[Mar 14, 2022] CAS-004 PDF Questions and Testing Engine With 130 Questions [Q58-Q81] | DumpsMaterials

[Mar 14, 2022] CAS-004 PDF Questions and Testing Engine With 130 Questions [Q58-Q81]

Share

[Mar 14, 2022] CAS-004 PDF Questions and Testing Engine With 130 Questions

Updated Exam Engine for CAS-004 Exam Free Demo & 365 Day Updates

NEW QUESTION 58
A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.
Which of the following does the business's IT manager need to consider?

  • A. The language of the web application
  • B. The availability of personal data
  • C. The company's annual revenue
  • D. The right to personal data erasure

Answer: D

 

NEW QUESTION 59
A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.
Which of the following should the company use to prevent data theft?

  • A. Watermarking
  • B. Access logging
  • C. NDA
  • D. DRM

Answer: B

 

NEW QUESTION 60
A company's employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely explanation? (Select TWO.)

  • A. Unrestricted email administrator accounts
  • B. Chief use of UDP protocols
  • C. VPN on the mobile device
  • D. Privilege escalation attack
  • E. Outdated escalation attack
  • F. Disabled GPS on mobile devices

Answer: C,F

 

NEW QUESTION 61
A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:
Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

  • A. Set the devices to enforcing
  • B. Rebuild the policy, reinstall, and test.
  • C. Add the objects of concern to the default context.
  • D. Create separate domain and context files for irc.

Answer: A

 

NEW QUESTION 62
A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.
Which of the following solutions should the security architect recommend?

  • A. Implement a deny list feature on the endpoints.
  • B. Add a firewall module on the current antivirus solution.
  • C. Replace the current antivirus with an EDR solution.
  • D. Remove the web proxy and install a UTM appliance.

Answer: A

 

NEW QUESTION 63
A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

Which of the following is an appropriate security control the company should implement?

  • A. Restrict directory permission to read-only access.
  • B. Parameterize a query in the path variable to prevent SQL injection.
  • C. Separate the items in the system call to prevent command injection.
  • D. Use server-side processing to avoid XSS vulnerabilities in path input.

Answer: C

 

NEW QUESTION 64
A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.
Which of the following techniques will MOST likely meet the business's needs?

  • A. Implementing steganography
  • B. Performing deep-packet inspection of all digital audio files
  • C. Purchasing and installing a DRM suite
  • D. Adding identifying filesystem metadata to the digital audio files

Answer: A

 

NEW QUESTION 65
A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

  • A. Installing a network firewall
  • B. Placing a WAF inline
  • C. Implementing an IDS
  • D. Deploying a honeypot

Answer: A

 

NEW QUESTION 66
A vulnerability analyst identified a zero-day vulnerability in a company's internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.
Which of the following would be BEST suited to meet these requirements?

  • A. ISACs
  • B. Node.js
  • C. OVAL
  • D. ARF

Answer: C

 

NEW QUESTION 67
A company hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements:
The credentials used to publish production software to the container registry should be stored in a secure location.
Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.
Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

  • A. TPM
  • B. Key vault
  • C. MFA
  • D. Local secure password file

Answer: A

 

NEW QUESTION 68
The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

  • A. Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier's post-contract renewal with a dedicated risk management team.
  • B. Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier's rating. Report finding units that rely on the suppliers and the various risk teams.
  • C. Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.
  • D. Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

Answer: A

 

NEW QUESTION 69
A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:
Unauthorized insertions into application development environments
Authorized insiders making unauthorized changes to environment configurations Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

  • A. Implement an XML gateway and monitor for policy violations.
  • B. Continuously monitor code commits to repositories and generate summary logs.
  • C. Model user behavior and monitor for deviations from normal.
  • D. Install an IDS on the development subnet and passively monitor for vulnerable services.
  • E. Perform static code analysis of committed code and generate summary reports.
  • F. Monitor dependency management tools and report on susceptible third-party libraries.

Answer: D,F

 

NEW QUESTION 70
A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

  • A. Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.
  • B. Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.
  • C. Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.
  • D. Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

Answer: C

 

NEW QUESTION 71
A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.
Which of the following sources could the architect consult to address this security concern?

  • A. OWASP
  • B. IEEE
  • C. SDLC
  • D. OVAL

Answer: D

 

NEW QUESTION 72
The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:
* Transaction being requested by unauthorized individuals.
* Complete discretion regarding client names, account numbers, and investment information.
* Malicious attackers using email to malware and ransomeware.
* Exfiltration of sensitive company information.
The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the boar's concerns for this email migration?

  • A. SSL VPN
  • B. Endpoint detection response
  • C. Application whitelisting
  • D. Data loss prevention

Answer: D

 

NEW QUESTION 73
A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA.
Which of the following is the BEST solution?

  • A. Send the new CRLs by using GPO.
  • B. Use Delta CRLs at the branches.
  • C. Configure clients to use OCSP.
  • D. Deploy an RA on each branch office.

Answer: C

 

NEW QUESTION 74
Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?

  • A. A duplicate copy of the image must be maintained
  • B. The disk containing the image must be placed in a seated container.
  • C. The image must be password protected against changes.
  • D. A hash value of the image must be computed.

Answer: D

 

NEW QUESTION 75
A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.
Which of the following would be BEST for the developer to perform? (Choose two.)

  • A. Verify MD5 hashes.
  • B. Compress the program with a password.
  • C. Encrypt with 3DES.
  • D. Make the DACL read-only.
  • E. Implement certificate-based authentication.
  • F. Utilize code signing by a trusted third party.

Answer: E,F

 

NEW QUESTION 76
A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.
Which of the following should be the analyst's FIRST action?

  • A. Perform a full system penetration test to determine the vulnerabilities.
  • B. Ascertain the impact of an attack on the availability of crucial resources.
  • C. Create a full inventory of information and data assets.
  • D. Determine which security compliance standards should be followed.

Answer: D

 

NEW QUESTION 77
A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are:
The Chief marketing officer (CMO) email is being used department wide as the username The password has been shared within the department Which of the following controls would be BEST for the analyst to recommend?

  • A. Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.
  • B. Create multiple social media accounts for all marketing user to separate their actions.
  • C. Ensue the password being shared is sufficiently and not written down anywhere.
  • D. Configure MFA for all users to decrease their reliance on other authentication.

Answer: D

 

NEW QUESTION 78
A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output:

The penetration testers MOST likely took advantage of:

  • A. A plain-text password disclosure
  • B. A buffer overflow vulnerability
  • C. An integer overflow vulnerability
  • D. A TOC/TOU vulnerability

Answer: D

 

NEW QUESTION 79
Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.
Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

  • A. Implement rate limiting on the API.
  • B. Implement OAuth 2.0 on the API.
  • C. Implement input validation on the API.
  • D. Implement geoblocking on the WAF.

Answer: B

 

NEW QUESTION 80
A threat analyst notices the following URL while going through the HTTP logs.

Which of the following attack types is the threat analyst seeing?

  • A. CSRF
  • B. SQL injection
  • C. XSS
  • D. Session hijacking

Answer: C

 

NEW QUESTION 81
......


CompTIA CAS-004 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Given a scenario, implement data security techniques for securing enterprise architecture
  • Given a set of requirements, apply the appropriate risk strategies
Topic 2
  • Explain compliance frameworks and legal considerations, and their organizational impact
  • Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements
Topic 3
  • Explain the impact of emerging technologies on enterprise security and privacy
  • Given a scenario, analyze vulnerabilities and recommend risk mitigations
Topic 4
  • Explain how cloud technology adoption impacts organizational security
  • Explain the importance of business continuity and disaster recovery concepts
Topic 5
  • Given a scenario, configure and implement endpoint security controls
  • Given a scenario, perform vulnerability management activities
Topic 6
  • Given a scenario, integrate software applications securely into an enterprise architecture
  • Given a set of requirements, implement secure cloud and virtualization solutions
Topic 7
  • Given a scenario, troubleshoot issues with cryptographic implementations
  • Given a scenario, analyze the security requirements and objectives to ensure an appropriate
Topic 8
  • Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls
  • Given a scenario, analyze indicators of compromise and formulate an appropriate response
Topic 9
  • Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools
  • Explain the importance of managing and mitigating vendor risk


CompTIA CASP+ Exam Certification Details:

Exam CodeCAS-004
Exam Price$466 (USD)
Schedule ExamCompTIA Marketplace
Pearson VUE
Exam NameCompTIA Advanced Security Practitioner (CASP+)
Passing ScorePass / Fail

 

Exam Passing Guarantee CAS-004 Exam with Accurate Quastions: https://www.dumpsmaterials.com/CAS-004-real-torrent.html

Test Engine to Practice Test for CAS-004 Valid and Updated Dumps: https://drive.google.com/open?id=1owUoyF2GC2tXbMnwkmo2qojDY61rz7mi