Download 2022 CompTIA CASP+ CAS-004 Practice Exam Questions With Answers

test2021-12-22T07:17:52+00:00

The new CASP+ (CAS-004) exam is now available! CASP+ covers the technical knowledge and skills required to architect, engineer, integrate, and implement secure solutions across complex environments to support a resilient enterprise while considering the impact of governance, risk, and compliance requirements.

How to best prepare for this CompTIA CASP+ CAS-004 Certification? This free CompTIA CASP+ CAS-004 Practice Exam is meant to see how well you’ve studied for the real thing. You’ll be put to the test on your knowledge, response time, and troubleshooting abilities. After practice all these CompTIA CASP+ CAS-004 Practice Exam Questions and Answers, you will master the exam content and pass your CompTIA CASP+ CAS-004 exam easily.

Page 1 of 3

1. A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

2. A threat hunting team receives a report about possible APT activity in the network.

Which of the following threat management frameworks should the team implement?

NIST SP 800-53

MITRE ATT&CK

The Cyber Kill Chain

The Diamond Model of Intrusion Analysis

3. Company A is establishing a contractual with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of liability, and intellectual property rights .

Which of the following documents will MOST likely contain these elements?

Company A-B SLA v2.docx

Company A OLA v1b.docx

Company A MSA v3.docx

Company A MOU v1.docx

Company A-B NDA v03.docx

4. Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.

Based on RPO requirements, which of the following recommendations should the management team make?

Leave the current backup schedule intact and pay the ransom to decrypt the data.

Leave the current backup schedule intact and make the human resources fileshare read-only.

Increase the frequency of backups and create SIEM alerts for IOCs.

Decrease the frequency of backups and pay the ransom to decrypt the data.

5. A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.

Which of the following would satisfy the requirement?

NIDS

NIPS

WAF

Reverse proxy

6. A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP.

Block is an except of output from the troubleshooting session:

Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

The clients may not trust idapt by default.

The secure LDAP service is not started, so no connections can be made.

Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.

Secure LDAP should be running on UDP rather than TC

The company is using the wrong port. It should be using port 389 for secure LDA

Secure LDAP does not support wildcard certificates.

The clients may not trust Chicago by default.

7. Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Malicious installation of an application; change the MDM configuration to remove application ID 1220.

Resource leak; recover the device for analysis and clean up the local storage.

Impossible travel; disable the device’s account and access while investigating.

Falsified status reporting; remotely wipe the device.

8. A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration.

The board is concerned about the following.

* Transactions being required by unauthorized individual

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attacker using email to distribute malware and ransom ware.

* Exfiltration of sensitivity company information.

The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing .

Which of the following is the BEST option to resolve the board’s concerns for this email migration?

Data loss prevention

Endpoint detection response

SSL VPN

Application whitelisting

9. An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Implement a VPN for all APIs.

Sign the key with DS

Deploy MFA for the service accounts.

Utilize HMAC for the keys.

10. A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access .

Which of the following system should the engineer consider NEXT to mitigate the associated risks?

DLP

Mail gateway

Data flow enforcement

UTM

Page 2 of 3

11. A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.

Which of the following solutions should the security architect recommend?

Replace the current antivirus with an EDR solution.

Remove the web proxy and install a UTM appliance.

Implement a deny list feature on the endpoints.

Add a firewall module on the current antivirus solution.

12. A company requires a task to be carried by more than one person concurrently. This is an example of:

separation of d duties.

dual control

least privilege

job rotation

13. A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ‘’Contact US’’ form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident .

Which of the following would BEST assist the analyst?

Ensuring proper input validation is configured on the ‘’Contact US’’ form

Deploy a WAF in front of the public website

Checking for new rules from the inbound network IPS vendor

Running the website log files through a log reduction and analysis tool

14. An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

Which of the following historian server locations will allow the business to get the required reports in an and IT environment?

In the environment, use a VPN from the IT environment into the environment.

In the environment, allow IT traffic into the environment.

In the IT environment, allow PLCs to send data from the environment to the IT environment.

Use a screened subnet between the and IT environments.

15. A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling .

Which of the following is the MOST likely explanation? (Select TWO.)

Outdated escalation attack

Privilege escalation attack

VPN on the mobile device

Unrestricted email administrator accounts

Chief use of UDP protocols

Disabled GPS on mobile devices

16. A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

Scan the code with a static code analyzer, change privileged user passwords, and provide security training.

Change privileged usernames, review the OS logs, and deploy hardware tokens.

Implement MFA, review the application logs, and deploy a WA

Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

17. An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Kerberos and TACACS

SAML and RADIUS

OAuth and OpenID

OTP and 802.1X

18. A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

Which of the following MOST appropriate corrective action to document for this finding?

The product owner should perform a business impact assessment regarding the ability to implement a WA

The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

The system administrator should evaluate dependencies and perform upgrade as necessary.

The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

19. A company suspects a web server may have been infiltrated by a rival corporation.

The security engineer reviews the web server logs and finds the following:

The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

Which of the following is an appropriate security control the company should implement?

Restrict directory permission to read-only access.

Use server-side processing to avoid XSS vulnerabilities in path input.

Separate the items in the system call to prevent command injection.

Parameterize a query in the path variable to prevent SQL injection.

20. A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online .

Which of the following be the FIRST step taken by the team?

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

Page 3 of 3

21. A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

Which of the following should the security analyst perform?

Contact the security department at the business partner and alert them to the email event.

Block the IP address for the business partner at the perimeter firewall.

Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.

Configure the email gateway to automatically quarantine all messages originating from the business partner.

22. The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership .

Which of the follow would MOST likely be used?

MOU

OLA

NDA

SLA

23. A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack.

A security analyst is reviewing the following web server configuration:

Which of the following ciphers should the security analyst remove to support the business requirements?

TLS_AES_128_CCM_8_SHA256

TLS_DHE_DSS_WITH_RC4_128_SHA

TLS_CHACHA20_POLY1305_SHA256

TLS_AES_128_GCM_SHA256

24. A developer implement the following code snippet.

Which of the following vulnerabilities does the code snippet resolve?

SQL inject

Buffer overflow

Missing session limit

Information leakage

25. A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

Installing a network firewall

Placing a WAF inline

Implementing an IDS

Deploying a honeypot

26. A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.

Which of the following would be the BEST solution against this type of attack?

Wildcard certificates

HSTS

Certificate pinning