CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 551:

  An organization needs to disable TLS 1.0 on a retail website. Which of the following best explains the reason for this action?

  A. Payment card industry compliance requires the change.
  B. Digital certificates are dependent on a newer protocol.
  C. Most browser manufacturers are ending legacy support.
  D. The application software no longer supports TLS 1.0.
  A. Payment card industry compliance requires the change.

  ---

  Explanation

  ..."To comply with PCI (Payment Card Industry) standards, it is recommended to use TLS 1.1 or higher.

  Note: Important: Although TLS 1.1 still meets PCI standards, we encourage you to start using TLS 1.2 and higher versions for better security...."

• Question 552:

  Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

  A. Remote provider BCDR
  B. Cloud provider BCDR
  C. Alternative provider BCDR
  D. Primary provider BCDR
  B. Cloud provider BCDR

  ---

  Explanation

• Question 553:

  A customer requires secure communication of subscribed web services at all times, but the company currently signs its own certificate requests to an internal CA. Which of the following approaches will best meet the customer's requirements?

  A. Generate a CSR to the local CA for email encryption.
  B. Submit a CSR for a wildcard certificate to a public CA.
  C. Request a software signing certificate from a public CA.
  D. Process a CSR for a server authentication certificate.
  D. Process a CSR for a server authentication certificate.

  ---

  Explanation

  Server authentication certificates are used to secure web communication (e.g., HTTPS).

  Submitting a CSR (Certificate Signing Request) for a server authentication certificate ensures the web services can securely establish encrypted communication.

  Other options, such as email encryption or software signing, do not apply in this scenario.

  CASP+ Exam Objectives 2.3 ?Apply cryptographic techniques to secure communications.

• Question 554:

  A security team is concerned with attacks that are taking advantage of return-oriented programming against the company's public facing applications. Which of the following should the company implement on the public-facing servers?

  A. WAF
  B. ASLR
  C. NX
  D. HSM
  B. ASLR

  ---

  Explanation

  According to Intel, the answer is ASLR (B).

  "Areas of strength for ROP attacks includes the ability to circumvent data execution prevention (NX)"... meaning C is not the correct answer. See page 8 at link below. "Existing solutions to ROP attacks include Address Space Layout

  Randomization: ASLR is the state-of-the-art protection against ROP attacks." See page 9 at link below.

  https://www.intel.com/content/dam/develop/external/us/en/documents/catc17-anti-rop-moving-target-defense-844137.pdf

• Question 555:

  A company is repeatedly being breached by hackers who valid credentials. The company's Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

  A. Implement strict three-factor authentication.
  B. Implement least privilege policies
  C. Switch to one-time or all user authorizations.
  D. Strengthen identify-proofing procedures
  D. Strengthen identify-proofing procedures

  ---

  Explanation

  The core issue is that hackers are using valid credentials, meaning the initial identity verification process is weak or compromised. Even with strong authentication methods like biometrics and tokens, if attackers can fraudulently obtain access during account creation or recovery, they can bypass all authentication layers.

  Strengthening identity-proofing - the process of verifying that a person is who they claim to be before issuing credentials - directly addresses the root cause and is the most effective way to reduce unauthorized access in this scenario.

• Question 556:

  An internal user can send encrypted emails successfully to all recipients, except one. at an external organization.

  When the internal user attempts to send encrypted emails to this external recipient, a security error message appears. The issue does not affect unencrypted emails. The external recipient can send encrypted emails to internal users.

  Which of the following is the most likely cause of the issue?

  A. The validity dates of the external recipient's private key do not match the SSH keys with which the internal user is accessing the system.
  B. The external recipient has an expired public/private key pair that has not been revoked by the CA.
  C. The internal user's company email servers have an incorrect implementation of OCSP and CRL settings.
  D. The external recipient's email address and the email address associated with the external recipient's public key are mismatched.
  D. The external recipient's email address and the email address associated with the external recipient's public key are mismatched.

• Question 557:

  A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.

  1.Transactions being required by unauthorized individual

  2.Complete discretion regarding client names, account numbers, and investment information.

  3.Malicious attacker using email to distribute malware and ransom ware.

  4.Exfiltration of sensitivity company information.

  The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board's concerns for this email migration?

  A. Data loss prevention
  B. Endpoint detection response
  C. SSL VPN
  D. Application whitelisting
  A. Data loss prevention

  ---

  Explanation

• Question 558:

  Ann, a user' brings her laptop to an analyst after noticing it has been operating very slowly. The security analyst examines the laptop and obtains the following output.

  

  Which of the following will the analyst most likely use NEXT?

  A. Process explorer
  B. Vulnerability scanner
  C. Antivirus
  D. Network enumerator
  A. Process explorer

  ---

  Explanation

• Question 559:

  Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

  A. Lattice-based cryptography
  B. Quantum computing
  C. Asymmetric cryptography
  D. Homomorphic encryption
  D. Homomorphic encryption

  ---

  Explanation

  https://searchsecurity.techtarget.com/definition/cryptanalysis

• Question 560:

  A security engineer is concerned about the threat of side-channel attacks. The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from its normal operating range. As a result, the part deteriorated more quickly than the mean time to failure. A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the part failed. Which of the following solutions would be BEST to prevent a side-channel attack in the future?

  A. Installing online hardware sensors
  B. Air gapping important ICS and machines
  C. Implementing a HIDS
  D. Installing a SIEM agent on the endpoint
  B. Air gapping important ICS and machines

  ---

  Explanation

  Air gapping, which means physically isolating a secure network from unsecured networks, including the public internet, is one of the most effective ways to prevent side-channel attacks. By creating an air gap, you remove the pathways that an attacker might exploit to gain unauthorized access to sensitive systems and manipulate them, as in the case of the SCADA system mentioned.