Practice Free CAS-004 Exam Online Questions
An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice.
Which of the following should the organization consider FIRST to address this requirement?
- A . Implement a change management plan to ensure systems are using the appropriate versions.
- B . Hire additional on-call staff to be deployed if an event occurs.
- C . Design an appropriate warm site for business continuity.
- D . Identify critical business processes and determine associated software and hardware requirements.
D
Explanation:
Reference: https://searchdisasterrecovery.techtarget.com/definition/warm-site
Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management. However, she still needs to collect evidence of the intrusion that caused the incident.
Which of the following should Ann use to gather the required information?
- A . Traffic interceptor log analysis
- B . Log reduction and visualization tools
- C . Proof of work analysis
- D . Ledger analysis software
An organization is designing a network architecture that must meet the following requirements:
Users will only be able to access predefined services.
Each user will have a unique allow list defined for access.
The system will construct one-to-one subject/object access paths dynamically.
Which of the following architectural designs should the organization use to meet these requirements?
- A . Peer-to-peer secure communications enabled by mobile applications
- B . Proxied application data connections enabled by API gateways
- C . Microsegmentation enabled by software-defined networking
- D . VLANs enabled by network infrastructure devices
C
Explanation:
Microsegmentation enabled by software-defined networking is an architectural design that can meet the requirements of allowing users to access only predefined services, having unique allow lists defined for each user, and constructing one-to-one subject/object access paths dynamically. Microsegmentation is a technique that divides a network into smaller segments or zones based on granular criteria, such as applications, services, users, or devices. Microsegmentation can provide fine-grained access control and isolation for network resources, preventing unauthorized or lateral movements within the network. Software-defined networking is a technology that decouples the control plane from the data plane in network devices, allowing centralized and programmable management of network functions and policies. Software-defined networking can enable microsegmentation by dynamically creating and enforcing network segments or zones based on predefined rules or policies. Peer-to-peer secure communications enabled by mobile applications is not an architectural design that can meet the requirements of allowing users to access only predefined services, having unique allow lists defined for each user, and constructing one-to-one subject/object access paths dynamically, as peer-to-peer secure communications is a technique that allows direct and encrypted communication between two or more parties without relying on a central server or intermediary. Proxied application data connections enabled by API gateways is not an architectural design that can meet the requirements of allowing users to access only predefined services, having unique allow lists defined for each user, and constructing one-to-one subject/object access paths dynamically, as proxied application data connections is a technique that allows indirect and filtered communication between applications or services through an intermediary device or service that can modify or monitor the traffic. VLANs (virtual local area networks) enabled by network infrastructure devices is not an architectural design that can meet the requirements of allowing users to access only predefined services, having unique allow lists defined for each user, and constructing one-to-one subject/object access paths dynamically, as VLANs are logical segments of a physical network that can group devices or users based on common criteria, such as function, department, or location.
Verified Reference:
https://www.comptia.org/blog/what-is-microsegmentation
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
A security engineer is reviewing Apache web server logs and has identified the following pattern in the log:
GET https://example.com/image5/../../etc/passwd HTTP/1.1 200 OK
The engineer has also reviewed IDS and firewall logs and established a correlation to an external IP
address.
Which of the following can be determined regarding the vulnerability and response?
- A . A cross-site scripting attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to REST API.
- B . A cross-site request forgery attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to HTTP POST commands.
- C . A directory traversal attack was successful at reading the /etc/passwd file, and the system should avoid passing user-supplied input to the filesystem.
- D . A brute-force authentication attempt was successful, and the system should implement salting as part of the password hashing algorithm.
C
Explanation:
A directory traversal attack exploits vulnerabilities in file path handling to access unauthorized files, as seen in this example. To mitigate, sanitize user inputs and avoid directly passing user-supplied data to the filesystem. This aligns with CASP+ objective 1.5, addressing secure input validation and mitigating common web-based vulnerabilities.
A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.
Which of the following solutions should the security architect recommend?
- A . Replace the current antivirus with an EDR solution.
- B . Remove the web proxy and install a UTM appliance.
- C . Implement a deny list feature on the endpoints.
- D . Add a firewall module on the current antivirus solution.
A
Explanation:
Replacing the current antivirus with an EDR (endpoint detection and response) solution is the best solution for addressing several service outages on the endpoints due to new malware. An EDR solution is a technology that provides advanced capabilities for detecting, analyzing, and responding to threats or incidents on endpoints, such as computers, laptops, mobile devices, or servers. An EDR solution can use behavioral analysis, machine learning, threat intelligence, or other methods to identify new or unknown malware that may evade traditional antivirus solutions. An EDR solution can also provide automated or manual remediation actions, such as isolating, blocking, or removing malware from endpoints. Removing the web proxy and installing a UTM (unified threat management) appliance is not a good solution for addressing service outages on endpoints due to new malware, as it could expose endpoints to more threats or attacks by removing a layer of protection that filters web traffic, as well as not provide sufficient detection or response capabilities for endpoint-specific malware. Implementing a deny list feature on endpoints is not a good solution for addressing service outages on endpoints due to new malware, as it could be ineffective or impractical for blocking new or unknown malware that may not be on the deny list, as well as not provide sufficient detection or response capabilities for endpoint-specific malware. Adding a firewall module on the current antivirus solution is not a good solution for addressing service outages on endpoints due to new malware, as it could introduce compatibility or performance issues for endpoints by adding an additional feature that may not be integrated or optimized with the antivirus solution, as well as not provide sufficient detection or response capabilities for endpoint-specific malware.
Verified Reference:
https://www.comptia.org/blog/what-is-edr
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.
Which of the following solutions should the security architect recommend?
- A . Replace the current antivirus with an EDR solution.
- B . Remove the web proxy and install a UTM appliance.
- C . Implement a deny list feature on the endpoints.
- D . Add a firewall module on the current antivirus solution.
A
Explanation:
Replacing the current antivirus with an EDR (endpoint detection and response) solution is the best solution for addressing several service outages on the endpoints due to new malware. An EDR solution is a technology that provides advanced capabilities for detecting, analyzing, and responding to threats or incidents on endpoints, such as computers, laptops, mobile devices, or servers. An EDR solution can use behavioral analysis, machine learning, threat intelligence, or other methods to identify new or unknown malware that may evade traditional antivirus solutions. An EDR solution can also provide automated or manual remediation actions, such as isolating, blocking, or removing malware from endpoints. Removing the web proxy and installing a UTM (unified threat management) appliance is not a good solution for addressing service outages on endpoints due to new malware, as it could expose endpoints to more threats or attacks by removing a layer of protection that filters web traffic, as well as not provide sufficient detection or response capabilities for endpoint-specific malware. Implementing a deny list feature on endpoints is not a good solution for addressing service outages on endpoints due to new malware, as it could be ineffective or impractical for blocking new or unknown malware that may not be on the deny list, as well as not provide sufficient detection or response capabilities for endpoint-specific malware. Adding a firewall module on the current antivirus solution is not a good solution for addressing service outages on endpoints due to new malware, as it could introduce compatibility or performance issues for endpoints by adding an additional feature that may not be integrated or optimized with the antivirus solution, as well as not provide sufficient detection or response capabilities for endpoint-specific malware.
Verified Reference:
https://www.comptia.org/blog/what-is-edr
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.
Which of the following should the security team recommend FIRST?
- A . Investigating a potential threat identified in logs related to the identity management system
- B . Updating the identity management system to use discretionary access control
- C . Beginning research on two-factor authentication to later introduce into the identity management system
- D . Working with procurement and creating a requirements document to select a new IAM system/vendor
Which of the following is required for an organization to meet the ISO 27018 standard?
- A . All Pll must be encrypted.
- B . All network traffic must be inspected.
- C . GDPR equivalent standards must be met
- D . COBIT equivalent standards must be met
An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities.
Which of the following service models best meets these requirements?
- A . PaaS
- B . SaaS
- C . laaS
- D . MaaS
A
Explanation:
In this scenario, the organization is looking to deploy a containerized application in the cloud and wants the infrastructure to automatically scale without handling patch management. A Platform as a Service (PaaS) model is the best fit because it allows developers to focus on the application and its deployment, while the cloud provider manages the underlying infrastructure, including patching and scaling. PaaS supports container orchestration, enabling automated scaling based on demand, and offloads most operational responsibilities to the provider. This is in contrast to Infrastructure as a Service (IaaS), which requires more direct management of the infrastructure, including patching.
CASP+ highlights PaaS as a service model that minimizes operational overhead for security operations teams.
Reference: CASP+ CAS-004 Exam Objectives: Domain 3.0 C Enterprise Security Architecture (Cloud Service Models)
CompTIA CASP+ Study Guide: Cloud Computing and PaaS Benefits
The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold.
Which of the following actions should the organization take to comply with the request?
- A . Preserve all communication matching the requested search terms
- B . Block communication with the customer while litigation is ongoing
- C . Require employees to be trained on legal record holds
- D . Request that all users do not delete any files
A
Explanation:
When a legal records hold is issued, the organization is required to preserve all documents and communications that may relate to the litigation. This includes emails, files, and any other form of communication that contains the requested search terms. It is a process of ensuring that this information is not deleted, altered, or otherwise tampered with.