CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 281:

  An organization developed an incident response plan. Which of the following would be BEST to assess the effectiveness of the plan?

  A. Requesting a third-party review

  B. Generating a checklist by organizational unit

  C. Establishing role succession and call lists

  D. Creating a playbook

  E. Performing a tabletop exercise

  Correct Answer: E

• Question 282:

  A security analyst has concerns about malware on an endpoint. The malware is unable to detonate by modifying the kernel response to various system calls. As a test, the analyst modifies a Windows server to respond to system calls as if it was a Linux server. In another test, the analyst modifies the operating system to prevent the malware from identifying target files. Which of the following techniques is the analyst MOST likely using?

  A. Honeypot

  B. Deception

  C. Simulators

  D. Sandboxing

  Correct Answer: B

• Question 283:

  A penetration tester is testing a company's login form for a web application using a list of known usernames and a common password list. According to a brute-force utility, the penetration tester needs to provide the tool with the proper headers, POST URL with variable names, and the error string returned with an improper login. Which of the following would BEST help the tester to gather this information? (Choose two.)

  A. The new source feature of the web browser

  B. The logs from the web server

  C. The inspect feature from the web browser

  D. A tcpdump from the web server

  E. An HTTP interceptor

  F. The website certificate viewed via the web browser

  Correct Answer: CE

• Question 284:

  An architect is designing security scheme for an organization that is concerned about APTs. Any proposed architecture must meet the following requirements:

  1.

  Services must be able to be reconstituted quickly from a known-good state.

  2.

  Network services must be designed to ensure multiple diverse layers of redundancy.

  3.

  Defensive and responsive actions must be automated to reduce human operator demands.

  Which of the following designs must be considered to ensure the architect meets these requirements? (Choose three.)

  A. Increased efficiency by embracing advanced caching capabilities

  B. Geographic distribution of critical data and services

  C. Hardened and verified container usage

  D. Emulated hardware architecture usage

  E. Establishment of warm and hot sites for continuity of operations

  F. Heterogeneous architecture

  G. Deployment of IPS services that can identify and block malicious traffic

  H. Implementation and configuration of a SOAR

  Correct Answer: BEH

  The designs that must be considered to ensure the architect meets these requirements are:

  1.

  Network services must be designed to ensure multiple diverse layers of redundancy.

  2.

  Establishment of warm and hot sites for continuity of operations.

  Implementation and configuration of a SOAR (Security Orchestration, Automation and Response) system to automate defensive and responsive actions to reduce human operator demands.

  Heterogeneous architecture refers to the use of different types of hardware and software in a system. It is not related to the design of network services to ensure multiple diverse layers of redundancy.

• Question 285:

  A security administrator sees several hundred entries in a web server security log that are similar to the following:

  

  The network source varies, but the URL, status, and user agent are the same. Which of the following would BEST protect the web server without blocking legitimate traffic?

  A. Replace the file xmlrpc.php with a honeypot form to collect further IOCs.

  B. Automate the addition of bot IP addresses into a deny list for the web host.

  C. Script the daily collection of the WHOIS ranges to add to the WAF as a denied ACL.

  D. Block every subnet that is identified as having a bot that is a source of the traffic.

  Correct Answer: B

• Question 286:

  A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?

  A. Asynchronous keys

  B. Homomorphic encryption

  C. Data lake

  D. Machine learning

  Correct Answer: B

• Question 287:

  A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

  A. Implement iterative software releases

  B. Revise the scope of the project to use a waterfall approach.

  C. Change the scope of the project to use the spiral development methodology.

  D. Perform continuous integration.

  Correct Answer: A

  Implementing iterative software releases, also known as an iterative or incremental development approach, involves breaking the project into smaller, manageable iterations or increments. Each iteration delivers a functioning subset of the CRM platform with essential features. This allows the company to begin releasing the product to users incrementally, even if not all the planned features are fully developed yet. Subsequent iterations build upon the previous ones, adding new features, improvements, and fixes.

  By following an iterative approach, the company can start delivering value to users earlier and meet their immediate needs, even if the full CRM platform is not yet complete. Additionally, it allows for continuous testing and feedback from users throughout the development process, which helps identify issues early and prioritize future development efforts based on user feedback.

• Question 288:

  A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

  1.

  Mobile clients should verity the identity of all social media servers locally.

  2.

  Social media servers should improve TLS performance of their certificate status.

  3.

  Social media servers should inform the client to only use HTTPS.

  Given the above requirements, which of the following should the company implement? (Choose two.)

  A. Quick UDP internet connection

  B. OCSP stapling

  C. Private CA

  D. DNSSEC

  E. CRL

  F. HSTS

  G. Distributed object model

  Correct Answer: BF

• Question 289:

  Which of the following communication protocols is used to create PANs with small, low-power digital radios and supports a large number of nodes?

  A. Zigbee

  B. Wi-Fi

  C. CAN

  D. Modbus

  E. DNP3

  Correct Answer: A

• Question 290:

  A pharmaceutical company was recently compromised by ransomware. Given the following EDR output from the process investigation: On which of the following devices and processes did the ransomware originate?

  

  A. cpt-ws018, powershell.exe

  B. cpt-ws026, DearCry.exe

  C. cpt-ws002, NO-AV.exe

  D. cpt-ws026, NO-AV.exe

  E. cpt-ws002, DearCry.exe

  Correct Answer: C