• Home
  • Articles
  • [Mar 13, 2022] Free CompTIA CAS-004 Exam Questions & Answer [Q30-Q46]

[Mar 13, 2022] Free CompTIA CAS-004 Exam Questions & Answer [Q30-Q46]

Share

[Mar 13, 2022] Free CompTIA CAS-004 Exam Questions and Answer

Verified CAS-004 dumps Q&As Latest CAS-004 Download


CompTIA CAS-004 Exam Syllabus Topics:

TopicDetails

Security Architecture 29%

Given a scenario, analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network.- Services
  • Load balancer
  • Intrusion detection system (IDS)/network intrusion detection system (NIDS)/wireless intrusion detection system (WIDS)
  • Intrusion prevention system (IPS)/network intrusion prevention system (NIPS)/wireless intrusion prevention system (WIPS)
  • Web application firewall (WAF)
  • Network access control (NAC)
  • Virtual private network (VPN)
  • Domain Name System Security Extensions (DNSSEC)
  • Firewall/unified threat management (UTM)/next-generation firewall (NGFW)
  • Network address translation (NAT) gateway
  • Internet gateway
  • Forward/transparent proxy
  • Reverse proxy
  • Distributed denial-of-service (DDoS) protection
  • Routers
  • Mail security
  • Application programming interface (API) gateway/Extensible Markup Language (XML) gateway
  • Traffic mirroring
    -Switched port analyzer (SPAN) ports
    -Port mirroring
    - Virtual private cloud (VPC)
    -Network tap
  • Sensors
    -Security information and event management (SIEM)
    -File integrity monitoring (FIM)
    -Simple Network Management Protocol (SNMP) traps
    -NetFlow
    -Data loss prevention (DLP)
    -Antivirus
- Segmentation
  • Microsegmentation
  • Local area network (LAN)/virtual local area network (VLAN)
  • Jump box
  • Screened subnet
  • Data zones
  • Staging environments
  • Guest environments
  • VPC/virtual network (VNET)
  • Availability zone
  • NAC lists
  • Policies/security groups
  • Regions
  • Access control lists (ACLs)
  • Peer-to-peer
  • Air gap
- Deperimeterization/zero trust
  • Cloud
  • Remote work
  • Mobile
  • Outsourcing and contracting
  • Wireless/radio frequency (RF) networks
- Merging of networks from various organizations
  • Peering
  • Cloud to on premises
  • Data sensitivity levels
  • Mergers and acquisitions
  • Cross-domain
  • Federation
  • Directory services
- Software-defined networking (SDN)
  • Open SDN
  • Hybrid SDN
  • SDN overlay



Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design.- Scalability
  • Vertically
  • Horizontally

- Resiliency

  • High availability
  • Diversity/heterogeneity
  • Course of action orchestration
  • Distributed allocation
  • Redundancy
  • Replication
  • Clustering

- Automation

  • Autoscaling
  • Security Orchestration, Automation, and Response (SOAR)
  • Bootstrapping
- Performance
- Containerization
- Virtualization
- Content delivery network
- Caching
Given a scenario, integrate software applications securely into an enterprise architecture.- Baseline and templates
  • Secure design patterns/ types of web technologies
    -Storage design patterns
  • Container APIs
  • Secure coding standards
  • Application vetting processes
  • API management
  • Middleware
- Software assurance
  • Sandboxing/development environment
  • Validating third-party libraries
  • Defined DevOps pipeline
  • Code signing
  • Interactive application security testing (IAST) vs. dynamic application security testing (DAST) vs. static application security testing (SAST)
- Considerations of integrating enterprise applications
  • Customer relationship management (CRM)
  • Enterprise resource planning (ERP)
  • Configuration management database (CMDB)
  • Content management system (CMS)
  • Integration enablers
    -Directory services
    -Domain name system (DNS)
    -Service-oriented architecture (SOA)
    -Enterprise service bus (ESB)
- Integrating security into development life cycle
  • Formal methods
  • Requirements
  • Fielding
  • Insertions and upgrades
  • Disposal and reuse
  • Testing
    -Regression
    -Unit testing
    -Integration testing
  • Development approaches
    -SecDevOps
    -Agile
    -Waterfall
    -Spiral
    -Versioning
    -Continuous integration/continuous delivery (CI/CD) pipelines
  • Best practices
    -Open Web Application Security Project (OWASP)
    -Proper Hypertext Transfer Protocol (HTTP) headers




Given a scenario, implement data security techniques for securing enterprise architecture.- Data loss prevention
  • Blocking use of external media
  • Print blocking
  • Remote Desktop Protocol (RDP) blocking
  • Clipboard privacy controls
  • Restricted virtual desktop infrastructure (VDI) implementation
  • Data classification blocking
- Data loss detection
  • Watermarking
  • Digital rights management (DRM)
  • Network traffic decryption/deep packet inspection
  • Network traffic analysis
- Data classification, labeling, and tagging
  • Metadata/attributes
- Obfuscation
  • Tokenization
  • Scrubbing
  • Masking
- Anonymization
- Encrypted vs. unencrypted
- Data life cycle
  • Create
  • Use
  • Share
  • Store
  • Archive
  • Destroy
- Data inventory and mapping
- Data integrity management
- Data storage, backup, and recovery
  • Redundant array of inexpensive disks (RAID)

Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls.- Credential management
  • Password repository application
    -End-user password storage
    -On premises vs. cloud repository
  • Hardware key manager
  • Privileged access management

- Password policies

  • Complexity
  • Length
  • Character classes
  • History
  • Maximum/minimum age
  • Auditing
  • Reversable encryption

- Federation

  • Transitive trust
  • OpenID
  • Security Assertion Markup Language (SAML)
  • Shibboleth
- Access control
  • Mandatory access control (MAC)
  • Discretionary access control (DAC)
  • Role-based access control
  • Rule-based access control
  • Attribute-based access control
- Protocols
  • Remote Authentication Dial-in User Server (RADIUS)
  • Terminal Access Controller Access Control System (TACACS)
  • Diameter
  • Lightweight Directory Access Protocol (LDAP)
  • Kerberos
  • OAuth
  • 802.1X
  • Extensible Authentication Protocol (EAP)
- Multifactor authentication (MFA)
  • Two-factor authentication (2FA)
  • 2-Step Verification
  • In-band
  • Out-of-band

- One-time password (OTP)

  • HMAC-based one-time password (HOTP)
  • Time-based one-time password (TOTP)
- Hardware root of trust- Single sign-on (SSO)- JavaScript Object Notation (JSON) web token (JWT)- Attestation and identity proofing





Given a set of requirements, implement secure cloud and virtualization solutions.- Virtualization strategies
  • Type 1 vs. Type 2 hypervisors
  • Containers
  • Emulation
  • Application virtualization
  • VDI
- Provisioning and deprovisioning
- Middleware
- Metadata and tags
- Deployment models and considerations
  • Business directives
    -Cost
    -Scalability
    -Resources
    -Location
    -Data protection
  • Cloud deployment models
    -Private
    -Public
    -Hybrid
    -Community
- Hosting models
  • Multitenant
  • Single-tenant

- Service models

  • Software as a service (SaaS)
  • Platform as a service (PaaS)
  • Infrastructure as a service (IaaS)

- Cloud provider limitations

  • Internet Protocol (IP) address scheme
  • VPC peering
- Extending appropriate on-premises controls
- Storage models
  • Object storage/file-based storage
  • Database storage
  • Block storage
  • Blob storage
  • Key-value pairs


Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements.- Privacy and confidentiality requirements
- Integrity requirements
- Non-repudiation
- Compliance and policy requirements
- Common cryptography use cases
  • Data at rest
  • Data in transit
  • Data in process/data in use
  • Protection of web services
  • Embedded systems
  • Key escrow/management
  • Mobile security
  • Secure authentication
  • Smart card

- Common PKI use cases

  • Web services
  • Email
  • Code signing
  • Federation
  • Trust models
  • VPN
  • Enterprise and security automation/orchestration
Explain the impact of emerging technologies on enterprise security and privacy.- Artificial intelligence
- Machine learning
- Quantum computing
- Blockchain
- Homomorphic encryption
  • Private information retrieval
  • Secure function evaluation
  • Private function evaluation

- Secure multiparty computation
- Distributed consensus
- Big Data
- Virtual/augmented reality
- 3-D printing
- Passwordless authentication
- Nano technology
- Deep learning

  • Natural language processing
  • Deep fakes

-Biometric impersonation

Security Operations 30%

Given a scenario, perform threat management activities.- Intelligence types
  • Tactical
    -Commodity malware
  • Strategic
    -Targeted attacks
  • Operational
    -Threat hunting
    -Threat emulation

- Actor types

  • Advanced persistent threat (APT)/nation-state
  • Insider threat
  • Competitor
  • Hacktivist
  • Script kiddie
  • Organized crime

- Threat actor properties

  • Resource
    -Time
    -Money
  • Supply chain access
  • Create vulnerabilities
  • Capabilities/sophistication
  • Identifying techniques

- Intelligence collection methods

  • Intelligence feeds
  • Deep web
  • Proprietary
  • Open-source intelligence (OSINT)
  • Human intelligence (HUMINT)
- Frameworks
  • MITRE Adversarial Tactics, Techniques, & Common knowledge (ATT&CK)
    -ATT&CK for industrial control system (ICS)
  • Diamond Model of Intrusion Analysis
  • Cyber Kill Chain


Given a scenario, analyze indicators of compromise and formulate an appropriate response.- Indicators of compromise
  • Packet capture (PCAP)
  • Logs
    -Network logs
    -Vulnerability logs
    -Operating system logs
    -Access logs
    -NetFlow logs
  • Notifications
    -FIM alerts
    -SIEM alerts
    -DLP alerts
    -IDS/IPS alerts
    -Antivirus alerts
  • Notification severity/priorities
  • Unusual process activity

- Response

  • Firewall rules
  • IPS/IDS rules
  • ACL rules
  • Signature rules
  • Behavior rules
  • DLP rules
  • Scripts/regular expressions
Given a scenario, perform vulnerability management activities.- Vulnerability scans
  • Credentialed vs. non-credentialed
  • Agent-based/server-based
  • Criticality ranking
  • Active vs. passive
- Security Content Automation Protocol (SCAP)
  • Extensible Configuration Checklist Description Format (XCCDF)
  • Open Vulnerability and Assessment Language (OVAL)
  • Common Platform Enumeration (CPE)
  • Common Vulnerabilities and Exposures (CVE)
  • Common Vulnerability Scoring System (CVSS)
  • Common Configuration Enumeration (CCE)
  • Asset Reporting Format (ARF)
- Self-assessment vs. third-party vendor assessment
- Patch management
- Information sources
  • Advisories
  • Bulletins
  • Vendor websites
  • Information Sharing and Analysis Centers (ISACs)
  • News reports




Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools.- Methods
  • Static analysis
  • Dynamic analysis
  • Side-channel analysis
  • Reverse engineering
    -Software
    -Hardware
  • Wireless vulnerability scan
  • Software composition analysis
  • Fuzz testing
  • ivoting
  • Post-exploitation
  • Persistence

- Tools

  • SCAP scanner
  • Network traffic analyzer
  • Vulnerability scanner
  • Protocol analyzer
  • Port scanner
  • HTTP interceptor
  • Exploit framework
  • Password cracker

- Dependency management
- Requirements

  • Scope of work
  • Rules of engagement
  • Invasive vs. non-invasive
  • Asset inventory
  • Permissions and access
  • Corporate policy considerations
  • Facility considerations
  • Physical security considerations
  • Rescan for corrections/changes
Given a scenario, analyze vulnerabilities and recommend risk mitigations.- Vulnerabilities
  • Race conditions
  • Overflows
    -Buffer
    -Integer
  • Broken authentication
  • Unsecure references
  • Poor exception handling
  • Security misconfiguration
  • Improper headers
  • Information disclosure
  • Certificate errors
  • Weak cryptography implementations
  • Weak ciphers
  • Weak cipher suite implementations
  • Software composition analysis
  • Use of vulnerable frameworks and software modules
  • Use of unsafe functions
  • Third-party libraries
    -Dependencies
    -Code injections/malicious changes
    -End of support/end of life
    -Regression issues

- Inherently vulnerable system/application

  • Client-side processing vs. server-side processing
  • JSON/representational state transfer (REST)
  • Browser extensions
    -Flash
    -ActiveX
  • Hypertext Markup Language 5 (HTML5)
  • Asynchronous JavaScript and XML (AJAX)
  • Simple Object Access Protocol (SOAP)
  • Machine code vs. bytecode or interpreted vs. emulated
- Attacks
  • Directory traversal
  • Cross-site scripting (XSS)
  • Cross-site request forgery (CSRF)
  • Injection
    -XML
    -LDAP
    -Structured Query Language (SQL)
    -Command
    -Process
  • Sandbox escape
  • Virtual machine (VM) hopping
  • VM escape
  • Border Gateway Protocol (BGP)/route hijacking
  • Interception attacks
  • Denial-of-service (DoS)/DDoS
  • Authentication bypass
  • Social engineering
  • VLAN hopping

Given a scenario, use processes to reduce risk.- Proactive and detection
  • Hunts
  • Developing countermeasures
  • Deceptive technologies
    -Honeynet
    -Honeypot
    -Decoy files
    -Simulators
    -Dynamic network configurations

- Security data analytics

  • Processing pipelines
    -Data
    -Stream
  • Indexing and search
  • Log collection and curation
  • Database activity monitoring

- Preventive

  • Antivirus
  • Immutable systems
  • Hardening
  • Sandbox detonation
- Application control
  • License technologies
  • Allow list vs. block list
  • Time of check vs. time of use
  • Atomic execution
- Security automation
  • Cron/scheduled tasks
  • Bash
  • PowerShell
  • Python
- Physical security
  • Review of lighting
  • Review of visitor logs
  • Camera reviews
  • Open spaces vs. confined spaces
Given an incident, implement the appropriate response.- Event classifications
  • False positive
  • False negative
  • True positive
  • True negative
- Triage event
- Preescalation tasks
- Incident response process
  • Preparation
  • Detection
  • Analysis
  • Containment
  • Recovery
  • Lessons learned
- Specific response playbooks/processes
  • Scenarios
    -Ransomware
    -Data exfiltration
    -Social engineering
  • Non-automated response methods
  • Automated response methods
    -Runbooks
    -SOAR
- Communication plan
- Stakeholder management
Explain the importance of forensic concepts.- Legal vs. internal corporate purposes
- Forensic process
  • Identification
  • Evidence collection
    -Chain of custody
    -Order of volatility
    1. Memory snapshots
    2. Images
    -Cloning
  • Evidence preservation
    -Secure storage
    -Backups
  • Analysis
    -Forensics tools
  • Verification
  • Presentation
- Integrity preservation
  • Hashing

- Cryptanalysis

- Steganalysis

 

NEW QUESTION 30
A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.
Which of the following is the BEST solution to meet these objectives?

  • A. Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
  • B. Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
  • C. Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.
  • D. Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

Answer: A

 

NEW QUESTION 31
Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.
Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

  • A. Capture all log and feed then to a SIEM and then for cloud service events
  • B. Compile a list of firewall requests and compare than against interesting cloud services.
  • C. Implement a CASB solution and track cloud service use cases for greater visibility.
  • D. Implement a user-behavior system to associate user events and cloud service creation events.

Answer: D

 

NEW QUESTION 32
Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

  • A. Proof of work analysis
  • B. Ledger analysis software
  • C. Traffic interceptor log analysis
  • D. Log reduction and visualization tools

Answer: D

 

NEW QUESTION 33
A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:


Which of the following meets the budget needs of the business?

  • A. Filter TUV
  • B. Filter ABC
  • C. Filter GHI
  • D. Filter XYZ

Answer: C

 

NEW QUESTION 34
During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.
Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

  • A. Perform ASIC password cracking on the host.
  • B. Use the UNION operator to extract the database schema.
  • C. Spawn a shell using sudo and an escape string such as sudo vim -c '!sh'.
  • D. Initiate unquoted service path exploits.
  • E. Read the /etc/passwd file to extract the usernames.

Answer: E

 

NEW QUESTION 35
A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.
Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

  • A. Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.
  • B. Change privileged usernames, review the OS logs, and deploy hardware tokens.
  • C. Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
  • D. Implement MFA, review the application logs, and deploy a WAF.

Answer: A

 

NEW QUESTION 36
An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are confirmed, and clients are reporting the following:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Which of the following is MOST likely the root cause?

  • A. The client application is configured to use RC4.
  • B. The client application is configured to use ECDHE.
  • C. The client application is testing PFS.
  • D. The client application is configured to use AES-256 in GCM.

Answer: A

 

NEW QUESTION 37
A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

Which of the following is an appropriate security control the company should implement?

  • A. Restrict directory permission to read-only access.
  • B. Parameterize a query in the path variable to prevent SQL injection.
  • C. Separate the items in the system call to prevent command injection.
  • D. Use server-side processing to avoid XSS vulnerabilities in path input.

Answer: C

 

NEW QUESTION 38
A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.
Which of the following is a security concern that will MOST likely need to be addressed during migration?

  • A. Data dispersion
  • B. Data loss
  • C. Latency
  • D. Data exposure

Answer: C

 

NEW QUESTION 39
A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

  • A. Single-tenancy SaaS
  • B. Multinency SaaS
  • C. Community cloud service model
  • D. On-premises cloud service model

Answer: C

 

NEW QUESTION 40
The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

  • A. Red-team hunting
  • B. Gray-box testing
  • C. Blue-learn exercises
  • D. White-box testing
  • E. Black-box testing

Answer: A

 

NEW QUESTION 41
An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root access.
Which of the following describes the administrator's discovery?

  • A. A breach
  • B. A threat
  • C. A vulnerability
  • D. A risk

Answer: C

 

NEW QUESTION 42
A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.
Which of the following would provide the BEST boot loader protection?

  • A. TPM
  • B. UEFI/BIOS
  • C. HSM
  • D. PKI

Answer: B

 

NEW QUESTION 43
A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.
Which of the following techniques would be BEST suited for this requirement?

  • A. Provide the contractors with direct access to satellite telemetry data.
  • B. Deploy SOAR utilities and runbooks.
  • C. Replace the associated hardware.
  • D. Reduce link latency on the affected ground and satellite segments.

Answer: B

 

NEW QUESTION 44
An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:
* Be based on open-source Android for user familiarity and ease.
* Provide a single application for inventory management of physical assets.
* Permit use of the camera be only the inventory application for the purposes of scanning
* Disallow any and all configuration baseline modifications.
* Restrict all access to any device resource other than those requirement ?

  • A. Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.
  • B. Build and install an Android middleware policy with requirements added, copy the file into/ user/init, and then built the inventory application.
  • C. Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.
  • D. Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove unnecessary functions via MDL, configure to block network access, and perform integration testing

Answer: C

 

NEW QUESTION 45
Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

  • A. Assuring the integrity of messages
  • B. Importing the availability of messages
  • C. Ensuring non-repudiation of messages
  • D. Enforcing protocol conformance for messages

Answer: A

 

NEW QUESTION 46
......

Use Real Dumps - 100% Free CAS-004 Exam Dumps: https://www.actualcollection.com/CAS-004-exam-questions.html

Updated 100% Cover Real CAS-004 Exam Questions - 100% Pass Guarantee: https://drive.google.com/open?id=15Tei3_OPemUFLScbZElajvsmMQ9WCB30

Related Articles

more
CompTIA CAS-004 Certification Practice Exam

Copyright © 2026 ActualCollection NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy