CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 641:

  An analyst is working to address a potential compromise of a corporate endpoint and discovers the attacker accessed a user's credentials. However, it is unclear if the system baseline was modified to achieve persistence. Which of the following would most likely support forensic activities in this scenario?

  A. Side-channel analysis
  B. Bit-level disk duplication
  C. Software composition analysis
  D. SCAP scanner
  B. Bit-level disk duplication

  ---

  Explanation

  Bit-level disk duplication creates an exact copy of the storage device, preserving the system's state for in-depth forensic analysis. This helps identify any unauthorized changes to the baseline or other artifacts of compromise. This aligns with CASP+ objective 5.2, which emphasizes conducting forensic activities and ensuring evidence integrity during investigations.

• Question 642:

  When of the following is the BEST reason to implement a separation of duties policy?

  A. It minimizes the risk of Dos due to continuous monitoring.
  B. It eliminates the need to enforce least privilege by logging all actions.
  C. It increases the level of difficulty for a single employee to perpetrate fraud.
  D. it removes barriers to collusion and collaboration between business units.
  C. It increases the level of difficulty for a single employee to perpetrate fraud.

  ---

  Explanation

• Question 643:

  An organization has several legacy systems that are critical to testing currently deployed assets. These systems have become a serious risk to the organization's security posture, and the security manager must implement protection measures to prevent critical infrastructure from being impacted. The systems must stay interconnected to allow communication with the deployed assets.

  Which of the following designs, if implemented, would decrease the most risks but still meet the requirements?

  A. Software-defined networking
  B. Containerization
  C. Air gap
  D. Screened subnet
  D. Screened subnet

  ---

  Explanation

  A screened subnet is the best choice because it isolates the risky legacy systems from the main internal network while still allowing them to communicate with deployed assets.

  Software-defined networking can help manage traffic, but it does not provide the same level of isolation. Containerization is usually not suitable for legacy systems. An air gap would remove network access completely, so it would not meet the requirement for interconnection.

  That is why Screened subnet is correct.

• Question 644:

  A security analyst is reviewing weekly email reports and finds an average of 1.000 emails received daily from the internal security alert email address. Which of the following should be implemented?

  A. Tuning the network monitoring service
  B. Separation of duties for systems administrators
  C. Machine learning algorithms
  D. DoS attack prevention
  A. Tuning the network monitoring service

  ---

  Explanation

  A high volume of alerts, such as 1,000 emails daily, indicates alert fatigue or misconfigured thresholds. Tuning the monitoring service helps reduce noise by refining rules, filters, and priorities, ensuring that only actionable alerts are sent.

• Question 645:

  Over the last 90 days, many private storage services have been exposed in the cloud services environments, and the security team does not have the ability to see who is creating these instances. Shadow IT is creating data services and instances faster than the email security team can keep up with them. The Chief Information Security Officer (CISO) has asked the security lead architect to recommend solutions to this problem.

  Which of the following BEST addresses the problem with the least amount of administrative effort?

  A. Compile a list of firewall requests and compare them against interesting cloud services
  B. Implement a CASB solution and track cloud service use cases for greater visibility
  C. Implement a user-behavior analytics system to associate user events with cloud service creation events
  D. Capture all logs and feed them to a SIEM. and then analyze for cloud service events.
  B. Implement a CASB solution and track cloud service use cases for greater visibility

  ---

  Explanation

  A Cloud Access Security Broker (CASB) provides centralized visibility and control over cloud service usage, including unauthorized or shadow IT deployments. It can automatically detect and report on cloud service activity with minimal administrative overhead, making it the most effective and scalable solution in this scenario.

• Question 646:

  A security analyst is evaluating the security of an online customer banking system. The analyst has a 12-character password for the test account. At the login screen, the analyst is asked to enter the third, eighth, and eleventh characters of the password. Which of the following describes why this request is a security concern? (Choose two.)

  A. The request is evidence that the password is more open to being captured via a keylogger.
  B. The request proves that salt has not been added to the password hash, thus making it vulnerable to rainbow tables.
  C. The request proves the password is encoded rather than encrypted and thus less secure as it can be easily reversed.
  D. The request proves a potential attacker only needs to be able to guess or brute force three characters rather than 12 characters of the password.
  E. The request proves the password is stored in a reversible format, making it readable by anyone at the bank who is given access.
  F. The request proves the password must be in cleartext during transit, making it open to on-path attacks.
  D. The request proves a potential attacker only needs to be able to guess or brute force three characters rather than 12 characters of the password.
  E. The request proves the password is stored in a reversible format, making it readable by anyone at the bank who is given access.

  ---

  Explanation

• Question 647:

  A security analyst and a DevOps engineer are working together to address configuration drifts in highly scalable systems that are leading to increased vulnerability findings. Which of the following recommendations would be best to eliminate this issue?

  A. Using a baseline configuration manager for deployment
  B. Deploying an immutable infrastructure through containers
  C. Eliminating false positives from the vulnerability scans
  D. Performing continuous audits of the patching status
  B. Deploying an immutable infrastructure through containers

  ---

  Explanation

  Immutable infrastructure through containers ensures that the deployed systems remain consistent and resistant to drift. Any changes require rebuilding and redeploying containers, eliminating configuration inconsistencies. This aligns with CASP+ objective 2.2, which emphasizes implementing scalable, secure system configurations.

• Question 648:

  SIMULATION

  

  Compliance with company policy requires a quarterly review of firewall rules. You are asked to conduct a review on the internal firewall sitting between several internal networks. The intent of this firewall is to make traffic more secure. Given the following information perform the tasks listed below:

  Untrusted zone: 0.0.0.0/0

  User zone: USR 10.1.1.0/24

  User zone: USR2 10.1.2.0/24

  DB zone: 10.1.0/24

  Web application zone: 10.1.5.0/24

  Management zone: 10.1.10.0/24

  Web server: 10.1.5.50

  MS-SQL server: 10.1.4.70

  MGMT platform: 10.1.10.250

  Task 1) A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue.

  Task 2) The firewall must be configured so that the SQL server can only receive requests from the web server.

  Task 3) The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network.

  Task 4) Ensure the final rule is an explicit deny.

  Task 5) Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only.

  Instructions: To perform the necessary tasks, please modify the DST port, SRC zone, Protocol, Action, and/or Rule Order columns. Type ANY to include all ports. Firewall ACLs are read from the top down. Once you have met the simulation

  requirements, click Save. When you have completed the simulation, please select the Done button to submit. Once the simulation is submitted, please select the Next button to continue.

  A. See the explanation below.
  B. PlaceHoder
  C. PlaceHoder
  D. PlaceHoder
  A. See the explanation below.

  ---

  Explanation

  Task 1: A rule was added to prevent the management platform from accessing the internet. This rule is not working. Identify the rule and correct this issue. In Rule no. 1 edit the Action to Deny to block internet access from the management platform.

  

  Task 2: The firewall must be configured so that the SQL server can only receive requests from the web server. In Rule no. 6 from top, edit the Action to be Permit.

  

  Task 3: The web server must be able to receive unencrypted requests from hosts inside and outside the corporate network. In rule no. 5 from top, change the DST port to Any from 80 to allow all unencrypted traffic.

  

  Task 4: Ensure the final rule is an explicit deny

  Enter this at the bottom of the access list i.e. the line at the bottom of the rule:

  

  Task 5: Currently the user zone can access internet websites over an unencrypted protocol. Modify a rule so that user access to websites is over secure protocols only. In Rule number 4 from top, edit the DST port to 443 from 80

  

• Question 649:

  A domestic, publicly traded, online retailer that sells makeup would like to reduce the risks to the most sensitive type of data within the organization but also the impact to compliance. A risk analyst is performing an assessment of the collection and processing of data used within business processes. Which of the following types of data pose the GREATEST risk? (Choose two.)

  A. Financial data from transactions
  B. Shareholder meeting minutes
  C. Data of possible European customers
  D. Customers' shipping addresses
  E. Deidentified purchasing habits
  F. Consumer product purchasing trends
  A. Financial data from transactions
  D. Customers' shipping addresses

  ---

  Explanation

• Question 650:

  A security architect needs to enable a container orchestrator for DevSecOps and SOAR initiatives. The engineer has discovered that several Ansible YAML files used for the automation of configuration management have the following content:

  

  Which of the following should the engineer do to correct the security issues presented within this content?

  A. Update the kubernetes.core.k8s module to kubernetes.core.k8s_service in the main.yml file.
  B. Update the COMPTIA001 hostname to localhost using the hostnamect1 command.
  C. Update the state: present module to state: absent in the main.yml file.
  D. Update or remove the ansible.cfg file.
  D. Update or remove the ansible.cfg file.