Practice Free CAS-004 Exam Online Questions
After the latest risk assessment, the Chief Information Security Officer (CISO) decides to meet with the development and security teams to find a way to reduce the security task workload
The CISO would like to:
* Have a solution that uses API to communicate with other security tools
* Use the latest technology possible
* Have the highest controls possible on the solution
Which of following is the best option to meet these requirements?
- A . EDR
- B . CSP
- C . SOAR
- D . CASB
C
Explanation:
Security Orchestration, Automation, and Response (SOAR) solutions are designed to automate and streamline security operations in complex environments. By utilizing APIs, SOAR platforms can integrate with various security tools to enhance incident response processes, automate tasks, and improve overall efficiency. This aligns with the requirements of using the latest technology and having high control over the solution. SOAR’s ability to orchestrate between different security solutions and automate responses to threats makes it the best option to reduce the security task workload while maintaining high controls.
A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.
A security engineer is concerned about the security of the solution and notes the following.
* The critical devise send cleartext logs to the aggregator.
* The log aggregator utilize full disk encryption.
* The log aggregator sends to the analysis server via port 80.
* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.
* The data is compressed and encrypted prior to being achieved in the cloud.
Which of the following should be the engineer’s GREATEST concern?
- A . Hardware vulnerabilities introduced by the log aggregate server
- B . Network bridging from a remote access VPN
- C . Encryption of data in transit
- D . Multinancy and data remnants in the cloud
C
Explanation:
Encryption of data in transit should be the engineer’s greatest concern regarding the security of the solution. Data in transit refers to data that is being transferred over a network or between devices. If data in transit is not encrypted, it can be intercepted, modified, or stolen by attackers who can exploit vulnerabilities in the network protocols or devices. The solution in the question sends logs from the critical devices to the aggregator in cleartext and from the aggregator to the analysis server via port 80, which are both insecure methods that expose the data to potential attacks.
Verified Reference:
https://www.comptia.org/training/books/casp-cas-004-study-guide, https://us-cert.cisa.gov/ncas/tips/ST04-019
A company is outsourcing to an MSSP that performs managed detection and response services. The MSSP requires a server to be placed inside the network as a log aggregate and allows remote access to MSSP analyst. Critical devices send logs to the log aggregator, where data is stored for 12 months locally before being archived to a multitenant cloud. The data is then sent from the log aggregate to a public IP address in the MSSP datacenter for analysis.
A security engineer is concerned about the security of the solution and notes the following.
* The critical devise send cleartext logs to the aggregator.
* The log aggregator utilize full disk encryption.
* The log aggregator sends to the analysis server via port 80.
* MSSP analysis utilize an SSL VPN with MFA to access the log aggregator remotely.
* The data is compressed and encrypted prior to being achieved in the cloud.
Which of the following should be the engineer’s GREATEST concern?
- A . Hardware vulnerabilities introduced by the log aggregate server
- B . Network bridging from a remote access VPN
- C . Encryption of data in transit
- D . Multinancy and data remnants in the cloud
C
Explanation:
Encryption of data in transit should be the engineer’s greatest concern regarding the security of the solution. Data in transit refers to data that is being transferred over a network or between devices. If data in transit is not encrypted, it can be intercepted, modified, or stolen by attackers who can exploit vulnerabilities in the network protocols or devices. The solution in the question sends logs from the critical devices to the aggregator in cleartext and from the aggregator to the analysis server via port 80, which are both insecure methods that expose the data to potential attacks.
Verified Reference:
https://www.comptia.org/training/books/casp-cas-004-study-guide, https://us-cert.cisa.gov/ncas/tips/ST04-019
The primary advantage of an organization creating and maintaining a vendor risk registry is to:
- A . define the risk assessment methodology.
- B . study a variety of risks and review the threat landscape.
- C . ensure that inventory of potential risk is maintained.
- D . ensure that all assets have low residual risk.
C
Explanation:
The primary advantage of creating and maintaining a vendor risk registry is to ensure that an inventory of potential risks is maintained. A vendor risk registry helps organizations keep track of the risks associated with third-party vendors, especially as they may introduce vulnerabilities or non-compliance issues. By maintaining this registry, the organization can continuously monitor and manage vendor-related risks in a structured way, improving its overall security posture. CASP+ emphasizes the importance of vendor risk management in an organization’s broader risk management strategy.
Reference: CASP+ CAS-004 Exam Objectives: Domain 1.0 C Risk Management (Vendor Risk Management)
CompTIA CASP+ Study Guide: Third-Party Risk Management and Risk Registries
A company is looking at sending historical backups containing customer PII to a cloud service provider to save on storage costs.
Which of the following is the MOST important consideration before making this decision?
- A . Availability
- B . Data sovereignty
- C . Geography
- D . Vendor lock-in
An organization is rolling out a robust vulnerability management system to monitor SCADA devices on the network.
Which of the following scan types should be used to monitor these system types?
- A . Web application
- B . Agent
- C . Passive
- D . Authenticated
C
Explanation:
Passive scanning is the safest approach for SCADA systems to avoid disrupting their operations. It detects vulnerabilities by analyzing network traffic without directly interacting with the systems, aligning with CASP+ objective 4.2, which focuses on securing critical systems and reducing risks during vulnerability management.
Passive scanning collects network and device information without sending intrusive probes, which is critical for SCADA (Supervisory Control and Data Acquisition)systems as they are highly sensitive to disruptions.
Web application scanning focuses on website vulnerabilities and is irrelevant to SCADA systems.
Agent-based scanning involves installing software agents, which may not be feasible for SCADA.
Authenticated scanning requires credentials, which can still disrupt SCADA devices.
Reference: CompTIA CASP+ Exam Objective 4.1: Conduct vulnerability scans to evaluate the state of system security.
CASP+ Study Guide, 5th Edition, Chapter 7, Specialized Vulnerability Scanning.
A security team received a regulatory notice asking for information regarding collusion and pricing from staff members who are no longer with the organization. The legal department provided the security team with a list of search terms to investigate.
This is an example of:
- A . due intelligence
- B . e-discovery.
- C . due care.
- D . legal hold.
A
Explanation:
Reference: https://www.ansarada.com/due-diligence/hr
A security engineer is reviewing a record of events after a recent data breach incident that Involved the following:
• A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets.
• A vulnerability in a third-party horary was exploited by the hacker, resulting in the compromise of a local account.
• The hacker took advantage of the account’s excessive privileges to access a data store and exfiltrate the data without detection.
Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?
- A . Dynamic analysis
- B . Secure web gateway
- C . Software composition analysis
- D . User behavior analysis
- E . Stateful firewall
C
Explanation:
Software composition analysis (SCA) is the best solution to help prevent this type of attack from being successful in the future. SCA is a process of identifying the third-party and open source components in the applications of an organization. This analysis leads to the discovery of security risks, quality of code, and license compliance of the components. SCA can help the security engineer to detect and remediate any vulnerabilities in a third-party library that was exploited by the hacker, such as updating to a newer and more secure version of the library. SCA can also help to enforce secure coding practices and standards, such as following the principle of least privilege and avoiding excessive privileges for local accounts. By using SCA, the security engineer can improve the security posture and resilience of the web application assets against future attacks.
Verified Reference:
https://www.synopsys.com/glossary/what-is-software-composition-analysis.html https://www.geeksforgeeks.org/overview-of-software-composition-analysis/
A security engineer is reviewing a record of events after a recent data breach incident that Involved the following:
• A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets.
• A vulnerability in a third-party horary was exploited by the hacker, resulting in the compromise of a local account.
• The hacker took advantage of the account’s excessive privileges to access a data store and exfiltrate the data without detection.
Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?
- A . Dynamic analysis
- B . Secure web gateway
- C . Software composition analysis
- D . User behavior analysis
- E . Stateful firewall
C
Explanation:
Software composition analysis (SCA) is the best solution to help prevent this type of attack from being successful in the future. SCA is a process of identifying the third-party and open source components in the applications of an organization. This analysis leads to the discovery of security risks, quality of code, and license compliance of the components. SCA can help the security engineer to detect and remediate any vulnerabilities in a third-party library that was exploited by the hacker, such as updating to a newer and more secure version of the library. SCA can also help to enforce secure coding practices and standards, such as following the principle of least privilege and avoiding excessive privileges for local accounts. By using SCA, the security engineer can improve the security posture and resilience of the web application assets against future attacks.
Verified Reference:
https://www.synopsys.com/glossary/what-is-software-composition-analysis.html https://www.geeksforgeeks.org/overview-of-software-composition-analysis/
An investigator is attempting to determine if recent data breaches may be due to issues with a company’s web server that offers news subscription services.
The investigator has gathered the following data:
• Clients successfully establish TLS connections to web services provided by the server.
• After establishing the connections, most client connections are renegotiated
• The renegotiated sessions use cipher suite SHR.
Which of the following is the MOST likely root cause?
- A . The clients disallow the use of modern cipher suites
- B . The web server is misconfigured to support HTTP/1.1.
- C . A ransomware payload dropper has been installed
- D . An entity is performing downgrade attacks on path
D
Explanation:
A downgrade attack is a type of man-in-the-middle attack that forces two hosts to use an older or weaker version of the TLS protocol or its parameters. The attacker does this by replacing or deleting the STARTTLS command or exploiting the compatibility features of the protocol. The purpose of the attack is to create a pathway for enabling a cryptographic attack that would not be possible in case of a connection that is encrypted over the latest version of TLS protocol. The IOC shows that most client connections are renegotiated after establishing the connections, which could indicate that an entity is performing downgrade attacks on path by interfering with the initial handshake and making the client and server agree on a lower version of TLS or a weaker cipher suite.
Verified Reference:
https://en.wikipedia.org/wiki/Downgrade_attack https://crypto.stackexchange.com/questions/10493/why-is-tls-susceptible-to-protocol-downgrade-attacks
https://venafi.com/blog/preventing-downgrade-attacks/