Updated Dec-2023 Test Engine to Practice CAS-004 Test Questions
CAS-004 Real Exam Questions Test Engine Dumps Training With 362 Questions
The CASP+ certification is an advanced-level certification that validates the skills and knowledge of experienced IT professionals in the field of cybersecurity. The CAS-004 exam is the latest version of the certification exam and covers a broad range of topics. Passing the exam demonstrates the candidate's expertise in cybersecurity and can lead to career advancement opportunities.
NEW QUESTION # 129
A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.
Which of the following sources could the architect consult to address this security concern?
- A. IEEE
- B. OWASP
- C. SDLC
- D. OVAL
Answer: B
Explanation:
Explanation
OWASP is a resource used to identify attack vectors and their mitigations, OVAL is a vulnerability assessment standard OWASP (Open Web Application Security Project) is a source that the security architect could consult to address the security concern of XSS (cross-site scripting) attacks on a web application that uses a database back end. OWASP is a non-profit organization that provides resources and guidance for improving the security of web applications and services. OWASP publishes the OWASP Top 10 list of common web application vulnerabilities and risks, which includes XSS attacks, as well as recommendations and best practices for preventing or mitigating them. SDLC (software development life cycle) is not a source for addressing XSS attacks, but a framework for developing software in an organized and efficient manner.
OVAL (Open Vulnerability and Assessment Language) is not a source for addressing XSS attacks, but a standard for expressing system configuration information and vulnerabilities. IEEE (Institute of Electrical and Electronics Engineers) is not a source for addressing XSS attacks, but an organization that develops standards for various fields of engineering and technology. Verified References:
https://www.comptia.org/blog/what-is-owasp
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
NEW QUESTION # 130
A security architect is reviewing the following proposed corporate firewall architecture and configuration:
Both firewalls are stateful and provide Layer 7 filtering and routing. The company has the following requirements:
Web servers must receive all updates via HTTP/S from the corporate network.
Web servers should not initiate communication with the Internet.
Web servers should only connect to preapproved corporate database servers.
Employees' computing devices should only connect to web services over ports 80 and 443.
Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)
- A. Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535
- B. Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443
- C. Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443
- D. Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443
- E. Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535
- F. Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535
Answer: D,F
NEW QUESTION # 131
A company's user community is being adversely affected by various types of emails whose authenticity cannot be trusted. The Chief Information Security Officer (CISO) must address the problem.
Which of the following solutions would BEST support trustworthy communication solutions?
- A. Enforcing data classification labels before an email is sent to an outside party.
- B. Enabling SPF and DKIM on company servers.
- C. Enforcing HTTPS everywhere so web traffic, including email, is secure.
- D. Enabling spam filtering and DMARC.
- E. Using MFA when logging into email clients and the domain.
Answer: D
NEW QUESTION # 132
Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:
- A. when it is passed across a local network.
- B. in memory during processing
- C. when it is written to a system's solid-state drive.
- D. by an enterprise hardware security module.
Answer: B
NEW QUESTION # 133
A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.
Which of the following should the company use to prevent data theft?
- A. Watermarking
- B. Access logging
- C. DRM
- D. NDA
Answer: A
NEW QUESTION # 134
A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered dat
a. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.
Which of the following would MOST likely help the company gain consensus to move the data to the cloud?
- A. Emulating OS and hardware architectures to blur operations from CSP view
- B. Implementing redundant stores and services across diverse CSPs for high availability
- C. Designing data protection schemes to mitigate the risk of loss due to multitenancy
- D. Purchasing managed FIM services to alert on detected modifications to covered data
Answer: D
NEW QUESTION # 135
A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:
Which of the following ciphers should the security analyst remove to support the business requirements?
- A. TLS_AES_128_GCM_SHA256
- B. TLS_AES_128_CCM_8_SHA256
- C. TLS_CHACHA20_POLY1305_SHA256
- D. TLS_DHE_DSS_WITH_RC4_128_SHA
Answer: C
NEW QUESTION # 136
A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:
Unauthorized insertions into application development environments
Authorized insiders making unauthorized changes to environment configurations Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)
- A. Continuously monitor code commits to repositories and generate summary logs.
- B. Install an IDS on the development subnet and passively monitor for vulnerable services.
- C. Implement an XML gateway and monitor for policy violations.
- D. Monitor dependency management tools and report on susceptible third-party libraries.
- E. Perform static code analysis of committed code and generate summary reports.
- F. Model user behavior and monitor for deviations from normal.
Answer: A,F
Explanation:
Explanation
Modeling user behavior and monitoring for deviations from normal and continuously monitoring code commits to repositories and generating summary logs are actions that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations. Modeling user behavior and monitoring for deviations from normal is a technique that uses baselines, analytics, machine learning, or other methods to establish normal patterns of user activity and identify anomalies or outliers that could indicate malicious or suspicious behavior. Modeling user behavior and monitoring for deviations from normal can help detect unauthorized insertions into application development environments, as it can alert on unusual or unauthorized access attempts, commands, actions, or transactions by users. Continuously monitoring code commits to repositories and generating summary logs is a technique that uses tools, scripts, automation, or other methods to track and record changes made to code repositories by developers, testers, reviewers, or other parties involved in the software development process. Continuously monitoring code commits to repositories and generating summary logs can help detect authorized insiders making unauthorized changes to environment configurations, as it can audit and verify the source, time, reason, and impact of code changes made by authorized users. Performing static code analysis of committed code and generate summary reports is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, but an action that will enable the data feeds needed to detect vulnerabilities, errors, bugs, or quality issues in committed code. Implementing an XML gateway and monitor for policy violations is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, but an action that will enable the data feeds needed to protect XML-based web services from threats or attacks by validating XML messages against predefined policies. Monitoring dependency management tools and report on susceptible third-party libraries is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, but an action that will enable the data feeds needed to identify outdated or vulnerable third-party libraries used in software development projects. Installing an IDS (intrusion detection system) on the development subnet and passively monitor for vulnerable services is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes
NEW QUESTION # 137
A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.
A security engineer is concerned about the security of the solution and notes the following.
* The critical devise send cleartext logs to the aggregator.
* The log aggregator utilize full disk encryption.
* The log aggregator sends to the analysis server via port 80.
* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.
* The data is compressed and encrypted prior to being achieved in the cloud.
Which of the following should be the engineer's GREATEST concern?
- A. Multinancy and data remnants in the cloud
- B. Hardware vulnerabilities introduced by the log aggregate server
- C. Encryption of data in transit
- D. Network bridging from a remote access VPN
Answer: C
Explanation:
Encryption of data in transit should be the engineer's greatest concern regarding the security of the solution. Data in transit refers to data that is being transferred over a network or between devices. If data in transit is not encrypted, it can be intercepted, modified, or stolen by attackers who can exploit vulnerabilities in the network protocols or devices. The solution in the question sends logs from the critical devices to the aggregator in cleartext and from the aggregator to the analysis server via port 80, which are both insecure methods that expose the data to potential attacks. Verified Reference: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://us-cert.cisa.gov/ncas/tips/ST04-019
NEW QUESTION # 138
The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.
Which of the following testing methods would be BEST for the engineer to utilize in this situation?
- A. Code obfuscation
- B. Static analysis
- C. Dynamic analysis
- D. Software composition analysis
Answer: B
NEW QUESTION # 139
Joe an application security engineer is performing an audit of an environmental control application.
He has implemented a robust SDLC process and is reviewing API calls available to the application.
During the review, Joe finds the following in a log file.
Which of the following would BEST mitigate the issue Joe has found?
- A. Verify the API uses HTTP GET instead of POST
- B. Deploy a WAF in front of the API and implement rate limiting
- C. Perform authentication via a secure channel
- D. Ensure the API uses SNMPv1.
Answer: C
NEW QUESTION # 140
A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.
Which of the following encryption methods should the cloud security engineer select during the implementation phase?
- A. Proxy-based
- B. Instance-based
- C. Storage-based
- D. Array controller-based
Answer: B
NEW QUESTION # 141
To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within Its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?
- A. Implement an ongoing, third-party software and library review and regression testing.
- B. Ensure the third-party library implements the TLS and disable weak ciphers.
- C. Compile third-party libraries into the main code statically instead of using dynamic loading.
- D. Include stable, long-term releases of third-party libraries instead of using newer versions.
Answer: A
Explanation:
Implementing an ongoing, third-party software and library review and regression testing is the best way to maximize risk reduction from vulnerabilities introduced by OpenSSL. Third-party software and libraries are often used by developers to save time and resources, but they may also introduce security risks if they are not properly maintained and updated. By reviewing and testing the third-party software and library regularly, the company can ensure that they are using the latest and most secure version of OpenSSL, and that their proprietary software is compatible and functional with it.
NEW QUESTION # 142
Due to a recent breach, the Chief Executive Officer (CEO) has requested the following activities be conducted during incident response planning:
- Involve business owners and stakeholders
- Create an applicable scenario
- Conduct a biannual verbal review of the incident response plan
- Report on the lessons learned and gaps identified
Which of the following exercises has the CEO requested?
- A. Partial simulation
- B. Tabletop
- C. Full transition
- D. Internal review
- E. Parallel operations
Answer: D
NEW QUESTION # 143
An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Which of the following is MOST likely the root cause?
- A. The client application is configured to use AES-256 in GCM.
- B. The client application is testing PFS.
- C. The client application is configured to use RC4.
- D. The client application is configured to use ECDHE.
Answer: C
Explanation:
TLS 1.3 is a newer version of the SSL/TLS protocol that was designed to improve security and performance. It introduces several new cipher suites and removes support for older cipher suites, such as RC4. If the client application is configured to use RC4, which is not supported in TLS 1.3, it will not be able to establish a secure connection to the server.
NEW QUESTION # 144
A vulnerability assessment endpoint generated a report of the latest findings.
A security analyst needs to review the report and create a priority list of items that must be addressed.
Which of the following should the analyst use to create the list quickly?
- A. CVSS scores
- B. CVE dates
- C. OVAL
- D. Business impact rating
Answer: A
Explanation:
CVSS scores (Common Vulnerability Scoring System) should be used to create a priority list of items that must be addressed. The CVSS is a standardized scoring system that is used to assess the severity of vulnerabilities based on a number of factors, including the impact on confidentiality, integrity, and availability, as well as the ease of exploit and the likelihood of an attack. Vulnerabilities are assigned a score on a scale of 0.0 to 10.0, with higher scores indicating a greater level of severity. By reviewing the CVSS scores of the vulnerabilities identified in the report, the security analyst can quickly determine which ones are the most critical and should be addressed first. Other factors, such as the business impact rating and the potential impact on the organization's operations, may also be taken into account when prioritizing patches.
NEW QUESTION # 145
A technician uses an old SSL server due to budget constraints and discovers performance degrades dramatically after enabling PFS.
The technician cannot determine why performance degraded so dramatically.
A newer version of the SSL server does not suffer the same performance degradation.
Performance rather than security is the main priority for the technician The system specifications and configuration of each system are listed below:
Which of the following is MOST likely the cause of the degradation in performance and should be changed?
- A. Decryption chips
- B. Using ECC
- C. Using RSA
- D. Connection requests
- E. Memory size
- F. Disk size
Answer: C
NEW QUESTION # 146
A security administrator has been tasked with hardening a domain controller against lateral movement attacks.
Below is an output of running services:
Which of the following configuration changes must be made to complete this task?
- A. Stop the Active Directory Web Services service and set the startup type to disabled.
- B. Stop the Print Spooler service and set the startup type to disabled.
- C. Stop the DNS Server service and set the startup type to disabled.
- D. Stop Credential Manager service and leave the startup type to disabled.
Answer: B
Explanation:
Explanation
Stopping the Print Spooler service and setting the startup type to disabled is the best configuration change to harden a domain controller against lateral movement attacks. The Print Spooler service has been known to be vulnerable to remote code execution exploits that can allow attackers to gain access to domain controllers and other sensitive machines. Disabling this service can reduce the attack surface and prevent exploitation attempts.
NEW QUESTION # 147
A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:
Unauthorized insertions into application development environments
Authorized insiders making unauthorized changes to environment configurations
Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)
- A. Model user behavior and monitor for deviations from normal.
- B. Perform static code analysis of committed code and generate summary reports.
- C. Continuously monitor code commits to repositories and generate summary logs.
- D. Install an IDS on the development subnet and passively monitor for vulnerable services.
- E. Implement an XML gateway and monitor for policy violations.
- F. Monitor dependency management tools and report on susceptible third-party libraries.
Answer: B,C
NEW QUESTION # 148
......
Passing the CompTIA CASP+ certification exam requires a deep understanding of complex security concepts and advanced technical skills. IT security professionals who pass the exam will have demonstrated their ability to think critically, implement security solutions, and manage risk. CompTIA Advanced Security Practitioner (CASP+) Exam certification will validate their skills in securing enterprise-level systems and networks, and they will be recognized as experts in the IT security industry.
CAS-004 Actual Questions Answers PDF 100% Cover Real Exam Questions: https://www.prep4sures.top/CAS-004-exam-dumps-torrent.html
CAS-004 Exam questions and answers: https://drive.google.com/open?id=1r-Vx010gsmPUjqJsKOEJ2arLTfHr4Q79