CompTIA CAS-004 Study Guide PDF Updated [July 2022] For Passing CompTIA CASP+ CAS-004 Exam

Regina2022-07-22T02:34:39+00:00

To all, the CompTIA CAS-004 study guide pdf of ITExamShop has been updated for passing your CompTIA Advanced Security Practitioner (CASP+) exam. Choosing the updated CompTIA CAS-004 study guide pdf is the best way to get yourself prepared for the CAS-004 CompTIA CASP+ exam confidently. You can try using ITExamShop CAS-004 study guide and start learning the latest CAS-004 exam questions and answers. With the use of ITExamShop CAS-004 exam questions, you will be fully prepared for the CompTIA Advanced Security Practitioner (CompTIA CASP+) CAS-004 exam to pass on the very first attempt.

CompTIA CASP+ Certification CAS-004 Free Demo Questions Are Below For Checking

Page 1 of 3

1. A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.

After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?

Protecting

Permissive

Enforcing

Mandatory

2. During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.

Perform ASIC password cracking on the host.

Read the /etc/passwd file to extract the usernames.

Initiate unquoted service path exploits.

Use the UNION operator to extract the database schema.

3. A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.

Which of the following commands would be the BEST to run to view only active Internet connections?

sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’

sudo netstat -nlt -p | grep “ESTABLISHED”

sudo netstat -plntu | grep -v “Foreign Address”

sudo netstat -pnut -w | column -t -s $’w’

sudo netstat -pnut | grep -P ^tcp

4. A security engineer was auditing an organization’s current software development practice and discovered that multiple open-source libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops.

Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Perform additional SAST/DAST on the open-source libraries.

Implement the SDLC security guidelines.

Track the library versions and monitor the CVE website for related vulnerabilities.

Perform unit testing of the open-source libraries.

5. A vulnerability analyst identified a zero-day vulnerability in a company’s internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.

Which of the following would be BEST suited to meet these requirements?

ARF

ISACs

Node.js

OVAL

6. A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Execute never

No-execute

Total memory encryption

Virtual memory encryption

7. A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

8. Which of the following is a benefit of using steganalysis techniques in forensic response?

Breaking a symmetric cipher used in secure voice communications

Determining the frequency of unique attacks against DRM-protected media

Maintaining chain of custody for acquired evidence

Identifying least significant bit encoding of data in a .wav file

9. A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

Utilize code signing by a trusted third party.

Implement certificate-based authentication.

Verify MD5 hashes.

Compress the program with a password.

Encrypt with 3DE

Make the DACL read-only.

10. A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.

Which of the following is a security concern that will MOST likely need to be addressed during migration?

Latency

Data exposure

Data loss

Data dispersion

Page 2 of 3

11. A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

0.5

36,500

12. During a remodel, a company’s computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.

Which of the following processes would BEST satisfy this requirement?

Monitor camera footage corresponding to a valid access request.

Require both security and management to open the door.

Require department managers to review denied-access requests.

Issue new entry badges on a weekly basis.

13. Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

Which of the following would be the BEST option to implement?

Distributed connection allocation

Local caching

Content delivery network

SD-WAN vertical heterogeneity

14. Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Lattice-based cryptography

Quantum computing

Asymmetric cryptography

Homomorphic encryption

15. A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

Create a full inventory of information and data assets.

Ascertain the impact of an attack on the availability of crucial resources.

Determine which security compliance standards should be followed.

Perform a full system penetration test to determine the vulnerabilities.

16. A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

A trusted platform module

A hardware security module

A localized key store

A public key infrastructure

17. Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the requirements?

Reverse proxy, stateful firewalls, and VPNs at the local sites

IDSs, WAFs, and forward proxy IDS

DoS protection at the hub site, mutual certificate authentication, and cloud proxy

IPSs at the hub, Layer 4 firewalls, and DLP

18. A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.

Which of the following will MOST likely secure the data on the lost device?

Require a VPN to be active to access company data.

Set up different profiles based on the person’s risk.

Remotely wipe the device.

Require MFA to access company applications.

19. Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Malicious installation of an application; change the MDM configuration to remove application ID 1220.

Resource leak; recover the device for analysis and clean up the local storage.

Impossible travel; disable the device’s account and access while investigating.

Falsified status reporting; remotely wipe the device.

20. An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.

Which of the following describes the administrator’s discovery?

A vulnerability

A threat

A breach

A risk

Page 3 of 3

21. A company hired a third party to develop software as part of its strategy to be quicker to market.

The company’s policy outlines the following requirements:

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

TPM

Local secure password file

MFA

Key vault

22. A security analyst discovered that the company’s WAF was not properly configured.

The main web server was breached, and the following payload was found in one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

CAPTCHA

Input validation

Data encoding

Network intrusion prevention

23. While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

Pay the ransom within 48 hours.

Isolate the servers to prevent the spread.

Notify law enforcement.

Request that the affected servers be restored immediately.

24. A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

25. A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

The technician will define this threat as:

a decrypting RSA using obsolete and weakened encryption attack.

a zero-day attack.

an advanced persistent threat.

an on-path attack.

26. A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

SDLC

OVAL

IEEE

OWASP

Welcome To Choose Required IT Certification Exams Online

CompTIA CAS-004 Study Guide PDF Updated [July 2022] For Passing CompTIA CASP+ CAS-004 Exam

CompTIA CASP+ Certification CAS-004 Free Demo Questions Are Below For Checking

Author