Practice Free CAS-004 Exam Online Questions
A user in the finance department uses a laptop to store a spreadsheet that contains confidential financial information for the company.
Which of the following would be the best way to protect the file while the user brings the laptop between locations? (Select two).
- A . Encrypt the hard drive with full disk encryption.
- B . Back up the file to an encrypted flash drive.
- C . Place an ACL on the file to only allow access to specified users.
- D . Store the file in the user profile.
- E . Place an ACL on the file to deny access to everyone.
- F . Enable access logging on the file.
A,B
Explanation:
To protect confidential financial information on a laptop that is frequently moved between locations, full disk encryption (FDE) is a strong security measure that ensures that all data on the hard drive is encrypted. This means that if the laptop is lost or stolen, the data remains inaccessible without the encryption key. Additionally, backing up the file to an encrypted flash drive provides an extra layer of security and ensures that there is a secure copy of the file in case the laptop is compromised.
A security manager wants to transition the organization to a zero trust architecture. To meet this requirement, the security manager has instructed administrators to remove trusted zones, role-based access, and one-time authentication.
Which of the following will need to be implemented to achieve this objective? (Select THREE).
- A . Least privilege
- B . VPN
- C . Policy automation
- D . PKI
- E . Firewall
- F . Continuous validation
- G . Continuous integration
- H . laas
A,C,F
Explanation:
Least privilege, policy automation, and continuous validation are some of the key elements that need to be implemented to achieve the objective of transitioning to a zero trust architecture. Zero trust architecture is a security model that assumes no implicit trust for any entity or resource, regardless of their location or ownership. Zero trust architecture requires verifying every request and transaction before granting access or allowing data transfer. Zero trust architecture also requires minimizing the attack surface and reducing the risk of lateral movement by attackers.
A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack.
A security analyst is reviewing the following web server configuration:
Which of the following ciphers should the security analyst remove to support the business requirements?
- A . TLS_AES_128_CCM_8_SHA256
- B . TLS_DHE_DSS_WITH_RC4_128_SHA
- C . TLS_CHACHA20_POLY1305_SHA256
- D . TLS_AES_128_GCM_SHA256
B
Explanation:
The security analyst should remove the cipher TLS_DHE_DSS_WITH_RC4_128_SHA to support the business requirements, as it is considered weak and vulnerable to on-path attacks. RC4 is an outdated stream cipher that has been deprecated by major browsers and protocols due to its flaws and weaknesses. The other ciphers are more secure and compliant with secure-by-design principles and PCI DSS.
Verified Reference:
https://www.comptia.org/blog/what-is-a-cipher
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities.
Which of the following service models best meets these requirements?
- A . PaaS
- B . SaaS
- C . laaS
- D . MaaS
A
Explanation:
In this scenario, the organization is looking to deploy a containerized application in the cloud and wants the infrastructure to automatically scale without handling patch management. A Platform as a Service (PaaS) model is the best fit because it allows developers to focus on the application and its deployment, while the cloud provider manages the underlying infrastructure, including patching and scaling. PaaS supports container orchestration, enabling automated scaling based on demand, and offloads most operational responsibilities to the provider. This is in contrast to Infrastructure as a Service (IaaS), which requires more direct management of the infrastructure, including patching.
CASP+ highlights PaaS as a service model that minimizes operational overhead for security operations teams.
Reference: CASP+ CAS-004 Exam Objectives: Domain 3.0 C Enterprise Security Architecture (Cloud Service Models)
CompTIA CASP+ Study Guide: Cloud Computing and PaaS Benefits
Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the analyst notices certain ratings are not aligned with the approved system categorization.
Which of the following can the analyst do to get a better picture of the risk while adhering to the organization’s policy?
- A . Align the exploitability metrics to the predetermined system categorization.
- B . Align the remediation levels to the predetermined system categorization.
- C . Align the impact subscore requirements to the predetermined system categorization.
- D . Align the attack vectors to the predetermined system categorization.
C
Explanation:
Aligning the impact subscore requirements to the predetermined system categorization can help the analyst get a better picture of the risk while adhering to the organization’s policy. The impact subscore is one of the components of the CVSS base score, which reflects the severity of a vulnerability. The impact subscore is calculated based on three metrics: confidentiality, integrity, and availability. These metrics can be adjusted according to the system categorization, which defines the security objectives and requirements for a system based on its potential impact on an organization’s operations and assets. By aligning the impact subscore requirements to the system categorization, the analyst can ensure that the CVSS scores reflect the true impact of a vulnerability on a specific system and prioritize remediation accordingly.
The general counsel at an organization has received written notice of upcoming litigation. The general counsel has issued a legal records hold.
Which of the following actions should the organization take to comply with the request?
- A . Preserve all communication matching the requested search terms
- B . Block communication with the customer while litigation is ongoing
- C . Require employees to be trained on legal record holds
- D . Request that all users do not delete any files
A
Explanation:
When a legal records hold is issued, the organization is required to preserve all documents and communications that may relate to the litigation. This includes emails, files, and any other form of communication that contains the requested search terms. It is a process of ensuring that this information is not deleted, altered, or otherwise tampered with.
A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops.
The company would like to prioritize defenses against the following attack scenarios:
Unauthorized insertions into application development environments Authorized insiders making unauthorized changes to environment configurations
Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)
- A . Perform static code analysis of committed code and generate summary reports.
- B . Implement an XML gateway and monitor for policy violations.
- C . Monitor dependency management tools and report on susceptible third-party libraries.
- D . Install an IDS on the development subnet and passively monitor for vulnerable services.
- E . Model user behavior and monitor for deviations from normal.
- F . Continuously monitor code commits to repositories and generate summary logs.
E,F
Explanation:
Modeling user behavior and monitoring for deviations from normal and continuously monitoring code commits to repositories and generating summary logs are actions that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations. Modeling user behavior and monitoring for deviations from normal is a technique that uses baselines, analytics, machine learning, or other methods to establish normal patterns of user activity and identify anomalies or outliers that could indicate malicious or suspicious behavior. Modeling user behavior and monitoring for deviations from normal can help detect unauthorized insertions into application development environments, as it can alert on unusual or unauthorized access attempts, commands, actions, or transactions by users. Continuously monitoring code commits to repositories and generating summary logs is a technique that uses tools, scripts, automation, or other methods to track and record changes made to code repositories by developers, testers, reviewers, or other parties involved in the software development process. Continuously monitoring code commits to repositories and generating summary logs can help detect authorized insiders making unauthorized changes to environment configurations, as it can audit and verify the source, time, reason, and impact of code changes made by authorized users. Performing static code analysis of committed code and generate summary reports is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, but an action that will enable the data feeds needed to detect vulnerabilities, errors, bugs, or quality issues in committed code. Implementing an XML gateway and monitor for policy violations is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, but an action that will enable the data feeds needed to protect XML-based web services from threats or attacks by validating XML messages against predefined policies. Monitoring dependency management tools and report on susceptible third-party libraries is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, but an action that will enable the data feeds needed to identify outdated or vulnerable third-party libraries used in software development projects. Installing an IDS (intrusion detection system) on the development subnet and passively monitor for vulnerable services is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes
A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops.
The company would like to prioritize defenses against the following attack scenarios:
Unauthorized insertions into application development environments Authorized insiders making unauthorized changes to environment configurations
Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)
- A . Perform static code analysis of committed code and generate summary reports.
- B . Implement an XML gateway and monitor for policy violations.
- C . Monitor dependency management tools and report on susceptible third-party libraries.
- D . Install an IDS on the development subnet and passively monitor for vulnerable services.
- E . Model user behavior and monitor for deviations from normal.
- F . Continuously monitor code commits to repositories and generate summary logs.
E,F
Explanation:
Modeling user behavior and monitoring for deviations from normal and continuously monitoring code commits to repositories and generating summary logs are actions that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations. Modeling user behavior and monitoring for deviations from normal is a technique that uses baselines, analytics, machine learning, or other methods to establish normal patterns of user activity and identify anomalies or outliers that could indicate malicious or suspicious behavior. Modeling user behavior and monitoring for deviations from normal can help detect unauthorized insertions into application development environments, as it can alert on unusual or unauthorized access attempts, commands, actions, or transactions by users. Continuously monitoring code commits to repositories and generating summary logs is a technique that uses tools, scripts, automation, or other methods to track and record changes made to code repositories by developers, testers, reviewers, or other parties involved in the software development process. Continuously monitoring code commits to repositories and generating summary logs can help detect authorized insiders making unauthorized changes to environment configurations, as it can audit and verify the source, time, reason, and impact of code changes made by authorized users. Performing static code analysis of committed code and generate summary reports is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, but an action that will enable the data feeds needed to detect vulnerabilities, errors, bugs, or quality issues in committed code. Implementing an XML gateway and monitor for policy violations is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, but an action that will enable the data feeds needed to protect XML-based web services from threats or attacks by validating XML messages against predefined policies. Monitoring dependency management tools and report on susceptible third-party libraries is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes to environment configurations, but an action that will enable the data feeds needed to identify outdated or vulnerable third-party libraries used in software development projects. Installing an IDS (intrusion detection system) on the development subnet and passively monitor for vulnerable services is not an action that will enable the data feeds needed to detect unauthorized insertions into application development environments and authorized insiders making unauthorized changes
The Chief information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices.
Which of the following should the CIO implement to achieve this goal?
- A . BYOO
- B . CYOD
- C . COPE
- D . MDM
D
Explanation:
Problem Statement:
The CIO needs a solution that:
Supports enterprise mobility (employees accessing resources from various devices).
Allows enforcement of configuration settings.
Enables data managementanddevice managementfor bothcompany-owned and personal devices.
Why the Correct Answer is D (MDM – Mobile Device Management):
MDM (Mobile Device Management) is a comprehensive solution that:
Manages both corporate and personal devicesby enrolling them into a centralized system.
Enforcesconfiguration policies, such aspassword policies, encryption settings, and app restrictions.
Providesremote management capabilitieslikewipe, lock, or locatein case of theft or loss.
Supportsdata separationon personal devices through containerization.
MDM tools can integrate with BYOD, CYOD, and COPE policiesto providegranular controlregardless of device ownership.
Popular MDM solutions include:
Microsoft Intune
VMware Workspace ONE
MobileIron
Why the Other Options Are Incorrect:
A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders.
Which of the following techniques would the company use to evaluate data confidentiality controls?
- A . Eavesdropping
- B . On-path
- C . Cryptanalysis
- D . Code signing
- E . RF sidelobe sniffing