CompTIA CAS-004 Online Practice Questions and Exam Preparation

CompTIA CAS-004 Online Questions & Answers

• Question 691:

  A recent audit discovered that multiple employees had been using their badges to walk through the secured data center to get to the employee break room. Most of the employees were given access during a previous project, but the access was not removed in a timely manner when the project was complete.

  Which of the following would reduce the likelihood of this scenario occurring again?

  A. Create an automated quarterly attestation process that requires management approval for data center access and removes unapproved access.
  B. Require all employees to sign an AUP that prohibits accessing the data center without an active service ticket number.
  C. Remove all access to the data center badge readers and only re-add employees with a valid business purpose for entering the floor.
  D. Implement time-of-day restrictions on the data center badge readers and create automated alerts for unapproved swipe attempts.
  A. Create an automated quarterly attestation process that requires management approval for data center access and removes unapproved access.

  ---

  Explanation

  Implementing an automated quarterly attestation process ensures that access is reviewed and approved regularly. This prevents unauthorized or unnecessary access from persisting over time, aligning with CASP+ objective 1.6, which emphasizes continuous access control monitoring.

• Question 692:

  The Chief Information Security Officer (CISO) at a software company is trying to document the technical and security requirements needed to connect the company's network to an external system. The additional requirements include procedural and planning information.

  Which of the following should the CISO use to best accomplish this objective?

  A. MOA
  B. NDA
  C. SLA
  D. ISA
  D. ISA

  ---

  Explanation

  "An Interconnection Security Agreement (ISA) details the technical, procedural, and planning requirements for securely connecting two or more information systems. An ISA builds upon a Memorandum of Agreement (MOA) or similar high-level partnership document to specify security controls, configuration settings, data flow diagrams, incident-response responsibilities, and ongoing management processes for the interconnected environments."

  CompTIA CASP+ Official Study Guide, Third Edition, Chapter 2: Governance, Risk, and Compliance, p. 84. "Use an ISA to define the security requirements, operational procedures, and maintenance plans for any system interconnections.

  The ISA should reference applicable policies, identify roles and responsibilities, and outline technical controls such as encryption, authentication, and logging mechanisms."

  CompTIA CASP+ CAS-004 Exam Objectives (v7.1), Section 1.4: Interconnection and Collaboration Agreements, p. 6. By creating an ISA, the CISO ensures that both organizations share a clear, binding document that covers not only the security controls and network configurations but also the procedural and planning aspects needed to maintain a secure, ongoing connection.

  References:

  CompTIA CASP+ Official Study Guide, Third Edition, p. 84

  CompTIA CASP+ CAS-004 Exam Objectives (v7.1), Section 1.4, p. 6

• Question 693:

  A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encryption with associated data. Which of the following algorithms, when combined into a cipher suite, will meet these requirements? (Choose three.)

  A. EDE
  B. CBC
  C. GCM
  D. AES
  E. RSA
  F. RC4
  G. ECDSA
  H. DH
  C. GCM
  D. AES
  G. ECDSA

  ---

  Explanation

• Question 694:

  A company Invested a total of $10 million lor a new storage solution Installed across live on-site datacenters. Fitly percent of the cost of this Investment was for solid-state storage. Due to the high rate of wear on this storage, the company Is estimating that 5% will need to be replaced per year. Which of the following is the ALE due to storage replacement?

  A. $50,000
  B. $125,000
  C. $250,000
  D. $500.000
  E. $51,000,000
  C. $250,000

  ---

  Explanation

• Question 695:

  Real-time, safety-critical systems MOST often use serial busses that:

  A. have non-deterministic behavior and are not deployed with encryption.
  B. have non-deterministic behavior and are deployed with encryption.
  C. have deterministic behavior and are deployed with encryption.
  D. have deterministic behavior and are not deployed with encryption.
  D. have deterministic behavior and are not deployed with encryption.

  ---

  Explanation

• Question 696:

  A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs.

  

  Which of the following should the company do NEXT to mitigate the risk of a compromise from these attacks?

  A. Restrict HTTP methods.
  B. Perform parameterized queries.
  C. Implement input sanitization.
  D. Validate content types.
  C. Implement input sanitization.

  ---

  Explanation

• Question 697:

  During a network defense engagement, a red team is able to edit the following registry key:

  

  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders Which of the following tools is the red team using to perform this action?

  A. PowerShell
  B. SCAP scanner
  C. Network vulnerability scanner
  D. Fuzzer
  A. PowerShell

  ---

  Explanation

  PowerShell is a versatile scripting language that can be used to automate administrative tasks and configurations on Windows machines. It has the capability to edit registry keys, which is what the red team appears to have done based on the provided information. PowerShell is a common tool used by both system administrators and attackers (in the form of a red team during penetration testing).

• Question 698:

  A server was compromised recently, and two unauthorized daemons were set up to listen for incoming connections. In addition, CPU cycles were being used by an additional unauthorized cron job. Which of the following would have prevented the breach if it was properly configured?

  A. Set up log forwarding and utilize a SIEM for centralized management and alerting.
  B. Use a patch management system to close the vulnerabilities in a shorter time frame.
  C. Implement a NIDS/NIPS.
  D. Deploy SELinux using the system baseline as the starting point.
  E. Configure the host firewall to block unauthorized inbound connections.
  D. Deploy SELinux using the system baseline as the starting point.

  ---

  Explanation

  SELinux (or AppArmor) restricts unauthorized programs from executing, even if compromised.

• Question 699:

  A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

  Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

  The company can control what SaaS applications each individual user can access.

  User browser activity can be monitored.

  Which of the following solutions would BEST meet these requirements?

  A. IAM gateway, MDM, and reverse proxy
  B. VPN, CASB, and secure web gateway
  C. SSL tunnel, DLP, and host-based firewall
  D. API gateway, UEM, and forward proxy
  B. VPN, CASB, and secure web gateway

  ---

  Explanation

• Question 700:

  A help desk technician is troubleshooting an issue with an employee's laptop that will not boot into its operating system. The employee reported the laptop had been stolen but then found it one day later. The employee has asked the technician for help recovering important data. The technician has identified the following:

  1.The laptop operating system was not configured with BitLocker.

  2.The hard drive has no hardware failures.

  3.Data is present and readable on the hard drive, although it appears to be illegible.

  Which if the following is the MOST likely reason the technician is unable to retrieve legible data from the hard drive?

  A. The employee's password was changed, and the new password needs to be used.
  B. The PKI certificate was revoked, and a new one must be installed.
  C. The hard drive experienced crypto-shredding.
  D. The technician is using the incorrect cipher to read the data.
  C. The hard drive experienced crypto-shredding.

  ---

  Explanation

  Crypto-shredding describes the concept that destroying a decryption key in essence destroys the data it was designed to protect. Especially important in cloud environments where methods available to confidently destroy data is limited. This technique depends upon assurance that the data was never available in decrypted format at any point in its life cycle, that the encryption method was sufficiently secure, and that the key is irrecoverably destroyed.