CompTIA CompTIA Advanced Security Practitioner CAS-004 Questions & Answers

• Question 1:

  A security analyst received a report that a suspicious flash drive was picked up in the office's waiting area, located beyond the secured door. The analyst investigated the drive and found malware designed to harvest and transmit credentials. Security cameras in the area where the flash drive was discovered showed a vendor representative dropping the drive. Which of the following should the analyst recommend as an additional way to identify anyone who enters the building, in the event the camera system fails?

  A. Employee badge logs

  B. Phone call logs

  C. Vehicle registration logs

  D. Visitor logs

  Correct Answer: D

• Question 2:

  A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written. Which of the following methods should the company use?

  A. SAST

  B. DAST

  C. Fuzz testing

  D. Intercepting proxy

  Correct Answer: A

• Question 3:

  A security architect examines a section of code and discovers the following:

  1.

  char username[20]

  2.

  char password[20]

  3.

  gets(username)

  4.

  checkUserExists(username)

  Which of the following changes should the security architect require before approving the code for release?

  A. Allow only alphanumeric characters for the username.

  B. Make the password variable longer to support more secure passwords.

  C. Prevent more than 20 characters from being entered.

  D. Add a password parameter to the checkUserExists function.

  Correct Answer: C

  The code snippet provided is vulnerable to a buffer overflow attack due to the use of the gets function, which does not limit the input size. This can lead to memory corruption and potential security vulnerabilities. By ensuring that no more than 20 characters are entered, the code can prevent buffer overflow attacks, thus mitigating a significant security risk.

• Question 4:

  A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process. Which of the following presents the most risk to the development life cycle and to the ability to deliver the security tool on time?

  A. Deep learning language barriers

  B. Big Data processing required for maturity

  C. Secure, multiparty computation requirements

  D. Computing capabilities available to the developer

  Correct Answer: B

• Question 5:

  An IT director is working on a solution to meet the challenge of remotely managing laptop devices and securely locking them down. The solution must meet the following requirements:

  1.

  Cut down on patch management.

  2.

  Make use of standard configurations.

  3.

  Allow for custom resource configurations.

  4.

  Provide access to the enterprise system from multiple types of devices.

  Which of the following would meet these requirements?

  A. MDM

  B. Emulator

  C. Hosted hypervisor

  D. VDI

  Correct Answer: D

  Cut down on patch management: With VDI, the virtual desktops are managed centrally. Patches and updates can be applied to the master image, which then gets propagated to all virtual desktops. This significantly reduces the complexity and workload of patch management. Standard configurations: VDI allows for the deployment of standardized desktop images, ensuring consistency across all user desktops. Allow for custom resource configurations: VDI can be configured to allocate different levels of resources (CPU, memory, storage) based on the needs of different users or groups. Provide access to the enterprise system from multiple types of devices: Users can access their virtual desktops from various devices, including laptops, tablets, and smartphones, as long as they have a network connection.

• Question 6:

  Which of the following provides the best solution for organizations that want to securely back up the MFA seeds for its employees in a central, offline location with minimal management overhead?

  A. Key escrow service

  B. Secrets management

  C. Encrypted database

  D. Hardware security module

  Correct Answer: D

  An HSM provides a highly secure method for storing and managing cryptographic keys and other sensitive data, including MFA seeds. HSMs are designed to be tamper-resistant and are capable of securely generating, storing, and backing up cryptographic keys in an offline environment. Once configured, HSMs require minimal management overhead and provide robust security features, including physical security, to protect the stored data.

• Question 7:

  An internal security audit determines that Telnet is currently being used within the environment to manage network switches. Which of the following tools should be utilized to identify credentials in plaintext that are used to log in to these devices?

  A. Fuzzer

  B. Network traffic analyzer

  C. HTTP interceptor

  D. Port scanner

  E. Password cracker

  Correct Answer: B

  A network traffic analyzer (also known as a packet sniffer or protocol analyzer) captures and inspects the data packets traveling over the network. Since Telnet transmits data, including credentials, in plaintext, a network traffic analyzer can be used to capture the packets containing the login credentials as they are sent over the network. Tools like Wireshark are commonly used for this purpose and can help identify and analyze the plaintext credentials.

• Question 8:

  A Chief Information Security Officer (CISO) received a call from the Chief Executive Officer (CEO) about a data breach from the SOC lead around 9:00 a.m. At 10:00 a.m. The CEO informs the CISO that a breach of the firm is being reported on national news. Upon investigation, it is determined that a network administrator has reached out to a vendor prior to the breach for information on a security patch that failed to be installed. Which of the following should the CISO do to prevent this from happening again?

  A. Properly triage events based on brand imaging and ensure the CEO is on the call roster.

  B. Create an effective communication plan and socialize it with all employees.

  C. Send out a press release denying the breach until more information can be obtained.

  D. Implement a more robust vulnerability identification process.

  Correct Answer: B

• Question 9:

  Before launching a new web application, an organization would like to perform security testing. Which of the following resources should the organization use to determine the objectives for the test?

  A. CASB

  B. SOAR

  C. OWASP

  D. ISAC

  Correct Answer: C

• Question 10:

  A security team is creating tickets to track the progress of remediation. Which of the following is used to specify the due dates for high- and critical-priority findings?

  A. MSA

  B. SLA

  C. ISA

  D. MOU

  Correct Answer: B