CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 71:

  When implementing serverless computing an organization must still account for:

  A. the underlying computing network infrastructure

  B. hardware compatibility

  C. the security of its data

  D. patching the service

  Correct Answer: C

  While serverless computing abstracts the infrastructure layer from developers, organizations must still ensure the security of their data in the serverless environment. This includes protecting the data from unauthorized access and ensuring data privacy and integrity. Serverless architectures can be complex, and understanding the security model and shared responsibility is essential for safeguarding applications and services.

• Question 72:

  A company with multiple locations has taken a cloud-only approach to its infrastructure The company does not have standard vendors or systems resulting in a mix of various solutions put in place by each location The Chief Information Security Officer wants to ensure that the internal security team has visibility into all platforms Which of the following best meets this objective?

  A. Security information and event management

  B. Cloud security posture management

  C. SNMFV2 monitoring and log aggregation

  D. Managed detection and response services from a third party

  Correct Answer: A

  Security Information and Event Management (SIEM) systems provide real-time analysis of security alerts generated by applications and network hardware. SIEMs are beneficial in environments where there is a mix of various solutions, as they can collect and aggregate logs from multiple sources, providing the internal security team with a centralized view and visibility into all platforms. This would best meet the objective of ensuring visibility into all platforms, regardless of the differing solutions across the company's locations.

• Question 73:

  The Chief Executive Officer of an online retailer notices a sudden drop in sales A security analyst at the retailer detects a redirection of unsecure web traffic to a competitor's site Which of the following would best prevent this type of attack?

  A. Enabling HSTS

  B. Configuring certificate pinning

  C. Enforcing DNSSEC

  D. Deploying certificate stapling

  Correct Answer: A

  HTTP Strict Transport Security (HSTS) is a web security policy mechanism that helps to protect websites against man-in-the-middle attacks such as protocol downgrade attacks and cookie hijacking. It allows web servers to declare that web browsers (or other complying user agents) should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol. Enabling HSTS would prevent attackers from redirecting users from a secure site to an unsecure or malicious one.

• Question 74:

  A security analyst has been tasked with assessing a new API. The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities. Which of the following should the analyst use to achieve this goal?

  A. Static analysis

  B. Input validation

  C. Fuzz testing

  D. Post-exploitation

  Correct Answer: C

  Fuzz testing, or fuzzing, is a software testing technique that involves providing invalid, unexpected, or random data as input to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for potential memory leaks. This type of testing can help identify security vulnerabilities that could be exploited by malicious inputs.

• Question 75:

  A security review of the architecture for an application migration was recently completed. The following observations were made:

  1.

  External inbound access is blocked.

  2.

  A large amount of storage is available.

  3.

  Memory and CPU usage are low.

  4.

  The load balancer has only a single server assigned.

  5.

  Multiple APIs are integrated.

  Which of the following needs to be addressed?

  A. Scalability

  B. Automation

  C. Availability

  D. Performance

  Correct Answer: C

  Ensuring availability typically involves having multiple servers or instances behind a load balancer to provide redundancy and failover capabilities. This approach enhances the system's resilience, ensuring that services remain available even if one server experiences issues. Therefore, to improve availability, the architecture should include additional servers or instances to handle the traffic, thus preventing downtime in case of failure.

• Question 76:

  Which of the following is a security concern for DNP3?

  A. Free-form messages require support.

  B. Available function codes are not standardized.

  C. Authentication is not allocated.

  D. It is an open source protocol.

  Correct Answer: C

  One of the known security concerns with the Distributed Network Protocol version 3 (DNP3), which is used in SCADA systems, is the lack of built-in security features, including authentication. This means that by default, it does not verify the identity of the entities communicating, making it susceptible to unauthorized access and commands.

• Question 77:

  After a cybersecurity incident, a judge found that a company did not conduct a proper forensic investigation. The company was ordered to pay penalties. Which of the following forensic steps would be best to prevent this from happening again?

  A. Evidence preservation

  B. Evidence verification

  C. Evidence collection

  D. Evidence analysis

  Correct Answer: A

  Proper forensic investigation requires that evidence is preserved in a manner that maintains its integrity and reliability. To prevent legal issues such as penalties for not conducting a proper forensic investigation, the first and most crucial step is to ensure that evidence is preserved so that it can be verified, collected, and analyzed correctly. This involves making sure that the evidence is not tampered with or altered from the time it is identified until it is presented in a legal proceeding.

• Question 78:

  A security administrator needs to implement a security solution that will

  1.

  Limit the attack surface in case of an incident

  2.

  Improve access control for external and internal network security.

  3.

  Improve performance with less congestion on network traffic

  Which of the following should the security administrator do?

  A. Integrate threat intelligence feeds into the FIM

  B. Update firewall rules to match new IP addresses in use

  C. Configure SIEM dashboards to provide alerts and visualizations

  D. Deploy DLP rules based on updated Pll formatting

  Correct Answer: B

  Updating firewall rules to match new IP addresses in use will help to limit the attack surface in case of an incident by ensuring only legitimate traffic is allowed. It can also improve access control for external and internal network security by ensuring that only authorized entities can access certain resources, and may improve network performance by reducing unnecessary traffic (less congestion).

• Question 79:

  A security engineer is trying to identify instances of a vulnerability in an internally developed line of business software. The software is hosted at the company's internal data center. Although a standard vulnerability definition does not exist, the identification and remediation results should be tracked in the company's vulnerability management system. Which of the following should the engineer use to identify this vulnerability?

  A. SIEM

  B. CASB

  C. SCAP

  D. OVAL

  Correct Answer: D

  OVAL is an international information security community standard to promote open and publicly available security content and to standardize the transfer of this information across the entire spectrum of security tools and services. It can be used to create custom definitions for vulnerabilities that are specific to the organization's internally developed software.

• Question 80:

  An multinational organization was hacked, and the incident response team's timely action prevented a major disaster Following the event, the team created an after action report. Which of the following is the primary goal of an after action review?

  A. To gather evidence for subsequent legal action

  B. To determine the identity of the attacker

  C. To identify ways to improve the response process

  D. To create a plan of action and milestones

  Correct Answer: C

  The primary goal of an after-action review (AAR) is to evaluate the response to an incident critically and identify what was done well and what could be improved. An AAR is a structured review or de-brief process for analyzing what happened, why it happened, and how it can be done better by the participants and those responsible for the project or event.