CompTIA CAS-004 Real Exam Questions
The questions for CAS-004 were last updated at Nov 21,2024.
- Exam Code: CAS-004
- Exam Name: CompTIA Advanced Security Practitioner (CASP+) Exam
- Certification Provider: CompTIA
- Latest update: Nov 21,2024
A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead.
The network comprises three VLANs:
The security engineer looks at the UTM firewall rules and finds the following:
Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?
- A . Contact the email service provider and ask if the company IP is blocked.
- B . Confirm the email server certificate is installed on the corporate computers.
- C . Make sure the UTM certificate is imported on the corporate computers.
- D . Create an IMAPS firewall rule to ensure email is allowed.
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.
Based on RPO requirements, which of the following recommendations should the management team make?
- A . Leave the current backup schedule intact and pay the ransom to decrypt the data.
- B . Leave the current backup schedule intact and make the human resources fileshare read-only.
- C . Increase the frequency of backups and create SIEM alerts for IOCs.
- D . Decrease the frequency of backups and pay the ransom to decrypt the data.