CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 371:

  A company's claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee's laptop when was opened.

  A. Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

  B. Required all laptops to connect to the VPN before accessing email.

  C. Implement cloud-based content filtering with sandboxing capabilities.

  D. Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

  Correct Answer: C

• Question 372:

  During the migration of a company's human resources application to a PaaS provider, the Chief Privacy Officer (CPO) expresses concern the vendor's staff may be able to access data within the migrating applications. The application stack

  includes a multitier architecture and uses commercially available, vendor-supported software packages.

  Which of the following BEST addresses the CPO's concerns?

  A. Execute non-disclosure agreements and background checks on vendor staff.

  B. Ensure the platform vendor implement date-at-rest encryption on its storage.

  C. Enable MFA to the vendor's tier of the architecture.

  D. Impalement a CASB that tokenizes company data in transit to the migrated applications.

  Correct Answer: A

• Question 373:

  A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

  

  ls -l -a /usr/beinz/public; cat ./config/db.yml

  The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

  

  system {"ls -l -a #(patch)"}

  Which of the following is an appropriate security control the company should implement?

  A. Restrict directory permission to read-only access.

  B. Use server-side processing to avoid XSS vulnerabilities in path input.

  C. Separate the items in the system call to prevent command injection.

  D. Parameterize a query in the path variable to prevent SQL injection.

  Correct Answer: C

• Question 374:

  While traveling to another state, the Chief Financial (CFO) forgot to submit payroll for the company. The CFO quickly gained to the corporate through the high-speed wireless network provided by the hotel and completed the desk. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware on attack on the system.

  Which of the following is the MOST likely of the security breach?

  A. The security manager did not enforce automate VPN connection.

  B. The company's server did not have endpoint security enabled.

  C. The hotel and did require a wireless password to authenticate.

  D. The laptop did not have the host-based firewall properly configured.

  Correct Answer: A

• Question 375:

  Which of the following is MOST likely to be included in a security services SLA with a third-party vendor?

  A. The standard of quality for anti-malware engines

  B. Parameters for applying critical patches

  C. The validity of program productions

  D. Minimum bit strength for encryption-in-transit.

  Correct Answer: A

• Question 376:

  A company runs a well ttended, on-premises fitness club for its employees, about 200 of them each day. Employees want to sync center's login and attendance program with their smartphones. Human resources, which manages the contract for the fitness center, has asked the security architecture to help draft security and privacy requirements.

  Which of the following would BEST address these privacy concerns?

  A. Use biometric authentication.

  B. Utilize geolocation/geofencing.

  C. Block unauthorized domain bridging.

  D. Implement containerization

  Correct Answer: A

• Question 377:

  A security administrator wants to implement an MDM solution to secure access to company email and files in a BYOD environment. The solution must support the following requirements:

  1.

  Company administrators should not have access to employees' personal information.

  2.

  A rooted or jailbroken device should not have access to company sensitive information.

  Which of the following BEST addresses the associated risks?

  A. Code signing

  B. VPN

  C. FDE

  D. Containerization

  Correct Answer: A

• Question 378:

  Ann, a user' brings her laptop to an analyst after noticing it has been operating very slowly. The security analyst examines the laptop and obtains the following output.

  

  Which of the following will the analyst most likely use NEXT?

  A. Process explorer

  B. Vulnerability scanner

  C. Antivirus

  D. Network enumerator

  Correct Answer: B

• Question 379:

  When of the following is the BEST reason to implement a separation of duties policy?

  A. It minimizes the risk of Dos due to continuous monitoring.

  B. It eliminates the need to enforce least privilege by logging all actions.

  C. It increases the level of difficulty for a single employee to perpetrate fraud.

  D. it removes barriers to collusion and collaboration between business units.

  Correct Answer: A

• Question 380:

  A security manager wants to implement a policy that will management with the ability to monitor employees' activities with minimum impact to productivity. Which of the following policies Is BEST suited for this scenario?

  A. Separation of duties

  B. Mandatory vacations

  C. Least privilege

  D. Incident response

  Correct Answer: A