Practice Free CAS-004 Exam Online Questions
A security architect must mitigate the risks from what is suspected to be an exposed, private cryptographic key.
Which of the following is the best step to take?
- A . Revoke the certificate.
- B . Inform all the users of the certificate.
- C . Contact the company’s Chief Information Security Officer.
- D . Disable the website using the suspected certificate.
- E . Alert the root CA.
A
Explanation:
In the context of a private cryptographic key suspected to be exposed, the best immediate action is to revoke the certificate associated with that key. Revoking the certificate ensures that it cannot be used to establish new secure sessions, which prevents attackers from using the potentially compromised key to impersonate or decrypt communications. The revocation process typically involves updating the Certificate Revocation List (CRL) or leveraging the Online Certificate Status Protocol (OCSP), both of which are used by clients to check the validity of certificates.
A security engineer is assessing the security controls of loT systems that are no longer supported for updates and patching.
Which of the following is the best mitigation for defending these loT systems?
- A . Disable administrator accounts
- B . Enable SELinux
- C . Enforce network segmentation
- D . Assign static IP addresses
C
Explanation:
Network segmentation is a method to isolate environments from one another, thus limiting the scope of a potential attack. For IoT systems that cannot be updated or patched, network segmentation is the best mitigation technique. It would contain any compromise to the segmented network and prevent it from affecting the rest of the network infrastructure.
A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS and requires 2FA for all user access.
Which of the following system should the engineer consider NEXT to mitigate the associated risks?
- A . DLP
- B . Mail gateway
- C . Data flow enforcement
- D . UTM
A
Explanation:
A DLP system is the best option for the company to mitigate the risk of losing its proprietary enhancements to competitors. DLP stands for data loss prevention, which is a set of tools and policies that aim to prevent unauthorized access, disclosure, or exfiltration of sensitive data. DLP can monitor, filter, encrypt, or block data transfers based on predefined rules and criteria, such as content, source, destination, etc. DLP can help protect the company’s intellectual property and trade secrets from being compromised by malicious actors or accidental leaks.
Verified Reference:
https://www.comptia.org/training/books/casp-cas-004-study-guide, https://www.csoonline.com/article/3245746/what-is-dlp-data-loss-prevention-and-how-does-it-work.html
A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port The service cannot be turned off, as it would impact a critical application’s ability to function.
Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited?
- A . service ―status-ali I grep ftpd
- B . chkconfig –list
- C . neestat -tulpn
- D . systeactl list-unit-file ―type service ftpd
- E . service ftpd. status
C
Explanation:
The netstat -tulpn command is used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. The -tulpn options specifically show TCP and UDP connections with the process ID and the name that is listening on each port,which would provide the necessary information to identify if FTP is running and on which port without turning the service off. This information can then be used to create a precise firewall rule to prevent the FTP service from being exploited.
A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field.
Which of the following should the security team recommend FIRST?
- A . Investigating a potential threat identified in logs related to the identity management system
- B . Updating the identity management system to use discretionary access control
- C . Beginning research on two-factor authentication to later introduce into the identity management system
- D . Working with procurement and creating a requirements document to select a new IAM system/vendor
A CSP, which wants to compete in the market, has been approaching companies in an attempt to gain business. The CSP is able to provide the same uptime as other CSPs at a markedly reduced cost.
Which of the following would be the MOST significant business risk to a company that signs a contract with this CSP?
- A . Resource exhaustion
- B . Geographic location
- C . Control plane breach
- D . Vendor lock-in
A
Explanation:
Resource exhaustion is a condition that occurs when a system or service runs out of resources, such as memory, CPU, disk space, or bandwidth, and becomes unable to function properly or respond to requests. Resource exhaustion can be caused by high demand, poor design, misconfiguration, or malicious attacks, such as denial-of-service (DoS).
Resource exhaustion would be the most significant business risk to a company that signs a contract with a cloud service provider (CSP) that is able to provide the same uptime as other CSPs at a markedly reduced cost, because this could:
Indicate that the CSP is oversubscribing or under provisioning its resources, which could result in performance degradation, service disruption, or data loss for the company.
Affect the company’s availability, reliability, and scalability requirements, which could impact its operations, reputation, and customer satisfaction.
Expose the company to potential security breaches or compliance violations, if the CSP does not implement adequate security controls or measures to prevent or mitigate resource exhaustion.
Which of the following indicates when a company might not be viable after a disaster?
- A . Maximum tolerable downtime
- B . Recovery time objective
- C . Mean time to recovery
- D . Annual loss expectancy
A
Explanation:
The indicator that shows when a company might not be viable after a disaster is the maximum tolerable downtime (MTD). MTD is the maximum amount of time that a business process or function can be disrupted without causing unacceptable consequences for the organization. MTD is a key metric for business continuity planning and disaster recovery, as it helps determine the recovery time objective (RTO) and the recovery point objective (RPO) for each process or function. If the actual downtime exceeds the MTD, the organization may face severe losses, reputational damage, regulatory penalties, or even bankruptcy.
Verified Reference:
https://www.techtarget.com/searchdisasterrecovery/definition/maximum-tolerable-downtime
https://www.techtarget.com/searchdisasterrecovery/definition/recovery-time-objective
https://www.techtarget.com/searchdisasterrecovery/definition/recovery-point-objective
A company is looking for a solution to hide data stored in databases.
The solution must meet the following requirements:
Be efficient at protecting the production environment
Not require any change to the application
Act at the presentation layer
Which of the following techniques should be used?
- A . Masking
- B . Tokenization
- C . Algorithmic
- D . Random substitution
A security analyst is evaluating all third-party software an organization uses. The analyst discovers that each department is violating the organization’s policy by provisioning access to SaaS products without oversight from the security group and without using a centralized access control methodology.
Which of the following should the organization use to enforce its SaaS product access requirements?
- A . SLDAP
- B . SAML
- C . VDI
- D . TACACS
B
Explanation:
Comprehensive and Detailed Step by Step
SAML (Security Assertion Markup Language)is a standard for single sign-on (SSO) that provides centralized authentication and authorization, ensuring SaaS access is governed by organizational policies.
SLDAP (Secure LDAP)focuses on directory services but does not centralize SaaS product access.
VDI (Virtual Desktop Infrastructure)is unrelated to SaaS authentication.
TACACS (Terminal Access Controller Access-Control System)is more suited for network devices.
Reference: CompTIA CASP+ Exam Objective 2.3: Implement authentication and authorization technologies.
CASP+ Study Guide, 5th Edition, Chapter 6, Identity and Access Management.
The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.
Which of the following testing methods would be BEST for the engineer to utilize in this situation?
- A . Software composition analysis
- B . Code obfuscation
- C . Static analysis
- D . Dynamic analysis