CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 181:

  A mobile administrator is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are applied to managed devices: Which of the following mobile configuration settings is the mobile administrator verifying?

  

  A. Service set identifier authentication

  B. Wireless network auto joining

  C. 802.1X with mutual authentication

  D. Association MAC address randomization

  Correct Answer: D

• Question 182:

  A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port. The service cannot be turned off, as it would impact a critical application's ability to function. Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited?

  A. service --status-all | grep ftpd

  B. chkconfig --list

  C. netstat --tulpn

  D. systemctl list-unit-file --type service ftpd

  E. service ftpd status

  Correct Answer: C

  -t : Display TCP connections.

  -u : Display UDP connections.

  -l : Display listening socket (services).

  -p : Display the process associated with the service.

  -n : Display numerical addresses instead of resolving hostnames.

  The output of this command will show all active network connections and listening ports along with the associated processes. You can then identify if FTP is running and on which port.

• Question 183:

  A new requirement for legislators has forced a government security team to develop a validation process to verify the integrity of a downloaded file and the sender of the file. Which of the following is the BEST way for the security team to comply with this requirement?

  A. Digital signature

  B. Message hash

  C. Message digest

  D. Message authentication code

  Correct Answer: A

  It provides both the needed data integrity and sender authentication using asymmetric cryptography, ensuring compliance with the stated requirement.

• Question 184:

  A cyberanalyst has been tasked with recovering PDF files from a provided image file. Which of the following is the BEST file-carving tool for PDF recovery?

  A. objdump

  B. Strings

  C. dd

  D. Foremost

  Correct Answer: D

  "Foremost is a digital forensic application that is used to recover lost or deleted files. Foremost can recover the files for hard disk, memory card, pen drive, and another mode of memory devices easily. It can also work on the image files that are being generated by any other Application."

  https://www.geeksforgeeks.org/how-to-recover-deleted-files-using-foremost-in-linux/

  dd is a command-line utility for Unix and Unix-like operating systems whose primary purpose is to convert and copy files.

  The main purpose of the objdump command is to help in debugging the object file.

  In computer software, Strings is a program in Unix, Plan 9, Inferno, and Unix-like operating systems that finds and prints the strings of printable characters in files.

• Question 185:

  An organization has an operational requirement with a specific equipment vendor. The organization is located in the United States, but the vendor is located in another region. Which of the following risks would be MOST concerning to the organization in the event of equipment failure?

  A. Support may not be available during all business hours.

  B. The organization requires authorized vendor specialists.

  C. Each region has different regulatory frameworks to follow.

  D. Shipping delays could cost the organization money.

  Correct Answer: D

  The question ask about immediate concerns for the organization would be the repair, replacement, or troubleshooting of the equipment to resume normal operations. Since the equipment is in another region, replacement would be a bigger concern than repairs. Delays in getting the required equipment or parts could result in prolonged downtime, impacting business operations and leading to financial losses.

• Question 186:

  A company underwent an audit in which the following issues were enumerated:

  1.

  Insufficient security controls for internet-facing services, such as VPN and extranet

  2.

  Weak password policies governing external access for third-party vendors

  Which of the following strategies would help mitigate the risks of unauthorized access?

  A. 2FA

  B. RADIUS

  C. Federation

  D. OTP

  Correct Answer: A

  2FA provides a holistic approach to enhancing security by requiring a second form of identification in addition to the standard password. Given the audit findings of weak password policies and insufficient security controls for internet-facing services, implementing 2FA would be the most effective single strategy to mitigate the risks of unauthorized access.

• Question 187:

  A MSSP has taken on a large client that has government compliance requirements. Due to the sensitive nature of communications to its aerospace partners, the MSSP must ensure that all communications to and from the client web portal are secured by industry-standard asymmetric encryption methods. Which of the following should the MSSP configure to BEST meet this objective?

  A. ChaCha20

  B. RSA

  C. AES256

  D. RIPEMD

  Correct Answer: B

• Question 188:

  An internal security assessor identified large gaps in a company's IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system. Which of the following legal considerations is the assessor directly violating?

  A. Due care

  B. Due diligence

  C. Due process

  D. Due notice

  Correct Answer: A

  https://www.studynotesandtheory.com/single-post/due-care-vs-due-diligence

• Question 189:

  Signed applications reduce risks by:

  A. encrypting the application's data on the device

  B. requiring the developer to use code-level hardening techniques.

  C. providing assurance that the application is using unmodified source code.

  D. costing the developer money to publish, which reduces the likelihood of malicious intent.

  Correct Answer: C

  Signing an application primarily ensures the integrity of the application and provides assurance that it hasn't been tampered with after signing.

• Question 190:

  After installing an unapproved application on a personal device, a Chief Executive Officer reported an incident to a security analyst. This device is not controlled by the MDM solution, as stated in the BVOD policy. However, the device contained critical confidential information. The cyber incident response team performed the analysis on the device and found the following log:

  Wed 12 Dec 2020 10:00:03 Unknown sources is now enabled on this device.

  Which of the following is the MOST likely reason for the successful attack?

  A. Lack of MDM controls

  B. Auto-join hotspots enabled

  C. Sideloading

  D. Lack of application segmentation

  Correct Answer: C

  The enabling of "Unknown sources" suggests that an application was installed from outside the official app store, which can introduce significant security risks, especially if the source of the application isn't trusted. This process is known as sideloading.