CompTIA CompTIA Advanced Security Practitioner CAS-004 Questions & Answers

• Question 51:

  A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

  A. Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

  B. Take an MD5 hash of the server.

  C. Delete all PHI from the network until the legal department is consulted.

  D. Consult the legal department to determine the legal requirements.

  Correct Answer: A

• Question 52:

  A developer needs to provide feedback on a peer's work during the SDLC. While reviewing the code changes, the developer discovers session ID tokens for a web application will be transmitted over an unsecure connection. Which of the following code snippets should the developer recommend implementing to correct the vulnerability?

  A. Cookie cookie = new Cookie ("primary"); cookie.secure(true);

  B. String input = request.getParameter ("input"); String character Pattern = "[./a-zA-ZO-9? "=" and]"; If (! input.matches (character Pattern)} { out.println ("Invalid Input"); )

  C. 15

  D. V>

  Correct Answer: A

• Question 53:

  A company has decided to move an ERP application to a public cloud vendor. The company wants to replicate some of its global policies from on premises to cloud. The policies include data encryption, token management, and limited user

  access to the ERP application The Chief Information Officer (CIO) is mainly concerned about privileged accounts that might be compromised and used to alter data in the ERP application.

  Which of the following is the BEST option to meet the requirements?

  A. Sandboxing

  B. CASB

  C. MFA

  D. Security as a service

  Correct Answer: D

• Question 54:

  While traveling to another state, the Chief Financial Officer (CFO) forgot to submit payroll for the company The CFO quickly gained access to the corporate network through the high-speed wireless network provided by the hotel and

  completed the task. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware attack on the system.

  Which of the following is the MOST likely cause of the secunty breach?

  A. The security manager did not enforce automatic VPN connection.

  B. The company's server did not have endpoint security enabled.

  C. The hotel did not require a wireless password to authenticate.

  D. The laptop did not have the host-based firewall properly configured.

  Correct Answer: A

• Question 55:

  An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:

  1.

  Be based on open-source Android for use familiarity and ease

  2.

  Provide a single application for inventory management of physical assets.

  3.

  Permit use of the camera by only the inventory application for the purposes of scanning

  4.

  Disallow any and all configuration baseline modifications.

  5.

  Restnct all access to any devices resource other than those required for use of the inventory management application.

  Which of the following approaches would BEST meet these security requirements?

  A. Set an application wrapping policy, wrap the application distribute the Inventory APK via the MAM tool, and test the application restrictions.

  B. Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.

  C. Swap out Android's Linux kernel version for >2.4 .0, build the kernel, build Android, remove unnecessary functions via MDM. configure to block network access, and perform integration testing.

  D. Build and install an Android middleware policy with requirements added, copy the file into /usr/init, and then build the inventory application.

  Correct Answer: A

• Question 56:

  A company provides guest WiFi access to the Internet and physically separates the guest network from the company's internal WiFi. Due to a recent incident in which an attacker gained access to the company's internal WiFi, the company

  plans to configure WPA2 Enterprise in an EAP-TLS configuration.

  Which of the following must be installed on authorized hosts for this new configuration to work properly?

  A. Active Directory GPOs

  B. PKI certificates

  C. Host-based firewall

  D. NAC persistent agent

  Correct Answer: B

• Question 57:

  A Chief Information Security Officer (CISO) has launched an initiative to create a robust BCP/DR plan for the entire company. As part of the initiative, the secunty team must gather data supporting operational importance for the applications used by the business and determine the order in which the applications must be brought back online.

  Which of the following should be the FIRST step taken by the team?

  A. Perform a review of all policies and procedures related to BCP and DR and create an educational module that can be assigned to all employees to provide training on BCP/DR events.

  B. Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

  C. Have each business unit conduct a BIA and categorize the applications according to the cumulative data gathered.

  D. Implement replication of all servers and application data to back up datacenters that are geographically dispersed from the central datacenter and release an updated BPA to all clients.

  Correct Answer: B

• Question 58:

  A security manager wants to implement a policy that will provide management with the ability to monitor employee's activities with minimum impact to productivity. Which of the following policies is BEST suited for this scenario?

  A. Separation of duties

  B. Mandatory vacations

  C. Least privilege

  D. Incident response

  Correct Answer: A

• Question 59:

  An organization relies heavily on third-party mobile applications for official use within a BYOD deployment scheme An excerpt from an approved text-based-chat client application AndroidManifest xml is as follows:

  

  Which of the following would restrict application permissions while minimizing the impact to normal device operations?

  A. Add the application to the enterprise mobile whitelist.

  B. Use the MDM to disable the devices' recording microphones and SMS.

  C. Wrap the application before deployment.

  D. Install the application outside of the corporate container.

  Correct Answer: B

• Question 60:

  A small company is implementing a new technology that promises greater performance but does not abide by accepted RFCs.

  Which of the following should the company do to ensure the risks associated with implementing the standard-violating technology are addressed?

  A. Document the technology's differences in a system security plan.

  B. Require the vendor to provide justification for the product's deviation.

  C. Increase the frequency of vulnerability scanning of all systems using the technology.

  D. Block the use of non-standard ports or protocols to and from the system.

  Correct Answer: A

  Reference: https://www.sciencedirect.com/toDics/computer-science/svstem-securitv-plan