Weekend Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: pass65

CAS-004 CompTIA SecurityX Certification Exam Questions and Answers

Questions 4

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

Options:

A.

MD5-based envelope method

B.

HMAC SHA256

C.

PBKDF2

D.

PGP

Buy Now
Questions 5

Which of the following indicates when a company might not be viable after a disaster?

Options:

A.

Maximum tolerable downtime

B.

Recovery time objective

C.

Mean time to recovery

D.

Annual loss expectancy

Buy Now
Questions 6

Which of the following testing plans is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions?

Options:

A.

Disaster recovery checklist

B.

Tabletop exercise

C.

Full interruption test

D.

Parallel test

Buy Now
Questions 7

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badgeto access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.

Which of the following should the security team recommend FIRST?

Options:

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Buy Now
Questions 8

A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?

Options:

A.

Asynchronous keys

B.

Homomorphic encryption

C.

Data lake

D.

Machine learning

Buy Now
Questions 9

An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual authentication?

Options:

A.

Perfect forward secrecy on both endpoints

B.

Shared secret for both endpoints

C.

Public keys on both endpoints

D.

A common public key on each endpoint

E.

A common private key on each endpoint

Buy Now
Questions 10

A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is that

the traffic is occurring on a non-standard port (TCP 40322). Which of the following commands should the security engineer use FIRST to find the malicious process?

Options:

A.

tcpdump

B.

netstar

C.

tasklist

D.

traceroute

E.

ipconfig

Buy Now
Questions 11

A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication. Which of the following will need to be implemented to achieve this objective? (Select THREE).

Options:

A.

Least privilege

B.

VPN

C.

Policy automation

D.

PKI

E.

Firewall

F.

Continuous validation

G.

Continuous integration

Buy Now
Questions 12

A consultant needs access to a customer's cloud environment. The customer wants to enforce the following engagement requirements:

• All customer data must remain under the control of the customer at all times.

• Third-party access to the customer environment must be controlled by the customer.

• Authentication credentials and access control must be under the customer's control.

Which of the following should the consultant do to ensure all customer requirements are satisfied when accessing the cloud environment?

Options:

A.

use the customer's SSO with read-only credentials and share data using the customer's provisioned secure network storage

B.

use the customer-provided VDI solution to perform work on the customer's environment.

C.

Provide code snippets to the customer and have the customer run code and securely deliver its output

D.

Request API credentials from the customer and only use API calls to access the customer's environment.

Buy Now
Questions 13

A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.

Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?

Options:

A.

True negative

B.

False negative

C.

False positive

D.

Non-automated response

Buy Now
Questions 14

An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?

Options:

A.

SLA

B.

ISA

C.

NDA

D.

MOU

Buy Now
Questions 15

A security architect Is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been Implemented to prevent these types of risks?

Options:

A.

Code reviews

B.

Supply chain visibility

C.

Software audits

D.

Source code escrows

Buy Now
Questions 16

A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability. Which of the following would BEST resolve and mitigate the issue? (Select TWO).

Options:

A.

Deploying a WAF signature

B.

Fixing the PHP code

C.

Changing the web server from HTTPS to HTTP

D.

UsingSSLv3

E.

Changing the code from PHP to ColdFusion

F.

Updating the OpenSSL library

Buy Now
Questions 17

A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?

Options:

A.

NGFW for web traffic inspection and activity monitoring

B.

CSPM for application configuration control

C.

Targeted employee training and awareness exercises

D.

CASB for OAuth application permission control

Buy Now
Questions 18

An organization is moving its intellectual property data from on premises to a CSP and wants to secure the data from theft. Which of the following can be used to mitigate this risk?

Options:

A.

An additional layer of encryption

B.

A third-party data integrity monitoring solution

C.

A complete backup that is created before moving the data

D.

Additional application firewall rules specific to the migration

Buy Now
Questions 19

A company is deploying multiple VPNs to support supplier connections into its extranet applications. The network security standard requires:

• All remote devices to have up-to-date antivirus

• An up-to-date and patched OS

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

Options:

A.

NAC

B.

WAF

C.

NIDS

D.

Reverse proxy

E.

NGFW

F.

Bastion host

Buy Now
Questions 20

A new, online file hosting service is being offered. The service has the following security requirements:

• Threats to customer data integrity and availability should be remediated first.

• The environment should be dynamic to match increasing customer demands.

• The solution should not interfere with customers" ability to access their data at anytime.

• Security analysts should focus on high-risk items.

Which of the following would BEST satisfy the requirements?

Options:

A.

Expanding the use of IPS and NGFW devices throughout the environment

B.

Increasing the number of analysts to Identify risks that need remediation

C.

Implementing a SOAR solution to address known threats

D.

Integrating enterprise threat feeds in the existing SIEM

Buy Now
Questions 21

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer

facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead

and be resistant to offline password attacks. Which of the following should the security consultant recommend?

Options:

A.

WPA2-Preshared Key

B.

WPA3-Enterprise

C.

WPA3-Personal

D.

WPA2-Enterprise

Buy Now
Questions 22

A security analyst has been tasked with providing key information in the risk register. Which of the following outputs or results would be used to BEST provide the information needed to determine the

security posture for a risk decision? (Select TWO).

Options:

A.

Password cracker

B.

SCAP scanner

C.

Network traffic analyzer

D.

Vulnerability scanner

E.

Port scanner

F.

Protocol analyzer

Buy Now
Questions 23

A systems administrator was given the following IOC to detect the presence of a malicious piece of software communicating with its command-and-control server:

post /malicious. php

User-Agent: Malicious Tool V 1.0

Host: www.rcalicious.com

The IOC documentation suggests the URL is the only part that could change. Which of the following regular expressions would allow the systems administrator to determine if any of the company hosts are compromised, while reducing false positives?

Options:

A.

User-Agent: Malicious Tool.*

B.

www\. malicious\. com\/malicious. php

C.

POST /malicious\. php

D.

Hose: [a-2] *\.malicious\.com

E.

malicious. *

Buy Now
Questions 24

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select THREE).

Options:

A.

Temporal

B.

Availability

C.

Integrity

D.

Confidentiality

E.

Base

F.

Environmental

G.

Impact

Buy Now
Questions 25

To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within Its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?

Options:

A.

Include stable, long-term releases of third-party libraries instead of using newer versions.

B.

Ensure the third-party library implements the TLS and disable weak ciphers.

C.

Compile third-party libraries into the main code statically instead of using dynamic loading.

D.

Implement an ongoing, third-party software and library review and regression testing.

Buy Now
Questions 26

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate undefined

Which of the following is the root cause of this issue?

Options:

A.

iOS devices have an empty root certificate chain by default.

B.

OpenSSL is not configured to support PKCS#12 certificate files.

C.

The VPN client configuration is missing the CA private key.

D.

The iOS keychain imported only the client public and private keys.

Buy Now
Questions 27

The Chief Information Security Officer (CISO) asked a security manager to set up a system that sends an alert whenever a mobile device enters a sensitive area of the company's data center. The CISO would also like to be able to alert the individual who is entering the area that the access was logged and monitored. Which of the following would meet these requirements?

Options:

A.

Near-field communication

B.

Short Message Service

C.

Geofencing

D.

Bluetooth

Buy Now
Questions 28

A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs

in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints. Which of the following processes, if executed, would be MOST likely to expose an attacker?

Options:

A.

Reviewing video from IP cameras within the facility

B.

Reconfiguring the SIEM connectors to collect data from the perimeter network hosts

C.

Implementing integrity checks on endpoint computing devices

D.

Looking for privileged credential reuse on the network

Buy Now
Questions 29

The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements:

* Monitors traffic to and from both local NAS and cloud-based file repositories

* Prevents on-site staff who are accessing sensitive customer Pll documents on file repositories from accidentally or deliberately sharing sensitive documents on personal Saa$S solutions

* Uses document attributes to reduce false positives

* Is agentless and not installed on staff desktops or laptops

Which of the following when installed and configured would BEST meet the CSO's requirements? (Select TWO).

Options:

A.

DLP

B.

NGFW

C.

UTM

D.

UEBA

E.

CASB

F.

HIPS

Buy Now
Questions 30

An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization's new email system provide?

Options:

A.

DLP

B.

Encryption

C.

E-discovery

D.

Privacy-level agreements

Buy Now
Questions 31

Company A acquired Company B. During an initial assessment, the companies discover they are using the same SSO system. To help users with the transition, Company A is requiring the following:

• Before the merger is complete, users from both companies should use a single set of usernames and passwords.

• Users in the same departments should have the same set of rights and privileges, but they should have different sets of rights and privileges if they have different IPs.

• Users from Company B should be able to access Company A's available resources.

Which of the following are the BEST solutions? (Select TWO).

Options:

A.

Installing new Group Policy Object policies

B.

Establishing one-way trust from Company B to Company A

C.

Enabling multifactor authentication

D.

Implementing attribute-based access control

E.

Installing Company A's Kerberos systems in Company B's network

F.

Updating login scripts

Buy Now
Questions 32

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form Of web identity validation

• Encryption of all web transactions

• The strongest encryption in-transit

• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.

• The company wants to minimize total expenditure.

• The company wants to minimize complexity

Which of the following should the company implement on its new website? (Select TWO).

Options:

A.

Wildcard certificate

B.

EV certificate

C.

Mutual authentication

D.

Certificate pinning

E.

SSO

F.

HSTS

Buy Now
Questions 33

A security consultant has been asked to recommend a secure network design that would:

• Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.

• Limit operational disruptions.

Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?

Options:

A.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.

B.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.

C.

Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.

D.

Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.

Buy Now
Questions 34

A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?

Options:

A.

Implement iterative software releases.

B.

Revise the scope of the project to use a waterfall approach

C.

Change the scope of the project to use the spiral development methodology.

D.

Perform continuous integration.

Buy Now
Questions 35

A security architect recommends replacing the company’s monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?

Options:

A.

Use a secrets management tool.

B.

‘Save secrets in key escrow.

C.

Store the secrets inside the Dockerfiles.

D.

Run all Dockerfles in a randomized namespace.

Buy Now
Questions 36

A security administrator wants to detect a potential forged sender claim in tt-e envelope of an email. Which of the following should the security administrator implement? (Select TWO).

Options:

A.

MX record

B.

DMARC

C.

SPF

D.

DNSSEC

E.

S/MIME

F.

TLS

Buy Now
Questions 37

The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week Agile sprints. Which of the following would BEST meet the requirement?

Options:

A.

An open-source automation server

B.

A static code analyzer

C.

Trusted open-source libraries

D.

A single code repository for all developers

Buy Now
Questions 38

A software development company is implementing a SaaS-based password vault for customers to use. The requirements for the password vault include:

Vault encryption using a variable block and key size

Resistance to brute-force attacks

Which of the following should be implemented to meet these requirements? (Select two.)

Options:

A.

PBKDF2

B.

RC5

C.

AES

D.

P256

E.

ECDSA

F.

RIPEMD

Buy Now
Questions 39

A hospital has fallen behind with patching known vulnerabilities due to concerns that patches may cause disruptions in the availability of data and impact patient care. The hospital does not have a tracking solution in place to audit whether systems have been updated or to track the length of time between notification of the weakness and patch completion Since tracking is not in place the hospital lacks accountability with regard to who is responsible for these activities and the timeline of patching efforts. Which of the following should the hospital do first to mitigate this risk?

Options:

A.

Complete a vulnerability analysis

B.

Obtain guidance from the health ISAC

C.

Purchase a ticketing system for auditing efforts

D.

Ensure CVEs are current

E.

Train administrators on why patching is important

Buy Now
Questions 40

Which of the following is the reason why security engineers often cannot upgrade the security of embedded facility automation systems?

Options:

A.

They are constrained by available compute.

B.

They lack X86-64 processors.

C.

They lack EEPROM.

D.

They are not logic-bearing devices.

Buy Now
Questions 41

A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be best to use as part of the process to support copyright protections of the document?

Options:

A.

Steganography

B.

E-signature

C.

Watermarking

D.

Cryptography

Buy Now
Questions 42

A company is developing a new service product offering that will involve the storage of personal health information. The Chief Information Security Officer (CISO) is researching the relevant compliance regulations. Which of the following best describes the CISO's action?

Options:

A.

Data retention

B.

Data classification

C.

Due diligence

D.

Reference framework

Buy Now
Questions 43

A security engineer is creating a single CSR for the following web server hostnames:

• wwwint internal

• www company com

• home.internal

• www internal

Which of the following would meet the requirement?

Options:

A.

SAN

B.

CN

C.

CA

D.

CRL

E.

Issuer

Buy Now
Questions 44

A security analyst reviews network logs and notices a large number of domain name queries originating from an internal server for an unknown domain, similar to the following:

2736287327321782.hgQ43jsi23-y.com

0357320932922C91.hgQ43jsu23Ty.com

4042301801399103.hgQ43jsu23Ly.com

Which of the following should the analyst do next?

Options:

A.

Check for data exfiltration.

B.

Reconfigure the server's DNS settings.

C.

Browse for a website on the requested domain.

D.

Add the host names to a block list.

Buy Now
Questions 45

A forensic investigator started the process of gathering evidence on a laptop in response to an incident The investigator took a snapshof of the hard drive, copied relevant log files and then performed a memory dump Which of the following steps in the process should have occurred first?

Options:

A.

Preserve secure storage

B.

Clone the disk.

C.

Collect the most volatile data

D.

Copy the relevant log files

Buy Now
Questions 46

Which of the following best explain why organizations prefer to utilize code that is digitally signed? (Select two).

Options:

A.

It provides origin assurance.

B.

It verifies integrity.

C.

It provides increased confidentiality.

D.

It integrates with DRMs.

E.

It verifies the recipient’s identity.

F.

It ensures the code is free of malware.

Buy Now
Questions 47

A company recently migrated its critical web application to a cloud provider's environment. As part of the company's risk management program, the company intends to conduct an external penetration test. According to the scope of work and the rules of engagement, the penetrationtester will validate the web application's security and check for opportunities to expose sensitive company information in the newly migrated cloud environment. Which of the following should be the first consideration prior to engaging in the test?

Options:

A.

Prepare a redundant server to ensure the critical web application's availability during the test.

B.

Obtain agreement between the company and the cloud provider to conduct penetration testing.

C.

Ensure the latest patches and signatures are deployed on the web server.

D.

Create an NDA between the external penetration tester and the company.

Buy Now
Questions 48

A company has been the target of LDAP injections, as well as brute-force, whaling, and spear-phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords. Which of the following additional controls should the company deploy?

Options:

A.

Two-factor authentication

B.

Identity proofing

C.

Challenge questions

D.

Live identity verification

Buy Now
Questions 49

A security engineer is reviewing event logs because an employee successfully connected a personal Windows laptop to the corporate network, which is against company policy. Company policy allows all Windows 10 and 11 laptops to connect to the system as long as the MDM agent installed by IT is running. Only compliant devices can connect, and the logic in the system to evaluate compliant laptops is as follows:

CAS-004 Question 49

Which of the following most likely occurred when the employee connected a personally owned Windows laptop and was allowed on the network?

Options:

A.

The agent was not running on the laptop, which triggered a false positive.

B.

The OS was a valid version, but the MDM agent was not installed, triggering a true positive.

C.

The OS was running a Windows version below 10 and triggered a false negative.

D.

The OS version was higher than 11. and the MDM agent was running, triggering a true negative.

Buy Now
Questions 50

After the latest risk assessment, the Chief Information Security Officer (CISO) decides to meet with the development and security teams to find a way to reduce the security task workload The CISO would like to:

* Have a solution that uses API to communicate with other security tools

* Use the latest technology possible

* Have the highest controls possible on the solution

Which of following is the best option to meet these requirements?

Options:

A.

EDR

B.

CSP

C.

SOAR

D.

CASB

Buy Now
Questions 51

A security analyst received a report that a suspicious flash drive was picked up in the office's waiting area, located beyond the secured door. The analyst investigated the drive and found malware designed to harvest and transmit credentials. Security cameras in the area where the flash drive was discovered showed a vendor representative dropping the drive. Which of the following should the analyst recommend as an additional way to identify anyone who enters the building, in the event the camera system fails?

Options:

A.

Employee badge logs

B.

Phone call logs

C.

Vehicle registration logs

D.

Visitor logs

Buy Now
Questions 52

Which of the following technologies would need to be in an unmanaged state to perform forensic analysis on a laptop with an unknown encryption key?

Options:

A.

FIM

B.

ECC

C.

FTK

D.

TPM

Buy Now
Questions 53

A SIEM generated an alert after a third-party database administrator, who had recently been granted temporary access to the repository, accessed business-sensitive content in the database. The SIEM had generated similar alerts before this incident. Which of the following best explains the cause of the alert?

Options:

A.

Database field tokenization

B.

Database decoy

C.

Database activity monitoring

D.

Database integrity enforcement

Buy Now
Questions 54

A security analyst is designing a touch screen device so users can gain entry into a locked room by touching buttons numbered zero through nine in a specific numerical sequence. The analyst designs thekeypad so that the numbers are randomly presented to the user each time the device is used. Which of the following best describes the design trade-offs? (Select two.)

Options:

A.

The risk of someone overseeing a pattern as a user enters the numbers is decreased.

B.

The routines to generate the random sequences are trivial to implement.

C.

This design makes entering numbers more difficult for users.

D.

The device needs to have additional power to compute the numbers.

E.

End users will have a more difficult time remembering the access numbers.

F.

Weak or easily guessed access numbers are more likely.

Buy Now
Questions 55

A security analyst is reviewing the following output from a vulnerability scan of an organization's internet-facing web services:

•Line 06: Hostname sent via SNI does not match certificate.

•Line 10: Certificate not validated by OCSP.

•Line 13: Weak SHA-1 signature algorithm detected.

•Line 17: TLS 1.2 cipher suite negotiated.

•Line 18: SSL session not using forward secrecy.

Which of the following indicates a susceptibility whereby an attacker can take advantage of the trust relationship between the client and the server?

Options:

A.

Line 06

B.

Line 10

C.

Line 13

D.

Line 18

Buy Now
Questions 56

A new requirement for legislators has forced a government security team to develop a validation process to verify the integrity of a downloaded file and the sender of the file Which of the following is the BEST way for the security team to comply with this requirement?

Options:

A.

Digital signature

B.

Message hash

C.

Message digest

D.

Message authentication code

Buy Now
Questions 57

A security analyst is examining a former employee's laptop for suspected evidence of suspicious activity. The analyst usesddduring the investigation. Which of the following best explains why the analyst is using this tool?

Options:

A.

To capture an image of the hard drive

B.

To reverse engineer binary programs

C.

To recover deleted logs from the laptop

D.

To deduplicate unnecessary data from the hard drive

Buy Now
Questions 58

A systems administrator is preparing to run avulnerability scanon a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produceaccurate information, especially regardingconfiguration settings. Which of the following scan types will provide the systems administrator with themost accurate information?

Options:

A.

A passive, credentialed scan

B.

A passive, non-credentialed scan

C.

An active, non-credentialed scan

D.

An active, credentialed scan

Buy Now
Questions 59

A security analyst is participating in a risk assessment and is helping to calculate the exposure factor associated with various systems and processes within the organization. Which of the following resources would be most useful to calculate the exposure factor in this scenario?

Options:

A.

Gap analysis

B.

Business impact analysis

C.

Risk register

D.

Information security policy

E.

Lessons learned

Buy Now
Questions 60

A company wants to prevent a partner company from denying agreement to a transaction. Which of the following is the best solution for the company?

Options:

A.

Federation

B.

Key escrow

C.

Salting hashes

D.

Digital signatures

Buy Now
Questions 61

A security architect is implementing a SOAR solution in an organization's cloud production environment to support detection capabilities. Which of the following will be the most likely benefit?

Options:

A.

Improved security operations center performance

B.

Automated firewall log collection tasks

C.

Optimized cloud resource utilization

D.

Increased risk visibility

Buy Now
Questions 62

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options:

A.

TPM

B.

Local secure password file

C.

MFA

D.

Key vault

Buy Now
Questions 63

A senior cybersecurity engineer is solving a digital certificate issue in which the CA denied certificate issuance due to failed subject identity validation. At which of the following steps within the PKI enrollment process would the denial have occurred?

Options:

A.

RA

B.

OCSP

C.

CA

D.

IdP

Buy Now
Questions 64

A company purchased Burp Suite licenses this year for each application security engineer. The engineers have used Burp Suite to identify several issues with the company’s SaaS application. In the upcoming year, the Chief Information Security Officer would like to purchase additional tools to protect the SaaS product. Which of the following is the best option?

Options:

A.

DAST

B.

SAST

C.

IAST

D.

ZAP

Buy Now
Questions 65

While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

Options:

A.

Pay the ransom within 48 hours.

B.

Isolate the servers to prevent the spread.

C.

Notify law enforcement.

D.

Request that the affected servers be restored immediately.

Buy Now
Questions 66

A systems engineer needs to develop a solution that uses digital certificates to allow authentication to laptops. Which of the following authenticator types would be most appropriate for the engineer to include in the design?

Options:

A.

TOTP token

B.

Device certificate

C.

Smart card

D.

Biometric

Buy Now
Questions 67

A developer is creating a new mobile application for a company. The application usesREST APIandTLS 1.2to communicate securely with the external back-end server. Due to this configuration, the company is concerned aboutHTTPS interception attacks. Which of the following would be thebestsolution against this type of attack?

Options:

A.

Cookies

B.

Wildcard certificates

C.

HSTS

D.

Certificate pinning

Buy Now
Questions 68

Which of the following is a risk associated with SDN?

Options:

A.

Expanded attack surface

B.

Increased hardware management costs

C.

Reduced visibility of scaling capabilities

D.

New firmware vulnerabilities

Buy Now
Questions 69

An organization has deployed a cloud-based application that provides virtual event services globally to clients. During a typical event, thousands of users access various entry pages within a short period of time. The entry pages include sponsor-related content that is relatively static and is pulled from a database. When the first major event occurs, users report poor response time onthe entry pages. Which of the following features is the most appropriate for the company to implement?

Options:

A.

Horizontal scalability

B.

Vertical scalability

C.

Containerization

D.

Static code analysis

E.

Caching

Buy Now
Questions 70

An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information.

Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

Options:

A.

NIST

B.

GDPR

C.

PCI DSS

D.

ISO

Buy Now
Questions 71

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

Options:

A.

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.

Required all laptops to connect to the VPN before accessing email.

C.

Implement cloud-based content filtering with sandboxing capabilities.

D.

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Buy Now
Questions 72

During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Options:

A.

Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.

B.

Perform ASIC password cracking on the host.

C.

Read the /etc/passwd file to extract the usernames.

D.

Initiate unquoted service path exploits.

E.

Use the UNION operator to extract the database schema.

Buy Now
Questions 73

An organization is implementing a new identity and access management architecture with the following objectives:

Supporting MFA against on-premises infrastructure

Improving the user experience by integrating with SaaS applications

Applying risk-based policies based on location

Performing just-in-time provisioning

Which of the following authentication protocols should the organization implement to support these requirements?

Options:

A.

Kerberos and TACACS

B.

SAML and RADIUS

C.

OAuth and OpenID

D.

OTP and 802.1X

Buy Now
Questions 74

A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs:

CAS-004 Question 74

The security engineer looks at the UTM firewall rules and finds the following:

CAS-004 Question 74

Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?

Options:

A.

Contact the email service provider and ask if the company IP is blocked.

B.

Confirm the email server certificate is installed on the corporate computers.

C.

Make sure the UTM certificate is imported on the corporate computers.

D.

Create an IMAPS firewall rule to ensure email is allowed.

Buy Now
Questions 75

A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.

Which of the following will allow the inspection of the data without multiple certificate deployments?

Options:

A.

Include all available cipher suites.

B.

Create a wildcard certificate.

C.

Use a third-party CA.

D.

Implement certificate pinning.

Buy Now
Questions 76

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:

1. The network supports core applications that have 99.99% uptime.

2. Configuration updates to the SD-WAN routers can only be initiated from the management service.

3. Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the requirements?

Options:

A.

Reverse proxy, stateful firewalls, and VPNs at the local sites

B.

IDSs, WAFs, and forward proxy IDS

C.

DoS protection at the hub site, mutual certificate authentication, and cloud proxy

D.

IPSs at the hub, Layer 4 firewalls, and DLP

Buy Now
Questions 77

A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.

CAS-004 Question 77

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

Options:

A.

65

B.

77

C.

83

D.

87

Buy Now
Questions 78

A security engineer estimates the company’s popular web application experiences 100 attempted breaches per day. In the past four years, the company’s data has been breached two times.

Which of the following should the engineer report as the ARO for successful breaches?

Options:

A.

0.5

B.

8

C.

50

D.

36,500

Buy Now
Questions 79

A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.

Which of the following would provide the BEST boot loader protection?

Options:

A.

TPM

B.

HSM

C.

PKI

D.

UEFI/BIOS

Buy Now
Questions 80

A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.

After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?

Options:

A.

Protecting

B.

Permissive

C.

Enforcing

D.

Mandatory

Buy Now
Questions 81

A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.

Which of the following is a security concern that will MOST likely need to be addressed during migration?

Options:

A.

Latency

B.

Data exposure

C.

Data loss

D.

Data dispersion

Buy Now
Questions 82

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.

Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

Options:

A.

Scan the code with a static code analyzer, change privileged user passwords, and provide security training.

B.

Change privileged usernames, review the OS logs, and deploy hardware tokens.

C.

Implement MFA, review the application logs, and deploy a WAF.

D.

Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

Buy Now
Questions 83

A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.

Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

Options:

A.

The company will have access to the latest version to continue development.

B.

The company will be able to force the third-party developer to continue support.

C.

The company will be able to manage the third-party developer’s development process.

D.

The company will be paid by the third-party developer to hire a new development team.

Buy Now
Questions 84

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

Which of the following historian server locations will allow the business to get the required reports in an ОТ and IT environment?

Options:

A.

In the ОТ environment, use a VPN from the IT environment into the ОТ environment.

B.

In the ОТ environment, allow IT traffic into the ОТ environment.

C.

In the IT environment, allow PLCs to send data from the ОТ environment to the IT environment.

D.

Use a screened subnet between the ОТ and IT environments.

Buy Now
Questions 85

A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.

Which of the following commands would be the BEST to run to view only active Internet connections?

Options:

A.

sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’

B.

sudo netstat -nlt -p | grep “ESTABLISHED”

C.

sudo netstat -plntu | grep -v “Foreign Address”

D.

sudo netstat -pnut -w | column -t -s $’\w’

E.

sudo netstat -pnut | grep -P ^tcp

Buy Now
Questions 86

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.

Which of the following will MOST likely secure the data on the lost device?

Options:

A.

Require a VPN to be active to access company data.

B.

Set up different profiles based on the person’s risk.

C.

Remotely wipe the device.

D.

Require MFA to access company applications.

Buy Now
Questions 87

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Options:

A.

Execute never

B.

No-execute

C.

Total memory encryption

D.

Virtual memory encryption

Buy Now
Questions 88

A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.

Which of the following would satisfy the requirement?

Options:

A.

NIDS

B.

NIPS

C.

WAF

D.

Reverse proxy

Buy Now
Questions 89

A company processes data subject to NDAs with partners that define the processing and storage constraints for the covered data. The agreements currently do not permit moving the covered data to the cloud, and the company would like to renegotiate the terms of the agreements.

Which of the following would MOST likely help the company gain consensus to move the data to the cloud?

Options:

A.

Designing data protection schemes to mitigate the risk of loss due to multitenancy

B.

Implementing redundant stores and services across diverse CSPs for high availability

C.

Emulating OS and hardware architectures to blur operations from CSP view

D.

Purchasing managed FIM services to alert on detected modifications to covered data

Buy Now
Questions 90

A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.

Which of the following would be BEST for the developer to perform? (Choose two.)

Options:

A.

Utilize code signing by a trusted third party.

B.

Implement certificate-based authentication.

C.

Verify MD5 hashes.

D.

Compress the program with a password.

E.

Encrypt with 3DES.

F.

Make the DACL read-only.

Buy Now
Questions 91

A CRM company leverages a CSP PaaS service to host and publish its SaaS product. Recently, a large customer requested that all infrastructure components must meet strict regulatory requirements, including configuration management, patch management, and life-cycle management. Which of the following organizations is responsible for ensuring those regulatory requirements are met?

Options:

A.

The CRM company

B.

The CRM company's customer

C.

The CSP

D.

The regulatory body

Buy Now
Questions 92

A security administrator is trying to securely provide public access to specific data from a web application. Clients who want to access the application will be required to:

• Only allow the POST and GET options.

• Transmit all data secured with TLS 1.2 or greater.

• Use specific URLs to access each type of data that is requested.

• Authenticate with a bearer token.

Which of the following should the security administrator recommend to meet these requirements?

Options:

A.

API gateway

B.

Application load balancer

C.

Web application firewall

D.

Reverse proxy

Buy Now
Questions 93

An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities. Which of the following service models best meets these requirements?

Options:

A.

PaaS

B.

SaaS

C.

laaS

D.

MaaS

Buy Now
Questions 94

The primary advantage of an organization creating and maintaining a vendor risk registry is to:

Options:

A.

define the risk assessment methodology.

B.

study a variety of risks and review the threat landscape.

C.

ensure that inventory of potential risk is maintained.

D.

ensure that all assets have low residual risk.

Buy Now
Questions 95

A security engineer is concerned about the threat of side-channel attacks The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from its normal operating range As a result, the part deteriorated more quickly than the mean time to failure A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the pan failed Which of the following solutions would be best to prevent a side-channel attack in the future?

Options:

A.

Installing online hardware sensors

B.

Air gapping important ICS and machines

C.

Implementing a HIDS

D.

Installing a SIEM agent on the endpoint

Buy Now
Questions 96

Which of the following is the primary reason that a risk practitioner determines the security boundary prior to conducting a risk assessment?

Options:

A.

To determine the scope of the risk assessment

B.

To determine the business owner(s) of the system

C.

To decide between conducting a quantitative or qualitative analysis

D.

To determine which laws and regulations apply

Buy Now
Questions 97

An organization wants to perform a scan of all its systems against best practice security configurations.

Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist format for fill automation? (Choose two.)

Options:

A.

ARF

B.

XCCDF

C.

CPE

D.

CVE

E.

CVSS

F.

OVAL

Buy Now
Questions 98

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

Options:

A.

Lattice-based cryptography

B.

Quantum computing

C.

Asymmetric cryptography

D.

Homomorphic encryption

Buy Now
Questions 99

A security engineer was auditing an organization’s current software development practice and discovered that multiple open-source libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops.

Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

Options:

A.

Perform additional SAST/DAST on the open-source libraries.

B.

Implement the SDLC security guidelines.

C.

Track the library versions and monitor the CVE website for related vulnerabilities.

D.

Perform unit testing of the open-source libraries.

Buy Now
Questions 100

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

The company can control what SaaS applications each individual user can access.

User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

Options:

A.

IAM gateway, MDM, and reverse proxy

B.

VPN, CASB, and secure web gateway

C.

SSL tunnel, DLP, and host-based firewall

D.

API gateway, UEM, and forward proxy

Buy Now
Questions 101

An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.

Which of the following is the MOST cost-effective solution?

Options:

A.

Move the server to a cloud provider.

B.

Change the operating system.

C.

Buy a new server and create an active-active cluster.

D.

Upgrade the server with a new one.

Buy Now
Questions 102

After a security incident, a network security engineer discovers that a portion of the company’s sensitive external traffic has been redirected through a secondary ISP that is not normally used.

Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

Options:

A.

Disable BGP and implement a single static route for each internal network.

B.

Implement a BGP route reflector.

C.

Implement an inbound BGP prefix list.

D.

Disable BGP and implement OSPF.

Buy Now
Questions 103

A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.

Which of the following techniques will MOST likely meet the business’s needs?

Options:

A.

Performing deep-packet inspection of all digital audio files

B.

Adding identifying filesystem metadata to the digital audio files

C.

Implementing steganography

D.

Purchasing and installing a DRM suite

Buy Now
Questions 104

UESTION NO: 36

Which of the following is a benefit of using steganalysis techniques in forensic response?

Options:

A.

Breaking a symmetric cipher used in secure voice communications

B.

Determining the frequency of unique attacks against DRM-protected media

C.

Maintaining chain of custody for acquired evidence

D.

Identifying least significant bit encoding of data in a .wav file

Buy Now
Questions 105

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.

Which of the following phases establishes the identification and prioritization of critical systems and functions?

Options:

A.

Review a recent gap analysis.

B.

Perform a cost-benefit analysis.

C.

Conduct a business impact analysis.

D.

Develop an exposure factor matrix.

Buy Now
Questions 106

A penetration tester discovers a condition that causes unexpected behavior in a web application. This results in the dump of the interpreter's debugging information, which includes the interpreter's version, full path of binary files, and the user ID running the process. Which of the following actions would best mitigate this risk?

Options:

A.

Include routines in the application for message handling

B.

Adopt a compiled programming language instead.

C.

Perform SAST vulnerability scans on every build.

D.

Validate user-generated input.

Buy Now
Questions 107

Which of the following provides the best solution for organizations that want to securely back up the MFA seeds for its employees in a central, offline location with minimal

management overhead?

Options:

A.

Key escrow service

B.

Secrets management

C.

Encrypted database

D.

Hardware security module

Buy Now
Questions 108

A company is in the process of refreshing its entire infrastructure The company has a business-critical process running on an old 2008 Windows server If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company should take?

Options:

A.

Accept the risk as the cost of doing business

B.

Create an organizational risk register for project prioritization

C.

Calculate the ALE and conduct a cost-benefit analysis

D.

Purchase insurance to offset the cost if a failure occurred

Buy Now
Questions 109

A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.

Which of the following encryption methods should the cloud security engineer select during the implementation phase?

Options:

A.

Instance-based

B.

Storage-based

C.

Proxy-based

D.

Array controller-based

Buy Now
Questions 110

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.

Which of the following actions would BEST address the potential risks by the activity in the logs?

Options:

A.

Alerting the misconfigured service account password

B.

Modifying the AllowUsers configuration directive

C.

Restricting external port 22 access

D.

Implementing host-key preferences

Buy Now
Questions 111

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.

Which of the following should the security team recommend FIRST?

Options:

A.

Investigating a potential threat identified in logs related to the identity management system

B.

Updating the identity management system to use discretionary access control

C.

Beginning research on two-factor authentication to later introduce into the identity management system

D.

Working with procurement and creating a requirements document to select a new IAM system/vendor

Buy Now
Questions 112

An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would BEST secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Options:

A.

Implement a VPN for all APIs.

B.

Sign the key with DSA.

C.

Deploy MFA for the service accounts.

D.

Utilize HMAC for the keys.

Buy Now
Questions 113

A security team is concerned with attacks that are taking advantage of return-oriented programming against the company's public-facing applications. Which of the following should the company implement on the public-facing servers?

Options:

A.

IDS

B.

ASLR

C.

TPM

D.

HSM

Buy Now
Questions 114

During the development process, the team identifies major components that need to be rewritten. As a result, the company hires a security consultant to help address major process issues. Which of the following should the consultant recommend to best prevent these issues from reoccurring in the future?

Options:

A.

Implementing a static analysis tool within the CI/CD system

B.

Configuring a dynamic application security testing tool

C.

Performing software composition analysis on all third-party components

D.

Utilizing a risk-based threat modeling approach on new projects

E.

Setting up an interactive application security testing tool

Buy Now
Questions 115

A SOC analyst received an alert about a potential compromise and is reviewing the following SIEM logs:

CAS-004 Question 115

Which of the following is the most appropriate action for the SOC analyst to recommend?

Options:

A.

Disabling account JDoe to prevent further lateral movement

B.

Isolating laptop314 from the network

C.

Alerting JDoe about the potential account compromise

D.

Creating HIPS and NIPS rules to prevent logins

Buy Now
Questions 116

A customer requires secure communication of subscribed web services at all times, but the company currently signs its own certificate requests to an internal CA. Which of the following approaches will best meet the customer's requirements?

Options:

A.

Generate a CSR to the local CA for email encryption.

B.

Submit a CSR for a wildcard certificate to a public CA.

C.

Request a software signing certificate from a public CA.

D.

Process a CSR for a server authentication certificate.

Buy Now
Questions 117

A company's software developers have indicated that the security team takes too long to perform application security tasks. A security analyst plans to improve the situation by implementing security into the SDLC. The developers have the following requirements:

1. The solution must be able to initiate SQL injection and reflected XSS attacks.

2. The solution must ensure the application is not susceptible to memory leaks.

Which of the following should be implemented to meet these requirements? (Select two).

Options:

A.

Side-channel analysis

B.

Protocol scanner

C.

HTTP interceptor

D.

DAST

E.

Fuzz testing

F.

SAST

G.

SCAP

Buy Now
Questions 118

A bank hired a security architect to improve its security measures against the latest threats The solution must meet the following requirements

• Recognize and block fake websites

• Decrypt and scan encrypted traffic on standard and non-standard ports

• Use multiple engines for detection and prevention

• Have central reporting

Which of the following is the BEST solution the security architect can propose?

Options:

A.

CASB

B.

Web filtering

C.

NGFW

D.

EDR

Buy Now
Questions 119

Device event logs sources from MDM software as follows:

CAS-004 Question 119

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

Options:

A.

Malicious installation of an application; change the MDM configuration to remove application ID 1220.

B.

Resource leak; recover the device for analysis and clean up the local storage.

C.

Impossible travel; disable the device’s account and access while investigating.

D.

Falsified status reporting; remotely wipe the device.

Buy Now
Questions 120

Which of the following are risks associated with vendor lock-in? (Choose two.)

Options:

A.

The client can seamlessly move data.

B.

The vendor can change product offerings.

C.

The client receives a sufficient level of service.

D.

The client experiences decreased quality of service.

E.

The client can leverage a multicloud approach.

F.

The client experiences increased interoperability.

Buy Now
Questions 121

A security analyst runs a vulnerability scan on a network administrator's workstation The network administrator has direct administrative access to the company's SSO web portal The vulnerability scan uncovers cntical vulnerabilities with equally high CVSS scores for the user's browser, OS, email client and an offline password manager Which of the following should the security analyst patch FIRST?

Options:

A.

Email client

B.

Password manager

C.

Browser

D.

OS

Buy Now
Questions 122

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

The technician will define this threat as:

Options:

A.

a decrypting RSA using obsolete and weakened encryption attack.

B.

a zero-day attack.

C.

an advanced persistent threat.

D.

an on-path attack.

Buy Now
Questions 123

A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.

Which of the following would be BEST to proceed with the transformation?

Options:

A.

An on-premises solution as a backup

B.

A load balancer with a round-robin configuration

C.

A multicloud provider solution

D.

An active-active solution within the same tenant

Buy Now
Questions 124

An analyst needs to evaluate all images and documents that are publicly shared on a website. Which of the following would be the best tool to evaluate the metadata of these files?

Options:

A.

OllyDbg

B.

ExifTool

C.

Volatility

D.

Ghidra

Buy Now
Questions 125

A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program Which of the following will BEST accomplish the company's objectives?

Options:

A.

RASP

B.

SAST

C.

WAF

D.

CMS

Buy Now
Questions 126

A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

CAS-004 Question 126

Which of the following would BEST mitigate this vulnerability?

Options:

A.

CAPTCHA

B.

Input validation

C.

Data encoding

D.

Network intrusion prevention

Buy Now
Questions 127

A security analyst is reviewing the following output:

CAS-004 Question 127

Which of the following would BEST mitigate this type of attack?

Options:

A.

Installing a network firewall

B.

Placing a WAF inline

C.

Implementing an IDS

D.

Deploying a honeypot

Buy Now
Questions 128

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications and the ability to move corporate data between those applications. The security team has concerns about the following:

Unstructured data being exfiltrated after an employee leaves the organization

Data being exfiltrated as a result of compromised credentials

Sensitive information in emails being exfiltrated

Which of the following solutions should the security team implement to mitigate the risk of data loss?

Options:

A.

Mobile device management, remote wipe, and data loss detection

B.

Conditional access, DoH, and full disk encryption

C.

Mobile application management, MFA, and DRM

D.

Certificates, DLP, and geofencing

Buy Now
Questions 129

A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.

Which of the following does the business’s IT manager need to consider?

Options:

A.

The availability of personal data

B.

The right to personal data erasure

C.

The company’s annual revenue

D.

The language of the web application

Buy Now
Questions 130

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:

Unauthorized insertions into application development environments

Authorized insiders making unauthorized changes to environment configurations

Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

Options:

A.

Perform static code analysis of committed code and generate summary reports.

B.

Implement an XML gateway and monitor for policy violations.

C.

Monitor dependency management tools and report on susceptible third-party libraries.

D.

Install an IDS on the development subnet and passively monitor for vulnerable services.

E.

Model user behavior and monitor for deviations from normal.

F.

Continuously monitor code commits to repositories and generate summary logs.

Buy Now
Questions 131

A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?

Options:

A.

Develop an Nmap plug-in to detect the indicator of compromise.

B.

Update the organization's group policy.

C.

Include the signature in the vulnerability scanning tool.

D.

Deliver an updated threat signature throughout the EDR system

Buy Now
Questions 132

A software company is developing an application in which data must be encrypted with a cipher that requires the following:

* Initialization vector

* Low latency

* Suitable for streaming

Which of the following ciphers should the company use?

Options:

A.

Cipher feedback

B.

Cipher block chaining message authentication code

C.

Cipher block chaining

D.

Electronic codebook

Buy Now
Questions 133

A security engineer performed an assessment on a recently deployed web application. The engineer was able to exfiltration a company report by visiting the following URL:

www.intranet.abc.com/get-files.jsp?file=report.pdf

Which of the following mitigation techniques would be BEST for the security engineer to recommend?

Options:

A.

Input validation

B.

Firewall

C.

WAF

D.

DLP

Buy Now
Questions 134

A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost. Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?

Options:

A.

Resource exhaustion

B.

Geographic location

C.

Control plane breach

D.

Vendor lock-in

Buy Now
Questions 135

A company has decided that only administrators are permitted to use PowerShell on their Windows computers. Which of the following is the BEST way for an administrator to implement this decision?

Options:

A.

Monitor the Application and Services Logs group within Windows Event Log.

B.

Uninstall PowerSheII from all workstations.

C.

Configure user settings in Group Policy.

D.

Provide user education and training.

E.

Block PowerSheII via HIDS.

Buy Now
Questions 136

A security manager has written an incident response playbook for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook?

Options:

A.

Automated vulnerability scanning

B.

Centralized logging, data analytics, and visualization

C.

Threat hunting

D.

Threat emulation

Buy Now
Questions 137

A software development company is building a new mobile application for its social media platform. The company wants to gain its users' trust by reducing the risk of on-path attacks between the mobile

client and its servers and by implementing stronger digital trust. To support users' trust, the company has released the following internal guidelines:

• Mobile clients should verify the identity of all social media servers locally.

• Social media servers should improve TLS performance of their certificate status

• Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Buy Now
Questions 138

A cloud security architect has been tasked with finding a solution for hardening VMS. The solution must meet the following requirements:

• Data needs to be stored outside of the VMS.

• No unauthorized modifications to the VMS are allowed

• If a change needs to be done, a new VM needs to be deployed.

Which of the following is the BEST solution?

Options:

A.

Immutable system

B.

Data loss prevention

C.

Storage area network

D.

Baseline template

Buy Now
Questions 139

A security analyst is reviewing a new IOC in which data is injected into an online process. The IOC shows the data injection could happen in the following ways:

• Five numerical digits followed by a dash, followed by four numerical digits; or

• Five numerical digits

When one of these IOCs is identified, the online process stops working. Which of the following regular expressions should be implemented in the NIPS?

Options:

A.

^\d{4}(-\d{5})?$

B.

^\d{5}(-\d{4})?$

C.

^\d{5-4}$

D.

^\d{9}$

Buy Now
Questions 140

A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

• The PostgreSQL server must only allow connectivity in the 10.1.2.0/24

subnet.

• The SSH daemon on the database server must be configured to listen

to port 4022.

• The SSH daemon must only accept connections from a Single

workstation.

• All host-based firewalls must be disabled on all workstations.

• All devices must have the latest updates from within the past eight

days.

• All HDDs must be configured to secure data at rest.

• Cleartext services are not allowed.

• All devices must be hardened when possible.

Instructions:

Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.

Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA ssh

CAS-004 Question 140

WAP A

CAS-004 Question 140

PC A

CAS-004 Question 140

Laptop A

CAS-004 Question 140

Switch A

CAS-004 Question 140

Switch B:

CAS-004 Question 140

Laptop B

CAS-004 Question 140

PC B

CAS-004 Question 140

PC C

CAS-004 Question 140

Server A

CAS-004 Question 140

CAS-004 Question 140

CAS-004 Question 140

CAS-004 Question 140

CAS-004 Question 140

Options:

Buy Now
Questions 141

In comparison with traditional on-premises infrastructure configurations, defining ACLs in a CSP relies on:

Options:

A.

cloud-native applications.

B.

containerization.

C.

serverless configurations.

D.

software-defined netWorking.

E.

secure access service edge.

Buy Now
Questions 142

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the timeof the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

Options:

A.

Software Decomplier

B.

Network enurrerator

C.

Log reduction and analysis tool

D.

Static code analysis

Buy Now
Questions 143

Based on PCI DSS v3.4, One Particular database field can store data, but the data must be unreadable. which of the following data objects meets this requirement?

Options:

A.

PAN

B.

CVV2

C.

Cardholder name

D.

expiration date

Buy Now
Questions 144

A company security engineer arrives at work to face the following scenario:

1) Website defacement

2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand

3) A Job offer from the company's competitor

4) A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data

Which of the following threat actors Is MOST likely involved?

Options:

A.

Organized crime

B.

Script kiddie

C.

APT/nation-state

D.

Competitor

Buy Now
Questions 145

As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.

Which of the following BEST describes this kind of risk response?

Options:

A.

Risk rejection

B.

Risk mitigation

C.

Risk transference

D.

Risk avoidance

Buy Now
Questions 146

A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.

Which of the following techniques would BEST support this?

Options:

A.

Configuring systemd services to run automatically at startup

B.

Creating a backdoor

C.

Exploiting an arbitrary code execution exploit

D.

Moving laterally to a more authoritative server/service

Buy Now
Questions 147

A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

CAS-004 Question 147

Which of the following MOST appropriate corrective action to document for this finding?

Options:

A.

The product owner should perform a business impact assessment regarding the ability to implement a WAF.

B.

The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

C.

The system administrator should evaluate dependencies and perform upgrade as necessary.

D.

The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

Buy Now
Questions 148

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.

Which of the following should the organization perform NEXT?

Options:

A.

Assess the residual risk.

B.

Update the organization’s threat model.

C.

Move to the next risk in the register.

D.

Recalculate the magnitude of impact.

Buy Now
Questions 149

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data. Which of the following commands should the analyst run tobestdetermine whether financial data was lost?

Options:

A.

grep -v '^4[0-9]{12}(?:[0-9]{3})?$' file

B.

grep '^4[0-9]{12}(?:[0-9]{3})?$' file

C.

grep '^6(?:011|5[0-9]{2})[0-9]{12}?' file

D.

grep -v '^6(?:011|5[0-9]{2})[0-9]{12}?' file

Buy Now
Questions 150

An HVAC contractor requested network connectivity permission to remotely support/troubleshoot equipment issues at a company location. Currently, the company does not have a process that allows vendors remote access to the corporate network Which of the following solutions represents the BEST course of action to allow the contractor access?

Options:

A.

Add the vendor's equipment to the existing network Give the vendor access through the standard corporate VPN

B.

Give the vendor a standard desktop PC to attach the equipment to Give the vendor access through the standard corporate VPN

C.

Establish a certification process for the vendor Allow certified vendors access to the VDI to monitor and maintain the HVAC equipment

D.

Create a dedicated segment with no access to the corporate network Implement dedicated VPN hardware for vendor access

Buy Now
Questions 151

city government's IT director was notified by the City council that the following cybersecurity requirements must be met to be awarded a large federal grant:

+ Logs for all critical devices must be retained for 365 days to enable monitoring and threat hunting.

+ All privileged user access must be tightly controlled and tracked to mitigate compromised accounts.

+ Ransomware threats and zero-day vulnerabilities must be quickly identified.

Which of the following technologies would BEST satisfy these requirements? (Select THREE).

Options:

A.

Endpoint protection

B.

Log aggregator

C.

Zero trust network access

D.

PAM

E.

Cloud sandbox

F.

SIEM

G.

NGFW

Buy Now
Questions 152

An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack?

Options:

A.

A turbine would overheat and cause physical harm.

B.

The engineers would need to go to the historian.

C.

The SCADA equipment could not be maintained.

D.

Data would be exfiltrated through the data diodes.

Buy Now
Questions 153

Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?

Options:

A.

The image must be password protected against changes.

B.

A hash value of the image must be computed.

C.

The disk containing the image must be placed in a seated container.

D.

A duplicate copy of the image must be maintained

Buy Now
Questions 154

Users are claiming that a web server is not accessible. A security engineer logs for the site. The engineer connects to the server and runs netstat -an and receives the following output:

CAS-004 Question 154 Which of the following is MOST likely happening to the server?

Options:

A.

Port scanning

B.

ARP spoofing

C.

Buffer overflow

D.

Denial of service

Buy Now
Questions 155

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

Options:

A.

laaS

B.

SaaS

C.

FaaS

D.

PaaS

Buy Now
Questions 156

An auditor needs to scan documents at rest for sensitive text. These documents contain both text and Images. Which of the following software functionalities must be enabled in the DLP solution for the auditor to be able to fully read these documents? (Select TWO).

Options:

A.

Document interpolation

B.

Regular expression pattern matching

C.

Optical character recognition functionality

D.

Baseline image matching

E.

Advanced rasterization

F.

Watermarking

Buy Now
Questions 157

A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.

Which of the following solutions does this describe?

Options:

A.

Full tunneling

B.

Asymmetric routing

C.

SSH tunneling

D.

Split tunneling

Buy Now
Questions 158

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

CAS-004 Question 158

The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

CAS-004 Question 158

Which of the following is an appropriate security control the company should implement?

Options:

A.

Restrict directory permission to read-only access.

B.

Use server-side processing to avoid XSS vulnerabilities in path input.

C.

Separate the items in the system call to prevent command injection.

D.

Parameterize a query in the path variable to prevent SQL injection.

Buy Now
Questions 159

A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website containing a ‘’Contact US’’ form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential incident. Which of the following would BEST assist the analyst?

Options:

A.

Ensuring proper input validation is configured on the ‘’Contact US’’ form

B.

Deploy a WAF in front of the public website

C.

Checking for new rules from the inbound network IPS vendor

D.

Running the website log files through a log reduction and analysis tool

Buy Now
Questions 160

A threat analyst notices the following URL while going through the HTTP logs.

CAS-004 Question 160

Which of the following attack types is the threat analyst seeing?

Options:

A.

SQL injection

B.

CSRF

C.

Session hijacking

D.

XSS

Buy Now
Questions 161

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment’s notice.

Which of the following should the organization consider FIRST to address this requirement?

Options:

A.

Implement a change management plan to ensure systems are using the appropriate versions.

B.

Hire additional on-call staff to be deployed if an event occurs.

C.

Design an appropriate warm site for business continuity.

D.

Identify critical business processes and determine associated software and hardware requirements.

Buy Now
Questions 162

A software company wants to build a platform by integrating with another company's established product. Which of the following provisions would be MOST important to include when drafting an agreement between the two companies?

Options:

A.

Data sovereignty

B.

Shared responsibility

C.

Source code escrow

D.

Safe harbor considerations

Buy Now
Questions 163

A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.

Which of the following systems should the consultant review before making a recommendation?

Options:

A.

CAN

B.

ASIC

C.

FPGA

D.

SCADA

Buy Now
Questions 164

A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who are no longer with the organization. The legal department provided the security team with a list of search terms to investigate.

This is an example of:

Options:

A.

due intelligence

B.

e-discovery.

C.

due care.

D.

legal hold.

Buy Now
Questions 165

An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization’s headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:

Low latency for all mobile users to improve the users’ experience

SSL offloading to improve web server performance

Protection against DoS and DDoS attacks

High availability

Which of the following should the organization implement to BEST ensure all requirements are met?

Options:

A.

A cache server farm in its datacenter

B.

A load-balanced group of reverse proxy servers with SSL acceleration

C.

A CDN with the origin set to its datacenter

D.

Dual gigabit-speed Internet connections with managed DDoS prevention

Buy Now
Questions 166

A recent data breach stemmed from unauthorized access to an employee’s company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.

Which of the following BEST mitigates inappropriate access and permissions issues?

Options:

A.

SIEM

B.

CASB

C.

WAF

D.

SOAR

Buy Now
Questions 167

The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?

Options:

A.

Root cause analysis

B.

Continuity of operations plan

C.

After-action report

D.

Lessons learned

Buy Now
Questions 168

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:

- Protection from DoS attacks against its infrastructure and web applications is in place.

- Highly available and distributed DNS is implemented.

- Static content is cached in the CDN.

- A WAF is deployed inline and is in block mode.

- Multiple public clouds are utilized in an active-passive architecture.

With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?

Options:

A.

The public cloud provider is applying QoS to the inbound customer traffic.

B.

The API gateway endpoints are being directly targeted.

C.

The site is experiencing a brute-force credential attack.

D.

A DDoS attack is targeted at the CDN.

Buy Now
Questions 169

A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking variouscustomer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.

Which of the following should a security architect recommend?

Options:

A.

A DLP program to identify which files have customer data and delete them

B.

An ERP program to identify which processes need to be tracked

C.

A CMDB to report on systems that are not configured to security baselines

D.

A CRM application to consolidate the data and provision access based on the process and need

Buy Now
Questions 170

An enterprise is undergoing an audit to review change management activities when promoting code to production. The audit reveals the following:

• Some developers can directly publish code to the production environment.

• Static code reviews are performed adequately.

• Vulnerability scanning occurs on a regularly scheduled basis per policy.

Which of the following should be noted as a recommendation within the audit report?

Options:

A.

Implement short maintenance windows.

B.

Perform periodic account reviews.

C.

Implement job rotation.

D.

Improve separation of duties.

Buy Now
Questions 171

A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.

* Transactions being required by unauthorized individual

* Complete discretion regarding client names, account numbers, and investment information.

* Malicious attacker using email to distribute malware and ransom ware.

* Exfiltration of sensitivity company information.

The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board’s concerns for this email migration?

Options:

A.

Data loss prevention

B.

Endpoint detection response

C.

SSL VPN

D.

Application whitelisting

Buy Now
Questions 172

A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation?

Options:

A.

Loss of governance

B.

Vendor lockout

C.

Compliance risk

D.

Vendor lock-in

Buy Now
Questions 173

A system administrator at a medical imaging company discovers protected health information (PHI) on a general-purpose file server. Which of the following steps should the administrator take NEXT?

Options:

A.

Isolate all of the PHI on its own VLAN and keep it segregated at Layer 2.

B.

Take an MD5 hash of the server.

C.

Delete all PHI from the network until the legal department is consulted.

D.

Consult the legal department to determine the legal requirements.

Buy Now
Questions 174

A security administrator has been tasked with hardening a domain controller against lateral movement attacks. Below is an output of running services:

CAS-004 Question 174

Which of the following configuration changes must be made to complete this task?

Options:

A.

Stop the Print Spooler service and set the startup type to disabled.

B.

Stop the DNS Server service and set the startup type to disabled.

C.

Stop the Active Directory Web Services service and set the startup type to disabled.

D.

Stop Credential Manager service and leave the startup type to disabled.

Buy Now
Questions 175

A company Invested a total of $10 million lor a new storage solution Installed across live on-site datacenters. Fitly percent of the cost of this Investment was for solid-state storage. Due to thehigh rate of wear on this storage, the company Is estimating that 5% will need to be replaced per year. Which of the following is the ALE due to storage replacement?

Options:

A.

$50,000

B.

$125,000

C.

$250,000

D.

$500.000

E.

$51,000,000

Buy Now
Questions 176

A company requires a task to be carried by more than one person concurrently. This is an example of:

Options:

A.

separation of d duties.

B.

dual control

C.

least privilege

D.

job rotation

Buy Now
Questions 177

A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

CAS-004 Question 177

Which of the following would BEST mitigate this vulnerability?

Options:

A.

Network intrusion prevention

B.

Data encoding

C.

Input validation

D.

CAPTCHA

Buy Now
Questions 178

A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

Options:

A.

InherentLow

B.

Mitigated

C.

Residual

D.

Transferred

Buy Now
Questions 179

Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?

Options:

A.

SLA

B.

BIA

C.

BCM

D.

BCP

E.

RTO

Buy Now
Questions 180

A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials. Which of the following features will enable the business to meet this objective?

Options:

A.

Simultaneous Authentication of Equals

B.

Enhanced open

C.

Perfect forward secrecy

D.

Extensible Authentication Protocol

Buy Now
Questions 181

A financial institution has several that currently employ the following controls:

* The severs follow a monthly patching cycle.

* All changes must go through a change management process.

* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.

* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.

An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

Options:

A.

Require more than one approver for all change management requests.

B.

Implement file integrity monitoring with automated alerts on the servers.

C.

Disable automatic patch update capabilities on the servers

D.

Enhanced audit logging on the jump servers and ship the logs to the SIEM.

Buy Now
Questions 182

A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?

Options:

A.

Turn off the infected host immediately.

B.

Run a full anti-malware scan on the infected host.

C.

Modify the smb.conf file of the host to prevent outgoing SMB connections.

D.

Isolate the infected host from the network by removing all network connections.

Buy Now
Questions 183

Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a better picture of the risk while adhering to the organization's policy?

Options:

A.

Align the exploitability metrics to the predetermined system categorization.

B.

Align the remediation levels to the predetermined system categorization.

C.

Align the impact subscore requirements to the predetermined system categorization.

D.

Align the attack vectors to the predetermined system categorization.

Buy Now
Questions 184

A Chief information Security Officer (CISO) has launched to create a rebuts BCP/DR plan for the entire company. As part of the initiative , the security team must gather data supporting s operational importance for the applications used by the business and determine the order in which the application must be back online. Which of the following be the FIRST step taken by the team?

Options:

A.

Perform a review of all policies an procedures related to BGP a and DR and created an educated educational module that can be assigned to at employees to provide training on BCP/DR events.

B.

Create an SLA for each application that states when the application will come back online and distribute this information to the business units.

C.

Have each business unit conduct a BIA and categories the application according to the cumulative data gathered.

D.

Implement replication of all servers and application data to back up detacenters that are geographically from the central datacenter and release an upload BPA to all clients.

Buy Now
Questions 185

A cybersecurity analyst discovered a private key that could have been exposed.

Which of the following is the BEST way for the analyst to determine if the key has been compromised?

Options:

A.

HSTS

B.

CRL

C.

CSRs

D.

OCSP

Buy Now
Exam Code: CAS-004
Exam Name: CompTIA SecurityX Certification Exam
Last Update: Jun 27, 2025
Questions: 619

PDF + Testing Engine

$63.52  $181.49

Testing Engine

$50.57  $144.49
buy now CAS-004 testing engine

PDF (Q&A)

$43.57  $124.49
buy now CAS-004 pdf