CompTIA CompTIA Certifications CAS-004 Questions & Answers

• Question 81:

  A company is in the process of refreshing its entire infrastructure The company has a business-critical process running on an old 2008 Windows server If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company should take?

  A. Accept the risk as the cost of doing business

  B. Create an organizational risk register for project prioritization

  C. Calculate the ALE and conduct a cost-benefit analysis

  D. Purchase insurance to offset the cost if a failure occurred

  Correct Answer: C

  Calculating the Annual Loss Expectancy (ALE) and conducting a cost-benefit analysis is a critical part of risk management. The ALE will help the company understand the potential losses associated with the server failure per year, which can then be weighed against the cost of mitigating the risk (e.g., replacing the server or implementing redundancies). This analysis will inform the decision on the best course of action to manage the risk associated with the aging server.

• Question 82:

  A security analyst has been provided the following partial Snort IDS rule to review and add into the company's Snort IDS to identify a CVE:

  

  alert tcp any any -> $HOME_NET 3389 (flow:to_server,established; content:"MS_T120|00|"; fasc_pattern:only)

  Which of the following should the analyst recommend to mitigate this type of vulnerability?

  A. IPSec rules

  B. OS patching

  C. Two-factor authentication

  D. TCP wrappers

  Correct Answer: B

  Regular operating system patching is critical to mitigating vulnerabilities. When a Snort IDS rule is provided to identify a CVE, it typically means there is a known vulnerability that can be exploited. Keeping systems updated with the latest patches helps to close off these vulnerabilities and protect against exploitation.

• Question 83:

  A cyberanalyst for a government agency is concerned about how Pll is protected A supervisor indicates that a Privacy Impact Assessment must be done. Which of the following describes a function of a Privacy Impact Assessment?

  A. To validate the project participants

  B. To identify the network ports

  C. To document residual risks

  D. To evaluate threat acceptance

  Correct Answer: C

  A Privacy Impact Assessment (PIA) is a process used to evaluate and manage privacy risks associated with the collection, use, and storage of personally identifiable information (PII). One of the key functions of a PIA is to document residual risks, which are the privacy risks that remain after controls have been applied. By identifying and documenting these risks, organizations can make informed decisions about whether additional measures are needed or whether certain risks are acceptable.

• Question 84:

  Which of the following best describes what happens if chain of custody is broken?

  A. Tracking record details are not properly labeled.

  B. Vital evidence could be deemed inadmissible.

  C. Evidence is not exhibited in the court of law.

  D. Evidence will need to be recollected.

  Correct Answer: B

  Chain of custody is critical in legal contexts as it documents the seizure, custody, control, transfer, analysis, and disposition of evidence. If the chain of custody is broken, it means there is a possibility that the evidence could have been tampered with or compromised, which can lead to it being deemed inadmissible in court.

• Question 85:

  A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service. Which of the following AES modes should the security administrator recommend given these requirements?

  A. CTR

  B. ECB

  C. OF8

  D. GCM

  Correct Answer: D

  Galois/Counter Mode (GCM) is an AES mode of operation that provides both confidentiality and data integrity. It is well-suited for processing streams of data, making it ideal for streaming video services. GCM is known for its strong cryptographic security and good performance, which aligns with the legacy cipher's characteristics and the streaming service's requirements.

• Question 86:

  A security engineer is assessing the security controls of loT systems that are no longer supported for updates and patching. Which of the following is the best mitigation for defending these loT systems?

  A. Disable administrator accounts

  B. Enable SELinux

  C. Enforce network segmentation

  D. Assign static IP addresses

  Correct Answer: C

  Network segmentation is a method to isolate environments from one another, thus limiting the scope of a potential attack. For IoT systems that cannot be updated or patched, network segmentation is the best mitigation technique. It would contain any compromise to the segmented network and prevent it from affecting the rest of the network infrastructure.

• Question 87:

  A software development company wants to ensure that users can confirm the software is legitimate when installing it. Which of the following is the best way for the company to achieve this security objective?

  A. Code signing

  B. Non-repudiation

  C. Key escrow

  D. Private keys

  Correct Answer: A

  Code signing is the process of digitally signing executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. This provides users with the assurance that the software is legitimate and safe to install.

• Question 88:

  A small bank is evaluating different methods to address and resolve the following requirements

  1.

  Must be able to store credit card data using the smallest amount of data possible

  2.

  Must be compliant with PCI DSS

  3.

  Must maintain confidentiality if one piece of the layer is compromised

  Which of the following is the best solution for the bank?

  A. Scrubbing

  B. Tokenization

  C. Masking

  D. Homomorphic encryption

  Correct Answer: B

  Tokenization is the process of replacing sensitive data, like credit card numbers, with unique identification symbols (tokens) that retain all the essential information without compromising its security. This method is compliant with PCI DSS requirements as it ensures that actual credit card data is not stored or processed, thus minimizing the risk of data breaches. Tokenization also maintains confidentiality even if part of the data handling system is compromised, as the tokens do not hold any exploitable data.

• Question 89:

  A PKI engineer is defining certificate templates for an organization's CA and would like to ensure at least two of the possible SAN certificate extension fields populate for documentation purposes. Which of the following are explicit options within this extension? (Select two).

  A. Type

  B. Email

  C. OCSP responder

  D. Registration authority

  E. Common Name

  F. DNS name

  Correct Answer: BF

  The SAN (Subject Alternative Name) field in a certificate can include multiple types of entries, including DNS names and email addresses. These are explicit options within the SAN extension, allowing a single certificate to be valid for multiple domain names and email addresses. This is often used in multi-domain SSL certificates, where a single certificate needs to be valid for multiple subdomains or different domain names.

• Question 90:

  During a review of events, a security analyst notes that several log entries from the FIM system identify changes to firewall rule sets. While coordinating a response to the FIM entries, the analyst receives alerts from the DLP system that indicate an employee is sending sensitive data to an external email address. Which of the following would be the most relevant to review in order to gain a better understanding of whether these events are associated with an attack?

  A. Configuration management tool

  B. Intrusion prevention system

  C. Mobile device management platform

  D. Firewall access control list

  E. NetFlow logs

  Correct Answer: E

  NetFlow logs provide visibility into network traffic patterns and volume, which can be analyzed to detect anomalies, including potential security incidents. They can be invaluable in correlating the timing and nature of network events with security incidents to better understand if there is an association.