CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 461:

  An information security officer reviews a report and notices a steady increase in outbound network traffic over the past ten months. There is no clear explanation for the increase. The security officer interviews several business units and

  discovers an unsanctioned cloud storage provider was used to share marketing materials with potential customers.

  Which of the following services would be BEST for the security officer to recommend to the company?

  A. NIDS

  B. HIPS

  C. CASB

  D. SFTP

  Correct Answer: C

• Question 462:

  The Chief Information Security Officer (CISO) of a small, local bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually.

  Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

  A. Black-box testing

  B. Gray-box testing

  C. Red-team hunting

  D. White-box testing E. Blue-team exercises

  Correct Answer: C

• Question 463:

  A security manager wants to implement a policy that will provide management with the ability to monitor employee's activities with minimum impact to productivity. Which of the following policies is BEST suited for this scenario?

  A. Separation of duties

  B. Mandatory vacations

  C. Least privilege

  D. Incident response

  Correct Answer: A

• Question 464:

  A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregator and allows remote access to MSSP analysts. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud The data is then sent from the log aggregator to a public IP address in the MSSP's datacenter for analysis. A security engineer is concerned about the secunty of the solution and notes the following

  1.

  The critical devices send cleartext logs to the aggregator.

  2.

  The log aggregator utilizes full disk encryption.

  3.

  The log aggregator sends to the analysis server via port 80.

  4.

  MSSP analysts utilize an SSL VPN with MFA to access the log aggregator remotely.

  5.

  The data is compressed and encrypted prior to being archived in the cloud.

  Which of the following should be the secunty engineer's GREATEST concern?

  A. Hardware vulnerabilities introduced by the log aggregator server.

  B. Network bridging from a remote access VPN.

  C. Encryption of data in transit.

  D. Multitenancy and data remnants in the cloud.

  Correct Answer: C

• Question 465:

  An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:

  1.

  Be based on open-source Android for use familiarity and ease

  2.

  Provide a single application for inventory management of physical assets.

  3.

  Permit use of the camera by only the inventory application for the purposes of scanning

  4.

  Disallow any and all configuration baseline modifications.

  5.

  Restnct all access to any devices resource other than those required for use of the inventory management application.

  Which of the following approaches would BEST meet these security requirements?

  A. Set an application wrapping policy, wrap the application distribute the Inventory APK via the MAM tool, and test the application restrictions.

  B. Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.

  C. Swap out Android's Linux kernel version for >2.4 .0, build the kernel, build Android, remove unnecessary functions via MDM. configure to block network access, and perform integration testing.

  D. Build and install an Android middleware policy with requirements added, copy the file into /usr/init, and then build the inventory application.

  Correct Answer: A

• Question 466:

  While traveling to another state, the Chief Financial Officer (CFO) forgot to submit payroll for the company The CFO quickly gained access to the corporate network through the high-speed wireless network provided by the hotel and

  completed the task. Upon returning from the business trip, the CFO was told no one received their weekly pay due to a malware attack on the system.

  Which of the following is the MOST likely cause of the secunty breach?

  A. The security manager did not enforce automatic VPN connection.

  B. The company's server did not have endpoint security enabled.

  C. The hotel did not require a wireless password to authenticate.

  D. The laptop did not have the host-based firewall properly configured.

  Correct Answer: A

• Question 467:

  An organization relies heavily on third-party mobile applications for official use within a BYOD deployment scheme An excerpt from an approved text-based-chat client application AndroidManifest xml is as follows:

  

  Which of the following would restrict application permissions while minimizing the impact to normal device operations?

  A. Add the application to the enterprise mobile whitelist.

  B. Use the MDM to disable the devices' recording microphones and SMS.

  C. Wrap the application before deployment.

  D. Install the application outside of the corporate container.

  Correct Answer: B

• Question 468:

  A small company is implementing a new technology that promises greater performance but does not abide by accepted RFCs.

  Which of the following should the company do to ensure the risks associated with implementing the standard-violating technology are addressed?

  A. Document the technology's differences in a system security plan.

  B. Require the vendor to provide justification for the product's deviation.

  C. Increase the frequency of vulnerability scanning of all systems using the technology.

  D. Block the use of non-standard ports or protocols to and from the system.

  Correct Answer: A

  Reference: https://www.sciencedirect.com/toDics/computer-science/svstem-securitv-plan

• Question 469:

  A Chief Information Security Officer (CISO) has launched an initiative to create a robust BCP/DR plan for the entire company. As part of the initiative, the secunty team must gather data supporting operational importance for the applications used by the business and determine the order in which the applications must be brought back online.

  Which of the following should be the FIRST step taken by the team?

  A. Perform a review of all policies and procedures related to BCP and DR and create an educational module that can be assigned to all employees to provide training on BCP/DR events.

  B. Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

  C. Have each business unit conduct a BIA and categorize the applications according to the cumulative data gathered.

  D. Implement replication of all servers and application data to back up datacenters that are geographically dispersed from the central datacenter and release an updated BPA to all clients.

  Correct Answer: B

• Question 470:

  A company provides guest WiFi access to the Internet and physically separates the guest network from the company's internal WiFi. Due to a recent incident in which an attacker gained access to the company's internal WiFi, the company plans to configure WPA2 Enterprise in an EAP-TLS configuration.

  Which of the following must be installed on authorized hosts for this new configuration to work properly?

  A. Active Directory GPOs

  B. PKI certificates

  C. Host-based firewall

  D. NAC persistent agent

  Correct Answer: B