CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 451:

  The Chief Information Officer (CIO) wants to establish a non-binding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a formal partnership. Which of the following would MOST likely be used?

  A. MOU

  B. OLA

  C. NDA

  D. SLA

  Correct Answer: A

• Question 452:

  A company's employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones

  continue to sync email while traveling.

  Which of the following is the MOST likely explanation? (Choose two.)

  A. Outdated geographic IP information

  B. Privilege escalation attack

  C. VPN on the mobile device

  D. Unrestricted email administrator accounts

  E. Client use of UDP protocols

  F. Disabled GPS on mobile devices

  Correct Answer: CF

• Question 453:

  A cybersecunty engineer analyzed a system for vulnerabilities. The tool created an OVAL Results document as output Which of the following would enable the engineer to interpret the results in a human readable form? (Choose two.)

  A. Text editor

  B. OOXML editor

  C. Event Viewer

  D. XML style sheet

  E. SCAPtool

  F. Debugging utility

  Correct Answer: BD

  XSLT 1.0 stylesheet. The stylesheet contains all the instructions used to organize and format the output report and can be understood by any XSLT 1.0 processor When the SCAP content is represented by multiple XML files, the OVAL Definition file can be distnbuted along with the XCCDF file. In such a situation, OVAL Definitions may depend on variables that are exported from the XCCDF file during the scan, and separate evaluation of the OVAL definition(s) would produce misleading results.

• Question 454:

  A security analyst is reviewing weekly email reports and finds an average of 1.000 emails received daily from the internal security alert email address. Which of the following should be implemented?

  A. Tuning the network monitoring service

  B. Separation of duties for systems administrators

  C. Machine learning algorithms

  D. DoS attack prevention

  Correct Answer: D

  Reference: https://www.mimecast.com/bloq/what-is-dos-attack-and-how-to-Drevent-it/

• Question 455:

  An analyst discovers the following while reviewing some recent activity logs:

  

  Which of the following tools would MOST likely identify a future incident in a timely manner?

  A. DDoS protection

  B. File integrity monitoring

  C. SCAP scanner

  D. Protocol analyzer

  Correct Answer: A

  Reference: https7%ww cloudflare com/lp/DDc/ddos-m/?and bt=545481184035and bk=ddos%20protectionand bm=eand bn=qand bq=107086992232and placement=and tarqet=and loc=9076927and dv=candawsearchcpc=1andQclid=C|0KCQ [wv5uKBhD6ARIsAGv9a-xs25kzPU42pMSSkiJt03hbOoC8mxs4MIGe9rG9UDbakhBhBs30YaAikQEALwwcBandaclsrc=aw ds

• Question 456:

  A security engineer is performing a routine audit of a company's decommissioned devices. The current process involves a third-party firm removing the hard drive from a company device, wiping it using a seven-pass software, placing it back

  into the device, and tagging the device for reuse or disposal. The audit reveals sensitive information is present in the hard drive cluster tips.

  Which of the following should the third-party firm implement NEXT to ensure all data is permanently removed?

  A. Degauss the drives using a commercial tool.

  B. Scramble the file allocation table

  C. Wipe the drives using a 21-pass overwrite

  D. Disable the logic board using high-voltage input

  Correct Answer: A

  Erasing your hard drive with a degaussing tool prevents your information from being accessed by anyone, which helps prevent different and unfortunate events, such as employee theft, media loss dunng transport, and improper media destruction. Reference: https://potomacecycle com/what-does-it-mean-to-degauss-a-hard-drive

• Question 457:

  A network engineer is concerned about hosting web, SFTP. and email services in a single DMZ that is hosted in the same security zone This could potentially allow lateral movement within the environment. Which of the following should the engineer implement to mitigate the risk?

  A. Put all the services on a single host to reduce the number of servers.

  B. Create separate security zones for each service and use ACLs for segmentation.

  C. Keep the web server in the DMZ and move the other server services to the internal network.

  D. Deploy a switch and create VLANs for each service.

  Correct Answer: B

• Question 458:

  A healthcare company wants to increase the value of the data it collects on its patients by making the data available to third-party researchers for a fee. Which of the following BEST mitigates the risk to the company?

  A. Log all access to the data and correlate with the researcher.

  B. Anonymize identifiable information using keyed strings

  C. Ensure all data is encrypted in transit to the researcher.

  D. Ensure all researchers sign and abide by non-disclosure agreements.

  E. Sanitize date and time stamp information in the records.

  Correct Answer: C

  Encryption plays a major role in data protection and is a popular tool for secunng data both in transit at-rest.

• Question 459:

  A security tester is performing a black-box assessment of an RFID access control system. The tester has a handful of RFID tags and is able to access the reader. However the tester cannot disassemble the reader because it is in use by the

  company.

  Which of the following shows the steps the tester should take to assess the RFID access control system in the correct order?

  A. 1 Attempt to eavesdrop and replay RFID communications.

  2.

  Determine the protocols being used between the tag and the reader.

  3.

  Retrieve the RFID tag identifier and manufacturer details.

  4.

  Take apart an RFID tag and analyze the chip.

  B. 1. Determine the protocols being used between the tag and the reader.

  2.

  Take apart an RFID tag and analyze the chip.

  3.

  Retrieve the RFID tag identifier and manufacturer details.

  4.

  Attempt to eavesdrop and replay RFID communications.

  C. 1. Retrieve the RFID tag identifier and manufacturer details.

  2. Determine the protocols is being used between the tag and the reader.

  3 Attempt to eavesdrop and replay RFID communications.

  4. Take apart an RFID tag and analyze the chip.

  D. 1 Take apart an RFID tag and analyze the chip.

  2.

  Retrieve the RFID tag identifier and manufacturer details.

  3.

  Determine the protocols being used between the tag and the reader.

  4.

  Attempt to eavesdrop and replay RFID communications.

  Correct Answer: B

• Question 460:

  A company has expenenced negative publicity associated with users giving out their credentials accidentally or sharing intellectual secrets were not properly defined. The company recently implemented some new policies and is now testing

  their effectiveness. Over the last three months, the number of phishing victims-dropped from 100 to only two in the last test The DLP solution that was implemented catches potential material leaks, and the user responsible is retrained

  Personal email accounts and USB drives are restricted from the corporate network.

  Given the improvements, which of the following would a security engineer identify as being needed in a gap analysis?

  A. Additional corporate-wide training on phishing.

  B. A policy outlining what is and is not acceptable on social media.

  C. Notifications when a user falls victim to a phishing attack.

  D. Positive DLP preventions with stronger enforcement.

  Correct Answer: B