Practice Free CAS-004 Exam Online Questions
An organization has deployed a cloud-based application that provides virtual event services globally to clients. During a typical event, thousands of users access various entry pages within a short period of time. The entry pages include sponsor-related content that is relatively static and is pulled from a database. When the first major event occurs, users report poor response time on the entry pages.
Which of the following features is the most appropriate for the company to implement?
- A . Horizontal scalability
- B . Vertical scalability
- C . Containerization
- D . Static code analysis
- E . Caching
E
Explanation:
Caching is the most appropriate solution to improve response time for static content, such as sponsor-related data on the entry pages. Caching stores frequently accessed data closer to users, reducing the need to retrieve it from the database repeatedly. This results in faster load times, especially during high-traffic events. While scalability (horizontal or vertical) might address overall system performance, caching specifically targets improving the speed of accessing static content.
CASP+ emphasizes caching as a performance optimization technique for handling high-demand, static web content.
Reference: CASP+ CAS-004 Exam Objectives: Domain 3.0 C Enterprise Security Architecture (Performance Optimization and Caching)
CompTIA CASP+ Study Guide: Optimizing Web Application Performance with Caching
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.
Based on RPO requirements, which of the following recommendations should the management team make?
- A . Leave the current backup schedule intact and pay the ransom to decrypt the data.
- B . Leave the current backup schedule intact and make the human resources fileshare read-only.
- C . Increase the frequency of backups and create SIEM alerts for IOCs.
- D . Decrease the frequency of backups and pay the ransom to decrypt the data.
C
Explanation:
Increasing the frequency of backups and creating SIEM (security information and event management) alerts for IOCs (indicators of compromise) are the best recommendations that the management team can make based on RPO (recovery point objective) requirements. RPO is a metric that defines the maximum acceptable amount of data loss that can occur during a disaster recovery event. Increasing the frequency of backups can reduce the amount of data loss that can occur, as it can create more recent copies or snapshots of the data. Creating SIEM alerts for IOCs can help detect and respond to ransomware attacks, as it can collect, correlate, and analyze security events and data from various sources and generate alerts based on predefined rules or thresholds. Leaving the current backup schedule intact and paying the ransom to decrypt the data are not good recommendations, as they could result in more data loss than the RPO allows, as well as encourage more ransomware attacks or expose the company to legal or ethical issues. Leaving the current backup schedule intact and making the human resources fileshare read-only are not good recommendations, as they could result in more data loss than the RPO allows, as well as affect the normal operations or functionality of the fileshare. Decreasing the frequency of backups and paying the ransom to decrypt the data are not good recommendations, as they could result in more data loss than the RPO allows, as well as increase the risk of losing data due to less frequent backups or unreliable decryption.
Verified Reference:
https://www.comptia.org/blog/what-is-rpo
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
Which of the following BEST describes a common use case for homomorphic encryption?
- A . Processing data on a server after decrypting in order to prevent unauthorized access in transit
- B . Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing
- C . Transmitting confidential data to a CSP for processing on a large number of resources without revealing information
- D . Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users
C
Explanation:
Homomorphic encryption is a type of encryption method that allows computations to be performed on encrypted data without first decrypting it with a secret key. The results of the computations also remain encrypted and can only be decrypted by the owner of the private key. Homomorphic encryption can be used for privacy-preserving outsourced storage and computation. This means that data can be encrypted and sent to a cloud service provider (CSP) for processing, without revealing any information to the CSP or anyone else who might intercept the data. Homomorphic encryption can enable new services and applications that require processing confidential data on a large number of resources, such as machine learning, data analytics, health care, finance, and voting.
Topic 2, Exam Pool B
A company suspects a web server may have been infiltrated by a rival corporation.
The security engineer reviews the web server logs and finds the following:
The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:
Which of the following is an appropriate security control the company should implement?
- A . Restrict directory permission to read-only access.
- B . Use server-side processing to avoid XSS vulnerabilities in path input.
- C . Separate the items in the system call to prevent command injection.
- D . Parameterize a query in the path variable to prevent SQL injection.
C
Explanation:
The company using the wrong port is the most likely root cause of why secure LDAP is not working. Secure LDAP is a protocol that provides secure communication between clients and servers using LDAP (Lightweight Directory Access Protocol), which is a protocol that allows querying and modifying directory services over TCP/IP. Secure LDAP uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) to encrypt LDAP traffic and prevent unauthorized disclosure or interception.
Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure.
Which of the must occur to ensure the integrity of the image?
- A . The image must be password protected against changes.
- B . A hash value of the image must be computed.
- C . The disk containing the image must be placed in a seated container.
- D . A duplicate copy of the image must be maintained
A client is adding scope to a project.
Which of the following processes should be used when requesting updates or corrections to the client’s systems?
- A . The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.
- B . The change control board must review and approve a submission.
- C . The information system security officer provides the systems engineer with the system updates.
- D . The security engineer asks the project manager to review the updates for the client’s system.
B
Explanation:
The change control board (CCB) is a committee that consists of subject matter experts and managers who decide whether to implement proposed changes to a project. The change control board is part of the change management plan, which defines the roles and processes for managing change within a team or organization. The change control board must review and approve a submission for any change request that affects the scope, schedule, budget, quality, or risks of the project. The change control board evaluates the impact and benefits of the change request and decides whether to accept, reject, or defer it.
An administrator at a software development company would like to protect the integrity of the company’s applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA.
Which of the following is MOST likely the cause of the signature failing?
- A . The NTP server is set incorrectly for the developers
- B . The CA has included the certificate in its CRL.
- C . The certificate is set for the wrong key usage.
- D . Each application is missing a SAN or wildcard entry on the certificate
C
Explanation:
The most likely cause of the signature failing is that the certificate is set for the wrong key usage. Key usage is an extension of a certificate that defines the purpose and functionality of the public key contained in the certificate. Key usage can include digital signature, key encipherment, data encipherment, certificate signing, and others. If the certificate is set for a different key usage than digital signature, it will not be able to sign the applications properly. The administrator should check the key usage extension of the certificate and make sure it matches the intended purpose.
Verified Reference:
https://www.wintips.org/how-to-fix-windows-cannot-verify-the-digital-signature-for-this-file-error-in-windows-8-7-vista/
https://softwaretested.com/mac/how-to-fix-a-digital-signature-error-on-windows-10/
https://support.microsoft.com/en-us/office/digital-signatures-and-certificates-8186cd15-e7ac-4a16-8597-22bd163e8e96
A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.
Based on this information, the security analyst acknowledges this alert
Which of the following event classifications is MOST likely the reason for this action?
- A . True negative
- B . False negative
- C . False positive
- D . Non-automated response
C
Explanation:
The security analyst acknowledges this alert because it is a false positive. A false positive is an event classification that indicates a benign or normal activity is mistakenly flagged as malicious or suspicious by the SIEM system. A false positive can occur due to misconfigured rules, outdated signatures, or faulty algorithms. A false positive can waste the security analyst’s time and resources, so it is important to acknowledge and dismiss it after verifying that it is not a real threat.
Verified Reference:
https://www.ibm.com/topics/siem
https://www.microsoft.com/en-us/security/business/security-101/what-is-siem
https://www.splunk.com/en_us/data-insider/what-is-siem.html
An organization wants to implement an access control system based on its data classification policy that includes the following data types:
Confidential
Restricted
Internal
Public
The access control system should support SSO federation to map users into groups. Each group should only access systems that process and store data at the classification assigned to the group.
Which of the following should the organization implement to enforce its requirements with minimal impact to systems and resources?
- A . A tagging strategy in which all resources are assigned a tag based on the data classification type, and a system that enforces attribute-based access control.
- B . Role-based access control that maps data types to internal roles, which are defined in the human resources department’s source of truth system.
- C . Network microsegmentation based on data types, and a network access control system enforcing mandatory access control based on the user principal.
- D . A rule-based access control strategy enforced by the SSO system with rules managed by the internal LDAP and applied on a per-system basis.
A
Explanation:
Attribute-Based Access Control (ABAC) with a tagging strategy allows flexible and granular access control based on resource classification and user attributes. This minimizes system impact and ensures compliance with data classification policies. This aligns with CASP+ objective 3.4, focusing on advanced access control mechanisms.
A cloud security architect has been tasked with selecting the appropriate solution given the following:
* The solution must allow the lowest RTO possible.
* The solution must have the least shared responsibility possible.
« Patching should be a responsibility of the CSP.
Which of the following solutions can BEST fulfill the requirements?
- A . Paas
- B . laas
- C . Private
- D . Saas
D
Explanation:
SaaS, or software as a service, is the solution that can best fulfill the requirements of having the lowest RTO possible, the least shared responsibility possible, and patching as a responsibility of the CSP. SaaS is a cloud service model that provides users with access to software applications hosted and managed by the CSP over the internet. SaaS has the lowest RTO (recovery time objective), which is the maximum acceptable time for restoring a system or service after a disruption, because it does not require any installation, configuration, or maintenance by the users. SaaS also has the least shared responsibility possible because most of the security aspects are handled by the CSP, such as patching, updating, backup, encryption, authentication, etc.
Reference: [CompTIA CASP+ Study Guide, Second Edition, pages 403-404]