CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 591:

  A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee' PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address.

  Which of the following is MOST likely the problem?

  A. The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.
  B. The DHCP server has a reservation for the PC's MAC address for the wired interface.
  C. The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.
  D. The DHCP server is unavailable, so no IP address is being sent back to the PC.
  A. The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.

  ---

  Explanation

• Question 592:

  A security manager wants to implement a policy that will provide management with the ability to monitor employee's activities with minimum impact to productivity. Which of the following policies is BEST suited for this scenario?

  A. Separation of duties
  B. Mandatory vacations
  C. Least privilege
  D. Incident response
  B. Mandatory vacations

  ---

  Explanation

  Mandatory vacations require employees to take time off, during which their duties are typically handled by others. This practice can help uncover fraudulent or suspicious activities that may go unnoticed during normal operations, providing management visibility without directly affecting productivity during regular work periods.

• Question 593:

  A company recently migrated its critical web application to a cloud provider's environment. As part of the company's risk management program, the company intends to conduct an external penetration test. According to the scope of work and the rules of engagement, the penetration tester will validate the web application's security and check for opportunities to expose sensitive company information in the newly migrated cloud environment. Which of the following should be the first consideration prior to engaging in the test?

  A. Prepare a redundant server to ensure the critical web application's availability during the test.
  B. Obtain agreement between the company and the cloud provider to conduct penetration testing.
  C. Ensure the latest patches and signatures are deployed on the web server.
  D. Create an NDA between the external penetration tester and the company.
  B. Obtain agreement between the company and the cloud provider to conduct penetration testing.

  ---

  Explanation

  Obtain agreement between the company and the cloud provider to conduct penetration testing is the most critical first consideration. This ensures that the test is conducted legally and within the cloud provider's policies, preventing any potential violations or disruptions.

• Question 594:

  A corporation with a BYOD policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MDM solution and has gathered the following requirements as part of the requirements-gathering phase.

  1.Each device must be issued a secure token of trust from the corporate PKI.

  2.All corporate application and local data must be able to deleted from a central console.

  3.Cloud storage and backup applications must be restricted from the device.

  4.Devices must be on the latest OS version within three weeks of an OS release.

  Which of the following should be feature in the new MDM solution to meet these requirement? (Select TWO.)

  A. Application-based containerization
  B. Enforced full-device encryption
  C. Mandatory acceptance of SCEP system
  D. Side-loaded application prevention
  E. Biometric requirement to unlock device
  F. Over-the-air restriction
  A. Application-based containerization
  C. Mandatory acceptance of SCEP system

  ---

  Explanation

• Question 595:

  A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregator and allows remote access to MSSP analysts. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud The data is then sent from the log aggregator to a public IP address in the MSSP's datacenter for analysis. A security engineer is concerned about the secunty of the solution and notes the following

  1.The critical devices send cleartext logs to the aggregator.

  2.The log aggregator utilizes full disk encryption.

  3.The log aggregator sends to the analysis server via port 80.

  4.MSSP analysts utilize an SSL VPN with MFA to access the log aggregator remotely.

  5.The data is compressed and encrypted prior to being archived in the cloud.

  Which of the following should be the secunty engineer's GREATEST concern?

  A. Hardware vulnerabilities introduced by the log aggregator server.
  B. Network bridging from a remote access VPN.
  C. Encryption of data in transit.
  D. Multitenancy and data remnants in the cloud.
  C. Encryption of data in transit.

  ---

  Explanation

• Question 596:

  A security analyst discovers a new device on the company's dedicated IoT subnet during the most recent vulnerability scan. The scan results show numerous open ports and insecure protocols in addition to default usernames and passwords. A camera needs to transmit video to the security server in the IoT subnet. Which of the following should the security analyst recommend to securely operate the camera?

  A. Harden the camera configuration.
  B. Send camera logs to the SIEM.
  C. Encrypt the camera's video stream.
  D. Place the camera on an isolated segment.
  A. Harden the camera configuration.

  ---

  Explanation

  To securely operate the camera, the security analyst should recommend hardening the camera configuration. This involves several steps:

  Changing Default Credentials: Default usernames and passwords are a common vulnerability. They should be replaced with strong, unique passwords. Disabling Unnecessary Services and Ports: The numerous open ports and insecure

  protocols should be reviewed, and any unnecessary services should be disabled to reduce the attack surface.

  Firmware Updates: Ensuring the camera's firmware is up to date will mitigate known vulnerabilities.

  Enable Encryption: If possible, enable encryption for both data in transit and at rest to protect the video stream and other communications from interception. This approach addresses the identified vulnerabilities directly and ensures that the

  device is more secure. Simply sending logs to the SIEM or isolating the camera might not fully mitigate the risks associated with default settings and open ports.

  References:

  CompTIA CASP+ CAS-004 Exam Objectives: Section 2.4: Implement security activities across the technology life cycle.

  CompTIA CASP+ Study Guide, Chapter 5: Implementing Host Security.

• Question 597:

  An employee's device was missing for 96 hours before being reported. The employee called the help desk to ask for another device. Which of the following phases of the incident response cycle needs improvement?

  A. Containment
  B. Preparation
  C. Resolution
  D. Investigation
  B. Preparation

  ---

  Explanation

  The incident response cycle's preparation phase includes establishing policies and procedures for reporting lost or stolen devices promptly. If an employee's device was missing for 96 hours before being reported, this indicates a lack of awareness or clear procedures on the employee's part, pointing to inadequacies in the preparation phase of the incident response.

• Question 598:

  A security researcher identified the following messages while testing a web application:

  /file/admin/myprofile.php ERROR file does not exist. /file/admin/userinfo.php ERROR file does not exist. /file/admin/adminprofile.php ERROR file does not exist. /file/admin/admininfo.php ERROR file does not exist. /file/admin/universalprofile.php ERROR file does not exist. /file/admin/universalinfo.php ERROR file does not exist. /file/admin/restrictedprofile.php ACCESS is denied. /file/admin/restrictedinfo.php ERROR file does not exist.

  Which of the following should the researcher recommend to remediate the issue?

  A. Software composition analysis
  B. Packet inspection
  C. Proper error handling
  D. Elimination of the use of unsafe functions
  C. Proper error handling

  ---

  Explanation

  The messages provide information about the existence and access permissions of certain files, which can be useful to an attacker. Proper error handling involves:

  Ensuring that error messages do not reveal sensitive information about the server or its structure.

  Customizing error messages to be generic and user-friendly without disclosing specifics about the error (e.g., "An error occurred" instead of "ERROR file does not exist" or "ACCESS is denied").

  Logging detailed error information on the server-side for debugging purposes without exposing it to the end user.

• Question 599:

  A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

  

  ls -l -a /usr/beinz/public; cat ./config/db.yml

  The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

  

  system {"ls -l -a #(patch)"}

  Which of the following is an appropriate security control the company should implement?

  A. Restrict directory permission to read-only access.
  B. Use server-side processing to avoid XSS vulnerabilities in path input.
  C. Separate the items in the system call to prevent command injection.
  D. Parameterize a query in the path variable to prevent SQL injection.
  C. Separate the items in the system call to prevent command injection.

  ---

  Explanation

• Question 600:

  A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

  1.All remote devices to have up-to-date antivirus

  2.A HIDS

  3.An up-to-date and patched OS

  Which of the following technologies should the company deploy to meet its security objectives? (Choose two.)

  A. NAC
  B. WAF
  C. NIDS
  D. Reverse proxy
  E. NGFW
  F. Bastion host
  A. NAC
  E. NGFW

  ---

  Explanation

  NAC (Network Access Control) is a technology that enforces security policies on devices that are connecting to a network. NAC can be used to ensure that all remote devices have up-to-date antivirus, a HIDS, and an up-to-date and patched

  OS.

  NGFW (Next-Generation Firewall) is a firewall that provides advanced security features, such as intrusion detection and prevention, application control, and web filtering. NGFW can be used to protect the extranet applications from attack.