Practice Free CAS-004 Exam Online Questions
A security engineer needs 10 implement a CASB to secure employee user web traffic. A Key requirement is mat relevant event data must be collected from existing on-premises infrastructure components and consumed by me CASB to expand traffic visibility. The solution must be nighty resilient to network outages.
Which of the following architectural components would BEST meet these requirements?
- A . Log collection
- B . Reverse proxy
- C . AWAF
- D . API mode
An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications.
The security team has concerns about the following:
Unstructured data being exfiltrated after an employee leaves the organization
Data being exfiltrated as a result of compromised credentials
Sensitive information in emails being exfiltrated
Which of the following solutions should the security team implement to mitigate the risk of data loss?
- A . Mobile device management, remote wipe, and data loss detection
- B . Conditional access, DoH, and full disk encryption
- C . Mobile application management, MFA, and DRM
- D . Certificates, DLP, and geofencing
C
Explanation:
Mobile application management (MAM) is a solution that allows the organization to control and secure the approved collaboration applications and the data within them on personal devices. MAM can prevent unstructured data from being exfiltrated by restricting the ability to move, copy, or share data between applications. Multi-factor authentication (MFA) is a solution that requires the user to provide more than one piece of evidence to prove their identity when accessing corporate data. MFA can prevent data from being exfiltrated as a result of compromised credentials by adding an extra layer of security. Digital rights management (DRM) is a solution that protects the intellectual property rights of digital content by enforcing policies and permissions on how the content can be used, accessed, or distributed. DRM can prevent sensitive information in emails from being exfiltrated by encrypting the content and limiting the actions that can be performed on it, such as forwarding, printing, or copying.
Verified Reference:
https://www.manageengine.com/data-security/what-is/byod.html
https://www.cimcor.com/blog/7-scariest-byod-security-risks-how-to-mitigate
A security analyst is assessing a new application written in Java. The security analyst must determine which vulnerabilities exist during runtime.
Which of the following would provide the most exhaustive list of vulnerabilities while meeting the objective?
- A . Input validation
- B . Dynamic analysis
- C . Side-channel analysis
- D . Fuzz testing
- E . Static analysis
B
Explanation:
Step by Step
Dynamic analysis involves testing the application while it is running to identify vulnerabilities present during execution, providing the most exhaustive runtime vulnerability detection.
Input validation is a specific security control, not a method for exhaustive testing. Side-channel analysis examines unintended information leakage but does not comprehensively assess runtime vulnerabilities.
Fuzz testing is a specific technique within dynamic analysis but does not ensure exhaustive coverage. Static analysis examines code without execution, missing runtime-specific vulnerabilities.
Reference: CASP+ Exam Objectives 2.4 C Analyze application vulnerabilities using dynamic testing techniques.
Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.
Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?
- A . Drive wiping
- B . Degaussing
- C . Purging
- D . Physical destruction
B
Explanation:
Reference: https://securis.com/data-destruction/degaussing-as-a-service/
A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process.
Which of the following presents the most risk to the development life cycle and lo the ability to deliver the security tool on time?
- A . Deep learning language barriers
- B . Big Data processing required for maturity
- C . Secure, multiparty computation requirements
- D . Computing capabilities available to the developer
B
Explanation:
The most significant risk to the development of a machine-learning-based threat detection tool is the Big Data processing required for maturity. Machine learning models often require large datasets to train effectively, and processing and analyzing this data can be time-consuming and resource-intensive. This can delay the development timeline, especially in a rapid CI/CD pipeline environment where timely delivery is crucial. CASP+ highlights the challenges associated with machine learning
and Big Data in security tool development, particularly the resource demands and the need for extensive data to ensure accuracy and maturity.
Reference: CASP+ CAS-004 Exam Objectives: Domain 2.0 C Enterprise Security Operations (Big Data and Machine Learning Challenges)
CompTIA CASP+ Study Guide: Implementing and Managing Machine Learning in Security Environments
A security manager has written an incident response playbook for insider attacks and is ready to begin testing it.
Which of the following should the manager conduct to test the playbook?
- A . Automated vulnerability scanning
- B . Centralized logging, data analytics, and visualization
- C . Threat hunting
- D . Threat emulation
D
Explanation:
Threat emulation is the method that should be used to test an incident response playbook for insider attacks. Threat emulation is a technique that simulates real-world attacks using realistic scenarios, tactics, techniques, and procedures (TTPs) of threat actors. Threat emulation can help evaluate the effectiveness of an incident response plan by testing how well it can detect, respond to, contain, eradicate, recover from, and learn from an attack.
Reference: [CompTIA CASP+ Study Guide, Second Edition, page 461]
A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP.
Block is an except of output from the troubleshooting session:
Which of the following BEST explains why secure LDAP is not working? (Select TWO.)
- A . The clients may not trust idapt by default.
- B . The secure LDAP service is not started, so no connections can be made.
- C . Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.
- D . Secure LDAP should be running on UDP rather than TCP.
- E . The company is using the wrong port. It should be using port 389 for secure LDAP.
- F . Secure LDAP does not support wildcard certificates.
- G . The clients may not trust Chicago by default.
A,F
Explanation:
The clients may not trust idapt by default because it is a self-signed certificate authority that is not in the trusted root store of the clients. Secure LDAP does not support wildcard certificates because they do not match the fully qualified domain name of the server.
Verified Reference:
https://www.professormesser.com/security-plus/sy0-401/ldap-and-secure-ldap/, https://www.comptia.org/training/books/casp-cas-004-study-guide
An internal security assessor identified large gaps in a company’s IT asset inventory system during a monthly asset review. The assessor is aware of an external audit that is underway. In an effort to avoid external findings, the assessor chooses not to report the gaps in the inventory system.
Which of the following legal considerations is the assessor directly violating?
- A . Due care
- B . Due diligence
- C . Due process
- D . Due notice
A
Explanation:
Due care refers to the effort made by an ordinarily prudent or reasonable party to avoid harm to another party. By not reporting the gaps in the inventory system, the assessor is neglecting their responsibility and not exercising the due care that is expected of them, which could lead to legal ramifications for non-compliance or other security breaches.
A cyberanalyst for a government agency is concerned about how Pll is protected A supervisor indicates that a Privacy Impact Assessment must be done.
Which of the following describes a function of a Privacy Impact Assessment?
- A . To validate the project participants
- B . To identify the network ports
- C . To document residual risks
- D . To evaluate threat acceptance
C
Explanation:
A Privacy Impact Assessment (PIA) is a process used to evaluate and manage privacy risks associated with the collection, use, and storage of personally identifiable information (PII). One of the key functions of a PIA is to document residual risks, which are the privacy risks that remain after controls have been applied. By identifying and documenting these risks, organizations can make informed decisions about whether additional measures are needed or whether certain risks are acceptable.
An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:
Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?
- A . Password cracker
- B . Port scanner
- C . Account enumerator
- D . Exploitation framework