CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 121:

  A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?

  A. ocsp

  B. CRL

  C. SAN

  D. CA

  Correct Answer: C

  The administrator should use SAN certificates to support multiple domain names while minimizing the amount of certificates needed. SAN stands for Subject Alternative Name, which is an extension of a certificate that allows it to include multiple fully-qualified domain names (FQDNs) within the same certificate. For example, a SAN certificate can secure www.example.com, www.example.net, and mail.example.org with one certificate. SAN certificates can reduce the cost and complexity of managing multiple certificates for different domains. SAN certificates can also support wildcard domains, such as *.example.com, which can cover any subdomain under that domain. Verified References: https://www.techtarget.com/searchsecurity/definition/Subject-Alternative-Name https://www.techtarget.com/searchsecurity/definition/wildcard-certificate https://www.nexcess.net/help/what-is-a-multi-domain-ssl-certificate/

• Question 122:

  A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:

  1.

  Maintain customer trust

  2.

  Minimize data leakage

  3.

  Ensure non-repudiation

  Which of the following would be the BEST set of recommendations from the security architect?

  A. Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.

  B. Disable file exchange, enable watermarking, and enable the user authentication requirement.

  C. Enable end-to-end encryption, disable video recording, and disable file exchange.

  D. Enable watermarking, enable the user authentication requirement, and disable video recording.

  Correct Answer: A

  Verified References: https://www.rev.com/blog/marketing/follow-these-7-video-conferencing-security-best-practices https://www.paloaltonetworks.com/blog/2020/04/network-video-conferencing- security/ https://www.megameeting.com/news/best-practices-secure-video-conferencing/

• Question 123:

  Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

  A. Determine the optimal placement of hot/warm sites within the enterprise architecture.

  B. Create new processes for identified gaps in continuity planning.

  C. Establish new staff roles and responsibilities for continuity of operations.

  D. Assess the effectiveness of documented processes against a realistic scenario.

  Correct Answer: D

• Question 124:

  A security researcher detonated some malware in a lab environment and identified the following commands running from the EDR tool:

  

  With which of the following MITRE ATTandCK TTPs is the command associated? (Select TWO).

  A. Indirect command execution

  B. OS credential dumping

  C. Inhibit system recovery

  D. External remote services

  E. System information discovery

  F. Network denial of service

  Correct Answer: BE

  OS credential dumping is the process of obtaining account login and password information, normally in the form of a hash or a clear text password, from the operating system and software. System information discovery is the process of

  gathering information about the system, such as hostname, IP address, OS version, running processes, etc. Both of these techniques are commonly used by adversaries to gain access to sensitive data and resources on the target system.

  The command shown in the image is using Mimikatz, a tool that can dump credentials from memory, and also querying the system information using WMIC.

  Verified References:

  https://attack.mitre.org/techniques/T1003/

  https://attack.mitre.org/techniques/T1082/

  https://github.com/gentilkiwi/mimikatz

  https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmic

• Question 125:

  A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:

  1.

  www.mycompany.org

  2.

  www.mycompany.com

  3.

  campus.mycompany.com

  4.

  wiki. mycompany.org

  The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

  A. Purchase one SAN certificate.

  B. Implement self-signed certificates.

  C. Purchase one certificate for each website.

  D. Purchase one wildcard certificate.

  Correct Answer: A

• Question 126:

  A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor-effective way possible. Which of the following will the developer MOST likely implement?

  A. Certificate chain

  B. Root CA

  C. Certificate pinning

  D. CRL

  E. OCSP

  Correct Answer: B

  The developer would most likely implement a Root CA in the autonomous vehicle's software. A Root CA is the top-level authority in a PKI that issues and validates certificates for subordinate CAs or end entities. A Root CA can be self-signed

  and embedded in the vehicle's software, which would reduce the need for external communication and verification. A Root CA would also enable the vehicle to use digital signatures and encryption for secure communication with other vehicles

  or infrastructure. Verified References:

  https://cse.iitkgp.ac.in/~abhij/publications/PKI++.pdf https://www.digicert.com/blog/connected-cars-need-security-use-pki https://ieeexplore.ieee.org/document/9822667/

• Question 127:

  The Chief Information Security Officer (CISO) is working with a new company and needs a legal "document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

  A. SLA

  B. ISA

  C. Permissions and access

  D. Rules of engagement

  Correct Answer: D

  Rules of engagement are legal documents that should be signed by all parties involved in an assessment to ensure they understand their roles and responsibilities. Rules of engagement define the scope, objectives, methods, deliverables,

  limitations, and expectations of an assessment project. They also specify the legal and ethical boundaries, communication channels, escalation procedures, and reporting formats for the assessment. Rules of engagement help to avoid

  misunderstandings, conflicts, or liabilities during or after an assessment.

  References: [CompTIA CASP+ Study Guide, Second Edition, page 34]

• Question 128:

  An organization mat provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of sell-healing that includes monitoring performance and available resources. When me system detects an issue, the self-healing process is supposed to restart pans of me software.

  During the incident, when me self-healing system attempted to restart the services, available disk space on the data drive to restart all the services was inadequate. The self- healing system did not detect that some services did not fully restart and declared me system as fully operational. Which of the following BEST describes me reason why the silent failure occurred?

  A. The system logs rotated prematurely.

  B. The disk utilization alarms are higher than what me service restarts require.

  C. The number of nodes in me self-healing cluster was healthy,

  D. Conditional checks prior to the service restart succeeded.

  Correct Answer: D

• Question 129:

  A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways:

  1.

  Five numerical digits followed by a dash, followed by four numerical digits; or

  2.

  Five numerical digits

  When one of these IOCs is identified, the online process stops working. Which of the following regular expressions should be implemented in the NIPS?

  A. ^\d{4}(-\d{5})?$

  B. ^\d{5}(-\d{4})?$

  C. ^\d{5-4}$

  D. ^\d{9}$

  Correct Answer: B

• Question 130:

  A cloud security architect has been tasked with finding a solution for hardening VMS. The solution must meet the following requirements:

  1.

  Data needs to be stored outside of the VMS.

  2.

  No unauthorized modifications to the VMS are allowed

  3.

  If a change needs to be done, a new VM needs to be deployed.

  Which of the following is the BEST solution?

  A. Immutable system

  B. Data loss prevention

  C. Storage area network

  D. Baseline template

  Correct Answer: A

  An immutable system is a system that does not change after it is deployed. Any changes or updates are done by creating a new system from a common image or template and replacing the old one. An immutable system meets the

  requirements of storing data outside of the VMs, preventing unauthorized modifications to the VMs, and deploying a new VM if a change needs to be done. An immutable system can improve the security, reliability, and consistency of the VMs

  by avoiding configuration drift, human errors, or malicious tampering. An immutable system can also simplify the deployment process and enable faster recovery from failures.

  Verified References:

  https://cloudinfrastructureservices.co.uk/vm-types-for-devops-pets-vs-cattle-vs-immutable/

  https://www.digitalocean.com/community/tutorials/what-is-immutable-infrastructure