CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 601:

  A security architect is designing a solution for a new customer who requires significant security capabilities in its environment. The customer has provided the architect with the following set of requirements:

  1.Capable of early detection of advanced persistent threats.

  2.Must be transparent to users and cause no performance degradation.

  3.Allow integration with production and development networks seamlessly.

  4.Enable the security team to hunt and investigate live exploitation techniques.

  Which of the following technologies BEST meets the customer's requirements for security capabilities?

  A. Threat Intelligence
  B. Deception software
  C. Centralized logging
  D. Sandbox detonation
  B. Deception software

  ---

  Explanation

• Question 602:

  A company is in the process of refreshing its entire infrastructure. The company has a business-critical process running on an old 2008 Windows server. If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company should take?

  A. Accept the risk as the cost of doing business
  B. Create an organizational risk register for project prioritization
  C. Calculate the ALE and conduct a cost-benefit analysis
  D. Purchase insurance to offset the cost if a failure occurred
  C. Calculate the ALE and conduct a cost-benefit analysis

  ---

  Explanation

  Calculating the Annual Loss Expectancy (ALE) and conducting a cost-benefit analysis is a critical part of risk management. The ALE will help the company understand the potential losses associated with the server failure per year, which can then be weighed against the cost of mitigating the risk (e.g., replacing the server or implementing redundancies). This analysis will inform the decision on the best course of action to manage the risk associated with the aging server.

• Question 603:

  A security engineer is reviewing Apache web server logs and has identified the following pattern in the log:

  GET https://example.com/image5/../../etc/passwd HTTP/1.1 200 OK The engineer has also reviewed IDS and firewall logs and established a correlation to an external IP address.

  Which of the following can be determined regarding the vulnerability and response?

  A. A cross-site scripting attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to REST API.
  B. A cross-site request forgery attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to HTTP POST commands.
  C. A directory traversal attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to the filesystem.
  D. A brute-force authentication attempt was successful, and the system should implement salting as part of the password hashing algorithm.
  C. A directory traversal attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to the filesystem.

  ---

  Explanation

  A directory traversal attack exploits vulnerabilities in file path handling to access unauthorized files, as seen in this example. To mitigate, sanitize user inputs and avoid directly passing user-supplied data to the filesystem. This aligns with CASP+ objective 1.5, addressing secure input validation and mitigating common web-based vulnerabilities.

• Question 604:

  A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.

  After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?

  A. Protecting
  B. Permissive
  C. Enforcing
  D. Mandatory
  C. Enforcing

  ---

  Explanation

  https://source.android.com/security/selinux/customize

• Question 605:

  A company's Chief Information Security Officer wants to prevent the company from being the target of ransomware. The company's IT assets need to be protected. Which of the following are the MOST secure options to address these concerns? (Choose three.)

  A. Antivirus
  B. EDR
  C. Sandboxing
  D. Application control
  E. Host-based firewall
  F. IDS
  G. NGFW
  H. Strong authentication
  B. EDR
  C. Sandboxing
  D. Application control

  ---

  Explanation

  To prevent ransomware attacks and protect IT assets, the most secure options are:

  Endpoint Detection and Response (EDR): Provides advanced threat detection, real-time monitoring, and response capabilities, which can help identify and mitigate ransomware attacks before they spread.

  Sandboxing: Isolates suspicious files or software in a controlled environment where they can be analyzed for malicious behavior without affecting production systems.

  Application Control: Ensures that only whitelisted, trusted applications can run, which can prevent ransomware from executing unauthorized or malicious code.Together, these controls provide a robust defense against ransomware by

  addressing detection, isolation, and prevention. CASP+ emphasizes the importance of combining detection and prevention strategies to mitigate sophisticated attacks like ransomware.

  References:

  CASP+ CAS-004 Exam Objectives: Domain 2.0

  Enterprise Security Operations (Endpoint Protection, Ransomware Mitigation)

  CompTIA CASP+ Study Guide: Mitigating Ransomware with EDR, Sandboxing, and Application Control

• Question 606:

  A security engineer needs to recommend a solution that will meet the following requirements:

  1.Identify sensitive data in the provider's network

  2.Maintain compliance with company and regulatory guidelines

  3.Detect and respond to insider threats, privileged user threats, and compromised accounts

  4.Enforce datacentric security, such as encryption, tokenization, and access control

  Which of the following solutions should the security engineer recommend to address these requirements?

  A. WAF
  B. CASB
  C. SWG
  D. DLP
  D. DLP

  ---

  Explanation

• Question 607:

  A security architect is tasked with scoping a penetration test that will start next month. The architect wants to define what security controls will be impacted. Which of the following would be the BEST document to consult?

  A. Rules of engagement
  B. Master service agreement
  C. Statement of work
  D. Target audience
  C. Statement of work

  ---

  Explanation

• Question 608:

  A cyberanalyst for a government agency is concerned about how Pll is protected A supervisor indicates that a Privacy Impact Assessment must be done. Which of the following describes a function of a Privacy Impact Assessment?

  A. To validate the project participants
  B. To identify the network ports
  C. To document residual risks
  D. To evaluate threat acceptance
  C. To document residual risks

  ---

  Explanation

  A Privacy Impact Assessment (PIA) is a process used to evaluate and manage privacy risks associated with the collection, use, and storage of personally identifiable information (PII). One of the key functions of a PIA is to document residual risks, which are the privacy risks that remain after controls have been applied. By identifying and documenting these risks, organizations can make informed decisions about whether additional measures are needed or whether certain risks are acceptable.

• Question 609:

  A recent data breach stemmed from unauthorized access to an employee's company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.

  Which of the following BEST mitigates inappropriate access and permissions issues?

  A. SIEM
  B. CASB
  C. WAF
  D. SOAR
  B. CASB

  ---

  Explanation

  https://www.cloudflare.com/en-gb/learning/ddos/glossary/web-application-firewall-waf/

• Question 610:

  Company A acquired Company

  B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition. Company A is requiring the following:

  1.Before the merger is complete, users from both companies should use a single set of usernames and passwords.

  2.Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.

  3.Users from Company B should be able to access Company A's available resources.

  Which of the following are the BEST solutions? (Choose two.)

  A. Installing new Group Policy Object policies
  B. Establishing one-way trust from Company B to Company A
  C. Enabling SAML
  D. Implementing attribute-based access control
  E. Installing Company A's Kerberos systems in Company B's network
  F. Updating login scripts
  C. Enabling SAML
  D. Implementing attribute-based access control

  ---

  Explanation