New CompTIA Advanced Security Practitioner (CASP+) Exam CAS-004 Study Guide

Regina2021-12-02T08:29:09+00:00

By Regina CompTIA, CompTIA CASP+, Free Questions Online CAS-003, CAS-004, CAS-004 exam questions, CAS-004 free questions, CAS-004 study guide

New CompTIA Advanced Security Practitioner (CASP+) exam is available, currently, you can choose to pass CAS-003 or CAS-004 exam to complete the CompTIA CASP+ certification. New CAS-004 study guide provided by ITExamShop have been released, which are based on technical knowledge and skills required in actual CAS-004 exam. The team of ITExamShop have collected 128 practice exam questions and answers in new CompTIA CASP+ certification CAS-004 study guide. If deciding to choose the new CAS-004 study guide as the preparation materials, you can donwload the pdf file to learn all the actual CAS-004 exam questions and precise answers. Our experts ensure that you can pass CAS-004 CompTIA Advanced Security Practitioner (CASP+) exam successfully.

Check CompTIA CASP+ Certification CAS-004 Free Questions Before Getting New Study Guide

Page 1 of 2

1. A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.

Which of the following is the MOST likely cause?

The user agent client is not compatible with the WA

A certificate on the WAF is expired.

HTTP traffic is not forwarding to HTTPS to decrypt.

Old, vulnerable cipher suites are still being used.

2. A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

Which of the following should the security analyst perform?

Contact the security department at the business partner and alert them to the email event.

Block the IP address for the business partner at the perimeter firewall.

Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.

Configure the email gateway to automatically quarantine all messages originating from the business partner.

3. A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.

Which of the following should be modified to prevent the issue from reoccurring?

Recovery point objective

Recovery time objective

Mission-essential functions

Recovery service level

4. A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.

Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

Designing data protection schemes to mitigate the risk of loss due to multitenancy

Implementing redundant stores and services across diverse CSPs for high availability

Emulating OS and hardware architectures to blur operations from CSP view

Purchasing managed FIM services to alert on detected modifications to covered data

5. An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.

Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

Deploy a SOAR tool.

Modify user password history and length requirements.

Apply new isolation and segmentation schemes.

Implement decoy files on adjacent hosts.

6. An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information.

Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

NIST

GDPR

PCI DSS

ISO

7. Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management. However, she still needs to collect evidence of the intrusion that caused the incident .

Which of the following should Ann use to gather the required information?

Traffic interceptor log analysis

Log reduction and visualization tools

Proof of work analysis

Ledger analysis software

8. A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Execute never

No-execute

Total memory encryption

Virtual memory encryption

9. A customer reports being unable to connect to a website at www.test.com to consume

services.

The customer notices the web application has the following published cipher suite:

Which of the following is the MOST likely cause of the customer’s inability to connect?

Weak ciphers are being used.

The public key should be using ECDS

The default should be on port 80.

The server name should be test.com.

10. A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.

Which of the following will allow the inspection of the data without multiple certificate deployments?

Include all available cipher suites.

Create a wildcard certificate.

Use a third-party C

Implement certificate pinning.

Page 2 of 2

11. The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership .

Which of the follow would MOST likely be used?

MOU

OLA

NDA

SLA

12. Which of the following are risks associated with vendor lock-in? (Choose two.)

The client can seamlessly move data.

The vendor can change product offerings.

The client receives a sufficient level of service.

The client experiences decreased quality of service.

The client can leverage a multicloud approach.

The client experiences increased interoperability.

13. A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.

Which of the following is the BEST solution to meet these objectives?

Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.

Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.

Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

14. A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.

Which of the following will MOST likely secure the data on the lost device?

Require a VPN to be active to access company data.

Set up different profiles based on the person’s risk.

Remotely wipe the device.

Require MFA to access company applications.

15. During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.

Perform ASIC password cracking on the host.

Read the /etc/passwd file to extract the usernames.

Initiate unquoted service path exploits.

Use the UNION operator to extract the database schema.

16. Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.

Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

Compile a list of firewall requests and compare than against interesting cloud services.

Implement a CASB solution and track cloud service use cases for greater visibility.

Implement a user-behavior system to associate user events and cloud service creation events.

Capture all log and feed then to a SIEM and then for cloud service events

Welcome To Choose Required IT Certification Exams Online

New CompTIA Advanced Security Practitioner (CASP+) Exam CAS-004 Study Guide

Check CompTIA CASP+ Certification CAS-004 Free Questions Before Getting New Study Guide

Author