Practice Free CAS-004 Exam Online Questions
In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:
- A . cloud-native applications.
- B . containerization.
- C . serverless configurations.
- D . software-defined netWorking.
- E . secure access service edge.
D
Explanation:
Defining ACLs in a CSP relies on software-defined networking. Software-defined networking (SDN) is a network architecture that decouples the control plane from the data plane, allowing for centralized and programmable network management. SDN can enable dynamic and flexible network configuration and optimization, as well as improved security and performance. In a CSP, SDN can be used to define ACLs that can apply to virtual networks, subnets, or interfaces, regardless of the physical infrastructure. SDN can also allow for granular and consistent ACL enforcement across different cloud services and regions.
Verified Reference:
https://www.techtarget.com/searchsdn/definition/software-defined-networking-SDN
https://learn.microsoft.com/en-us/azure/architecture/guide/networking/network-security
https://www.techtarget.com/searchcloudcomputing/definition/cloud-networking
Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application.
Which of the following MOST likely needs to be done to avoid this in the future?
- A . Modify the ACLS.
- B . Review the Active Directory.
- C . Update the marketing department’s browser.
- D . Reconfigure the WAF.
A
Explanation:
Modifying the ACLs (access control lists) is the most likely solution to avoid the intermittent access issues with the new cloud application. ACLs are used to define permissions for different users and groups to access resources on a network. The problem may be caused by incorrect or missing ACLs for the marketing department that prevent them from accessing the cloud application or its data sources. The other options are either irrelevant or less effective for the given scenario.
A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company’s Linux servers. While the software version is no longer supported by the OSS community, the company’s Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.
Based on this agreement, this finding is BEST categorized as a:
- A . true positive.
- B . true negative.
- C . false positive.
- D . false negative.
A security engineer needs to select the architecture for a cloud database that will protect an organization’s sensitive data. The engineer has a choice between a single-tenant or a multitenant database architecture offered by a cloud vendor.
Which of the following best describes the security benefits of the single-tenant option? (Select two).
- A . Most cost-effective
- B . Ease of backup and restoration
- C . High degree of privacy
- D . Low resilience to side-channel attacks
- E . Full control and ability to customize
- F . Increased geographic diversity
C,E
Explanation:
Single-tenant architectures provide a dedicated environment for each client, which enhances data privacy since the resources are not shared with other tenants. This isolation minimizes the risk of data leakage or interference from other tenants, offering a high degree of privacy. Additionally, single-tenancy allows for full control over the database environment, including customization options tailored to specific security requirements or compliance needs, which is not always possible in a multi-tenant architecture.
An organization is establishing a new software assurance program to vet applications before they are introduced into the production environment, Unfortunately. many Of the applications are provided only as compiled binaries.
Which Of the following should the organization use to analyze these applications? (Select TWO).
- A . Regression testing
- B . SAST
- C . Third-party dependency management
- D . IDE SAST
- E . Fuzz testing
- F . IAST
A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops.
Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?
- A . Increased network latency
- B . Unavailable of key escrow
- C . Inability to selected AES-256 encryption
- D . Removal of user authentication requirements
C
Explanation:
The inability to select AES-256 encryption will most likely be a limiting factor when selecting mobile device managers for the company. AES-256 is a symmetric encryption algorithm that uses a 256-bit key to encrypt and decrypt data. It is considered one of the strongest encryption methods available and is widely used for securing sensitive data. Mobile device managers are software applications that allow administrators to remotely manage and secure mobile devices used by employees. However, not all mobile device managers may support AES-256 encryption or allow the company to enforce it as a policy on all mobile devices.
Verified Reference:
https://www.comptia.org/training/books/casp-cas-004-study-guide, https://searchmobilecomputing.techtarget.com/definition/mobile-device-management
During a review of events, a security analyst notes that several log entries from the FIM system identify changes to firewall rule sets. While coordinating a response to the FIM entries, the analyst receives alerts from the DLP system that indicate an employee is sending sensitive data to an external email address.
Which of the following would be the most relevant to review in order to gain a better understanding of whether these events are associated with an attack?
- A . Configuration management tool
- B . Intrusion prevention system
- C . Mobile device management platform
- D . Firewall access control list
- E . NetFlow logs
E
Explanation:
NetFlow logs provide visibility into network traffic patterns and volume, which can be analyzed to detect anomalies, including potential security incidents. They can be invaluable in correlating the timing and nature of network events with security incidents to better understand if there is an association.
A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.
Which of the following should the security analyst perform?
- A . Contact the security department at the business partner and alert them to the email event.
- B . Block the IP address for the business partner at the perimeter firewall.
- C . Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.
- D . Configure the email gateway to automatically quarantine all messages originating from the business partner.
A
Explanation:
The best option for the security analyst to perform is to contact the security department at the business partner and alert them to the email event. The email appears to be a phishing attempt that tries to trick the employees into revealing their login credentials by impersonating a legitimate sender. The security department at the business partner should be notified so they can investigate the source and scope of the attack and take appropriate actions to protect their systems and users.
Verified Reference:
https://www.comptia.org/training/books/casp-cas-004-study-guide, https://us-cert.cisa.gov/ncas/tips/ST04-014
A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup.
Which of the following solutions will BEST meet this requirement?
- A . Mirror the blobs at a local data center.
- B . Enable fast recovery on the storage account.
- C . Implement soft delete for blobs.
- D . Make the blob immutable.
C
Explanation:
Soft delete allows blobs to be deleted, but the data remains accessible for a period of time before it is permanently deleted. This allows the company to delete blobs as needed, while still affording enough time for the backup process to complete. After the backup process is complete, the blobs can be permanently deleted.
A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative, the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online.
Which of the following be the FIRST step taken by the team?
- A . Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.
- B . Create an SLA for each application that states when the application will come back online and distribute this information to the business units.
- C . Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.
- D . Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.