CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 661:

  A host on a company's network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

  Which of the following steps would be best to perform FIRST?

  A. Turn off the infected host immediately.
  B. Run a full anti-malware scan on the infected host.
  C. Modify the smb.conf file of the host to prevent outgoing SMB connections.
  D. Isolate the infected host from the network by removing all network connections.
  D. Isolate the infected host from the network by removing all network connections.

  ---

  Explanation

• Question 662:

  An enterprise is undergoing an audit to review change management activities when promoting code to production. The audit reveals the following:

  1.Some developers can directly publish code to the production environment.

  2.Static code reviews are performed adequately.

  3.Vulnerability scanning occurs on a regularly scheduled basis per policy.

  Which of the following should be noted as a recommendation within the audit report?

  A. Implement short maintenance windows.
  B. Perform periodic account reviews.
  C. Implement job rotation.
  D. Improve separation of duties.
  D. Improve separation of duties.

  ---

  Explanation

• Question 663:

  An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

  A. Peer review
  B. Regression testing
  C. User acceptance
  D. Dynamic analysis
  A. Peer review

  ---

  Explanation

• Question 664:

  An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?

  A. SLA
  B. ISA
  C. NDA
  D. MOU
  B. ISA

  ---

  Explanation

  An ISA, or interconnection security agreement, is a document that should be required to set up a dedicated VPN between two entities that provide specialized help desk services. An ISA defines the technical and security requirements for

  establishing, operating, and maintaining a secure connection between two or more organizations. An ISA also specifies the roles and responsibilities of each party, the security controls and policies to be implemented, the data types and

  classifications to be exchanged, and the incident response procedures to be followed.

  References: [CompTIA CASP+ Study Guide, Second Edition, page 36]

• Question 665:

  To bring digital evidence in a court of law, the evidence must be:

  A. material.
  B. tangible.
  C. consistent.
  D. conserved.
  A. material.

  ---

  Explanation

  For evidence to be admissible in court, it must be material, meaning it must be relevant and have a significant impact on the case. Material evidence directly relates to the facts in dispute and can affect the outcome of the case by proving or disproving a key point.

• Question 666:

  A company has a website with a huge database. The company wants to ensure that a DR site could be brought online quickly in the event of a failover, and end users would miss no more than 30 minutes of data. Which of the following should the company do to meet these objectives?

  A. Build a content caching system at the DR site.
  B. Store the nightly full backups at the DR site.
  C. Increase the network bandwidth to the DR site.
  D. Implement real-time replication for the DR site.
  D. Implement real-time replication for the DR site.

  ---

  Explanation

  To meet the objective of ensuring minimal data loss (no more than 30 minutes of data) in case of a failover, real-time replication is the best solution. This technique involves continuously replicating data from the primary site to the disaster recovery (DR) site, minimizing data loss to the smallest possible timeframe (i.e., near real- time). Other options, such as content caching or nightly backups, do not address the requirement for minimal data loss effectively. Increasing bandwidth to the DR site may help with the recovery process but will not necessarily reduce the amount of lost data. CASP+ emphasizes the need for solutions like real-time replication to meet strict recovery time objectives (RTO) and recovery point objectives (RPO) in disaster recovery planning.

  References: CASP+ CAS-004 Exam Objectives: Domain 3.0 Enterprise Security Architecture (Disaster Recovery) CompTIA CASP+ Study Guide: Data Replication and Disaster Recovery

• Question 667:

  Within change management, winch of the following ensures functions are earned out by multiple employees?

  A. Least privilege
  B. Mandatory vacation
  C. Separator of duties
  D. Job rotation
  C. Separator of duties

  ---

  Explanation

• Question 668:

  A company has retained the services of a consultant to perform a security assessment. As part of the assessment, the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks. Which of the following would BEST enable this activity?

  A. ISAC
  B. OSINT
  C. CVSS
  D. Threat modeling
  A. ISAC

  ---

  Explanation

  Information Sharing and Analysis Centers (ISACs) are member-driven organizations, facilitated by the government, that gather and share information on cybersecurity threats, vulnerabilities, and incidents among their members. Engaging with an ISAC would enable the company to collaborate with others in the industry regarding emerging attacks and security threats.

• Question 669:

  Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal?

  A. MOU
  B. NDA
  C. SLA
  D. ISA
  A. MOU

  ---

  Explanation

• Question 670:

  Which of the following BEST sets expectation between the security team and business units within an organization?

  A. Risk assessment
  B. Memorandum of understanding
  C. Business impact analysis
  D. Business partnership agreement
  E. Services level agreement
  E. Services level agreement

  ---

  Explanation

  A Service Level Agreement (SLA) sets expectations between teams (like security and business units) on what services will be delivered and the expected performance levels