CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 611:

  A security administrator wants to implement an MDM solution to secure access to company email and files in a BYOD environment. The solution must support the following requirements:

  1.Company administrators should not have access to employees' personal information.

  2.A rooted or jailbroken device should not have access to company sensitive information. Which of the following BEST addresses the associated risks?

  A. Code signing
  B. VPN
  C. FDE
  D. Containerization
  D. Containerization

  ---

  Explanation

• Question 612:

  DRAG DROP

  A security administrator must configure the database server shown below the comply with the four requirements listed. Drag and drop the appropriate ACL that should be configured on the database server to its corresponding requirement. Answer options may be used once or not at all.

  

  Select and Place:

  

  

  Explanation

• Question 613:

  A help desk technician just informed the security department that a user downloaded a suspicious file from internet explorer last night. The user confirmed accessing all the files and folders before going home from work. the next morning, the user was no longer able to boot the system and was presented a screen with a phone number. The technician then tries to boot the computer using wake-on-LAN, but the system would not come up. which of the following explains why the computer would not boot?

  A. The operating system was corrupted.
  B. SElinux was in enforced status.
  C. A secure boot violation occurred.
  D. The disk was encrypted.
  D. The disk was encrypted.

  ---

  Explanation

  The user's symptoms - inability to boot the system, a screen with a phone number, and prior access to a suspicious file - strongly indicate a ransomware attack, specifically one that encrypts the disk and demands the user to call a number for recovery. These attacks often render the system unbootable and display a ransom message instead.

• Question 614:

  Which of the following is a security concern for DNP3?

  A. Free-form messages require support.
  B. Available function codes are not standardized.
  C. Authentication is not allocated.
  D. It is an open source protocol.
  C. Authentication is not allocated.

  ---

  Explanation

  One of the known security concerns with the Distributed Network Protocol version 3 (DNP3), which is used in SCADA systems, is the lack of built-in security features, including authentication. This means that by default, it does not verify the identity of the entities communicating, making it susceptible to unauthorized access and commands.

• Question 615:

  A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system. Which of the following security responsibilities will the DevOps team need to perform?

  A. Securely configure the authentication mechanisms.
  B. Patch the infrastructure at the operating system.
  C. Execute port scanning against the services.
  D. Upgrade the service as part of life-cycle management.
  A. Securely configure the authentication mechanisms.

  ---

  Explanation

• Question 616:

  Which of the following is record-level encryption commonly used to do?

  A. Protect database fields
  B. Protect individual files
  C. Encrypt individual packets
  D. Encrypt the master boot record
  A. Protect database fields

  ---

  Explanation

  Record-level encryption is primarily used to protect sensitive information stored in specific fields within a database, such as personal data, financial information, or health records. This encryption method ensures that individual data entries are encrypted, providing a high level of security and privacy by making the data unreadable to unauthorized users or in the event of a database breach, while still allowing the database to be functional for authorized queries and operations.

• Question 617:

  The Chief Information Security Officer (CISO) has outlined a five-year plan for the company that includes the following:

  1.Implement an application security program.

  2.Reduce the click rate on phishing simulations from 73% to 8%.

  3.Deploy EDR to all workstations and servers.

  4.Ensure all systems are sending logs to the SIEM.

  5.Reduce the percentage of systems with vulnerabilities from 89% to 5%.

  Which of the following would BEST aid the CISO in determining whether these goals are obtainable?

  A. An asset inventory
  B. A third-party audit
  C. A risk assessment
  D. An organizational CMMI
  D. An organizational CMMI

  ---

  Explanation

  An organizational Capability Maturity Model Integration (CMMI) would best aid the CISO in determining whether these goals are obtainable. The CMMI is a process and behavioral model that helps organizations streamline process improvement and encourage behaviors that lead to improved performance.

  By assessing the maturity of the organization's processes and practices, the CMMI can help determine the feasibility of the CISO's goals. It can identify strengths and weaknesses in the current approach, and suggest areas for improvement that would increase the likelihood of achieving the outlined goals.

  While the other options (asset inventory, third-party audit, risk assessment) can provide valuable information and may be part of the overall strategy, they do not provide the comprehensive view of organizational capabilities offered by the CMMI.

• Question 618:

  A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.

  A security engineer is concerned about the security of the solution and notes the following:

  1.The critical devise send cleartext logs to the aggregator.

  2.The log aggregator utilize full disk encryption.

  3.The log aggregator sends to the analysis server via port 80.

  4.MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.

  5.The data is compressed and encrypted prior to being achieved in the cloud. Which of the following should be the engineer's GREATEST concern?

  A. Hardware vulnerabilities introduced by the log aggregate server
  B. Network bridging from a remote access VPN
  C. Encryption of data in transit
  D. Multinancy and data remnants in the cloud
  C. Encryption of data in transit

  ---

  Explanation

• Question 619:

  A risk assessment determined that company data was leaked to the general public during a migration. Which of the following best explains the root cause of this issue?

  A. Incomplete firewall rules between the CSP and on-premises infrastructure
  B. Insufficient logging of cloud activities to company SIEM
  C. Failure to implement full disk encryption to on-premises data storage
  D. Misconfiguration of access controls on cloud storage containers
  D. Misconfiguration of access controls on cloud storage containers

  ---

  Explanation

  During a migration, data is often moved to cloud storage containers. If these containers are not properly configured, they may be accessible to the public or unauthorized users, leading to data leaks. Misconfigurations such as setting permissions to public or not restricting access appropriately are common causes of data breaches in cloud environments.

• Question 620:

  An organization's load balancers have reached end of life and have a vulnerability that will require them to be replaced. The load balancers are scheduled to be decommissioned within the next month. The management team has decided not to resolve this risk and instead allow the load balancers to remain in place until their decommission date. Which of the following risk handling techniques is the management team using?

  A. Avoid
  B. Mitigate
  C. Accept
  D. Transfer
  C. Accept

  ---

  Explanation

  The management team is choosing to accept the risk associated with the end-of-life load balancers that have a known vulnerability. Accepting the risk means acknowledging that the vulnerability exists but deciding not to take any further action to mitigate or transfer it. In this case, the organization has made the decision to continue using the load balancers until their scheduled decommission date, despite the known vulnerability. This approach may be taken if the risk is deemed acceptable within the organization's risk tolerance levels, and if other risk handling techniques like mitigation or transfer are not feasible or practical in the given timeframe.