CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 581:

  A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed. Which of the following will allow the inspection of the data without multiple certificate deployments?

  A. Include all available cipher suites.
  B. Create a wildcard certificate.
  C. Use a third-party CA.
  D. Implement certificate pinning.
  B. Create a wildcard certificate.

  ---

  Explanation

• Question 582:

  Given the following log snippet from a web server:

  

  Which of the following BEST describes this type of attack?

  A. SQL injection
  B. Cross-site scripting
  C. Brute-force
  D. Cross-site request forgery
  A. SQL injection

  ---

  Explanation

• Question 583:

  Users are claiming that a web server is not accessible. A security engineer logs for the site. The engineer connects to the server and runs netstat -an and receives the following output:

  

  Which of the following is MOST likely happening to the server?

  A. Port scanning
  B. ARP spoofing
  C. Buffer overflow
  D. Denial of service
  D. Denial of service

  ---

  Explanation

  A denial of service (DoS) attack is a malicious attempt to disrupt the normal functioning of a server by overwhelming it with requests or traffic1. One possible indicator of a DoS attack is a large number of connections from a single source IP address1. In this case, the output of netstat -an shows that there are many connections from 213.37.55.67 with different port numbers and in TIME WAIT state23. This suggests that the attacker is sending many SYN packets to initiate connections but not completing them, thus exhausting the server's resources and preventing legitimate users from accessing it1.

• Question 584:

  Following the most recent patch deployment, a security engineer receives reports that the ERP application is no longer accessible The security engineer reviews the situation and determines a critical secunty patch that was applied to the ERP server is the cause. The patch is subsequently backed out.

  Which of the following security controls would be BEST to implement to mitigate the threat caused by the missing patch?

  A. Anti-malware
  B. Patch testing
  C. HIPS
  D. Vulnerability scanner
  C. HIPS

  ---

  Explanation

  A Host Intrusion Prevention System (HIPS) is newer than a HIDS, with the main difference being that a HIPS can take action toward mitigating a detected threat

  https://www.sciencedirect.com/topics/comDuter-science/hostintrusion-Drevention-svstem

• Question 585:

  Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.

  Based on RPO requirements, which of the following recommendations should the management team make?

  A. Leave the current backup schedule intact and pay the ransom to decrypt the data.
  B. Leave the current backup schedule intact and make the human resources fileshare read-only.
  C. Increase the frequency of backups and create SIEM alerts for IOCs.
  D. Decrease the frequency of backups and pay the ransom to decrypt the data.
  C. Increase the frequency of backups and create SIEM alerts for IOCs.

  ---

  Explanation

• Question 586:

  Which of the following BEST describe the importance of maintaining chain of custody in forensic evidence collection? (Choose two.)

  A. It increases the likelihood that evidence will be deemed admissible in court.
  B. It authenticates personnel who come in contact with evidence after collection.
  C. It ensures confidentiality and the need-to-know basis of forensically acquired evidence.
  D. It attests to how recently evidence was collected by recording date/time attributes.
  E. It provides automated attestation for the integrity of the collected evidence.
  F. It ensures the integrity of the collected evidence.
  A. It increases the likelihood that evidence will be deemed admissible in court.
  F. It ensures the integrity of the collected evidence.

  ---

  Explanation

• Question 587:

  A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process.

  Which of the following presents the most risk to the development life cycle and to the ability to deliver the security tool on time?

  A. Deep learning language barriers
  B. Big Data processing required for maturity
  C. Secure, multiparty computation requirements
  D. Computing capabilities available to the developer
  B. Big Data processing required for maturity

  ---

  Explanation

  The most significant risk to the development of a machine-learning-based threat detection tool is the Big Data processing required for maturity. Machine learning models often require large datasets to train effectively, and processing and analyzing this data can be time-consuming and resource-intensive. This can delay the development timeline, especially in a rapid CI/CD pipeline environment where timely delivery is crucial. CASP+ highlights the challenges associated with machine learning and Big Data in security tool development, particularly the resource demands and the need for extensive data to ensure accuracy and maturity.

  References: CASP+ CAS-004 Exam Objectives: Domain 2.0 Enterprise Security Operations (Big Data and Machine Learning Challenges) CompTIA CASP+ Study Guide: Implementing and Managing Machine Learning in Security Environments

• Question 588:

  A company has decided that only administrators are permitted to use PowerShell on their Windows computers. Which of the following is the BEST way for an administrator to implement this decision?

  A. Monitor the Application and Services Logs group within Windows Event Log.
  B. Uninstall PowerShell from all workstations.
  C. Configure user settings In Group Policy.
  D. Provide user education and training.
  E. Block PowerShell via HIDS.
  C. Configure user settings In Group Policy.

  ---

  Explanation

• Question 589:

  A security analyst received a report that a suspicious flash drive was picked up in the office's waiting area, located beyond the secured door. The analyst investigated the drive and found malware designed to harvest and transmit credentials. Security cameras in the area where the flash drive was discovered showed a vendor representative dropping the drive. Which of the following should the analyst recommend as an additional way to identify anyone who enters the building, in the event the camera system fails?

  A. Employee badge logs
  B. Phone call logs
  C. Vehicle registration logs
  D. Visitor logs
  D. Visitor logs

  ---

  Explanation

  Visitor logs would be the best additional method for identifying individuals who enter the building in the event of a camera system failure. Visitor logs track who enters and exits a secured facility, providing a record that can be cross-referenced with security events, like the discovery of a suspicious flash drive. In this case, reviewing the visitor logs could help identify the vendor representative who dropped the flash drive. CASP+ highlights the importance of physical security measures, such as logging and auditing access to facilities, to complement digital security controls.

  References: CASP+ CAS-004 Exam Objectives: Domain 2.0 Enterprise Security Operations (Physical Security and Access Control Logs) CompTIA CASP+ Study Guide: Physical Security and Incident Response Procedures

• Question 590:

  An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization's new email system provide?

  A. DLP
  B. Encryption
  C. E-discovery
  D. Privacy-level agreements
  C. E-discovery

  ---

  Explanation