CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 21:

  A security administrator is setting up a virtualization solution that needs to run services from a single host. Each service should be the only one running in its environment. Each environment needs to have its own operating system as a base but share the kernel version and properties of the running host. Which of the following technologies would best meet these requirements?

  A. Containers

  B. Type 1 hypervisor

  C. Type 2 hypervisor

  D. Virtual desktop infrastructure

  E. Emulation

  Correct Answer: A

  Containers are the most suitable technology for the scenario described by the security administrator. They allow each service to run in its own isolated environment with its own filesystem and processes while sharing the host's kernel. This meets the requirement of having separate OS environments for each service but leveraging the common properties and kernel version of the host system, ensuring efficient resource utilization and isolation between services.

• Question 22:

  The primary advantage of an organization creating and maintaining a vendor risk registry is to:

  A. define the risk assessment methodology.

  B. study a variety of risks and review the threat landscape.

  C. ensure that inventory of potential risk is maintained.

  D. ensure that all assets have low residual risk.

  Correct Answer: C

  The primary advantage of creating and maintaining a vendor risk registry is to ensure that the organization maintains an inventory of potential risks posed by its vendors. This enables proactive risk management, compliance with regulatory requirements, and effective monitoring and assessment of vendor-related risks over time. By having a comprehensive view of vendor risks, organizations can make informed decisions to protect their operations and assets from potential harm arising from vendor relationships.

• Question 23:

  A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops. Which of the following authenticator types would be most appropriate for the engineer to include in the design?

  A. TOTP token

  B. Device certificate

  C. Smart card

  D. Biometric

  Correct Answer: B

  Using digital certificates for authentication is a secure method to control access to laptops and other devices. A device certificate can serve as an authenticator by providing a means for the device to prove its identity in a cryptographic manner. This certificate-based authentication is commonly used in enterprise environments for strong authentication.

• Question 24:

  company management elects to cancel production. Which of the following risk strategies is the company using in this scenario?

  A. Avoidance

  B. Mitigation

  C. Rejection

  D. Acceptance

  Correct Answer: A

• Question 25:

  Which of the following security features do email signatures provide?

  A. Non-repudiation

  B. Body encryption

  C. Code signing

  D. Sender authentication

  E. Chain of custody

  Correct Answer: AD

• Question 26:

  An organization has deployed a cloud-based application that provides virtual event services globally to clients. During a typical event, thousands of users access various entry pages within a short period of time. The entry pages include sponsor-related content that is relatively static and is pulled from a database. When the first major event occurs, users report poor response time on the entry pages. Which of the following features is the most appropriate for the company to implement?

  A. Horizontal scalability

  B. Vertical scalability

  C. Containerization

  D. Static code analysis

  E. Caching

  Correct Answer: E

  Caching is the most appropriate feature for the company to implement in this scenario. Caching involves storing frequently accessed data closer to the user, reducing the need to retrieve data from the original source repeatedly. In the context of the virtual event services application, caching sponsor-related content on the entry pages can significantly improve response times for users. This approach leverages the static nature of the content and reduces the load on the database during peak usage times.

• Question 27:

  A senior cybersecurity engineer is solving a digital certificate issue in which the CA denied certificate issuance due to failed subject identity validation. At which of the following steps within the PKI enrollment process would the denial have occurred?

  A. RA

  B. OCSP

  C. CA

  D. IdP

  Correct Answer: C

  While the CA is responsible for issuing the certificates, it relies on the RA (if one is used) to perform the identity validation. If the RA performs its duties correctly, any failed identity validation would be handled at the RA level, and the CA would not issue the certificate.

• Question 28:

  A company has a website with a huge database. The company wants to ensure that a DR site could be brought online quickly in the event of a failover, and end users would miss no more than 30 minutes of data. Which of the following should the company do to meet these objectives?

  A. Build a content caching system at the DR site.

  B. Store the nightly full backups at the DR site.

  C. Increase the network bandwidth to the DR site.

  D. Implement real-time replication for the DR site.

  Correct Answer: D

• Question 29:

  An organization needs to classify its systems and data in accordance with external requirements. Which of the following roles is best qualified to perform this task?

  A. Systems administrator

  B. Data owner

  C. Data processor

  D. Data custodian

  E. Data steward

  Correct Answer: B

• Question 30:

  An organization's load balancers have reached end of life and have a vulnerability that will require them to be replaced. The load balancers are scheduled to be decommissioned within the next month. The management team has decided not to resolve this risk and instead allow the load balancers to remain in place until their decommission date. Which of the following risk handling techniques is the management team using?

  A. Avoid

  B. Mitigate

  C. Accept

  D. Transfer

  Correct Answer: C

  The management team is choosing to accept the risk associated with the end-of-life load balancers that have a known vulnerability. Accepting the risk means acknowledging that the vulnerability exists but deciding not to take any further action to mitigate or transfer it. In this case, the organization has made the decision to continue using the load balancers until their scheduled decommission date, despite the known vulnerability. This approach may be taken if the risk is deemed acceptable within the organization's risk tolerance levels, and if other risk handling techniques like mitigation or transfer are not feasible or practical in the given timeframe.