CompTIA CAS-004 Real Exam Questions
The questions for CAS-004 were last updated at Nov 21,2024.
- Exam Code: CAS-004
- Exam Name: CompTIA Advanced Security Practitioner (CASP+) Exam
- Certification Provider: CompTIA
- Latest update: Nov 21,2024
A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.
The technician will define this threat as:
- A . a decrypting RSA using obsolete and weakened encryption attack.
- B . a zero-day attack.
- C . an advanced persistent threat.
- D . an on-path attack.
Documents downloaded from websites must be scanned for malware.
Which of the following solutions should the network architect implement to meet the requirements?
- A . Reverse proxy, stateful firewalls, and VPNs at the local sites
- B . IDSs, WAFs, and forward proxy IDS
- C . DoS protection at the hub site, mutual certificate authentication, and cloud proxy
- D . IPSs at the hub, Layer 4 firewalls, and DLP
A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization.
Which of the following actions would BEST resolve the issue? (Choose two.)
- A . Conduct input sanitization.
- B . Deploy a SIEM.
- C . Use containers.
- D . Patch the OS
- E . Deploy a WAF.
- F . Deploy a reverse proxy
- G . Deploy an IDS.
An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.
Which of the following historian server locations will allow the business to get the required reports in an ОТ and IT environment?
- A . In the ОТ environment, use a VPN from the IT environment into the ОТ environment.
- B . In the ОТ environment, allow IT traffic into the ОТ environment.
- C . In the IT environment, allow PLCs to send data from the ОТ environment to the IT environment.
- D . Use a screened subnet between the ОТ and IT environments.
A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.
Which of the following is the BEST solution to meet these objectives?
- A . Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
- B . Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
- C . Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.
- D . Implement EDR, keep users in the local administrators group, and enable user behavior analytics.
A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.
Which of the following techniques would be BEST suited for this requirement?
- A . Deploy SOAR utilities and runbooks.
- B . Replace the associated hardware.
- C . Provide the contractors with direct access to satellite telemetry data.
- D . Reduce link latency on the affected ground and satellite segments.
A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.
Which of the following sources could the architect consult to address this security concern?
- A . SDLC
- B . OVAL
- C . IEEE
- D . OWASP
While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.
Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?
- A . Pay the ransom within 48 hours.
- B . Isolate the servers to prevent the spread.
- C . Notify law enforcement.
- D . Request that the affected servers be restored immediately.
A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option.
Which of the following is the BEST solution for this company?
- A . Community cloud service model
- B . Multinency SaaS
- C . Single-tenancy SaaS
- D . On-premises cloud service model
A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.
After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?
- A . Protecting
- B . Permissive
- C . Enforcing
- D . Mandatory