CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 671:

  An organization has an operational requirement with a specific equipment vendor. The organization is located in the United States, but the vendor is located in another region. Which of the following risks would be MOST concerning to the organization in the event of equipment failure?

  A. Support may not be available during all business hours.
  B. The organization requires authorized vendor specialists.
  C. Each region has different regulatory frameworks to follow.
  D. Shipping delays could cost the organization money.
  D. Shipping delays could cost the organization money.

  ---

  Explanation

  The question ask about immediate concerns for the organization would be the repair, replacement, or troubleshooting of the equipment to resume normal operations. Since the equipment is in another region, replacement would be a bigger concern than repairs. Delays in getting the required equipment or parts could result in prolonged downtime, impacting business operations and leading to financial losses.

• Question 672:

  A global financial firm wants to onboard a new vendor that sells a very specific SaaS application. The application is only hosted in the vendor's home country, and the firm cannot afford any significant downtime. Which of the following is the GREATEST risk to the firm, assuming the decision is made to work with the new vendor?

  A. The application's performance will be different in regional offices.
  B. There are regulatory concerns with using SaaS applications.
  C. The SaaS application will only be available to users in one country.
  D. There is no geographical redundancy in case of network outages.
  D. There is no geographical redundancy in case of network outages.

  ---

  Explanation

• Question 673:

  An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:

  1.Be based on open-source Android for user familiarity and ease.

  2.Provide a single application for inventory management of physical assets.

  3.Permit use of the camera be only the inventory application for the purposes of scanning

  4.Disallow any and all configuration baseline modifications.

  Restrict all access to any device resource other than those requirement ?

  A. Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.
  B. Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.
  C. Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove unnecessary functions via MDL, configure to block network access, and perform integration testing
  D. Build and install an Android middleware policy with requirements added, copy the file into/ user/init, and then built the inventory application.
  A. Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.

  ---

  Explanation

• Question 674:

  A security analyst is conducting an investigation regarding a potential insider threat. An unauthorized USB device might have been used to exfiltrate proprietary data from a Linux system.

  Which of the following options would identify the IoCs and provide the appropriate response?

  A. Review the network logs and update the firewall rules.
  B. Review the operating system logs and update the DLP rules.
  C. Review the vulnerability logs and update the IDS rules.
  D. Obtain the device ID using dmesg and update the portable storage inventory.
  B. Review the operating system logs and update the DLP rules.

  ---

  Explanation

  Data visibility and endpoint DLP can secure data at-rest and ensure that users do not exfiltrate data via a removable device, such as a USB. The exercise does not specify if the DLP is a network or endpoint based.

• Question 675:

  A security analyst notices a number of SIEM events that show the following activity:

  

  Which of the following response actions should the analyst take FIRST?

  A. Disable powershell.exe on all Microsoft Windows endpoints.
  B. Restart Microsoft Windows Defender.
  C. Configure the forward proxy to block 40.90.23.154.
  D. Disable local administrator privileges on the endpoints.
  C. Configure the forward proxy to block 40.90.23.154.

  ---

  Explanation

  top the data exfiltration and sever all malicious traffic first, and then clean up the internal mess.

• Question 676:

  A security is testing a server finds the following in the output of a vulnerability scan:

  

  Which of the following will the security analyst most likely use NEXT to explore this further?

  A. Exploitation framework
  B. Reverse engineering tools
  C. Vulnerability scanner
  D. Visualization tool
  A. Exploitation framework

  ---

  Explanation

• Question 677:

  A security review of the architecture for an application migration was recently completed. The following observations were made:

  1.External inbound access is blocked.

  2.A large amount of storage is available.

  3.Memory and CPU usage are low.

  4.The load balancer has only a single server assigned.

  5.Multiple APIs are integrated.

  Which of the following needs to be addressed?

  A. Scalability
  B. Automation
  C. Availability
  D. Performance
  C. Availability

  ---

  Explanation

  Ensuring availability typically involves having multiple servers or instances behind a load balancer to provide redundancy and failover capabilities. This approach enhances the system's resilience, ensuring that services remain available even if one server experiences issues. Therefore, to improve availability, the architecture should include additional servers or instances to handle the traffic, thus preventing downtime in case of failure.

• Question 678:

  A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online.

  Which of the following be the FIRST step taken by the team?

  A. Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.
  B. Create an SLA for each application that states when the application will come back online and distribute this information to the business units.
  C. Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.
  D. Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.
  C. Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

  ---

  Explanation

• Question 679:

  A network security engineer is designing a three-tier web architecture that will allow a third- party vendor to perform the following audit functions within the organization's cloud environment

  1.Review communication between all infrastructure endpoints

  2.Identify unauthorized and malicious data patterns

  3.Perform automated, risk-mitigating configuration changes

  Which of the following should the network security engineer include in the design to address these requirements?

  A. Network edge NIPS
  B. Centralized syslog
  C. Traffic mirroring
  D. Network flow
  C. Traffic mirroring

  ---

  Explanation

  Traffic mirroring, also known as port mirroring or SPAN (Switched Port Analyzer), involves creating a copy of the actual network traffic for independent analysis. This would allow the third-party vendor to review communications between infrastructure endpoints, identify unauthorized and malicious data patterns, and perform automated, risk-mitigating configuration changes without impacting the live environment. This is used in network intrusion detection systems (NIDS) and for traffic analysis purposes.

• Question 680:

  A systems administrator confirms that the company's remote server is providing the following list of preferred ciphers:

  1.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

  2.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

  3.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

  4.TLS_RSA_WITH_RC4_128_SHA (0x5)

  5.TLS_RSA_WITH_RC4_128_MD5 (0x4)

  Nevertheless, when the systems administrator's browser connects to the server, it negotiates TLS_RSA_WITH_RC4_128_MD5 (0x4), while all other employees' browsers negotiate TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030).

  Which of the following describes a potential attack to the systems administrator's browser?

  A. A cipher mismatch
  B. Key rotation
  C. A downgrade attack
  D. A compromised key
  E. Rekeying
  C. A downgrade attack

  ---

  Explanation

  In this scenario, it seems that the systems administrator's browser is being forced to negotiate a less secure cipher suite (TLS_RSA_WITH_RC4_128_MD5) instead of the preferred, more secure cipher suites. This is likely due to a man-inthe-middle attacker manipulating the negotiation process and downgrading the encryption level. This type of attack is known as a "downgrade attack."