Practice Free CAS-004 Exam Online Questions
An analyst is working to address a potential compromise of a corporate endpoint and discovers the attacker accessed a user’s credentials. However, it is unclear if the system baseline was modified to achieve persistence.
Which of the following would most likely support forensic activities in this scenario?
- A . Side-channel analysis
- B . Bit-level disk duplication
- C . Software composition analysis
- D . SCAP scanner
B
Explanation:
Bit-level disk duplication creates an exact copy of the storage device, preserving the system’s state for in-depth forensic analysis. This helps identify any unauthorized changes to the baseline or other artifacts of compromise. This aligns with CASP+ objective 5.2, which emphasizes conducting forensic activities and ensuring evidence integrity during investigations.
An organization’s finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.
Which of the following commands should the analyst run to BEST determine whether financial data was lost?
- A . Option A
- B . Option B
- C . Option C
- D . Option D
An administrator at a software development company would like to protect the integrity of the company’s applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA.
Which of the following is MOST likely the cause of the signature failing?
- A . The NTP server is set incorrectly for the developers
- B . The CA has included the certificate in its CRL.
- C . The certificate is set for the wrong key usage.
- D . Each application is missing a SAN or wildcard entry on the certificate
C
Explanation:
The most likely cause of the signature failing is that the certificate is set for the wrong key usage. Key usage is an extension of a certificate that defines the purpose and functionality of the public key contained in the certificate. Key usage can include digital signature, key encipherment, data encipherment, certificate signing, and others. If the certificate is set for a different key usage than digital signature, it will not be able to sign the applications properly. The administrator should check the key usage extension of the certificate and make sure it matches the intended purpose.
Verified Reference: https://www.wintips.org/how-to-fix-windows-cannot-verify-the-digital-signature-for-this-file-error-in-windows-8-7-vista/
https://softwaretested.com/mac/how-to-fix-a-digital-signature-error-on-windows-10/
https://support.microsoft.com/en-us/office/digital-signatures-and-certificates-8186cd15-e7ac-4a16-8597-22bd163e8e96
A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.
Which of the following does the business’s IT manager need to consider?
- A . The availability of personal data
- B . The right to personal data erasure
- C . The company’s annual revenue
- D . The language of the web application
B
Explanation:
Reference: https://gdpr.eu/right-to-be-forgotten/#:~:text=Also%20known%20as%20the%20right,to%20delete%20their%20personal%20data.&text=The%20General%20Data%20Protection%20Regulation,collected%2C%20processed%2C%20and%20erased
The right to personal data erasure, also known as the right to be forgotten, is one of the requirements of the EU General Data Protection Regulation (GDPR), which applies to any business that stores personal data of individuals residing in the EU. This right allows individuals to request the deletion of their personal data from a business under certain circumstances. The availability of personal data, the company’s annual revenue, and the language of the web application are not relevant to the GDPR.
Verified Reference:
https://www.comptia.org/blog/what-is-gdpr
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
The security team is looking into aggressive bot behavior that is resulting in performance issues on the web server After further investigation, the security engineer determines that the bot traffic is legitimate.
Which of the following is the best course of action to reduce performance issues without allocating additional resources to the server?
- A . Block all bot traffic using the IPS.
- B . Monitor legitimate SEO bot traffic for abnormalities.
- C . Configure the WAF to rate-limit bot traffic.
- D . Update robots.txt to slow down the crawling speed.
A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee’s personal device has been set up to access company resources and does not comply with standard security controls.
Which of the following should the security engineer recommend to reduce the risk of future reoccurrence?
- A . Require device certificates to access company resources.
- B . Enable MFA at the organization’s SSO portal.
- C . Encrypt all workstation hard drives.
- D . Hide the company wireless SSID.
A
Explanation:
To reduce the risk of unauthorized devices accessing company resources, requiring device certificates is an effective control. Device certificates can be used to authenticate devices before they are allowed to connect to the network and access resources, ensuring that only devices with a valid certificate, which are typically managed and issued by the organization, can connect.
Several unlabeled documents in a cloud document repository contain cardholder information.
Which of the following configuration changes should be made to the DLP system to correctly label these documents in the future?
- A . Digital rights management
- B . Network traffic decryption
- C . Regular expressions
- D . Watermarking
A major broadcasting company that requires continuous availability to streaming content needs to be resilient against DDoS attacks.
Which of the following is the MOST important infrastructure security design element to prevent an outage?
- A . Supporting heterogeneous architecture
- B . Leveraging content delivery network across multiple regions
- C . Ensuring cloud autoscaling is in place
- D . Scaling horizontally to handle increases in traffic
B
Explanation:
A content delivery network (CDN) is a distributed system of servers that delivers web content to users based on their geographic location, the origin of the content, and the performance of the network. A CDN can help improve the availability and performance of web applications by caching content closer to the users, reducing latency and bandwidth consumption. A CDN can also help mitigate distributed denial-of-service (DDoS) attacks by absorbing or filtering malicious traffic before it reaches the origin servers, reducing the impact on the application availability. Supporting heterogeneous architecture means using different types of hardware, software, or platforms in an IT environment. This can help improve resilience by reducing single points of failure and increasing compatibility, but it does not directly prevent DDoS attacks. Ensuring cloud autoscaling is in place means using cloud services that automatically adjust the amount of resources allocated to an application based on the demand or load. This can help improve scalability and performance by providing more resources when needed, but it does not directly prevent DDoS attacks. Scaling horizontally means adding more servers or nodes to an IT environment to increase its capacity or throughput. This can help improve scalability and performance by distributing the load across multiple servers, but it does not directly prevent DDoSattacks.
Reference: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 2: Enterprise Security Architecture, Objective 2.4: Select controls based on systems security evaluation models
A company was recently infected by malware. During the root cause analysis. the company determined that several users were installing their own applications. TO prevent further compromises, the company has decided it will only allow authorized applications to run on its systems.
Which Of the following should the company implement?
- A . Signing
- B . Access control
- C . HIPS
- D . Permit listing
PKI can be used to support security requirements in the change management process.
Which of the following capabilities does PKI provide for messages?
- A . Non-repudiation
- B . Confidentiality
- C . Delivery receipts
- D . Attestation
A
Explanation:
Non-repudiation ensures that a sender cannot deny having sent a message, achieved through digital signatures provided by PKI. This aligns with CASP+ objective 3.2, emphasizing cryptographic assurance in communication.