CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 111:

  An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?

  A. Use over-the-air updates to replace the private key

  B. Manufacture a new loT device with a redesigned SoC

  C. Replace the public portion of the loT key on its servers

  D. Release a patch for the SoC software

  Correct Answer: B

  If the asymmetric private key defined in the write-once read-many (WORM) portion of the System on Chip (SoC) is compromised, the IoT device manufacturer cannot simply replace or update the key through software changes due to the nature of WORM memory. The compromised key would necessitate the production of a new IoT device with a redesigned SoC that includes a new, secure private key. This is because the integrity of the encryption module is fundamental to the device's security, and a compromised key cannot be allowed to persist in the hardware.

• Question 112:

  A hospital has fallen behind with patching known vulnerabilities due to concerns that patches may cause disruptions in the availability of data and impact patient care. The hospital does not have a tracking solution in place to audit whether systems have been updated or to track the length of time between notification of the weakness and patch completion Since tracking is not in place the hospital lacks accountability with regard to who is responsible for these activities and the timeline of patching efforts. Which of the following should the hospital do first to mitigate this risk?

  A. Complete a vulnerability analysis

  B. Obtain guidance from the health ISAC

  C. Purchase a ticketing system for auditing efforts

  D. Ensure CVEs are current

  E. Train administrators on why patching is important

  Correct Answer: A

  The first step in mitigating the risk associated with delayed patching is to conduct a vulnerability analysis. This process involves identifying, categorizing, and assessing the vulnerabilities within the hospital's IT infrastructure. By understanding the specific vulnerabilities and their potential impact on patient care and data availability, the hospital can prioritize patching efforts effectively and develop a strategy that minimizes disruptions while ensuring critical systems remain secure.

• Question 113:

  A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee's personal device has been set up to access company resources and does not comply with standard security controls. Which of the following should the security engineer recommend to reduce the risk of future reoccurrence?

  A. Require device certificates to access company resources.

  B. Enable MFA at the organization's SSO portal.

  C. Encrypt all workstation hard drives.

  D. Hide the company wireless SSID.

  Correct Answer: A

  To reduce the risk of unauthorized devices accessing company resources, requiring device certificates is an effective control. Device certificates can be used to authenticate devices before they are allowed to connect to the network and access resources, ensuring that only devices with a valid certificate, which are typically managed and issued by the organization, can connect.

• Question 114:

  The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold. Which of the following actions should the organization take to comply with the request?

  A. Preserve all communication matching the requested search terms

  B. Block communication with the customer while litigation is ongoing

  C. Require employees to be trained on legal record holds

  D. Request that all users do not delete any files

  Correct Answer: A

  When a legal records hold is issued, the organization is required to preserve all documents and communications that may relate to the litigation. This includes emails, files, and any other form of communication that contains the requested

  search terms. It is a process of ensuring that this information is not deleted, altered, or otherwise tampered with.

• Question 115:

  After a server was compromised an incident responder looks at log files to determine the attack vector that was used The incident responder reviews the web server log files from the time before an unexpected SSH session began:

  

  Which of the following is the most likely vulnerability that was exploited based on the log files?

  A. Directory traversal revealed the hashed SSH password, which was used to access the server.

  B. A SQL injection was used during the ordering process to compromise the database server

  C. The root password was easily guessed and used as a parameter lo open a reverse shell

  D. An outdated third-party PHP plug-in was vulnerable to a known remote code execution

  Correct Answer: A

  The logs indicate a directory traversal attempt (/../..//.etc/shadow), which is a type of attack that exploits insufficient security validation/sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs. The /etc/shadow file on Unix systems contains password hashes. If an attacker successfully exploited this vulnerability, they could potentially access the hashed SSH password. This information could then be used to gain unauthorized access to the server if the hash was cracked.

• Question 116:

  A security engineer needs to select the architecture for a cloud database that will protect an organization's sensitive data. The engineer has a choice between a single-tenant or a multitenant database architecture offered by a cloud vendor. Which of the following best describes the security benefits of the single-tenant option? (Select two).

  A. Most cost-effective

  B. Ease of backup and restoration

  C. High degree of privacy

  D. Low resilience to side-channel attacks

  E. Full control and ability to customize

  F. Increased geographic diversity

  Correct Answer: CE

  Single-tenant architectures provide a dedicated environment for each client, which enhances data privacy since the resources are not shared with other tenants. This isolation minimizes the risk of data leakage or interference from other tenants, offering a high degree of privacy. Additionally, single-tenancy allows for full control over the database environment, including customization options tailored to specific security requirements or compliance needs, which is not always possible in a multi-tenant architecture.

• Question 117:

  A SOC analyst received an alert about a potential compromise and is reviewing the following SIEM logs:

  

  Which of the following is the most appropriate action for the SOC analyst to recommend?

  A. Disabling account JDoe to prevent further lateral movement

  B. Isolating laptop314 from the network

  C. Alerting JDoe about the potential account compromise

  D. Creating HIPS and NIPS rules to prevent logins

  Correct Answer: B

  The SIEM logs indicate suspicious behavior that could be a sign of a compromise, such as the launching of cmd.exe after Outlook.exe, which is atypical user behavior and could indicate that a machine has been compromised to perform lateral movement within the network. Isolating laptop314 from the network would contain the threat and prevent any potential spread to other systems while further investigation takes place.

• Question 118:

  An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?

  A. SLA

  B. ISA

  C. NDA

  D. MOU

  Correct Answer: B

  An ISA, or interconnection security agreement, is a document that should be required to set up a dedicated VPN between two entities that provide specialized help desk services. An ISA defines the technical and security requirements for

  establishing, operating, and maintaining a secure connection between two or more organizations. An ISA also specifies the roles and responsibilities of each party, the security controls and policies to be implemented, the data types and

  classifications to be exchanged, and the incident response procedures to be followed.

  References: [CompTIA CASP+ Study Guide, Second Edition, page 36]

• Question 119:

  Which of the following is a risk associated with SDN?

  A. Expanded attack surface

  B. Increased hardware management costs

  C. Reduced visibility of scaling capabilities

  D. New firmware vulnerabilities

  Correct Answer: A

  A risk associated with SDN is the expanded attack surface that it introduces. SDN is a network architecture that decouples the control plane from the data plane, allowing centralized and programmable management of network devices and traffic. However, this also exposes new attack vectors and vulnerabilities that can compromise the security and performance of the network. For example, an attacker can target the SDN controller, which is the core component that communicates with and controls the network devices. A successful attack on the SDN controller can result in denial of service, unauthorized access, data leakage, or network hijacking. An attacker can also exploit the communication channels between the SDN controller and the network devices, such as the OpenFlow protocol, to intercept, modify, or inject malicious messages or commands. Additionally, an attacker can leverage malicious or compromised applications that run on top of the SDN controller to manipulate or disrupt the network behavior. Verified References: https://www.isaca.org/resources/isaca-journal/issues/2016/volume-4/benefits-and- the-security-risk-of-software-defined-networking https://link.springer.com/article/10.1007/s40860-022-00171-8

• Question 120:

  A large organization is planning to migrate from on premises to the cloud. The Chief Information Security Officer (CISO) is concerned about security responsibilities. If the company decides to migrate to the cloud, which of the following describes who is responsible for the security of the new physical datacenter?

  A. Third-party assessor

  B. CSP

  C. Organization

  D. Shared responsibility

  Correct Answer: B

  In cloud computing models, the security of the physical data center is the responsibility of the Cloud Service Provider (CSP). The CSP is responsible for protecting the infrastructure that runs all of the services offered in the cloud, which includes the physical security of the data center.