Verified CAS-004 Q&As - Pass Guarantee CAS-004 Exam Dumps [Q120-Q142]

Verified CAS-004 Q&As - Pass Guarantee CAS-004 Exam Dumps

Check the Free demo of our CAS-004 Exam Dumps with 445 Questions

CompTIA CAS-004 (CompTIA Advanced Security Practitioner (CASP+)) Certification Exam is a vendor-neutral industry certification that validates the advanced-level security skills and knowledge of experienced IT professionals. CAS-004 exam is designed for professionals who have a minimum of ten years of experience in IT administration, including at least five years of hands-on technical security experience. CompTIA Advanced Security Practitioner (CASP+) Exam certification exam covers a wide range of security topics, including risk management, enterprise security architecture, research and collaboration, and integration of network, endpoint and cloud security.

 

NEW QUESTION # 120
city government's IT director was notified by the City council that the following cybersecurity requirements must be met to be awarded a large federal grant:
+ Logs for all critical devices must be retained for 365 days to enable monitoring and threat hunting.
+ All privileged user access must be tightly controlled and tracked to mitigate compromised accounts.
+ Ransomware threats and zero-day vulnerabilities must be quickly identified.
Which of the following technologies would BEST satisfy these requirements? (Select THREE).

• A. Cloud sandbox
• B. Log aggregator
• C. NGFW
• D. Endpoint protection
• E. PAM
• F. SIEM
• G. Zero trust network access

Answer: B,E,F

Explanation:
B) Log aggregator: A log aggregator is a tool that collects, parses, and stores logs from various sources, such as devices, applications, servers, etc. A log aggregator can help meet the requirement of retaining logs for 365 days by providing a centralized and scalable storage solution1 .
D) PAM: PAM stands for privileged access management. It is a technology that controls and monitors the access of privileged users (such as administrators) to critical systems and data. PAM can help meet the requirement of controlling and tracking privileged user access by enforcing policies such as least privilege, multifactor authentication, password rotation, session recording, etc. .
F) SIEM: SIEM stands for security information and event management. It is a technology that analyzes and correlates logs from various sources to detect and respond to security incidents. SIEM can help meet the requirement of identifying ransomware threats and zero-day vulnerabilities by providing real-time alerts, threat intelligence feeds, incident response workflows, etc. .

NEW QUESTION # 121
Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

• A. Malicious installation of an application; change the MDM configuration to remove application ID 1220.
• B. Falsified status reporting; remotely wipe the device.
• C. Impossible travel; disable the device's account and access while investigating.
• D. Resource leak; recover the device for analysis and clean up the local storage.

Answer: C

Explanation:
The device event logs show that the device was in two different locations (New York and London) within a short time span (one hour), which indicates impossible travel. This could be a sign of a compromised device or account. The best response action is to disable the device's account and access while investigating the incident. Malicious installation of an application is not evident from the logs, nor is resource leak or falsified status reporting. Verified Reference: https://www.comptia.org/blog/what-is-impossible-travel https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION # 122
A security architect is advising the application team to implement the following controls in the application before it is released:
- Least privilege
- Blocklist input validation for the following characters: \<>;, ="#+
Based on the requirements, which of the following attacks is the security architect trying to prevent?

• A. CSRF
• B. XML injection
• C. XSS
• D. LDAP injection

Answer: C

NEW QUESTION # 123
Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?

• A. RTO
• B. SLA
• C. BCP
• D. BCM
• E. BIA

Answer: C

Explanation:
A Business Continuity Plan (BCP) is a set of policies and procedures that outline how an organization should respond to and recover from disruptions [1]. It is designed to ensure that critical operations and services can be quickly restored and maintained, and should include steps to identify risks, develop plans to mitigate those risks, and detail the procedures to be followed in the event of a disruption. Resources:
CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 4: "Business Continuity Planning," Wiley,
2018. https://www.wiley.com/en-us/CompTIA+Advanced+Security+Practitioner+CASP%2B+Study+Guide%2C

NEW QUESTION # 124
A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

• A. Unavailable of key escrow
• B. Removal of user authentication requirements
• C. Increased network latency
• D. Inability to selected AES-256 encryption

Answer: C

NEW QUESTION # 125
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

• A. 0
• B. 1
• C. 2
• D. 3

Answer: B

NEW QUESTION # 126
A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high- latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.
Which of the following techniques would be BEST suited for this requirement?

• A. Deploy SOAR utilities and runbooks.
• B. Provide the contractors with direct access to satellite telemetry data.
• C. Reduce link latency on the affected ground and satellite segments.
• D. Replace the associated hardware.

Answer: A

Explanation:
Since the questions says that "ISP wants to *automate*", and SOAR helps with that.
SOAR stands for security orchestration, automation, and response. SOAR seeks to alleviate the strain on IT teams by incorporating automated responses to a variety of events. A SOAR system can also be programmed to custom-fit an organization's needs. This gives teams the ability to decide how SOAR can accomplish high-level objectives, such as saving time, reducing the number of IT staff, or freeing up current staff to engage in creative projects.

NEW QUESTION # 127
Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

• A. laaS
• B. PaaS
• C. FaaS
• D. SaaS

Answer: B

Explanation:
With the PAAS the responsibility is shared where the CSP would manage the underlying OS and the customer would manage the software that is running on top of the OS.

NEW QUESTION # 128
An organization requires a contractual document that includes
* An overview of what is covered
* Goals and objectives
* Performance metrics for each party
* A review of how the agreement is managed by all parties
Which of the following BEST describes this type of contractual document?

• A. ISA
• B. SLA
• C. NDA
• D. BAA

Answer: B

Explanation:
A Service Level Agreement is a contract between a service provider and a customer that outlines the level of services to be provided, the metrics by which those services will be measured, and how the agreement will be managed by both parties. SLAs also include provisions for dispute resolution and for the termination of the agreement.
Reference: CompTIA Advanced Security Practitioner (CASP+) Study Guide: Chapter 5: Security Testing, Section 5.7: Service Level Agreements.

NEW QUESTION # 129
A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are:
The Chief marketing officer (CMO) email is being used department wide as the username
The password has been shared within the department
Which of the following controls would be BEST for the analyst to recommend?

• A. Ensue the password being shared is sufficiently and not written down anywhere.
• B. Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.
• C. Configure MFA for all users to decrease their reliance on other authentication.
• D. Create multiple social media accounts for all marketing user to separate their actions.

Answer: C

NEW QUESTION # 130
A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.
Which of the following should be the analyst's FIRST action?

• A. Create a full inventory of information and data assets.
• B. Determine which security compliance standards should be followed.
• C. Perform a full system penetration test to determine the vulnerabilities.
• D. Ascertain the impact of an attack on the availability of crucial resources.

Answer: A

Explanation:
You might and probably would do a vulnerability assessment with multiple security compliance standards in mind. But to do it you first need an inventory.

NEW QUESTION # 131
During an incident, an employee's web traffic was redirected to a malicious domain. The workstation was compromised, and the attacker was able to modify sensitive data from the company file server. Which of the following solutions would have BEST prevented the initial compromise from happening? (Choose two.)

• A. Segmentation
• B. DLP
• C. FIM
• D. Web proxy
• E. Firewall
• F. DNSSEC

Answer: D,F

NEW QUESTION # 132
The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements:
* Monitors traffic to and from both local NAS and cloud-based file repositories
* Prevents on-site staff who are accessing sensitive customer Pll documents on file repositories from accidentally or deliberately sharing sensitive documents on personal Saa$S solutions
* Uses document attributes to reduce false positives
* Is agentless and not installed on staff desktops or laptops
Which of the following when installed and configured would BEST meet the CSO's requirements? (Select TWO).

• A. UTM
• B. NGFW
• C. UEBA
• D. DLP
• E. CASB
• F. HIPS

Answer: D,E

Explanation:
Explanation
DLP, or data loss prevention, and CASB, or cloud access security broker, are the solutions that when installed and configured would best meet the CSO's requirements. DLP is a technology that monitors and prevents unauthorized or accidental data leakage or exfiltration from an organization's network or devices. DLP can use document attributes, such as metadata, keywords, or fingerprints, to identify and classify sensitive data and enforce policies on how they can be accessed, transferred, or shared. CASB is a technology that acts as a proxy or intermediary between an organization's cloud services and its users. CASB can provide visibility, compliance, threat protection, and data security for cloud-based applications and data. CASB can also prevent on-site staff from accessing personal SaaS solutions that are not authorized by the organization.
References: [CompTIA CASP+ Study Guide, Second Edition, pages 281-282 and 424-425]

NEW QUESTION # 133
A security architect is tasked with securing a new cloud-based videoconferencing and collaboration platform to support a new distributed workforce. The security architect's key objectives are to:
* Maintain customer trust
* Minimize data leakage
* Ensure non-repudiation
Which of the following would be the BEST set of recommendations from the security architect?

• A. Enable end-to-end encryption, disable video recording, and disable file exchange.
• B. Enable the user authentication requirement, enable end-to-end encryption, and enable waiting rooms.
• C. Disable file exchange, enable watermarking, and enable the user authentication requirement.
• D. Enable watermarking, enable the user authentication requirement, and disable video recording.

Answer: C

Explanation:
Disabling file exchange can help to minimize data leakage by preventing users from sharing sensitive documents or data through the videoconferencing platform. Enabling watermarking can help to maintain customer trust and ensure non-repudiation by adding a visible or invisible mark to the video stream that identifies the source or owner of the content. Enabling the user authentication requirement can help to secure the videoconferencing sessions by verifying the identity of the participants and preventing unauthorized access. Verified References:
https://www.rev.com/blog/marketing/follow-these-7-video-conferencing-security-best-practices
https://www.paloaltonetworks.com/blog/2020/04/network-video-conferencing-security/
https://www.megameeting.com/news/best-practices-secure-video-conferencing/

NEW QUESTION # 134
A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:
* Mobile clients should verify the identity of all social media servers locally.
* Social media servers should improve TLS performance of their certificate status
* Social media servers should inform the client to only use HTTPS.
Given the above requirements, which of the following should the company implement? (Select TWO).

• A. OCSP stapling
• B. CRL
• C. Private CA
• D. HSTS
• E. Quick UDP internet connection
• F. Distributed object model
• G. DNSSEC

Answer: A,D

Explanation:
The company should implement OCSP stapling and HSTS to improve TLS performance and enforce HTTPS. OCSP stapling is a technique that allows a server to provide a signed proof of the validity of its certificate along with the TLS handshake, instead of relying on the client to contact the certificate authority (CA) for verification. This can reduce the latency and bandwidth of the TLS handshake, as well as improve the privacy and security of the certificate status. HSTS stands for HTTP Strict Transport Security, which is a mechanism that instructs browsers to only use HTTPS when connecting to a website, and to reject any unencrypted or invalid connections. This can prevent downgrade attacks, man-in-the-middle attacks, and mixed content errors, as well as improve the performance of HTTPS connections by avoiding unnecessary redirects. Verified Reference:
https://www.techtarget.com/searchsecurity/definition/OCSP-stapling
https://www.techtarget.com/searchsecurity/definition/HTTP-Strict-Transport-Security
https://www.cloudflare.com/learning/ssl/what-is-hsts/

NEW QUESTION # 135
An organization's existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently, the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.
Which of the following designs would be BEST for the CISO to use?

• A. Using Base64 encoding within the existing site-to-site VPN connections
• B. Implementing IDS services with each VPN concentrator
• C. Transitioning to a container-based architecture for site-based services
• D. Adding a second redundant layer of alternate vendor VPN concentrators
• E. Distributing security resources across VPN sites

Answer: D

Explanation:
Explanation
If on VPN concentrator goes down due to a zero day threat, having a redundant VPN concentrator of a different vendor should keep you going.

NEW QUESTION # 136
A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

• A. CAPTCHA
• B. Input validation
• C. Data encoding
• D. Network intrusion prevention

Answer: B

NEW QUESTION # 137
The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold. Which of the following actions should the organization take to comply with the request?

• A. Block communication with the customer while litigation is ongoing
• B. Request that all users do not delete any files
• C. Preserve all communication matching the requested search terms
• D. Require employees to be trained on legal record holds

Answer: C

Explanation:
When a legal records hold is issued, the organization is required to preserve all documents and communications that may relate to the litigation. This includes emails, files, and any other form of communication that contains the requested search terms. It is a process of ensuring that this information is not deleted, altered, or otherwise tampered with.

NEW QUESTION # 138
As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver's licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation.
Which of the following BEST describes this process?

• A. Identity proofing
• B. Deepfake
• C. Know your customer
• D. Passwordless

Answer: A

Explanation:
Reference: https://auth0.com/blog/what-is-identity-proofing-and-why-does-it-matter/

NEW QUESTION # 139
A threat hunting team receives a report about possible APT activity in the network.
Which of the following threat management frameworks should the team implement?

• A. The Cyber Kill Chain
• B. MITRE ATT&CK
• C. NIST SP 800-53
• D. The Diamond Model of Intrusion Analysis

Answer: B

Explanation:
Explanation
MITRE ATT&CK is a threat management framework that provides a comprehensive and detailed knowledge base of adversary tactics and techniques based on real-world observations. It can help threat hunting teams to identify, understand, and prioritize potential threats, as well as to develop effective detection and response strategies. MITRE ATT&CK covers the entire lifecycle of a cyberattack, from initial access to impact, and provides information on how to mitigate, detect, and hunt for each technique. It also includes threat actor profiles, software descriptions, and data sources that can be used for threat intelligence and analysis. Verified References:
https://attack.mitre.org/
https://resources.infosecinstitute.com/topic/top-threat-modeling-frameworks-stride-owasp-top-10-mitre-att
https://www.ibm.com/topics/threat-management

NEW QUESTION # 140
A security engineer needs to recommend a solution that will meet the following requirements:
Identify sensitive data in the provider's network
Maintain compliance with company and regulatory guidelines
Detect and respond to insider threats, privileged user threats, and compromised accounts Enforce datacentric security, such as encryption, tokenization, and access control Which of the following solutions should the security engineer recommend to address these requirements?

• A. CASB
• B. DLP
• C. SWG
• D. WAF

Answer: B

Explanation:
Explanation
DLP (data loss prevention) is a solution that can meet the following requirements: identify sensitive data in the provider's network, maintain compliance with company and regulatory guidelines, detect and respond to insider threats, privileged user threats, and compromised accounts, and enforce data-centric security, such as encryption, tokenization, and access control. DLP can monitor, classify, and protect data in motion, at rest, or in use, and prevent unauthorized disclosure or exfiltration. WAF (web application firewall) is a solution that can protect web applications from common attacks, such as SQL injection or cross-site scripting, but it does not address the requirements listed. CASB (cloud access security broker) is a solution that can enforce policies and controls for accessing cloud services and applications, but it does not address the requirements listed.
SWG (secure web gateway) is a solution that can monitor and filter web traffic to prevent malicious or unauthorized access, but it does not address the requirements listed. Verified References:
https://www.comptia.org/blog/what-is-data-loss-prevention
https://partners.comptia.org/docs/default-source/resources/casp-content-guid

NEW QUESTION # 141
A developer implement the following code snippet.

Which of the following vulnerabilities does the code snippet resolve?

• A. Information leakage
• B. SQL inject
• C. Buffer overflow
• D. Missing session limit

Answer: A

NEW QUESTION # 142
......

CompTIA CAS-004, also known as the CompTIA Advanced Security Practitioner (CASP+) exam, is a certification exam designed for experienced IT professionals who are looking to advance their careers in cybersecurity. CompTIA Advanced Security Practitioner (CASP+) Exam certification validates the knowledge and skills required to conceptualize, design, and implement complex security solutions across a variety of environments. CAS-004 exam covers a range of topics, including risk management, enterprise security architecture, research and collaboration, and integration of computing, communications, and business disciplines.

 

Get professional help from our CAS-004 Dumps PDF: https://testking.exams-boost.com/CAS-004-valid-materials.html