The Most Update CompTIA CASP+ CAS-004 Dumps Questions

test2022-07-29T07:17:38+00:00

The latest CompTIA CASP+ CAS-004 Dumps Questions are new updated for your best preparation. FreeTestShare has put up a comprehensive collection of CAS-004 Dumps Questions to guide you through real questions and answers to help you prepare for the CompTIA CASP+ Exam. We have updated our CompTIA CASP+ CAS-004 Dumps Questions to include new practice test questions and answers that will ensure you prepare the CompTIA Advanced Security Practitioner (CASP+) Exam easily. All of the new CompTIA CASP+ CAS-004 Dumps Questions can assist you in determining your proficiency. You can easily learn everything to ensure that you pass the CompTIA CASP+ CAS-004 test.

These free CAS-004 test questions are just a sample of what we have to offer.

Page 1 of 5

1. A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.

Which of the following scan types will provide the systems administrator with the MOST accurate information?

A passive, credentialed scan

A passive, non-credentialed scan

An active, non-credentialed scan

An active, credentialed scan

2. A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access.

Which of the following system should the engineer consider NEXT to mitigate the associated risks?

DLP

Mail gateway

Data flow enforcement

UTM

3. A security architect is reviewing the following proposed corporate firewall architecture and configuration:

Both firewalls are stateful and provide Layer 7 filtering and routing.

The company has the following requirements:

Web servers must receive all updates via HTTP/S from the corporate network.

Web servers should not initiate communication with the Internet.

Web servers should only connect to preapproved corporate database servers.

Employees’ computing devices should only connect to web services over ports 80 and 443.

Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443

Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443

4. Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal?

MOU

NDA

SLA

ISA

5. Which of the following are risks associated with vendor lock-in? (Choose two.)

The client can seamlessly move data.

The vendor can change product offerings.

The client receives a sufficient level of service.

The client experiences decreased quality of service.

The client can leverage a multicloud approach.

The client experiences increased interoperability.

6. An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.

Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

Deploy a SOAR tool.

Modify user password history and length requirements.

Apply new isolation and segmentation schemes.

Implement decoy files on adjacent hosts.

7. A company is repeatedly being breached by hackers who valid credentials. The company’s Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls.

Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

Implement strict three-factor authentication.

Implement least privilege policies

Switch to one-time or all user authorizations.

Strengthen identify-proofing procedures

8. During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.

Perform ASIC password cracking on the host.

Read the /etc/passwd file to extract the usernames.

Initiate unquoted service path exploits.

Use the UNION operator to extract the database schema.

9. Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Malicious installation of an application; change the MDM configuration to remove application ID 1220.

Resource leak; recover the device for analysis and clean up the local storage.

Impossible travel; disable the device’s account and access while investigating.

Falsified status reporting; remotely wipe the device.

10. A security engineer is hardening a company’s multihomed SFTP server.

When scanning a public-facing network interface, the engineer finds the following ports are open:

22

25

110

137

138

139

445

Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company’s distribution process.

Which of the following would be the BEST solution to harden the system?

Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.

Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.

Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.

Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.

Page 2 of 5

11. A developer implement the following code snippet.

Which of the following vulnerabilities does the code snippet resolve?

SQL inject

Buffer overflow

Missing session limit

Information leakage

12. A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops.

Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

Increased network latency

Unavailable of key escrow

Inability to selected AES-256 encryption

Removal of user authentication requirements

13. A recent data breach stemmed from unauthorized access to an employee’s company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.

Which of the following BEST mitigates inappropriate access and permissions issues?

SIEM

CASB

WAF

SOAR

14. An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Kerberos and TACACS

SAML and RADIUS

OAuth and OpenID

OTP and 802.1X

15. While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

Pay the ransom within 48 hours.

Isolate the servers to prevent the spread.

Notify law enforcement.

Request that the affected servers be restored immediately.

16. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.

Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?

Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance.

Increase the bandwidth for the server that delivers images, use a CDN, change the database to a non-relational database, and split the ten API servers across two load balancers.

Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load.

Serve static-content object storage across different regions, increase the instance size on the managed relational database, and distribute the ten API servers across multiple regions.

17. An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely.

Which of the following features of these devices MOST likely led to this decision? (Select TWO.)

Software-backed keystore

Embedded cryptoprocessor

Hardware-backed public key storage

Support for stream ciphers

Decentralized key management

TPM 2.0 attestation services

18. A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication.

Which of the following technologies would BEST meet this need?

Faraday cage

WPA2 PSK

WPA3 SAE

WEP 128 bit

19. A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company’s managed database, exposing customer information.

The company hosts the application with a CSP utilizing the IaaS model.

Which of the following parties is ultimately responsible for the breach?

The pharmaceutical company

The cloud software provider

The web portal software vendor

The database software vendor

20. An HVAC contractor requested network connectivity permission to remotely support/troubleshoot equipment issues at a company location. Currently, the company does not have a process that allows vendors remote access to the corporate network.

Which of the following solutions represents the BEST course of action to allow the contractor access?

Add the vendor's equipment to the existing network Give the vendor access through the standard corporate VPN

Give the vendor a standard desktop PC to attach the equipment to Give the vendor access through the standard corporate VPN

Establish a certification process for the vendor Allow certified vendors access to the VDI to monitor and maintain the HVAC equipment

Create a dedicated segment with no access to the corporate network Implement dedicated VPN hardware for vendor access

Page 3 of 5

21. A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:

Which of the following meets the budget needs of the business?

Filter ABC

Filter XYZ

Filter GHI

Filter TUV

22. A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

The company will have access to the latest version to continue development.

The company will be able to force the third-party developer to continue support.

The company will be able to manage the third-party developer’s development process.

The company will be paid by the third-party developer to hire a new development team.

23. A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.

Which of the following does the business’s IT manager need to consider?

The availability of personal data

The right to personal data erasure

The company’s annual revenue

The language of the web application

24. A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.

Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

Designing data protection schemes to mitigate the risk of loss due to multitenancy

Implementing redundant stores and services across diverse CSPs for high availability

Emulating OS and hardware architectures to blur operations from CSP view

Purchasing managed FIM services to alert on detected modifications to covered data

25. A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

Create a full inventory of information and data assets.

Ascertain the impact of an attack on the availability of crucial resources.

Determine which security compliance standards should be followed.

Perform a full system penetration test to determine the vulnerabilities.

26. A vulnerability analyst identified a zero-day vulnerability in a company’s internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.

Which of the following would be BEST suited to meet these requirements?

ARF

ISACs

Node.js

OVAL

27. A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

A trusted platform module

A hardware security module

A localized key store

A public key infrastructure

28. A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

Scan the code with a static code analyzer, change privileged user passwords, and provide security training.

Change privileged usernames, review the OS logs, and deploy hardware tokens.

Implement MFA, review the application logs, and deploy a WA

Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

29. An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

Peer-to-peer secure communications enabled by mobile applications

Proxied application data connections enabled by API gateways

Micro segmentation enabled by software-defined networking

VLANs enabled by network infrastructure devices

30. An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications.

The security team has concerns about the following:

Unstructured data being exfiltrated after an employee leaves the organization

Data being exfiltrated as a result of compromised credentials

Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

Mobile device management, remote wipe, and data loss detection

Conditional access, DoH, and full disk encryption

Mobile application management, MFA, and DRM

Certificates, DLP, and geofencing

Page 4 of 5

31. A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.

Which of the following would be the BEST solution against this type of attack?

Wildcard certificates

HSTS

Certificate pinning

32. Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?

Zigbee

CAN

DNP3

Modbus

33. As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver’s licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation.

Which of the following BEST describes this process?

Deepfake

Know your customer

Identity proofing

Passwordless

34. A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

Installing a network firewall

Placing a WAF inline

Implementing an IDS

Deploying a honeypot

35. A cybersecurity analyst discovered a private key that could have been exposed.

Which of the following is the BEST way for the analyst to determine if the key has been compromised?

HSTS

CRL

CSRs

OCSP

36. A company is looking for a solution to hide data stored in databases.

The solution must meet the following requirements:

Be efficient at protecting the production environment

Not require any change to the application

Act at the presentation layer

Which of the following techniques should be used?

Masking

Tokenization

Algorithmic

Random substitution

37. A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.

Which of the following is the MOST likely cause?

The user agent client is not compatible with the WA

A certificate on the WAF is expired.

HTTP traffic is not forwarding to HTTPS to decrypt.

Old, vulnerable cipher suites are still being used.

38. A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.

When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ОТ network?

Packets that are the wrong size or length

Use of any non-DNP3 communication on a DNP3 port

Multiple solicited responses over time

Application of an unsupported encryption algorithm

39. A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.

Which of the following should the security administrator do to mitigate the risk?

Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement.

Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management.

Suggest that the networking team contact the original embedded system’s vendor to get an update to the system that does not require Flash.

Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.

40. A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation’s.

Given the following output:

The penetration testers MOST likely took advantage of:

A TOC/TOU vulnerability

A plain-text password disclosure

An integer overflow vulnerability

A buffer overflow vulnerability

Page 5 of 5

41. A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead.

The network comprises three VLANs:

The security engineer looks at the UTM firewall rules and finds the following:

Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?

Contact the email service provider and ask if the company IP is blocked.

Confirm the email server certificate is installed on the corporate computers.

Make sure the UTM certificate is imported on the corporate computers.

Create an IMAPS firewall rule to ensure email is allowed.

42. A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

Which of the following MOST appropriate corrective action to document for this finding?

The product owner should perform a business impact assessment regarding the ability to implement a WA

The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

The system administrator should evaluate dependencies and perform upgrade as necessary.

The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

43. A security engineer was auditing an organization’s current software development practice and discovered that multiple open-source libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops.

Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Perform additional SAST/DAST on the open-source libraries.

Implement the SDLC security guidelines.

Track the library versions and monitor the CVE website for related vulnerabilities.

Perform unit testing of the open-source libraries.

44. A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.

Which of the following techniques would be BEST suited for this requirement?

Deploy SOAR utilities and runbooks.

Replace the associated hardware.

Provide the contractors with direct access to satellite telemetry data.

Reduce link latency on the affected ground and satellite segments.

45. Which of the following BEST sets expectation between the security team and business units within an organization?

Risk assessment

Memorandum of understanding

Business impact analysis

Business partnership agreement

Services level agreement