Request a new certificate with the correct organizational unit for the company's website.

    C. Request a new certificate with a stronger encryption strength and the latest cipher suite.

    D. Request a new certificate with the same information but including the old certificate on the CRL.

  • Question 517:

    SIMULATION

    A product development team has submitted code snippets for review pnor to release INSTRUCTIONS.

    Analyze the code snippets and then select one vulnerability and one fix for each code snippet If at any time you would like to bang back the initial state of the simulation, please click the Reset All button.

    A. Check the answer in explanation below.

    B. PlaceHolder

    C. PlaceHolder

    D. PlaceHolder

  • Question 518:

    SIMULATION

    An IPSec solution is being deployed. The configuration files for both the VPN concentrator and the AAA server are shown in the diagram.

    Complete the configuration files to meet the following requirements:

    1.

    The EAP method must use mutual certificate-based authentication (with issued client certificates).

    2.

    The IKEv2 cipher suite must be configured to the MOST secure authenticated mode of operation.

    3.

    The secret must contain at least one uppercase character, one lowercase character, one numeric character, and one special character, and it must meet a minimum length requirement of eight characters.

    INSTRUCTIONS

    Click on the AAA server and VPN concentrator to complete the configuration. Fill in the appropriate fields and make selections from the drop-down menus.

    If at any time you would like to bung back the initial state of the simulation, please click the Reset All button.

    A. Check the answer in explanation below.

    B. PlaceHolder

    C. PlaceHolder

    D. PlaceHolder

  • Question 519:

    SIMULATION

    A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

    1.

    The PostgreSQL server must only allow connectivity in the 10.1.2.0/24 subnet.

    2.

    The SSH daemon on the database server must be configured to listen to port 4022.

    3.

    The SSH daemon must only accept connections from a single workstation.

    4.

    All host-based firewalls must be disabled on all workstations.

    5.

    All devices must have the latest updates from within the past eight days.

    6.

    All HDDs must be configured to secure data at rest.

    7.

    Cleartext services are not allowed.

    8.

    All devices must be hardened when possible.

    INSTRUCTIONS

    Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.

    Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the PostgreSQL database via SSH.

    If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

    A. Check the answer in explanation below.

    B. PlaceHolder

    C. PlaceHolder

    D. PlaceHolder

  • Question 520:

    SIMULATION

    You are about to enter the virtual environment.

    Once you have completed the item in the virtual environment, you will NOT be allowed to return to this item.

    Click Next to continue.

    DO NOT perform the following actions within the virtual environment. Making any of these changes will cause the virtual environment to fail and prevent proper scoring.

    1.

    Disabling ssh

    2.

    Disabling systemd

    3.

    Altering the network adapter 172.162.0.0

    4.

    Changing the password in the lab admin account

    Once you have completed the item in the virtual environment. you will NOT be allowed to return to this item.

    This system was recently patched following the exploitation of a vulnerability by an attacker to enable data exfiltration.

    Despite the vulnerability being patched, it is likely that a malicious TCP service is still running and the adversary has achieved persistence by creating a systemd service. Examples of commands to use:

    1.

    kill, killall

    2.

    lsof

    3.

    man, --help (use for assistance)

    4.

    netstat (useful flags: a, n, g, u)

    5.

    ps (useful flag: a)

    6.

    systemctl (to control systemd)

    Please note: the list of commands shown above is not exhaustive. All native commands are available.

    INSTRUSTIONS

    Using the following credentials:

    1.

    Username: labXXXadmin

    2.

    Password: XXXyyYzz!

    Investigate to identify indicators of compromise and then remediate them. You will need to make at least two changes:

    1.

    End the compromised process that is using a malicious TCP service.

    2.

    Remove the malicious persistence agent by disabling the service's ability to start on boot.

    A. Check the answer in explanation below.

    B. PlaceHolder

    C. PlaceHolder

    D. PlaceHolder

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.