Feb-2022 CompTIA CAS-004 Certification Real 2022 Mock Exam
CAS-004 Exam Questions and Valid PMP Dumps PDF
CompTIA CAS-004 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
| Topic 5 |
|
| Topic 6 |
|
| Topic 7 |
|
NEW QUESTION 62
An organization wants to perform a scan of all its systems against best practice security configurations.
Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.)
- A. CPE
- B. CVSS
- C. CVE
- D. OVAL
- E. ARF
- F. XCCDF
Answer: D,F
NEW QUESTION 63
A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer's laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.
Which of the following solutions should the security architect recommend?
- A. Implement a deny list feature on the endpoints.
- B. Add a firewall module on the current antivirus solution.
- C. Replace the current antivirus with an EDR solution.
- D. Remove the web proxy and install a UTM appliance.
Answer: A
NEW QUESTION 64
A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.
Which of the following would be the BEST solution against this type of attack?
- A. Wildcard certificates
- B. HSTS
- C. Cookies
- D. Certificate pinning
Answer: B
NEW QUESTION 65
A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.
Which of the following should be the analyst's FIRST action?
- A. Perform a full system penetration test to determine the vulnerabilities.
- B. Ascertain the impact of an attack on the availability of crucial resources.
- C. Create a full inventory of information and data assets.
- D. Determine which security compliance standards should be followed.
Answer: D
NEW QUESTION 66
A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.
Which of the following sources could the architect consult to address this security concern?
- A. OWASP
- B. IEEE
- C. SDLC
- D. OVAL
Answer: D
NEW QUESTION 67
A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?
- A. Single-tenancy SaaS
- B. Multinency SaaS
- C. Community cloud service model
- D. On-premises cloud service model
Answer: C
NEW QUESTION 68
A company is preparing to deploy a global service.
Which of the following must the company do to ensure GDPR compliance? (Choose two.)
- A. Inform users regarding what data is stored.
- B. Grant data access to third parties.
- C. Provide opt-in/out for marketing messages.
- D. Provide data deletion capabilities.
- E. Provide optional data encryption.
- F. Provide alternative authentication techniques.
Answer: A,C
NEW QUESTION 69
Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.
Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?
- A. Implement rate limiting on the API.
- B. Implement OAuth 2.0 on the API.
- C. Implement input validation on the API.
- D. Implement geoblocking on the WAF.
Answer: B
NEW QUESTION 70
A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.
Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?
- A. Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.
- B. Change privileged usernames, review the OS logs, and deploy hardware tokens.
- C. Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
- D. Implement MFA, review the application logs, and deploy a WAF.
Answer: A
NEW QUESTION 71
During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.
Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?
- A. Perform ASIC password cracking on the host.
- B. Use the UNION operator to extract the database schema.
- C. Spawn a shell using sudo and an escape string such as sudo vim -c '!sh'.
- D. Initiate unquoted service path exploits.
- E. Read the /etc/passwd file to extract the usernames.
Answer: E
NEW QUESTION 72
The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership. Which of the follow would MOST likely be used?
- A. MOU
- B. SLA
- C. OLA
- D. NDA
Answer: A
NEW QUESTION 73
An organization is implementing a new identity and access management architecture with the following objectives:
Supporting MFA against on-premises infrastructure
Improving the user experience by integrating with SaaS applications
Applying risk-based policies based on location
Performing just-in-time provisioning
Which of the following authentication protocols should the organization implement to support these requirements?
- A. SAML and RADIUS
- B. OAuth and OpenID
- C. OTP and 802.1X
- D. Kerberos and TACACS
Answer: D
NEW QUESTION 74
A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.
Which of the following does the business's IT manager need to consider?
- A. The language of the web application
- B. The availability of personal data
- C. The company's annual revenue
- D. The right to personal data erasure
Answer: D
NEW QUESTION 75
A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.
Which of the following techniques will MOST likely meet the business's needs?
- A. Implementing steganography
- B. Performing deep-packet inspection of all digital audio files
- C. Purchasing and installing a DRM suite
- D. Adding identifying filesystem metadata to the digital audio files
Answer: A
NEW QUESTION 76
A health company has reached the physical and computing capabilities in its datacenter, but the computing demand continues to increase. The infrastructure is fully virtualized and runs custom and commercial healthcare application that process sensitive health and payment information. Which of the following should the company implement to ensure it can meet the computing demand while complying with healthcare standard for virtualization and cloud computing?
- A. Private SaaS solution in a single tenancy cloud.
- B. SaaS solution in a community cloud
- C. Pass solution in a multinency cloud
- D. Hybrid IaaS solution in a single-tenancy cloud
Answer: A
NEW QUESTION 77
An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment.
Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?
- A. Specific risks cannot be transferred to the cloud provider.
- B. Migrating operations assumes the acceptance of all risk.
- C. Risks to data in the cloud cannot be mitigated.
- D. Cloud providers are unable to avoid risk.
Answer: A
NEW QUESTION 78
A company hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements:
The credentials used to publish production software to the container registry should be stored in a secure location.
Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.
Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?
- A. TPM
- B. Key vault
- C. MFA
- D. Local secure password file
Answer: A
NEW QUESTION 79
A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?
- A. Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.
- B. Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.
- C. Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.
- D. Create an SLA for each application that states when the application will come back online and distribute this information to the business units.
Answer: C
NEW QUESTION 80
During a remodel, a company's computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.
Which of the following processes would BEST satisfy this requirement?
- A. Require department managers to review denied-access requests.
- B. Monitor camera footage corresponding to a valid access request.
- C. Issue new entry badges on a weekly basis.
- D. Require both security and management to open the door.
Answer: B
NEW QUESTION 81
Which of the following are risks associated with vendor lock-in? (Choose two.)
- A. The client can seamlessly move data.
- B. The vendor can change product offerings.
- C. The client can leverage a multicloud approach.
- D. The client receives a sufficient level of service.
- E. The client experiences increased interoperability.
- F. The client experiences decreased quality of service.
Answer: B,F
NEW QUESTION 82
......
CompTIA CASP+ Exam Certification Details:
| Exam Code | CAS-004 |
| Schedule Exam | CompTIA Marketplace Pearson VUE |
| Books / Training | CASP+ CAS-004 |
| Passing Score | Pass / Fail |
| Sample Questions | CompTIA CASP+ Sample Questions |
| Number of Questions | 90 |
| Duration | 165 mins |
| Exam Name | CompTIA Advanced Security Practitioner (CASP+) |
CAS-004 Question Bank: Free PDF Download Recently Updated Questions: https://www.torrentexam.com/CAS-004-exam-latest-torrent.html
CAS-004 Brain Dump: A Study Guide with Tips & Tricks for passing Exam: https://drive.google.com/open?id=1b_4OGUr18BjPys9dFBoeUXXcUthDfMiJ
