Practice Free CAS-004 Exam Online Questions
A company suspects a web server may have been infiltrated by a rival corporation.
The security engineer reviews the web server logs and finds the following:
The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:
Which of the following is an appropriate security control the company should implement?
- A . Restrict directory permission to read-only access.
- B . Use server-side processing to avoid XSS vulnerabilities in path input.
- C . Separate the items in the system call to prevent command injection.
- D . Parameterize a query in the path variable to prevent SQL injection.
C
Explanation:
The company using the wrong port is the most likely root cause of why secure LDAP is not working. Secure LDAP is a protocol that provides secure communication between clients and servers using LDAP (Lightweight Directory Access Protocol), which is a protocol that allows querying and modifying directory services over TCP/IP. Secure LDAP uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) to encrypt LDAP traffic and prevent unauthorized disclosure or interception.
In a cloud environment, the provider offers relief to an organization’s teams by sharing in many of the operational duties.
In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?
- A . Application-specific data assets
- B . Application user access management
- C . Application-specific logic and code
- D . Application/platform software
D
Explanation:
In a PaaS implementation, the provider offers relief to the organization’s teams by sharing in many of the operational duties related to the application/platform software. The provider is responsible for securing and maintaining the underlying infrastructure, operating systems, middleware, runtime environments, and other software components that support the platform and the applications running on it. The provider also handles tasks such as patching, updating, scaling, and backing up the platform software.
An organization needs to classify its systems and data in accordance with external requirements.
Which of the following roles is best qualified to perform this task?
- A . Systems administrator
- B . Data owner
- C . Data processor
- D . Data custodian
- E . Data steward
B
Explanation:
The data owner is best qualified to classify systems and data in accordance with external requirements. The data owner is responsible for determining how data should be classified based on its sensitivity, value, and regulatory requirements. They have the authority to decide on classification levels such as public, confidential, or secret, and ensure compliance with external standards. Other roles, like data custodians or processors, support the implementation of data management, but the data owner has the final responsibility for classification. CASP+ highlights the role of data owners in determining data classification and ensuring compliance with external requirements.
Reference: CASP+ CAS-004 Exam Objectives: Domain 1.0 C Risk Management (Data Classification and Data Owner Responsibilities)
CompTIA CASP+ Study Guide: Data Classification and Governance Responsibilities of the Data Owner
Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?
- A . Remote provider BCDR
- B . Cloud provider BCDR
- C . Alternative provider BCDR
- D . Primary provider BCDR
An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information.
Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?
- A . NIST
- B . GDPR
- C . PCI DSS
- D . ISO
C
Explanation:
PCI DSS (Payment Card Industry Data Security Standard) is a standard that provides the best guidance for protecting credit card information while it is at rest and in transit. PCI DSS is a standard that defines the security requirements and best practices for organizations that process, store, or transmit credit card information, such as merchants, service providers, or acquirers. PCIDSS aims to protect the confidentiality, integrity, and availability of credit card information and prevent fraud or identity theft. NIST (National Institute of Standards and Technology) is not a standard that provides the best guidance for protecting credit card information, but an agency that develops standards, guidelines, and recommendations for various fields of science and technology, including cybersecurity. GDPR (General Data Protection Regulation) is not a standard that provides the best guidance for protecting credit card information, but a regulation that defines the data protection and privacy rights and obligations for individuals and organizations in the European Union or the European Economic Area. ISO (International Organization for Standardization) is not a standard that provides the best guidance for protecting credit card information, but an organization that develops standards for various fields of science and technology, including information security.
Verified Reference:
https://www.comptia.org/blog/what-is-pci-dss
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
A security consultant has been asked to recommend a secure network design that would:
• Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.
• Limit operational disruptions.
Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?
- A . Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.
- B . Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.
- C . Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.
- D . Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.
D
Explanation:
OPC (Open Platform Communications) and Modbus are two common protocols used for industrial control systems (ICS). OPC is a standard that allows different devices and applications to exchange data in a vendor-neutral way. Modbus is a serial communication protocol that enables devices to send and receive commands and data over a network. Modbus has two variants: Modbus TCP/IP, which uses TCP port 502 for communication, and Modbus RTU/ASCII, which uses serial ports.
To allow an OPC server to communicate with a Modbus server that is controlling electrical relays, the security engineer should recommend restricting inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.
This configuration would:
Permit the OPC server to send commands and data to the Modbus server using Modbus TCP/IP protocol over port 502.
Limit operational disruptions, by preventing unauthorized or malicious access to the Modbus server from other sources.
Due to the limitations within the Modbus protocol, such as lack of encryption and authentication, restricting inbound traffic is a necessary security measure to protect the integrity and availability of the ICS.
Reference: CASP+ (Plus) Certification Training | CompTIA IT Certifications
The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements:
* Monitors traffic to and from both local NAS and cloud-based file repositories
* Prevents on-site staff who are accessing sensitive customer Pll documents on file repositories from accidentally or deliberately sharing sensitive documents on personal Saa$S solutions
* Uses document attributes to reduce false positives
* Is agentless and not installed on staff desktops or laptops
Which of the following when installed and configured would BEST meet the CSO’s requirements? (Select TWO).
- A . DLP
- B . NGFW
- C . UTM
- D . UEBA
- E . CASB
- F . HIPS
A,E
Explanation:
DLP, or data loss prevention, and CASB, or cloud access security broker, are the solutions that when installed and configured would best meet the CSO’s requirements. DLP is a technology that monitors and prevents unauthorized or accidental data leakage or exfiltration from an organization’s network or devices. DLP can use document attributes, such as metadata, keywords, or fingerprints, to identify and classify sensitive data and enforce policies on how they can be accessed, transferred, or shared. CASB is a technology that acts as a proxy or intermediary between an organization’s cloud services and its users. CASB can provide visibility, compliance, threat protection, and data security for cloud-based applications and data. CASB can also prevent on-site staff from accessing personal SaaS solutions that are not authorized by the organization.
Reference: [CompTIA CASP+ Study Guide, Second Edition, pages 281-282 and 424-425]
The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership.
Which of the follow would MOST likely be used?
- A . MOU
- B . OLA
- C . NDA
- D . SLA
The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership.
Which of the follow would MOST likely be used?
- A . MOU
- B . OLA
- C . NDA
- D . SLA
Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management. However, she still needs to collect evidence of the intrusion that caused the incident.
Which of the following should Ann use to gather the required information?
- A . Traffic interceptor log analysis
- B . Log reduction and visualization tools
- C . Proof of work analysis
- D . Ledger analysis software