Practice Free CAS-004 Exam Online Questions
A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private.
Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?
- A . MD5-based envelope method
- B . HMAC SHA256
- C . PBKDF2
- D . PGP
B
Explanation:
The company should use HMAC SHA256 as a cryptographic technique to ensure that packets received between two parties have not been tampered with and the connection remains private. HMAC stands for hash-based message authentication code, which is a method of generating a message authentication code using a cryptographic hash function and a secret key. HMAC can provide both integrity and authenticity of the packets, as well as resistance to replay attacks. SHA256 is a specific hash function that produces a 256-bit output. SHA256 is considered secure and widely used in various cryptographic applications.
Verified Reference:
https://www.ericsson.com/en/blog/2021/7/cryptography-and-privacy-protecting-private-data
https://www.mdpi.com/journal/cryptography/special_issues/Preserve_Enhance_Privacy
https://link.springer.com/article/10.1007/s11432-021-3393-x
A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.
Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?
- A . Execute never
- B . No-execute
- C . Total memory encryption
- D . Virtual memory encryption
A
Explanation:
Execute never is a technology that can be enabled on the ARM architecture to prevent malware from inserting itself in another process memory location and executing code. Execute never is a feature that allows each memory region to be tagged as not containing executable code by setting the execute never (XN) bit in the translation table entry. If the XN bit is set to 1, then any attempt to execute an instruction in that region results in a permission fault. If the XN bit is cleared to 0, then code can execute from that memory region. Execute never also prevents speculative instruction fetches from memory regions that are marked as non-executable, which can avoid undesirable side-effects or vulnerabilities. By enabling execute never, the developer can protect the process memory from being hijacked by malware.
Verified Reference:
https://developer.arm.com/documentation/ddi0360/f/memory-management-unit/memory-access-control/execute-never-bits
https://developer.arm.com/documentation/den0013/d/The-Memory-Management-Unit/Memory-attributes/Execute-Never
https://developer.arm.com/documentation/ddi0406/c/System-Level-Architecture/Virtual-Memory-System-ArchitectureCVMSA-/Memory-access-control/Execute-never-restrictions-on-instruction-fetching
A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.
Which of the following techniques would BEST support this?
- A . Configuring systemd services to run automatically at startup
- B . Creating a backdoor
- C . Exploiting an arbitrary code execution exploit
- D . Moving laterally to a more authoritative server/service
A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites.
Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?
- A . ocsp
- B . CRL
- C . SAN
- D . CA
C
Explanation:
The administrator should use SAN certificates to support multiple domain names while minimizing the amount of certificates needed. SAN stands for Subject Alternative Name, which is an extension of a certificate that allows it to include multiple fully-qualified domain names (FQDNs) within the same certificate. For example, a SAN certificate can secure www.example.com, www.example.net, and mail.example.org with one certificate. SAN certificates can reduce the cost and complexity of managing multiple certificates for different domains. SAN certificates can also support wildcard domains, such as *.example.com, which can cover any subdomain under that domain.
Verified Reference:
https://www.techtarget.com/searchsecurity/definition/Subject-Alternative-Name
https://www.techtarget.com/searchsecurity/definition/wildcard-certificate
https://www.nexcess.net/help/what-is-a-multi-domain-ssl-certificate/
A company’s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling.
Which of the following is the MOST likely explanation? (Select TWO.)
- A . Outdated escalation attack
- B . Privilege escalation attack
- C . VPN on the mobile device
- D . Unrestricted email administrator accounts
- E . Chief use of UDP protocols
- F . Disabled GPS on mobile devices
A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.
Which of the following commands would be the BEST to run to view only active Internet connections?
- A . sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’
- B . sudo netstat -nlt -p | grep “ESTABLISHED”
- C . sudo netstat -plntu | grep -v “Foreign Address”
- D . sudo netstat -pnut -w | column -t -s $’w’
- E . sudo netstat -pnut | grep -P ^tcp
E
Explanation:
Reference: https://www.codegrepper.com/code-examples/shell/netstat+find+port
The netstat command is a tool that displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. The command has various options that can modify its output.
The options used in the correct answer are:
p: Show the PID and name of the program to which each socket belongs.
n: Show numerical addresses instead of trying to determine symbolic host, port or user names.
u: Show only UDP connections.
t: Show only TCP connections.
The grep command is a tool that searches for a pattern in a file or input.
The option used in the correct answer is:
P: Interpret the pattern as a Perl-compatible regular expression (PCRE).
The pattern used in the correct answer is ^tcp, which means any line that starts with tcp. This will filter out any UDP connections from the output.
The sudo command is a tool that allows a user to run programs with the security privileges of another user (usually the superuser or root). This is necessary to run the netstat command with the – p option, which requires root privileges.
The correct answer will show only active TCP connections with numerical addresses and program names, which can be considered as active Internet connections. The other answers will either show different types of connections (such as listening or local), use different options that are not relevant (such as -a, -l, -w, or -s), or use different commands that are not useful (such as awk or column).
Reference:
https://man7.org/linux/man-pages/man8/netstat.8.html
https://man7.org/linux/man-pages/man1/grep.1.html https://man7.org/linux/man-pages/man8/sudo.8.html
A third-party organization has implemented a system that allows it to analyze customers’ data and deliver analysis results without being able to see the raw data.
Which of the following is the organization implementing?
- A . Asynchronous keys
- B . Homomorphic encryption
- C . Data lake
- D . Machine learning
B
Explanation:
The organization is implementing homomorphic encryption. Homomorphic encryption is a type of encryption that allows computations to be performed on encrypted data without decrypting it first.
This means that the organization can analyze the customers’ data and deliver analysis results without being able to see the raw data, preserving the privacy and confidentiality of the customers.
Homomorphic encryption can enable various applications, such as cloud computing, machine learning, and data analytics, that require processing sensitive data without compromising security.
Verified
Reference:
https://www.techtarget.com/searchsecurity/definition/homomorphic-encryption
https://learn.microsoft.com/en-us/azure/security/fundamentals/encryption-at-rest
https://www.ibm.com/topics/homomorphic-encryption
A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.
Which of the following would satisfy the requirement?
- A . NIDS
- B . NIPS
- C . WAF
- D . Reverse proxy
A
Explanation:
Reference:
https://subscription.packtpub.com/book/networking-and-servers/9781782174905/5/ch05lvl1sec38/differentiating-between-nids-and-nips
https://owasp.org/www-community/controls/Intrusion_Detection
A NIDS (Network Intrusion Detection System) is a security solution that monitors network traffic for signs of malicious activity, such as attacks, intrusions, or policy violations. A NIDS does not affect the availability of the company’s services because it operates in passive mode, which means it does not block or modify traffic. Instead, it alerts the network administrator or other security tools when it detects an anomaly or threat.
Reference:
https://www.cisco.com/c/en/us/products/security/what-is-network-intrusion-detection-system.html
https://www.imperva.com/learn/application-security/network-intrusion-detection-system-nids/
A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities.
Which of the following would be the first step in reducing the attack surface in this environment?
- A . Utilizing hardening recommendations
- B . Deploying IPS/IDS throughout the environment
- C . Installing and updating antivirus
- D . Installing all available patches
A
Explanation:
The first step in reducing the attack surface of vulnerable, end-of-support systems is to apply hardening recommendations. Hardening involves applying security configurations, such as disabling unnecessary services, enforcing strong authentication, and tightening access controls to mitigate vulnerabilities on systems that can no longer receive patches or support. While patching and deploying security tools like IPS/IDS and antivirus are important, hardening addresses the fundamental weakness of these legacy systems by reducing their exposure to threats. CASP+ recommends hardening as a crucial measure in environments where patching or upgrading may not be feasible, particularly for unsupported systems.
Reference: CASP+ CAS-004 Exam Objectives: Domain 2.0 C Enterprise Security Operations (System Hardening)
CompTIA CASP+ Study Guide: System Hardening for End-of-Life Systems
A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application.
Which of the following tools should the analyst use NEXT?
- A . Software Decomplier
- B . Network enurrerator
- C . Log reduction and analysis tool
- D . Static code analysis