Practice Free CAS-004 Exam Online Questions
The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements:
* Monitors traffic to and from both local NAS and cloud-based file repositories
* Prevents on-site staff who are accessing sensitive customer Pll documents on file repositories from accidentally or deliberately sharing sensitive documents on personal Saa$S solutions
* Uses document attributes to reduce false positives
* Is agentless and not installed on staff desktops or laptops
Which of the following when installed and configured would BEST meet the CSO’s requirements? (Select TWO).
- A . DLP
- B . NGFW
- C . UTM
- D . UEBA
- E . CASB
- F . HIPS
A,E
Explanation:
DLP, or data loss prevention, and CASB, or cloud access security broker, are the solutions that when installed and configured would best meet the CSO’s requirements. DLP is a technology that monitors and prevents unauthorized or accidental data leakage or exfiltration from an organization’s network or devices. DLP can use document attributes, such as metadata, keywords, or fingerprints, to identify and classify sensitive data and enforce policies on how they can be accessed, transferred, or shared. CASB is a technology that acts as a proxy or intermediary between an organization’s cloud services and its users. CASB can provide visibility, compliance, threat protection, and data security for cloud-based applications and data. CASB can also prevent on-site staff from accessing personal SaaS solutions that are not authorized by the organization.
Reference: [CompTIA CASP+ Study Guide, Second Edition, pages 281-282 and 424-425]
A security architect must mitigate the risks from what is suspected to be an exposed, private cryptographic key.
Which of the following is the best step to take?
- A . Revoke the certificate.
- B . Inform all the users of the certificate.
- C . Contact the company’s Chief Information Security Officer.
- D . Disable the website using the suspected certificate.
- E . Alert the root CA.
A
Explanation:
In the context of a private cryptographic key suspected to be exposed, the best immediate action is to revoke the certificate associated with that key. Revoking the certificate ensures that it cannot be used to establish new secure sessions, which prevents attackers from using the potentially compromised key to impersonate or decrypt communications. The revocation process typically involves updating the Certificate Revocation List (CRL) or leveraging the Online Certificate Status Protocol (OCSP), both of which are used by clients to check the validity of certificates.
A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used.
Which of the following is the EDR reporting?
- A . True positive
- B . False negative
- C . False positive
- D . True negative
C
Explanation:
When an EDR (Endpoint Detection and Response) system flags legitimate software as malicious, it is a false positive. This occurs when the EDR incorrectly identifies normal, non-malicious activity as a threat. The scenario described indicates that the development software was blocked even though there were no changes to the software, which suggests a false positive by the EDR system.
A security consultant is designing an infrastructure security solution for a client company that has provided the following requirements:
• Access to critical web services at the edge must be redundant and highly available.
• Secure access services must be resilient to a proprietary zero-day vulnerability in a single component.
• Automated transition of secure access solutions must be able to be triggered by defined events or manually by security operations staff.
Which of the following solutions BEST meets these requirements?
- A . Implementation of multiple IPSec VPN solutions with diverse endpoint configurations enabling user optionality in the selection of a remote access provider
- B . Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks.
- C . Two separate secure access solutions orchestrated by SOAR with components provided by the same vendor for compatibility.
- D . Reverse TLS proxy configuration using OpenVPN/OpenSSL with scripted failover functionality that connects critical web services out to endpoint computers.
B
Explanation:
Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks is the best solution to meet the requirements. Vendor-diverse redundancy means using different vendors or technologies to provide the same service or function, which can increase the availability and resilience of the service. For example, if one vendor’s VPN solution fails due to a zero-day vulnerability, another vendor’s VPN solution can take over without affecting the users. Event response driven by playbooks means using predefined workflows or scripts to automate the actions or decisions that need to be taken in response to certain events or triggers. For example, a playbook can define how to switch between different remote access solutions based on certain criteria or conditions, such as performance, availability, security, or manual input. Playbooks can also be integrated with SOAR platforms to leverage their capabilities for orchestration, automation, and response.
Verified Reference:
https://cyware.com/security-guides/security-orchestration-automation-and-response/what-is-vendor-agnostic-security-orchestration-automation-and-response-soar-40e4
https://www.paloaltonetworks.com/cyberpedia/what-is-a-security-playbook
A company recently deployed new servers to create an additional cluster to support a new application. The corporate security policy states that all new servers must be resilient. The new cluster has a high-availability configuration for a smooth failover. The failover was successful following a recent power outage, but both clusters lost critical data, which impacted recovery time.
Which of the following needs to be configured to help ensure minimal delays when power outages occur in the future?
- A . Replication
- B . Caching
- C . Containerization
- D . Redundancy
- E . High availability
A
Explanation:
Step by Step
Replication ensures data consistency by synchronizing copies of data across clusters. This would prevent data loss during power outages.
Caching provides faster data retrieval but does not ensure data persistence.
Containerization improves deployment consistency but does not address resilience or data integrity.
Redundancy relates to additional hardware or systems but does not guarantee up-to-date data.
High availability addresses system uptime but does not prevent data loss.
Reference: CASP+ Exam Objectives 3.7 C Design systems to ensure data integrity and availability.
An ASIC manufacturer wishing to best reduce downstream supply chain risk can provide validation instructions for consumers that:
- A . Leverage physically uncloneable functions.
- B . Analyze an emplaced holographic icon on the board.
- C . Include schematics traceable via X-ray interrogation.
- D . Incorporate MD5 hashes of the ASIC design file.
A
Explanation:
Physically uncloneable functions (PUFs) are hardware-based features that leverage intrinsic physical properties of chips to create unique, non-reproducible identifiers. This reduces supply chain risks by enabling robust authentication and counterfeit prevention. This method aligns with CASP+ objective 4.3, which focuses on secure hardware design and supply chain risk management, ensuring authenticity and integrity of hardware components.
An organization’s finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data.
Which of the following commands should the analyst run to BEST determine whether financial data was lost?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
An organization’s finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.
Which of the following commands should the analyst run to BEST determine whether financial data was lost?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
Documents downloaded from websites must be scanned for malware.
Which of the following solutions should the network architect implement to meet the requirements?
- A . Reverse proxy, stateful firewalls, and VPNs at the local sites
- B . IDSs, WAFs, and forward proxy IDS
- C . DoS protection at the hub site, mutual certificate authentication, and cloud proxy
- D . IPSs at the hub, Layer 4 firewalls, and DLP
A small bank is evaluating different methods to address and resolve the following requirements
" Must be able to store credit card data using the smallest amount of data possible
• Must be compliant with PCI DSS
• Must maintain confidentiality if one piece of the layer is compromised
Which of the following is the best solution for the bank?
- A . Scrubbing
- B . Tokenization
- C . Masking
- D . Homomorphic encryption
B
Explanation:
Tokenization is the process of replacing sensitive data, like credit card numbers, with unique identification symbols (tokens) that retain all the essential information without compromising its security. This method is compliant with PCI DSS requirements as it ensures that actual credit card data is not stored or processed, thus minimizing the risk of data breaches. Tokenization also maintains confidentiality even if part of the data handling system is compromised, as the tokens do not hold any exploitable data.