Practice Free CAS-004 Exam Online Questions
A security analyst discovered that the company’s WAF was not properly configured.
The main web server was breached, and the following payload was found in one of the malicious requests:
Which of the following would BEST mitigate this vulnerability?
- A . Network intrusion prevention
- B . Data encoding
- C . Input validation
- D . CAPTCHA
A security analyst wants to keep track of alt outbound web connections from workstations. The analyst’s company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT.
Which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?
- A . X-Forwarded-Proto
- B . X-Forwarded-For
- C . Cache-Control
- D . Strict-Transport-Security
- E . Content-Security-Policy
A DNS forward lookup zone named complia.org must:
• Ensure the DNS is protected from on-path attacks.
• Ensure zone transfers use mutual authentication and are authenticated and negotiated.
Which of the following should the security architect configure to meet these requirements? (Select two).
- A . Public keys
- B . Conditional forwarders
- C . Root hints
- D . DNSSEC
- E . CNAME records
- F . SRV records
A,D
Explanation:
To protect DNS from on-path attacks and ensure that zone transfers are mutually authenticated and secure, the security architect should configure DNSSEC and Public keys. DNSSEC (Domain Name System Security Extensions) provides protection against DNS spoofing by digitally signing DNS data to ensure its integrity. Public keys are crucial for mutual authentication during zone transfers, ensuring that only authorized parties can exchange DNS zone data. Together, these options help meet both the requirements of securing DNS queries and authenticating zone transfers with cryptographic integrity.
Reference: CASP+ CAS-004 Exam Objectives: Domain 3.0 C Enterprise Security Architecture (DNS Security)
CompTIA CASP+ Study Guide: DNSSEC Implementation and Use of Public Keys
An organization does not have visibility into when company-owned assets are off network or not connected via a VPN. The lack of visibility prevents the organization from meeting security and operational objectives.
Which of the following cloud-hosted solutions should the organization implement to help mitigate the risk?
- A . Antivirus
- B . UEBA
- C . EDR
- D . HIDS
C
Explanation:
Endpoint Detection and Response (EDR) solutions provide continuous monitoring and response to advanced threats. They can help mitigate the risk of not having visibility into off-network activities by detecting, investigating, and responding to suspicious activities on endpoints, regardless of their location.
An organization performed a risk assessment and discovered that less than 50% of its employees have been completing security awareness training.
Which of the following should the Chief Information Security Officer highlight as an area of Increased vulnerability in a report to the management team?
- A . Social engineering
- B . Third-party compromise
- C . APT targeting
- D . Pivoting
A
Explanation:
The Chief Information Security Officer (CISO) should highlight social engineering as an area of increased vulnerability due to the lack of completion of security awareness training by employees.
Social engineering attacks exploit human behavior, and employees who are not adequately trained are more likely to fall victim to phishing, pretexting, and other types of social engineering tactics.
Increasing awareness and training helps employees recognize and respond appropriately to these threats.
Reference: CompTIA CASP+ CAS-004 Exam Objectives: Section 4.3: Understand how to conduct risk management activities.
CompTIA CASP+ Study Guide, Chapter 9: Risk Management and Incident Response.
After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use.
Which of the following should the analyst create to address future incidents?
- A . Root cause analysis
- B . Communication plan
- C . Runbook
- D . Lessons learned
C
Explanation:
A runbook is a detailed guide that provides step-by-step instructions on how to respond to specific types of incidents. It is used by the SOC team to ensure a consistent, organized, and efficient response to incidents. In this case, after the incident investigation, creating a runbook would help standardize the response process for future security incidents, enabling the team to act quickly and effectively. CASP+ emphasizes the importance of having detailed runbooks for incident response as part of an organization’s overall incident response strategy.
Reference: CASP+ CAS-004 Exam Objectives: Domain 2.0 C Enterprise Security Operations (Incident Response and Runbooks)
CompTIA CASP+ Study Guide: Incident Response Procedures and Runbooks
Users are reporting intermittent access issues with & new cloud application that was recently added to the network. Upon investigation, he scary administrator notices the human resources department Is able to run required queries with the new application, but the marketing department is unable to pull any needed reports on various resources using the new application.
Which of the following MOST likely needs to be done to avoid this in the future?
- A . Modify the ACLs.
- B . Review the Active Directory.
- C . Update the marketing department’s browser.
- D . Reconfigure the WAF.
A
Explanation:
Modifying the ACLs (access control lists) is the most likely solution to avoid the intermittent access issues with the new cloud application. ACLs are used to define permissions for different users and groups to access resources on a network. The problem may be caused by incorrect or missing ACLs for the marketing department that prevent them from accessing the cloud application or its data sources. The other options are either irrelevant or less effective for the given scenario
An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.
Which of the following describes the administrator’s discovery?
- A . A vulnerability
- B . A threat
- C . A breach
- D . A risk
A
Explanation:
Reference: https://www.beyondtrust.com/blog/entry/privilege-escalation-attack-defense-explained
A mobile device hardware manufacturer receives the following requirements from a company that wants to produce and sell a new mobile platform:
• The platform should store biometric data.
• The platform should prevent unapproved firmware from being loaded.
• A tamper-resistant, hardware-based counter should track if unapproved firmware was loaded.
Which of the following should the hardware manufacturer implement? (Select three).
- A . ASLR
- B . NX
- C . eFuse
- D . SED
- E . SELinux
- F . Secure boot
- G . Shell restriction
- H . Secure enclave
C,F,H
Explanation:
To meet the mobile platform security requirements, the manufacturer should implement the following technologies:
eFuse: This hardware feature helps track and prevent unauthorized firmware by physically "blowing" fuses to record events, such as firmware tampering, making it impossible to revert to older, unapproved firmware.
Secure boot: This ensures that only trusted and authorized firmware can be loaded during the boot process, preventing malicious or unauthorized software from running.
Secure enclave: A secure enclave is used to store sensitive information like biometric data in a hardware-isolated environment, protecting it from tampering or unauthorized access.
These three solutions provide the tamper resistance, secure firmware validation, and protection of sensitive data required for the platform. CASP+ emphasizes the use of hardware-based security features for protecting sensitive information and enforcing secure boot processes in embedded and mobile systems.
Reference: CASP+ CAS-004 Exam Objectives: Domain 3.0 C Enterprise Security Architecture (Secure Hardware and Firmware Protection)
CompTIA CASP+ Study Guide: Hardware Security Features (eFuse, Secure Boot, Secure Enclave)
A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.
Which of the following would be BEST to proceed with the transformation?
- A . An on-premises solution as a backup
- B . A load balancer with a round-robin configuration
- C . A multicloud provider solution
- D . An active-active solution within the same tenant
C
Explanation:
A multicloud provider solution is the best option for proceeding with the digital transformation while ensuring SLA (service level agreement) requirements in the event of a CSP (cloud service provider) incident. A multicloud provider solution is a strategy that involves using multiple CSPs for different cloud services or applications, such as infrastructure, platform, or software as a service. A multicloud provider solution can provide resiliency, redundancy, and availability for cloud services or applications, as it can distribute the workload and risk across different CSPs and avoid single points of failure or vendor lock-in. An on-premises solution as a backup is not a good option for proceeding with the digital transformation, as it could involve high costs, complexity, or maintenance for maintaining both cloud and on-premises resources, as well as affect the scalability or flexibility of cloud services or applications. A load balancer with a round-robin configuration is not a good option for proceeding with the digital transformation, as it could introduce latency or performance issues for cloud services or applications, as well as not provide sufficient resiliency or redundancy in case of a CSP incident. An active-active solution within the same tenant is not a good option for proceeding with the digital transformation, as it could still be affected by a CSP incident that impacts the entire tenant or region, as well as increase the costs or complexity of managing multiple instances of cloud services or applications.
Verified Reference:
https://www.comptia.org/blog/what-is-multicloud
https://partners.comptia.org/docs/default-source/resources/casp-content-guide