CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 681:

  A product manager at a new company needs to ensure the development team produces high-quality code on time. The manager has decided to implement an agile development approach instead of waterfall. Which of the following are reasons to choose an agile development approach? (Choose two.)

  A. The product manager gives the developers more autonomy to write quality code prior to deployment.
  B. An agile approach incorporates greater application security in the development process than a waterfall approach does.
  C. The scope of work is expected to evolve during the lifetime of project development.
  D. The product manager prefers to have code iteratively tested throughout development.
  E. The product manager would like to produce code in linear phases.
  F. Budgeting and creating a timeline for the entire project is often more straightforward using an agile approach rather than waterfall.
  C. The scope of work is expected to evolve during the lifetime of project development.
  D. The product manager prefers to have code iteratively tested throughout development.

  ---

  Explanation

• Question 682:

  A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services. Which of the following should be modified to prevent the issue from reoccurring?

  A. Recovery point objective
  B. Recovery time objective
  C. Mission-essential functions
  D. Recovery service level
  D. Recovery service level

  ---

  Explanation

  https://www.nakivo.com/blog/disaster-recovery-in-cloud-computing/

• Question 683:

  A company underwent an audit in which the following issues were enumerated:

  1.Insufficient security controls for internet-facing services, such as VPN and extranet

  2.Weak password policies governing external access for third-party vendors

  Which of the following strategies would help mitigate the risks of unauthorized access?

  A. 2FA
  B. RADIUS
  C. Federation
  D. OTP
  A. 2FA

  ---

  Explanation

  2FA provides a holistic approach to enhancing security by requiring a second form of identification in addition to the standard password. Given the audit findings of weak password policies and insufficient security controls for internet-facing services, implementing 2FA would be the most effective single strategy to mitigate the risks of unauthorized access.

• Question 684:

  SIMULATION

  During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.

  INSTRUCTIONS

  Review each of the events and select the appropriate analysis and remediation options for each IoC.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  A. Check the answer in explanation below.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. Check the answer in explanation below.

  ---

  Explanation

  

  

• Question 685:

  As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents. Which of the following BEST describes this kind of risk response?

  A. Risk rejection
  B. Risk mitigation
  C. Risk transference
  D. Risk avoidance
  C. Risk transference

  ---

  Explanation

  https://hbr.org/2021/01/cybersecurity-insurance-has-a-big-problem

• Question 686:

  security analyst is validating the MAC policy on a set of Android devices The policy was written to ensure non-cntical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries, such as:

  avc: denied { open } for pid=1018 comm= "ire" path= "/dev/if0" dev= "tmpfs" scontext=u:r:irc:sO tcontext=u:object_r:default:s0 tclass=chr_file permissive=l

  Despite the deny message, this action was still permitted Which of the following is the MOST likely fix for this issue?

  A. Add the objects of concern to the default context
  B. Set the devices to enforcing mode
  C. Create separate domain and context files for irc
  D. Rebuild the sepolicy, reinstall, and test
  B. Set the devices to enforcing mode

  ---

  Explanation

• Question 687:

  A company security engineer arrives at work to face the following scenario: 1) Website defacement 2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand 3) A Job offer from the company's competitor 4) A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data

  Which of the following threat actors Is MOST likely involved?

  A. Organized crime
  B. Script kiddie
  C. APT/nation-state
  D. Competitor
  C. APT/nation-state

  ---

  Explanation

• Question 688:

  A security administrator sees several hundred entries in a web server security log that are similar to the following:

  

  The network source varies, but the URL, status, and user agent are the same. Which of the following would BEST protect the web server without blocking legitimate traffic?

  A. Replace the file xmlrpc.php with a honeypot form to collect further IOCs.
  B. Automate the addition of bot IP addresses into a deny list for the web host.
  C. Script the daily collection of the WHOIS ranges to add to the WAF as a denied ACL.
  D. Block every subnet that is identified as having a bot that is a source of the traffic.
  B. Automate the addition of bot IP addresses into a deny list for the web host.

  ---

  Explanation

• Question 689:

  Following a successful exploitation of an RCE vulnerability during a penetration test, a systems administrator is performing remediation activities of the target system. Since the systems administrator was not involved in the planning process for the penetration test, a production server was inadvertently targeted and impacted by the actions of the penetration tester. Which of the following would be the most appropriate to reduce the impact of the penetration test in the future?

  A. Leverage a purple team approach to refine scope definition.
  B. Exclude non-production systems from the penetration test.
  C. Implement a black-box approach for the penetration test.
  D. Include an intercepting proxy in the production environment.
  E. Rely on web application vulnerability scans instead of penetration testing.
  A. Leverage a purple team approach to refine scope definition.

  ---

  Explanation

  Purple teaming is a collaborative approach to cybersecurity that brings together red and blue teams to test and improve an organization's security posture. The Purple Team is a combination of the Red and Blue Teams and work together to

  identify and address vulnerabilities discovered in simulated attacks.

  The White Team is typically made up of executive-level individuals who oversee and coordinate all of the other teams' efforts.

• Question 690:

  A company recently experienced a period of rapid growth, and it now needs to move to a more scalable cloud-based solution. Historically, salespeople have maintained separate systems for information on competing customers to prevent the inadvertent disclosure of one customer's information to another customer.

  Which of the following would be the BEST method to provide secure data separation?

  A. Use a CRM tool to separate data stores
  B. Migrate to a single-tenancy cloud infrastructure.
  C. Employ network segmentation to provide isolation among salespeople
  D. Implement an open-source public cloud CRM
  C. Employ network segmentation to provide isolation among salespeople

  ---

  Explanation