Month End Sale Special - 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: c4sdisc65

CAS-004 PDF

$38.5

$109.99

3 Months Free Update

  • Printable Format
  • Value of Money
  • 100% Pass Assurance
  • Verified Answers
  • Researched by Industry Experts
  • Based on Real Exams Scenarios
  • 100% Real Questions

CAS-004 PDF + Testing Engine

$61.6

$175.99

3 Months Free Update

  • Exam Name: CompTIA Advanced Security Practitioner (CASP+) Exam
  • Last Update: Mar 19, 2023
  • Questions and Answers: 254
  • Free Real Questions Demo
  • Recommended by Industry Experts
  • Best Economical Package
  • Immediate Access

CAS-004 Engine

$46.2

$131.99

3 Months Free Update

  • Best Testing Engine
  • One Click installation
  • Recommended by Teachers
  • Easy to use
  • 3 Modes of Learning
  • State of Art Technology
  • 100% Real Questions included

CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam Questions and Answers

Question # 6

During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

A.

Monitor camera footage corresponding to a valid access request.

B.

Require both security and management to open the door.

C.

Require department managers to review denied-access requests.

D.

Issue new entry badges on a weekly basis.

Full Access
Question # 7

A recent data breach stemmed from unauthorized access to an employee’s company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.

Which of the following BEST mitigates inappropriate access and permissions issues?

A.

SIEM

B.

CASB

C.

WAF

D.

SOAR

Full Access
Question # 8

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

A.

Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.

B.

Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

C.

Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

D.

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’s rating. Report finding units that rely on the suppliers and the various risk teams.

Full Access
Question # 9

During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

A.

Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.

B.

Perform ASIC password cracking on the host.

C.

Read the /etc/passwd file to extract the usernames.

D.

Initiate unquoted service path exploits.

E.

Use the UNION operator to extract the database schema.

Full Access
Question # 10

A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.

Which of the following should the security administrator do to mitigate the risk?

A.

Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement.

B.

Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management.

C.

Suggest that the networking team contact the original embedded system’s vendor to get an update to the system that does not require Flash.

D.

Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.

Full Access
Question # 11

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

A.

Utilize code signing by a trusted third party.

B.

Implement certificate-based authentication.

C.

Verify MD5 hashes.

D.

Compress the program with a password.

E.

Encrypt with 3DES.

F.

Make the DACL read-only.

Full Access
Question # 12

A customer reports being unable to connect to a website at www.test.com to consume services. The customer notices the web application has the following published cipher suite:

CAS-004 question answer

Which of the following is the MOST likely cause of the customer’s inability to connect?

A.

Weak ciphers are being used.

B.

The public key should be using ECDSA.

C.

The default should be on port 80.

D.

The server name should be test.com.

Full Access
Question # 13

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Full Access
Question # 14

A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

CAS-004 question answer

Which of the following MOST appropriate corrective action to document for this finding?

A.

The product owner should perform a business impact assessment regarding the ability to implement a WAF.

B.

The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

C.

The system administrator should evaluate dependencies and perform upgrade as necessary.

D.

The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

Full Access
Question # 15

A company provides guest WiFi access to the internet and physically separates the guest network from the company’s internal WIFI. Due to a recent incident in which an attacker gained access to the compay’s intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

A.

Active Directory OPOs

B.

PKI certificates

C.

Host-based firewall

D.

NAC persistent agent

Full Access
Question # 16

An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization’s headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:

Low latency for all mobile users to improve the users’ experience

SSL offloading to improve web server performance

Protection against DoS and DDoS attacks

High availability

Which of the following should the organization implement to BEST ensure all requirements are met?

A.

A cache server farm in its datacenter

B.

A load-balanced group of reverse proxy servers with SSL acceleration

C.

A CDN with the origin set to its datacenter

D.

Dual gigabit-speed Internet connections with managed DDoS prevention

Full Access
Question # 17

A developer wants to develop a secure external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of

web-application security Which of the following is the BEST option?

A.

ICANN

B.

PCI DSS

C.

OWASP

D.

CSA

E.

NIST

Full Access
Question # 18

Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

A.

Key sharing

B.

Key distribution

C.

Key recovery

D.

Key escrow

Full Access
Question # 19

A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:

Support all phases of the SDLC.

Use tailored website portal software.

Allow the company to build and use its own gateway software.

Utilize its own data management platform.

Continue using agent-based security tools.

Which of the following cloud-computing models should the CIO implement?

A.

SaaS

B.

PaaS

C.

MaaS

D.

IaaS

Full Access
Question # 20

A security is assisting the marketing department with ensuring the security of the organization’s social media platforms. The two main concerns are:

The Chief marketing officer (CMO) email is being used department wide as the username

The password has been shared within the department

Which of the following controls would be BEST for the analyst to recommend?

A.

Configure MFA for all users to decrease their reliance on other authentication.

B.

Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.

C.

Create multiple social media accounts for all marketing user to separate their actions.

D.

Ensue the password being shared is sufficiently and not written down anywhere.

Full Access
Question # 21

A company has moved its sensitive workloads lo the cloud and needs to ensure high availability and resiliency of its web-based application. The cloud architecture team was given the following requirements

• The application must run at 70% capacity at all times

• The application must sustain DoS and DDoS attacks.

• Services must recover automatically.

Which of the following should the cloud architecture team implement? (Select THREE).

A.

Read-only replicas

B.

BCP

C.

Autoscaling

D.

WAF

E.

CDN

F.

Encryption

G.

Continuous snapshots

Full Access
Question # 22

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.

Which of the following commands should the analyst run to BEST determine whether financial data was lost?

CAS-004 question answer

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 23

An administrator at a software development company would like to protect the integrity Of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?

A.

The NTP server is set incorrectly for the developers.

B.

The CA has included the certificate in its CRL_

C.

The certificate is set for the wrong key usage.

D.

Each application is missing a SAN or wildcard entry on the certificate.

Full Access
Question # 24

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.

Which of the following will MOST likely secure the data on the lost device?

A.

Require a VPN to be active to access company data.

B.

Set up different profiles based on the person’s risk.

C.

Remotely wipe the device.

D.

Require MFA to access company applications.

Full Access
Question # 25

An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment.

Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?

A.

Migrating operations assumes the acceptance of all risk.

B.

Cloud providers are unable to avoid risk.

C.

Specific risks cannot be transferred to the cloud provider.

D.

Risks to data in the cloud cannot be mitigated.

Full Access
Question # 26

A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.

Which of the following would be the BEST solution against this type of attack?

A.

Cookies

B.

Wildcard certificates

C.

HSTS

D.

Certificate pinning

Full Access
Question # 27

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

The technician will define this threat as:

A.

a decrypting RSA using obsolete and weakened encryption attack.

B.

a zero-day attack.

C.

an advanced persistent threat.

D.

an on-path attack.

Full Access
Question # 28

A company wants to improve Its active protection capabilities against unknown and zero-day malware. Which of the following Is the MOST secure solution?

A.

NIDS

B.

Application allow list

C.

Sandbox detonation

D.

Endpoint log collection

E.

HIDS

Full Access
Question # 29

Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.

Based on RPO requirements, which of the following recommendations should the management team make?

A.

Leave the current backup schedule intact and pay the ransom to decrypt the data.

B.

Leave the current backup schedule intact and make the human resources fileshare read-only.

C.

Increase the frequency of backups and create SIEM alerts for IOCs.

D.

Decrease the frequency of backups and pay the ransom to decrypt the data.

Full Access
Question # 30

A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.

Which of the following systems should the consultant review before making a recommendation?

A.

CAN

B.

ASIC

C.

FPGA

D.

SCADA

Full Access
Question # 31

An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

CAS-004 question answer

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

A.

Password cracker

B.

Port scanner

C.

Account enumerator

D.

Exploitation framework

Full Access
Question # 32

A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

A.

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

B.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

C.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

D.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

Full Access
Question # 33

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

A.

laaS

B.

SaaS

C.

FaaS

D.

PaaS

Full Access
Question # 34

A forensic investigator would use the foremost command for:

A.

cloning disks.

B.

analyzing network-captured packets.

C.

recovering lost files.

D.

extracting features such as email addresses

Full Access
Question # 35

A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.

Which of the following would BEST safeguard the APIs? (Choose two.)

A.

Bot protection

B.

OAuth 2.0

C.

Input validation

D.

Autoscaling endpoints

E.

Rate limiting

F.

CSRF protection

Full Access
Question # 36

A vulnerability analyst identified a zero-day vulnerability in a company’s internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.

Which of the following would be BEST suited to meet these requirements?

A.

ARF

B.

ISACs

C.

Node.js

D.

OVAL

Full Access
Question # 37

An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed.

Which of the following side-channel attacks did the team use?

A.

Differential power analysis

B.

Differential fault analysis

C.

Differential temperature analysis

D.

Differential timing analysis

Full Access
Question # 38

A threat analyst notices the following URL while going through the HTTP logs.

CAS-004 question answer

Which of the following attack types is the threat analyst seeing?

A.

SQL injection

B.

CSRF

C.

Session hijacking

D.

XSS

Full Access