Practice Free CAS-004 Exam Online Questions
Company A is merging with Company B Company A is a small, local company Company B has a large, global presence The two companies have a lot of duplication in their IT systems processes, and procedures On the new Chief Information Officer’s (ClO’s) first day a fire breaks out at Company B’s mam data center.
Which of the following actions should the CIO take first?
- A . Determine whether the incident response plan has been tested at both companies, and use it to respond
- B . Review the incident response plans, and engage the disaster recovery plan while relying on the IT leaders from both companies.
- C . Ensure hot. warm, and mobile disaster recovery sites are available, and give an update to the companies’ leadership teams
- D . Initiate Company A’s IT systems processes and procedures, assess the damage, and perform a BIA
B
Explanation:
In the event of a fire at the main data center, the immediate action should be to review and engage the disaster recovery plan. This is to ensure the continuity of business operations. The CIO should coordinate with IT leaders from both companies to ensure a unified response. Assessing the damage and planning for recovery are crucial, and leveraging the expertise from both companies can help streamline the process.
A security analyst discovered that the company’s WAF was not properly configured. The main web
server was breached, and the following payload was found in one of the malicious requests:
php-template
CopyEdit
<!DOCTYPE doc [
<!ELEMENT doc ANY >
<!ENTITY xxe SYSTEM "file:///etc/passwd" >
<doc>&xxe;</doc>
]>
Which of the following wouldbestmitigate this vulnerability?
- A . CAPTCHA
- B . Input validation
- C . Data encoding
- D . Network intrusion prevention
B
Explanation:
Comprehensive and Detailed in-Depth
Understanding the Vulnerability:
The payload presented is a classic example of anXML External Entity (XXE) attack.
In this attack, an attacker exploits improperly configured XML parsers to includeexternal entitiesthat can read sensitive files, such as/etc/passwdon Linux systems. XXE vulnerabilities occur when:
XML input containing aDOCTYPEdeclaration is processed.
The parser is configured to resolve external entities.
Why the Correct Answer is B (Input validation):
Input validationis the most effective way to prevent XXE attacks.
Proper validation ensures thatmalicious XML entities are not accepted or processed.
Techniques to mitigate XXE include:
Disabling DTDs (Document Type Definitions)in XML parsers.
Implementingsecure parser configurationsthat do not process external entities.
Performingschema validationto restrict allowed XML elements.
Many modern XML parsers provide options todisable external entity processingentirely, significantly reducing the risk of XXE.
Why the Other Options Are Incorrect:
A software company wants to build a platform by integrating with another company’s established product.
Which of the following provisions would be MOST important to include when drafting an agreement between the two companies?
- A . Data sovereignty
- B . Shared responsibility
- C . Source code escrow
- D . Safe harbor considerations
B
Explanation:
When drafting an agreement between two companies, it is important to clearly define the responsibilities of each party. This is particularly relevant when a software company is looking to integrate with an established product. A shared responsibility agreement ensures that both parties understand their respective responsibilities and are able to work together efficiently and effectively. For example, the software company might be responsible for integrating the product and ensuring it meets user needs, while the established product provider might be responsible for providing ongoing support and maintenance. By outlining these responsibilities in the agreement, both parties can ensure that the platform is built and maintained successfully.
Reference: CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 8, Working with Third Parties.
A company has been the target of LDAP injections, as well as brute-force, whaling, and spear-phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords.
Which of the following additional controls should the company deploy?
- A . Two-factor authentication
- B . Identity proofing
- C . Challenge questions
- D . Live identity verification
A
Explanation:
While the company has implemented Single Sign-On (SSO) with strong passwords, additional security controls are required to mitigate attacks such as LDAP injections, brute-force, whaling, and spear-phishing. Two-factor authentication (2FA) provides an additional layer of security by requiring users to provide two different forms of authentication (e.g., a password and a security token or a biometric factor), reducing the likelihood of unauthorized access even if passwords are compromised. CASP+ emphasizes the importance of using multi-factor authentication mechanisms to strengthen access control and protect against such attacks.
Reference: CASP+ CAS-004 Exam Objectives: Domain 2.0 C Enterprise Security Operations (Access Control and Multi-factor Authentication)
CompTIA CASP+ Study Guide: Implementing Two-Factor Authentication for System Access
A user forwarded a suspicious email to a security analyst for review. The analyst examined the email and found that neither the URL nor the attachment showed any indication of malicious activities.
Which of the following intelligence collection methods should the analyst use to confirm the legitimacy of the email?
- A . HUMINT
- B . UEBA
- C . OSINT
- D . RACE
C
Explanation:
Open-source intelligence (OSINT) refers to the collection and analysis of information that is gathered from public, or open, sources. In the context of confirming the legitimacy of an email, OSINT couldinvolve checking online databases, public records, or using search engines to find information related to the email’s domain, the sender, links included in the email, or file hashes of attachments. This method can help determine if the email is part of a known phishing campaign or if it has been flagged by others as suspicious.
An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors.
Which of the following categories BEST describes this type of vendor risk?
- A . SDLC attack
- B . Side-load attack
- C . Remote code signing
- D . Supply chain attack
A security engineer is creating a single CSR for the following web server hostnames:
• wwwint internal
• www company com
• home.internal
• www internal
Which of the following would meet the requirement?
- A . SAN
- B . CN
- C . CA
- D . CRL
- E . Issuer
A
Explanation:
Subject Alternative Name (SAN) is a part of the X.509 specification for SSL certificates that allows multiple domain names to be protected under a single SSL certificate. Using SAN is the most suitable option when a single Certificate Signing Request (CSR) needs to cover multiple hostnames. It enables the security engineer to list all the required hostnames in one certificate, ensuring secure communications for each listed entity without the need for separate certificates.
As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.
Which of the following BEST describes this kind of risk response?
- A . Risk rejection
- B . Risk mitigation
- C . Risk transference
- D . Risk avoidance
A company would like to move its payment card data to a cloud provider.
Which of the following solutions will best protect account numbers from unauthorized disclosure?
- A . Storing the data in an encoded file
- B . Implementing database encryption at rest
- C . Only storing tokenized card data
- D . Implementing data field masking
C
Explanation:
Tokenization is the best solution to protect payment card data from unauthorized disclosure when moving to the cloud. Tokenization replaces sensitive card data with unique identifiers (tokens) that have no exploitable value outside the tokenization system. Even if the data is compromised, the attacker would not obtain actual card numbers. This is in line with PCI DSS requirements for protecting payment card information. Other solutions like encryption at rest or field masking help, but tokenization provides the strongest protection by ensuring that card data is not stored at all.
Reference: CASP+ CAS-004 Exam Objectives: Domain 1.0 C Risk Management (Tokenization and PCI DSS Compliance)
CompTIA CASP+ Study Guide: Data Protection Techniques (Tokenization)
The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually.
Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?
- A . Black-box testing
- B . Gray-box testing
- C . Red-team hunting
- D . White-box testing
- E . Blue-learn exercises