A commercial OSINT provider utilizes and reviews data from various sources of publicly available information. The provider is transitioning the subscription service to a model that limit's the scope of available data based on subscription tier. Which of the following approaches would best ensure subscribers are only granted access to data associated with their tier? (Choose two.)
A. Storing collected data on separate physical media per tier
B. Controlling access to data based on the role of users
C. Employing attribute-based access control
D. Implementing a behavior-based IDS positioned at the storage network gateway
E. Establishing a classification and labeling scheme
F. Implementing a mandatory access control scheme
A security engineer evaluates the overall security of a custom mobile gaming application and notices that developers are bringing in a large number of open-source packages without appropriate patch management. Which of the following would the engineer most likely recommend for uncovering known vulnerabilities in the packages?
A. Leverage an exploitation framework to uncover vulnerabilities.
B. Use fuzz testing to uncover potential vulnerabilities in the application.
C. Utilize a software composition analysis tool to report known vulnerabilities.
D. Reverse engineer the application to look for vulnerable code paths.
E. Analyze the use of an HTTP intercepting proxy to dynamically uncover issues.
A company is rewriting a vulnerable application and adding the mprotect() system call in multiple parts of the application's code that was being leveraged by a recent exploitation tool. Which of the following should be enabled to ensure the application can leverage the new system call against similar attacks in the future?
A. TPM
B. Secure boot
C. NX bit
D. HSM
A security engineer is implementing DLP. Which of the following should the security engineer include in the overall DLP strategy?
A. Tokenization
B. Network traffic analysis
C. Data classification
D. Multifactor authentication
A security analyst is conducting an investigation regarding a potential insider threat. An unauthorized USB device might have been used to exfiltrate proprietary data from a Linux system.
Which of the following options would identify the IoCs and provide the appropriate response?
A. Review the network logs and update the firewall rules.
B. Review the operating system logs and update the DLP rules.
C. Review the vulnerability logs and update the IDS rules.
D. Obtain the device ID using dmesg and update the portable storage inventory.
An analyst determined that the current process for manually handling phishing attacks within the company is ineffective. The analyst is developing a new process to ensure phishing attempts are handled internally in an appropriate and timely manner. One of the analyst's requirements is that a blocklist be updated automatically when phishing attempts are identified. Which of the following would help satisfy this requirement?
A. SOAR
B. MSSP
C. Containerization
D. Virtualization
E. MDR deployment
The following messages are displayed when a VPN client is attempting to connect to an OpenVPN server:
OpenSSL: error: 140760FC:SSL routines: SSL23_GET_CLIENT_HELLO: unknown protocol'
TLS_ERROR: BIO read tls_read_plaintext error'
TLS_ERROR: TLS object->incoming plaintext read error'
TLS_ERROR: TLS handshake failed'
SIGUSR1 [soft, tls_error] received, client_instance restarting'
Which of the following best explains the cause of these messages?
A. The client is attempting to establish an unencrypted connection with the server.
B. The server is unreachable to the client and a connection cannot be established.
C. The client is using LibreSSL libraries while the server is using OpenSSL libraries.
D. A TLS version mismatch exists between the client and the server.
An incident response team completed recovery from offline backup for several workstations. The workstations were subjected to a ransomware attack after users fell victim to a spear-phishing campaign, despite a robust training program. Which of the following questions should be considered during the lessons-learned phase to most likely reduce the risk of reoccurrence? (Choose two.)
A. Are there opportunities for legal recourse against the originators of the spear-phishing campaign?
B. What internal and external stakeholders need to be notified of the breach?
C. Which methods can be implemented to increase speed of offline backup recovery?
D. What measurable user behaviors were exhibited that contributed to the compromise?
E. Which technical controls, if implemented, would provide defense when user training fails?
F. Which user roles are most often targeted by spear phishing attacks?
An organization needs to disable TLS 1.0 on a retail website. Which of the following best explains the reason for this action?
A. Payment card industry compliance requires the change.
B. Digital certificates are dependent on a newer protocol.
C. Most browser manufacturers are ending legacy support.
D. The application software no longer supports TLS 1.0.
Employees are receiving certificate errors when visiting secure internet websites. A help desk technician reviews a sample of the certificates from various external websites and determines that an internal certificate with the name of the company's proxy is present in the middle of the certificate chain. The help desk technician escalates the issue to the security team. Which of the following should the security team do next to resolve this issue?
A. Renew and redeploy the intermediate CA certificate.
B. Contact the external websites about updating their certificates.
C. Use Wireshark to analyze network traffic for potential malicious activities.
D. Add the affected websites to the proxy's allow list.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-004 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.