Is this exam completely free?

Examcademy offers a free preview for every exam, covering around 20% of the total questions. Full access is available with a paid upgrade.

Can I practice IT certification exams from Microsoft, AWS, or CompTIA?

Yes! Examcademy supports a wide range of IT certification exams including Microsoft Azure, AWS Cloud Practitioner, and CompTIA A+ and Security+.

How accurate are the mock exams?

Our mock exams are built and reviewed with the help of AI and community contributions, staying aligned with real-world exam objectives.

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!

CAS-004Free trial

By comptia

Verified

25Q per page

Question 51

An analyst is evaluating the security of a web application that does not hold sensitive or financial data. The application requires users to have a minimum password length of 12 characters. One of the characters must be capitalized, and one must be a number. To reset the password, the user is asked to provide the birthplace, birthdate, and mother's maiden name. When all of these are entered correctly, a new password is emailed to the user. Which of the following should concern the analyst the MOST?

A: The security answers may be determined via online reconnaissance.
B: The password is too long, which may encourage users to write the password down.
C: The password should include a special character.
D: The minimum password length is too short.

—

Question 52

In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a PaaS implementation?

A: Application-specific data assets
B: Application user access management
C: Application-specific logic and code
D: Application/platform software

—

Question 53

SIMULATION -
You are about to enter the virtual environment.
Once you have completed the item in the virtual environment, you will NOT be allowed to return to this item.
Click Next to continue.

Question and Instructions -
DO NOT perform the following actions within the virtual environment. Making any of these changes will cause the virtual environment to fail and prevent proper scoring.

Disabling ssh
Disabling systemd
Altering the network adapter 172.162.0.0
Changing the password in the lab admin account
Once you have completed the item in the virtual environment. you will NOT be allowed to return to this item.

TEST QUESTION -
This system was recently patched following the exploitation of a vulnerability by an attacker to enable data exfiltration.
Despite the vulnerability being patched, it is likely that a malicious TCP service is still running and the adversary has achieved persistence by creating a systemd service.
Examples of commands to use:
kill, killall
lsof
man, --help (use for assistance)
netstat (useful flags: a, n, g, u)
ps (useful flag: a)
systemctl (to control systemd)
Please note: the list of commands shown above is not exhaustive. All native commands are available.

INSTRUSTIONS -
Using the following credentials:

Username: labXXXadmin -
Password: XXXyyYzz!
Investigate to identify indicators of compromise and then remediate them. You will need to make at least two changes:

End the compromised process that is using a malicious TCP service.
Remove the malicious persistence agent by disabling the service's ability to start on boot.

—

Question 54

An analyst received a list of IOCs from a government agency. The attack has the following characteristics:

The attack starts with bulk phishing.
If a user clicks on the link, a dropper is downloaded to the computer.
Each of the malware samples has unique hashes tied to the user.
The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use?

A: Update the incident response plan.
B: Blocklist the executable.
C: Deploy a honeypot onto the laptops.
D: Detonate in a sandbox.

—

Question 55

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card data. Which of the following commands should the analyst run to BEST determine whether financial data was lost?

A: grep ג€"v '^4 [0ג€"9] {12} (?:[0ג€"9]{3}) ?$' file
B: grep '^4 [0ג€"9]{12}(?:[0ג€"9]{3})?$' file
C: grep '^6(?:011|5[0ג€"9]{2}) [0ג€"9] {12} ?' file
D: grep ג€"v '^6(?:011|5[0ג€"9]{2})[0ג€"9]{12}?' file

—

Question 56

An organization requires a contractual document that includes:
✑ An overview of what is covered
✑ Goals and objectives
✑ Performance metrics for each party
✑ A review of how the agreement is managed by all parties
Which of the following BEST describes this type of contractual document?

A: SLA
B: BAA
C: NDA
D: ISA

—

Question 57

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.
Which of the following would BEST secure the company's CI/CD pipeline?

A: Utilizing a trusted secrets manager
B: Performing DAST on a weekly basis
C: Introducing the use of container orchestration
D: Deploying instance tagging

—

Question 58

A company based in the United States holds insurance details of EU citizens. Which of the following must be adhered to when processing EU citizens' personal, private, and confidential data?

A: The principle of lawful, fair, and transparent processing
B: The right to be forgotten principle of personal data erasure requests
C: The non-repudiation and deniability principle
D: The principle of encryption, obfuscation, and data masking

—

Question 59

A security analyst is evaluating the security of an online customer banking system. The analyst has a 12-character password for the test account. At the login screen, the analyst is asked to enter the third, eighth, and eleventh characters of the password. Which of the following describes why this request is a security concern? (Choose two.)

A: The request is evidence that the password is more open to being captured via a keylogger.
B: The request proves that salt has not been added to the password hash, thus making it vulnerable to rainbow tables.
C: The request proves the password is encoded rather than encrypted and thus less secure as it can be easily reversed.
D: The request proves a potential attacker only needs to be able to guess or brute force three characters rather than 12 characters of the password.
E: The request proves the password is stored in a reversible format, making it readable by anyone at the bank who is given access.
F: The request proves the password must be in cleartext during transit, making it open to on-path attacks.

—

Question 60

A company launched a new service and created a landing page within its website network for users to access the service. Per company policy, all websites must utilize encryption for any authentication pages. A junior network administrator proceeded to use an outdated procedure to order new certificates. Afterward, customers are reporting the following error when accessing a new web page: NET:ERR_CERT_COMMON_NAME_INVALID. Which of the following BEST describes what the administrator should do NEXT?

A: Request a new certificate with the correct subject alternative name that includes the new websites.
B: Request a new certificate with the correct organizational unit for the company's website.
C: Request a new certificate with a stronger encryption strength and the latest cipher suite.
D: Request a new certificate with the same information but including the old certificate on the CRL.

—

Question 61

A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

As part of the triage process, which of the following is the FIRST step the analyst should take?

A: Block the email address carl.b@comptia1.com, as it is sending spam to subject matter experts.
B: Validate the final ג€Receivedג€ header against the DNS entry of the domain.
C: Compare the ג€Return-Pathג€ and ג€Receivedג€ fields.
D: Ignore the emails, as SPF validation is successful, and it is a false positive.

—

Question 62

Which of the following is the BEST disaster recovery solution when resources are running in a cloud environment?

A: Remote provider BCDR
B: Cloud provider BCDR
C: Alternative provider BCDR
D: Primary provider BCDR

—

Question 63

An auditor is reviewing the logs from a web application to determine the source of an incident. The web application architecture includes an Internet-accessible application load balancer, a number of web servers in a private subnet, application servers, and one database server in a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

A: Enable the X-Forwarded-For header at the load balancer.
B: Install a software-based HIDS on the application servers.
C: Install a certificate signed by a trusted CA.
D: Use stored procedures on the database server.
E: Store the value of the $_SERVER['REMOTE_ADDR'] received by the web servers.

—

Question 64

Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

A: IaaS
B: SaaS
C: FaaS
D: PaaS

—

Question 65

A security analyst needs to recommend a remediation to the following threat:

Which of the following actions should the security analyst propose to prevent this successful exploitation?

A: Patch the system.
B: Update the antivirus.
C: Install a host-based firewall.
D: Enable TLS 1.2.

—

Question 66

An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security?

A: Limit access to the system using a jump box.
B: Place the new system and legacy system on separate VLANs.
C: Deploy the legacy application on an air-gapped system.
D: Implement MFA to access the legacy system.

—

Question 67

An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation.
The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack?

A: A turbine would overheat and cause physical harm.
B: The engineers would need to go to the historian.
C: The SCADA equipment could not be maintained.
D: Data would be exfiltrated through the data diodes.

—

Question 68

A small company recently developed prototype technology for a military program. The company's security engineer is concerned about potential theft of the newly developed, proprietary information.
Which of the following should the security engineer do to BEST manage the threats proactively?

A: Join an information-sharing community that is relevant to the company.
B: Leverage the MITRE ATT&CK framework to map the TTP.
C: Use OSINT techniques to evaluate and analyze the threats.
D: Update security awareness training to address new threats, such as best practices for data security.

—

Question 69

Which of the following is required for an organization to meet the ISO 27018 standard?

A: All PII must be encrypted.
B: All network traffic must be inspected.
C: GDPR equivalent standards must be met.
D: COBIT equivalent standards must be met.

—

Question 70

A company invested a total of $10 million for a new storage solution installed across five on-site datacenters. Fifty percent of the cost of this investment was for solid-state storage. Due to the high rate of wear on this storage, the company is estimating that 5% will need to be replaced per year. Which of the following is the
ALE due to storage replacement?

A: $50,000
B: $125,000
C: $250,000
D: $500,000
E: $1,000,000

—

Question 71

A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:
✑ Enforce MFA for RDP.
✑ Ensure RDP connections are only allowed with secure ciphers.
The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls or ACLs.
Which of the following should the security architect recommend to meet these requirements?

A: Implement a reverse proxy for remote desktop with a secure cipher configuration enforced.
B: Implement a bastion host with a secure cipher configuration enforced.
C: Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP.
D: Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.

—

Question 72

An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:
✑ Protection from DoS attacks against its infrastructure and web applications is in place.
✑ Highly available and distributed DNS is implemented.
✑ Static content is cached in the CDN.
✑ A WAF is deployed inline and is in block mode.
✑ Multiple public clouds are utilized in an active-passive architecture.
With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?

A: The public cloud provider is applying QoS to the inbound customer traffic.
B: The API gateway endpoints are being directly targeted.
C: The site is experiencing a brute-force credential attack.
D: A DDoS attack is targeted at the CDN.

—

Question 73

A healthcare system recently suffered from a ransomware incident. As a result, the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits, and had open RDP access to servers with personal health information. As the consultant builds the remediation plan, which of the following solutions would BEST solve these challenges?
(Choose three.)

A: SD-WAN
B: PAM
C: Remote access VPN
D: MFA
E: Network segmentation
F: BGP
G: NAC

—

Question 74

A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs. Which of the following would be the MOST secure way to dispose of the SSDs given the CISO's concern?

A: Degaussing
B: Overwriting
C: Shredding
D: Formatting
E: Incinerating

—

Question 75

The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. The current process for any code releases into production uses two-week
Agile sprints. Which of the following would BEST meet the requirement?

A: An open-source automation server
B: A static code analyzer
C: Trusted open-source libraries
D: A single code repository for all developers

—

Page 3 of 26 • Questions 51-75 of 642

←

1 2 3 4 5

→

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!