CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 191:

  A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed. Data on this network must be protected at the same level of each clearance holder. The need to know must be verified by the data owner. Which of the following should the security officer do to meet these requirements?

  A. Create a rule to authorize personnel only from certain IPs to access the files.

  B. Assign labels to the files and require formal access authorization.

  C. Assign attributes to each file and allow authorized users to share the files.

  D. Assign roles to users and authorize access to files based on the roles.

  Correct Answer: B

  This option aligns with the principle of using security clearances and a "need to know" basis to control access to sensitive information. By labeling files and requiring formal access authorization, the security officer can ensure that only personnel with the appropriate clearance level and a legitimate need to access the data are granted permission. This approach helps maintain the confidentiality and security of the information.

• Question 192:

  A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

  1.

  All remote devices to have up-to-date antivirus

  2.

  A HIDS

  3.

  An up-to-date and patched OS

  Which of the following technologies should the company deploy to meet its security objectives? (Choose two.)

  A. NAC

  B. WAF

  C. NIDS

  D. Reverse proxy

  E. NGFW

  F. Bastion host

  Correct Answer: AE

  NAC (Network Access Control) is a technology that enforces security policies on devices that are connecting to a network. NAC can be used to ensure that all remote devices have up-to-date antivirus, a HIDS, and an up-to-date and patched

  OS.

  NGFW (Next-Generation Firewall) is a firewall that provides advanced security features, such as intrusion detection and prevention, application control, and web filtering. NGFW can be used to protect the extranet applications from attack.

• Question 193:

  The Chief Information Security Officer is concerned about the possibility of employees downloading malicious files from the internet and opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

  A. Integrate the web proxy with threat intelligence feeds.

  B. Scan all downloads using an antivirus engine on the web proxy.

  C. Block known malware sites on the web proxy.

  D. Execute the files in the sandbox on the web proxy.

  Correct Answer: D

  Sandboxing provides a proactive approach, evaluating files based on behavior and potentially catching malicious files that signature-based solutions might miss.

• Question 194:

  An organization offers SaaS services through a public email and storage provider. To facilitate password resets, a simple online system is set up. During a routine check of the storage each month, a significant increase in use of storage can be seen. Which of the following techniques would remediate the attack?

  A. Including input sanitization to the logon page

  B. Configuring an account lockout policy

  C. Implementing a new password reset system

  D. Adding MFA to all accounts

  Correct Answer: A

  by sanitizing inputs, you can prevent malicious data from being inserted or uploaded to the system, which could be causing the unexpected increase in storage use.

• Question 195:

  A security engineer has recently become aware of a Java application that processes critical information in real time on the company's network. The Java application was scanned with SAST prior to deployment, and all vulnerabilities have been mitigated. However, some known issues within the Java runtime environment cannot be resolved. Which of the following should the security engineer recommend to the developer in order to mitigate the issue with the LEAST amount of downtime?

  A. Perform software composition analysis on libraries from third parties.

  B. Run the application in a sandbox and perform penetration tests.

  C. Rewrite and compile the application in C++ and then reinstall it.

  D. Embed the current application into a virtual machine that runs on dedicated hardware.

  Correct Answer: D

  By running the application in a dedicated virtual machine (VM), it's isolated from the rest of the environment. This containment reduces the potential impact of vulnerabilities in the Java runtime since they'd be restricted to the VM. Moreover, embedding an application into a VM typically has a shorter downtime than rewriting the application or extensive testing.

• Question 196:

  A small software company deployed a new web application after a network security scan found no vulnerabilities. A customer using this application reported malicious activity believed to be associated with the application. During an investigation, the company discovered that the customer closed the browser tab and connected to another application, using the same credentials on both platforms.

  Which of the following detection methods should the software company implement before deploying the next version?

  A. Multifactor authentication

  B. Static application code scanning

  C. Stronger password policy

  D. A SIEM

  Correct Answer: D

  A SIEM (Security Information and Event Management) system is a tool that collects and analyzes security data from a variety of sources, such as network logs, application logs, and security devices. SIEM systems can be used to detect

  suspicious activity, such as unusual login patterns or failed loginhttps://www.examtopics.com/exams/comptia/cas-004/view/# attempts.

  Why not A. Multifactor authentication (MFA)?

  MFA enhances security by requiring multiple methods of verification to prove identity when logging in. While MFA can prevent unauthorized access due to stolen or guessed credentials, it doesn't address session management issues or

  customer's credentials were compromised.

• Question 197:

  The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified

  when the controller was restarted:

  SECURE BOOT FAILED:

  FIRMWARE MISMATCH EXPECTED 0xFDC479 ACTUAL 0x79F31B

  During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATTandCK framework for

  ICS includes this technique?

  A. Evasion

  B. Persistence

  C. Collection

  D. Lateral movement

  Correct Answer: B

  In the context of the MITRE ATTandCK framework, the "Persistence" stage involves techniques used by attackers to maintain their presence in a compromised environment over an extended period. One way to achieve persistence in ICS environments is by modifying firmware or configurations in such a way that the malicious changes persist even after system restarts or updates.

• Question 198:

  A systems administrator confirms that the company's remote server is providing the following list of preferred ciphers:

  1.

  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

  2.

  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

  3.

  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

  4.

  TLS_RSA_WITH_RC4_128_SHA (0x5)

  5.

  TLS_RSA_WITH_RC4_128_MD5 (0x4)

  Nevertheless, when the systems administrator's browser connects to the server, it negotiates TLS_RSA_WITH_RC4_128_MD5 (0x4), while all other employees' browsers negotiate TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030).

  Which of the following describes a potential attack to the systems administrator's browser?

  A. A cipher mismatch

  B. Key rotation

  C. A downgrade attack

  D. A compromised key

  E. Rekeying

  Correct Answer: C

  In this scenario, it seems that the systems administrator's browser is being forced to negotiate a less secure cipher suite (TLS_RSA_WITH_RC4_128_MD5) instead of the preferred, more secure cipher suites. This is likely due to a man-inthe-middle attacker manipulating the negotiation process and downgrading the encryption level. This type of attack is known as a "downgrade attack."

• Question 199:

  A consultant needs access to a customer's cloud environment. The customer wants to enforce the following engagement requirements:

  1.

  All customer data must remain under the control of the customer at all times.

  2.

  Third-party access to the customer environment must be controlled by the customer.

  3.

  Authentication credentials and access control must be under the customer's control.

  Which of the following should the consultant do to ensure all customer requirements are satisfied when accessing the cloud environment?

  A. Use the customer's SSO with read-only credentials and share data using the customer's provisioned secure network storage.

  B. Use the customer-provided VDI solution to perform work on the customer's environment.

  C. Provide code snippets to the customer and have the customer run code and securely deliver its output.

  D. Request API credentials from the customer and only use API calls to access the customer's environment.

  Correct Answer: B

  Virtual Desktop Infrastructure (VDI) allows the consultant to work within a virtualized environment controlled by the customer. All data remains within the customer's environment, and access is controlled by the customer.

• Question 200:

  A security team is concerned with attacks that are taking advantage of return-oriented programming against the company's public facing applications. Which of the following should the company implement on the public-facing servers?

  A. WAF

  B. ASLR

  C. NX

  D. HSM

  Correct Answer: B

  According to Intel, the answer is ASLR (B).

  "Areas of strength for ROP attacks includes the ability to circumvent data execution prevention (NX)"... meaning C is not the correct answer. See page 8 at link below. "Existing solutions to ROP attacks include Address Space Layout

  Randomization: ASLR is the state-of-the-art protection against ROP attacks." See page 9 at link below.

  https://www.intel.com/content/dam/develop/external/us/en/documents/catc17-anti-rop-moving-target-defense-844137.pdf