CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 201:

  A user in the finance department uses a laptop to store a spreadsheet that contains confidential financial information for the company.

  Which of the following would be the BEST way to protect the file while the user travels between locations? (Choose two.)

  A. Encrypt the laptop with full disk encryption.

  B. Back up the file to an encrypted flash drive.

  C. Place an ACL on the file to only allow access to specified users.

  D. Store the file in the user profile.

  E. Place an ACL on the file to deny access to everyone.

  F. Enable access logging on the file.

  Correct Answer: AB

• Question 202:

  A security assessor identified an internet-facing web service API provider that was deemed vulnerable. Execution of testssl provided the following insight:

  

  Which of the following configuration changes would BEST mitigate chosen ciphertext attacks?

  A. Enable 3DES ciphers IDEA.

  B. Enable export ciphers.

  C. Enable PFS ciphers.

  D. Enable AEAD.

  Correct Answer: D

  AEAD (Authenticated Encryption with Associated Data) ciphers provide both encryption and authentication in a single step. This makes them more resistant to chosen ciphertext attacks than other types of ciphers. AEAD ciphers, like AESGCM and ChaCha20-Poly1305, provide strong encryption and authentication.

• Question 203:

  Some end users of an e-commerce website are reporting a delay when browsing pages. The website uses TLS 1.2. A security architect for the website troubleshoots by connecting from home to the website and capturing traffic via Wireshark. The security architect finds that the issue is the time required to validate the certificate. Which of the following solutions should the security architect recommend?

  A. Adding more nodes to the web server clusters

  B. Changing the cipher algorithm used on the web server

  C. Implementing OCSP stapling on the server

  D. Upgrading to TLS 1.3

  Correct Answer: C

  OCSP (Online Certificate Status Protocol) is a protocol used to check the revocation status of a digital certificate. When a client connects to a server, it may need to check the status of the server's certificate by sending a request to the Certificate Authority (CA). This can introduce a delay, especially if the CA's server is slow or unreachable. OCSP stapling is a solution where the server periodically retrieves its certificate status from the CA and then "staples" this status to the TLS handshake. This means the client doesn't need to make a separate connection to the CA, thus reducing the connection time.

• Question 204:

  A help desk technician is troubleshooting an issue with an employee's laptop that will not boot into its operating system. The employee reported the laptop had been stolen but then found it one day later. The employee has asked the technician for help recovering important data. The technician has identified the following:

  1.

  The laptop operating system was not configured with BitLocker.

  2.

  The hard drive has no hardware failures.

  3.

  Data is present and readable on the hard drive, although it appears to be illegible.

  Which if the following is the MOST likely reason the technician is unable to retrieve legible data from the hard drive?

  A. The employee's password was changed, and the new password needs to be used.

  B. The PKI certificate was revoked, and a new one must be installed.

  C. The hard drive experienced crypto-shredding.

  D. The technician is using the incorrect cipher to read the data.

  Correct Answer: C

  Crypto-shredding describes the concept that destroying a decryption key in essence destroys the data it was designed to protect. Especially important in cloud environments where methods available to confidently destroy data is limited. This technique depends upon assurance that the data was never available in decrypted format at any point in its life cycle, that the encryption method was sufficiently secure, and that the key is irrecoverably destroyed.

• Question 205:

  A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltrate a company report by visiting the following URL:

  www.intranet.abc.com/get-files.jsp?file=report.pdf

  Which of the following mitigation techniques would be BEST for the security engineer to recommend?

  A. Input validation

  B. Firewall

  C. WAF

  D. DLP

  Correct Answer: A

  Input validation is the process of checking user input to ensure that it is valid and safe. In this case, the security engineer should recommend that the web application validate the file parameter to ensure that it is a valid "file" path. This will prevent attackers from being able to exfiltrate arbitrary files from the web server.

• Question 206:

  A security administrator wants to detect a potential forged sender claim in the envelope of an email. Which of the following should the security administrator implement? (Choose two.)

  A. MX record

  B. DMARC

  C. SPF

  D. DNSSEC

  E. S/MIME

  F. TLS

  Correct Answer: BC

  DMARC (Domain-based Message Authentication, Reporting and Conformance)

  DMARC builds on the features of both SPF and DKIM (DomainKeys Identified Mail). It allows the sender's domain to specify that they use SPF, DKIM, or both, and what action to take (report, quarantine, or reject) if neither of those

  authentication methods pass. DMARC also provides a way for recipients to report back to senders about messages that pass and/or fail DMARC evaluation.

  SPF (Sender Policy Framework)

  SPF is an email authentication method designed to detect forged sender addresses during the delivery of the email. By creating an SPF record in the domain's DNS records, the domain administrator can specify which mail servers are allowed

  to send mail on behalf of the domain. The receiving mail server then checks this record to ensure the mail is coming from an authorized server.

• Question 207:

  A company is acquiring a competitor, and the security team is performing due diligence activities on the competitor prior to the acquisition. The team found a recent compliance audit of the competitor's environment that shows a mature security infrastructure, but it lacks a cohesive policy and process framework. Based on the audit findings, the security team determines the competitor's existing security capabilities are sufficient, but they will need to incorporate additional security policies. Which of the following risk management strategies is the security team recommending?

  A. Mitigate and avoid

  B. Transfer and accept

  C. Avoid and transfer

  D. Accept and mitigate

  Correct Answer: D

  The security team is accepting the risk that the competitor's existing security policies and procedures are not comprehensive enough. However, the team is also mitigating this risk by implementing additional security policies.

• Question 208:

  A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert. Based on this information, the security

  analyst acknowledges this alert. Which of the following event classifications is MOST likely the reason for this action?

  A. True negative

  B. False negative

  C. False positive

  D. Non-automated response

  Correct Answer: C

• Question 209:

  The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company's data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored. Which of the following would meet these requirements?

  A. Near-field communication

  B. Short Message Service

  C. Geofencing

  D. Bluetooth

  Correct Answer: C

  Geofencing is a technology that allows you to set up virtual boundaries or geographic zones and trigger actions when a mobile device enters or exits those predefined areas. In this case, you can set up a geofence around the sensitive area of the data center, and when a mobile device enters that area, it can trigger an alert to be sent to the security team and optionally notify the individual entering the area that their access has been logged and monitored. Geofencing is commonly used for location-based security and notifications.

• Question 210:

  An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

  A. Properly configure a secure file transfer system to ensure file integrity.

  B. Have the external parties sign non-disclosure agreements before sending any images.

  C. Only share images with external parties that have worked with the firm previously.

  D. Utilize watermarks in the images that are specific to each external party.

  Correct Answer: D

  Watermarking involves adding a unique, identifying mark or overlay to an image. In this case, by applying specific watermarks to the images for each external party, the architectural firm can trace any leaked drafts back to the party that received them. This provides a clear indication of who may have been responsible for the leak, helping to maintain confidentiality and accountability in the drafting process.