CompTIA CAS-004 Exam Dumps

CompTIA CAS-004 Sample Question Answers

Question # 1

Law enforcement officials informed an organization that an investigation has begun. Which of thefollowing is the FIRST step the organization should take?

A. Initiate a legal hold.
B. Refer to the retention policy
C. Perform e-discovery.
D. Review the subpoena

Show Answer

Question # 2

A company with multiple locations has taken a cloud-only approach to its infrastructure The companydoes not have standard vendors or systems resulting in a mix of various solutions put in place by eachlocation The Chief Information Security Officer wants to ensure that the internal security team hasvisibility into all platforms Which of the following best meets this objective?

A. Security information and event management
B. Cloud security posture management
C. SNMFV2 monitoring and log aggregation
D. Managed detection and response services from a third party

Show Answer

Question # 3

An loT device implements an encryption module built within its SoC where the asymmetric privatekey has been defined in a write-once read-many portion of the SoC hardware Which of the followingshould the loT manufacture do if the private key is compromised?

A. Use over-the-air updates to replace the private key
B. Manufacture a new loT device with a redesigned SoC
C. Replace the public portion of the loT key on its servers
D. Release a patch for the SoC software

Show Answer

Question # 4

Company A is merging with Company B Company A is a small, local company Company B has a large,global presence The two companies have a lot of duplication in their IT systems processes, andprocedures On the new Chief Information Officer's (ClO's) first day a fire breaks out at Company B'smam data center Which of the following actions should the CIO take first?

A. Determine whether the incident response plan has been tested at both companies, and use it torespond
B. Review the incident response plans, and engage the disaster recovery plan while relying on the ITleaders from both companies.
C. Ensure hot. warm, and mobile disaster recovery sites are available, and give an update to thecompanies' leadership teams
D. Initiate Company A's IT systems processes and procedures, assess the damage, and perform a BIA

Show Answer

Question # 5

A security administrator needs to recommend an encryption protocol after a legacy stream cipherwas deprecated when a security flaw was discovered. The legacy cipher excelled at maintainingstrong cryptographic security and provided great performance for a streaming video service. Whichof the following AES modes should the security administrator recommend given these requirements?

A. CTR
B. ECB
C. OF8
D. GCM

Show Answer

Question # 6

A forensics investigator is analyzing an executable file extracted from storage media that wassubmitted (or evidence The investigator must use a tool that can identify whether the executable hasindicators, which may point to the creator of the file Which of the following should the investigatoruse while preserving evidence integrity?

A. idd
B. bcrypt
C. SHA-3
D. ssdeep
E. dcfldd

Show Answer

Question # 7

A company with only U S -based customers wants to allow developers from another country to workon the company's website However, the company plans to block normal internet traffic from theother country Which of the following strategies should the company use to accomplish thisobjective? (Select two).

A. Block foreign IP addresses from accessing the website
B. Have the developers use the company's VPN
C. Implement a WAP for the website
D. Give the developers access to a jump box on the network
E. Employ a reverse proxy for the developers
F. Use NAT to enable access for the developers

Show Answer

Question # 8

A security engineer is assessing the security controls of loT systems that are no longer supported forupdates and patching. Which of the following is the best mitigation for defending these loT systems?

A. Disable administrator accounts
B. Enable SELinux
C. Enforce network segmentation
D. Assign static IP addresses

Show Answer

Question # 9

in a situation where the cost of anti-malware exceeds the potential loss from a malware threat,which of the following is the most cost-effective risk response?

A. Risk transfer
B. Risk mitigation
C. Risk acceptance
D. Risk avoidance

Show Answer

Question # 10

A forensic investigator started the process of gathering evidence on a laptop in response to anincident The investigator took a snapshof of the hard drive, copied relevant log files and thenperformed a memory dump Which of the following steps in the process should have occurred first?

A. Preserve secure storage
B. Clone the disk.
C. Collect the most volatile data
D. Copy the relevant log files

Show Answer

Question # 11

A security engineer is assessing a legacy server and needs to determine if FTP is running and onwhich port The service cannot be turned off, as it would impact a critical application's ability tofunction. Which of the following commands would provide the information necessary to create afirewall rule to prevent that service from being exploited?

A. service ”status-ali I grep ftpd
B. chkconfig --list
C. neestat -tulpn
D. systeactl list-unit-file ”type service ftpd
E. service ftpd. status

Show Answer

Question # 12

A company is in the process of refreshing its entire infrastructure The company has a business-criticalprocess running on an old 2008 Windows server If this server fails, the company would lose millionsof dollars in revenue. Which of the following actions should the company should take?

A. Accept the risk as the cost of doing business
B. Create an organizational risk register for project prioritization
C. Calculate the ALE and conduct a cost-benefit analysis
D. Purchase insurance to offset the cost if a failure occurred

Show Answer

Question # 13

A systems engineer needs to develop a solution that uses digital certificates to allow authenticationto laptops. Which of the following authenticator types would be most appropriate for the engineerto include in the design?

A. TOTP token
B. Device certificate
C. Smart card
D. Biometric

Show Answer

Question # 14

The general counsel at an organization has received written notice of upcoming litigation. Thegeneral counsel has issued a legal records hold. Which of the following actions should theorganization take to comply with the request?

A. Preserve all communication matching the requested search terms
B. Block communication with the customer while litigation is ongoing
C. Require employees to be trained on legal record holds
D. Request that all users do not delete any files

Show Answer

Question # 15

A security administrator needs to implement a security solution that willLimit the attack surface in case of an incidentImprove access control for external and internal network security.Improve performance with less congestion on network trafficWhich of the following should the security administrator do?

A. Integrate threat intelligence feeds into the FIM
B. Update firewall rules to match new IP addresses in use
C. Configure SIEM dashboards to provide alerts and visualizations
D. Deploy DLP rules based on updated Pll formatting

Show Answer

Question # 16

A security engineer is concerned about the threat of side-channel attacks The company experienceda past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from itsnormal operating range As a result, the part deteriorated more quickly than the mean time to failureA further investigation revealed the attacker was able to determine the acceptable rpm range, andthe malware would then fluctuate the rpm until the pan failed Which of the following solutionswould be best to prevent a side-channel attack in the future?

A. Installing online hardware sensors
B. Air gapping important ICS and machines
C. Implementing a HIDS
D. Installing a SIEM agent on the endpoint

Show Answer

Question # 17

An employee's device was missing for 96 hours before being reported. The employee called the helpdesk to ask for another device Which of the following phases of the incident response cycle needsimprovement?

A. Containment
B. Preparation
C. Resolution
D. Investigation

Show Answer

Question # 18

When implementing serverless computing an organization must still account for:

A. the underlying computing network infrastructure
B. hardware compatibility
C. the security of its data
D. patching the service

Show Answer

Question # 19

The Chief Executive Officer of an online retailer notices a sudden drop in sales A security analyst atthe retailer detects a redirection of unsecure web traffic to a competitor's site Which of the followingwould best prevent this type of attack?

A. Enabling HSTS
B. Configuring certificate pinning
C. Enforcing DNSSEC
D. Deploying certificate stapling

Show Answer

Question # 20

A company has retained the services of a consultant to perform a security assessment. As part of theassessment the consultant recommends engaging with others in the industry to collaborate inregards to emerging attacks Which of the following would best enable this activity?

A. ISAC
B. OSINT
C. CVSS
D. Threat modeling

Show Answer

Question # 21

An organization has an operational requirement with a specific equipment vendor The organization islocated in the United States, but the vendor is located in another region Which of the following riskswould be most concerning to the organization in the event of equipment failure?

A. Support may not be available during all business hours
B. The organization requires authorized vendor specialists.
C. Each region has different regulatory frameworks to follow
D. Shipping delays could cost the organization money

Show Answer

Question # 22

An multinational organization was hacked, and the incident response team's timely action preventeda major disaster Following the event, the team created an after action report. Which of the followingis the primary goal of an after action review?

A. To gather evidence for subsequent legal action
B. To determine the identity of the attacker
C. To identify ways to improve the response process
D. To create a plan of action and milestones

Show Answer

Question # 23

Which of the following technologies would benefit the most from the use of biometric readersproximity badge entry systems, and the use of hardware security tokens to access variousenvironments and data entry systems?

A. Deep learning
B. Machine learning
C. Nanotechnology
D. Passwordless authentication
E. Biometric impersonation

Show Answer

Question # 24

A security analyst has been tasked with assessing a new API The analyst needs to be able to test for avariety of different inputs, both malicious and benign, in order to close any vulnerabilities Which ofthe following should the analyst use to achieve this goal?

A. Static analysis
B. Input validation
C. Fuzz testing
D. Post-exploitation

Show Answer

Question # 25

A PKI engineer is defining certificate templates for an organization's CA and would like to ensure atleast two of the possible SAN certificate extension fields populate for documentation purposes.Which of the following are explicit options within this extension? (Select two).

A. Type
B. Email
C. OCSP responder
D. Registration authority
E. Common Name
F. DNS name

Show Answer

Question # 26

A network security engineer is designing a three-tier web architecture that will allow a third-partyvendor to perform the following audit functions within the organization's cloud environmentReview communication between all infrastructure endpointsIdentify unauthorized and malicious data patternsPerform automated, risk-mitigating configuration changesWhich of the following should the network security engineer include in the design to address theserequirements?

A. Network edge NIPS
B. Centralized syslog
C. Traffic mirroring
D. Network flow

Show Answer

Question # 27

Which of the following is record-level encryption commonly used to do?

A. Protect database fields
B. Protect individual files
C. Encrypt individual packets
D. Encrypt the master boot record

Show Answer

Question # 28

A hospital has fallen behind with patching known vulnerabilities due to concerns that patches maycause disruptions in the availability of data and impact patient care. The hospital does not have atracking solution in place to audit whether systems have been updated or to track the length of timebetween notification of the weakness and patch completion Since tracking is not in place the hospitallacks accountability with regard to who is responsible for these activities and the timeline of patchingefforts. Which of the following should the hospital do first to mitigate this risk?

A. Complete a vulnerability analysis
B. Obtain guidance from the health ISAC
C. Purchase a ticketing system for auditing efforts
D. Ensure CVEs are current
E. Train administrators on why patching is important

Show Answer

Question # 29

A security officer is requiring all personnel working on a special project to obtain a security clearancerequisite with the level of all information being accessed Data on this network must be protected atthe same level of each clearance holder The need to know must be vended by the data owner Whichof the following should the security officer do to meet these requirements?

A. Create a rule lo authorize personnel only from certain IPs to access the files
B. Assign labels to the files and require formal access authorization
C. Assign attributes to each file and allow authorized users to share the files
D. Assign roles to users and authorize access to files based on the roles

Show Answer

Question # 30

To bring digital evidence in a court of law the evidence must be:

A. material
B. tangible
C. consistent
D. conserved

Show Answer

Question # 31

A security engineer is creating a single CSR for the following web server hostnames:wwwint internalwww company comhome.internalwww internalWhich of the following would meet the requirement?

A. SAN
B. CN
C. CA
D. CRL
E. Issuer

Show Answer

Question # 32

A cyberanalyst for a government agency is concerned about how Pll is protected A supervisorindicates that a Privacy Impact Assessment must be done. Which of the following describes afunction of a Privacy Impact Assessment?

A. To validate the project participants
B. To identify the network ports
C. To document residual risks
D. To evaluate threat acceptance

Show Answer

Question # 33

A small bank is evaluating different methods to address and resolve the following requirements" Must be able to store credit card data using the smallest amount of data possibleMust be compliant with PCI DSSMust maintain confidentiality if one piece of the layer is compromisedWhich of the following is the best solution for the bank?

A. Scrubbing
B. Tokenization
C. Masking
D. Homomorphic encryption

Show Answer

Question # 34

A security engineer needs to select the architecture for a cloud database that will protect anorganization's sensitive data. The engineer has a choice between a single-tenant or a multitenant database architecture offeredby a cloud vendor. Which of the following best describes the security benefits of the single-tenantoption? (Select two).

A. Most cost-effective
B. Ease of backup and restoration
C. High degree of privacy
D. Low resilience to side-channel attacks
E. Full control and ability to customize
F. Increased geographic diversity

Show Answer

Question # 35

After the latest risk assessment, the Chief Information Security Officer (CISO) decides to meet withthe development and security teams to find a way to reduce the security task workload The CISOwould like to:* Have a solution that uses API to communicate with other security tools* Use the latest technology possible* Have the highest controls possible on the solutionWhich of following is the best option to meet these requirements?

A. EDR
B. CSP
C. SOAR
D. CASB

Show Answer

Question # 36

A company underwent an audit in which the following issues were enumerated:Insufficient security controls for internet-facing services, such as VPN and extranetWeak password policies governing external access for third-party vendorsWhich of the following strategies would help mitigate the risks of unauthorized access?

A. 2FA
B. RADIUS
C. Federation
D. OTP

Show Answer

Question # 37

During a review of events, a security analyst notes that several log entries from the FIM systemidentify changes to firewall rule sets. While coordinating a response to the FIM entries, the analystreceives alerts from the DLP system that indicate an employee is sending sensitive data to anexternal email address. Which of the following would be the most relevant to review in order to gaina better understanding of whether these events are associated with an attack?

A. Configuration management tool
B. Intrusion prevention system
C. Mobile device management platform
D. Firewall access control list
E. NetFlow logs

Show Answer

Question # 38

A security engineer is trying to identify instances of a vulnerability in an internally developed line ofbusiness software. The software is hosted at the company's internal data center. Although a standardvulnerability definition does not exist, the identification and remediation results should be tracked inthe company's vulnerability management system. Which of the following should the engineer use toidentify this vulnerability?

A. SIEM
B. CASB
C. SCAP
D. OVAL

Show Answer

Question # 39

Which of the following is a security concern for DNP3?

A. Free-form messages require support.
B. Available function codes are not standardized.
C. Authentication is not allocated.
D. It is an open source protocol.

Show Answer

Question # 40

An organization does not have visibility into when company-owned assets are off network or notconnected via a VPN. The lack of visibility prevents the organization from meeting security andoperational objectives. Which of the following cloud-hosted solutions should the organizationimplement to help mitigate the risk?

A. Antivirus
B. UEBA
C. EDR
D. HIDS

Show Answer

Question # 41

A software developer created an application for a large, multinational company. The company isconcerned the program code could be reverse engineered by a foreign entity and intellectualproperty would be lost. Which of the following techniques should be used to prevent this situation?

A. Obfuscation
B. Code signing
C. Watermarking
D. Digital certificates

Show Answer

Question # 42

Signed applications reduce risks by:

A. encrypting the application's data on the device.
B. requiring the developer to use code-level hardening techniques.
C. providing assurance that the application is using unmodified source code.
D. costing the developer money to publish, which reduces the likelihood of malicious intent.

Show Answer

Question # 43

A software development company wants to ensure that users can confirm the software is legitimatewhen installing it. Which of the following is the best way for the company to achieve this securityobjective?

A. Code signing
B. Non-repudiation
C. Key escrow
D. Private keys

Show Answer

Question # 44

Application owners are reporting performance issues with traffic using port 1433 from the cloudenvironment. A security administrator has various pcap files to analyze the data between the relatedsource and destination servers. Which of the following tools should be used to help troubleshoot theissue?

A. Fuzz testing
B. Wireless vulnerability scan
C. Exploit framework
D. Password cracker
E. Protocol analyzer

Show Answer