Free preview mode
Enjoy the free questions and consider upgrading to gain full access!
CAS-004
Free trial
Verified
Question 101
A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.
After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?
- A: Protecting
- B: Permissive
- C: Enforcing
- D: Mandatory
Question 102
A user experiences an HTTPS connection error when trying to access an Internet banking website from a corporate laptop. The user then opens a browser on a mobile phone and is able to access the same Internet banking website without issue. Which of the following security configurations is MOST likely the cause of the error?
- A: HSTS
- B: TLS 1.2
- C: Certificate pinning
- D: Client authentication
Question 103
An organization recently recovered from an attack that featured an adversary injecting malicious logic into OS bootloaders on endpoint devices. Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the UEFI through the full loading of OS components. Which of the following TPM structures enables this storage functionality?
- A: Endorsement tickets
- B: Clock/counter structures
- C: Command tag structures with MAC schemes
- D: Platform configuration registers
Question 104
A developer wants to develop a secure, external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of web-application security. Which of the following is the BEST option?
- A: ICANN
- B: PCI DSS
- C: OWASP
- D: CSA
- E: NIST
Question 105
An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the signature failing?
- A: The NTP server is set incorrectly for the developers.
- B: The CA has included the certificate in its CRL.
- C: The certificate is set for the wrong key usage.
- D: Each application is missing a SAN or wildcard entry on the certificate.
Question 106
A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability.
Which of the following would BEST resolve and mitigate the issue? (Choose two.)
- A: Deploying a WAF signature
- B: Fixing the PHP code
- C: Changing the web server from HTTPS to HTTP
- D: Using SSLv3
- E: Changing the code from PHP to ColdFusion
- F: Updating the OpenSSL library
Question 107
A security engineer is reviewing a record of events after a recent data breach incident that involved the following:
✑ A hacker conducted reconnaissance and developed a footprint of the company's Internet-facing web application assets.
✑ A vulnerability in a third-party library was exploited by the hacker, resulting in the compromise of a local account.
✑ The hacker took advantage of the account's excessive privileges to access a data store and exfiltrate the data without detection.
Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?
- A: Dynamic analysis
- B: Secure web gateway
- C: Software composition analysis
- D: User behavior analysis
- E: Web application firewall
Question 108
Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?
- A: SLA
- B: BIA
- C: BCM
- D: BCP
- E: RTO
Question 109
An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?
- A: Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.
- B: Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.
- C: Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.
- D: Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.
Question 110
An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following data:
• Clients successfully establish TLS connections to web services provided by the server.
• After establishing the connections, most client connections are renegotiated.
• The renegotiated sessions use cipher suite TLS_RSA_WITH_NULL_SHA.
Which of the following is the MOST likely root cause?
- A: The clients disallow the use of modem cipher suites.
- B: The web server is misconfigured to support HTTP/1.1
- C: A ransomware payload dropper has been installed.
- D: An entity is performing downgrade attacks on path.
Question 111
A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the logs, the compromised workstation was observed connecting to multiple databases through ODBC. The following query behavior was captured:
Assuming this query was used to acquire and exfiltrate data, which of the following types of data was compromised, and what steps should the incident response plan contain?
- A: Personal health information; Inform the human resources department of the breach and review the DLP logs.
- B: Account history; Inform the relationship managers of the breach and create new accounts for the affected users.
- C: Customer IDs; Inform the customer service department of the breach and work to change the account numbers.
- D: PAN; Inform the legal department of the breach and look for this data in dark web monitoring.
Question 112
An organization is preparing to migrate its production environment systems from an on-premises environment to a cloud service. The lead security architect is concerned that the organization's current methods for addressing risk may not be possible in the cloud environment.
Which of the following BEST describes the reason why traditional methods of addressing risk may not be possible in the cloud?
- A: Migrating operations assumes the acceptance of all risk.
- B: Cloud providers are unable to avoid risk.
- C: Specific risks cannot be transferred to the cloud provider.
- D: Risks to data in the cloud cannot be mitigated.
Question 113
A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.
Which of the following actions would BEST address the potential risks posed by the activity in the logs?
- A: Altering the misconfigured service account password
- B: Modifying the AllowUsers configuration directive
- C: Restricting external port 22 access
- D: Implementing host-key preferences
Question 114
The Chief Information Officer (CIO) wants to implement enterprise mobility throughout the organization. The goal is to allow employees access to company resources. However, the CIO wants the ability to enforce configuration settings, manage data, and manage both company-owned and personal devices. Which of the following should the CIO implement to achieve this goal?
- A: BYOD
- B: CYOD
- C: COPE
- D: MDM
Question 115
A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt that data using the keys from the website. Which of the following should the security analyst recommend to protect the affected data?
- A: Key rotation
- B: Key escrow
- C: Zeroization
- D: Cryptographic obfuscation
Question 116
Which of the following is MOST commonly found in a network SLA contract?
- A: Price for extra services
- B: Performance metrics
- C: Service provider responsibility only
- D: Limitation of liability
- E: Confidentiality and non-disclosure
Question 117
A security operations center analyst is investigating anomalous activity between a database server and an unknown external IP address and gathered the following data:
• dbadmin last logged in at 7:30 a.m. and logged out at 8:05 a.m.
• A persistent TCP/6667 connection to the external address was established at 7:55 a.m. The connection is still active.
• Other than bytes transferred to keep the connection alive, only a few kilobytes of data transfer every hour since the start of the connection.
• A sample outbound request payload from PCAP showed the ASCII content: "JOIN #community".
Which of the following is the MOST likely root cause?
- A: A SQL injection was used to exfiltrate data from the database server.
- B: The system has been hijacked for cryptocurrency mining.
- C: A botnet Trojan is installed on the database server.
- D: The dbadmin user is consulting the community for help via Internet Relay Chat.
Question 118
Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?
- A: Key escrow
- B: TPM
- C: Trust models
- D: Code signing
Question 119
A security administrator has been tasked with hardening a domain controller against lateral movement attacks. Below is an output of running services:
Which of the following configuration changes must be made to complete this task?
- A: Stop the Print Spooler service and set the startup type to disabled.
- B: Stop the DNS Server service and set the startup type to disabled.
- C: Stop the Active Directory Web Services service and set the startup type to disabled.
- D: Stop Credential Manager service and leave the startup type to disabled.
Question 120
In comparison to other types of alternative processing sites that may be invoked as a part of disaster recovery, cold sites are different because they:
- A: have basic utility coverage, including power and water.
- B: provide workstations and read-only domain controllers.
- C: are generally the least costly to sustain.
- D: are the quickest way to restore business.
- E: are geographically separated from the company's primary facilities.
Question 121
A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization’s headquarters location. The solution must also have the lowest power requirement on the CA.
Which of the following is the BEST solution?
- A: Deploy an RA on each branch office.
- B: Use Delta CRLs at the branches.
- C: Configure clients to use OCSP.
- D: Send the new CRLs by using scheduled jobs.
Question 122
An enterprise is undergoing an audit to review change management activities when promoting code to production. The audit reveals the following:
• Some developers can directly publish code to the production environment.
• Static code reviews are performed adequately.
• Vulnerability scanning occurs on a regularly scheduled basis per policy.
Which of the following should be noted as a recommendation within the audit report?
- A: Implement short maintenance windows.
- B: Perform periodic account reviews.
- C: Implement job rotation.
- D: Improve separation of duties.
Question 123
A security researcher has been given an executable that was captured by a honeypot. Which of the following should the security researcher implement to test the executable?
- A: OSINT
- B: SAST
- C: DAST
- D: OWASP
Question 124
A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open- source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.
Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?
- A: Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
- B: Change privileged usernames, review the OS logs, and deploy hardware tokens.
- C: Implement MFA, review the application logs, and deploy a WAF.
- D: Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.
Question 125
An executive has decided to move a company's customer-facing application to the cloud after experiencing a lengthy power outage at a locally managed service provider's data center. The executive would like a solution that can be implemented as soon as possible. Which of the following will BEST prevent similar issues when the service is running in the cloud? (Choose two.)
- A: Placing the application instances in different availability zones
- B: Restoring the snapshot and starting the new application instance from a different zone
- C: Enabling autoscaling based on application instance usage
- D: Having several application instances running in different VPCs
- E: Using the combination of block storage and multiple CDNs in each application instance
- F: Setting up application instances in multiple regions
Free preview mode
Enjoy the free questions and consider upgrading to gain full access!