Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: xmas50

CompTIA CAS-004 - CompTIA SecurityX Certification Exam

CompTIA CAS-004 Premium Access     Download Demo    
Page: 3 / 13
Total 619 questions

As part of the customer registration process to access a new bank account, customers are required to upload a number of documents, including their passports and driver’s licenses. The process also requires customers to take a current photo of themselves to be compared against provided documentation.

Which of the following BEST describes this process?

A.

Deepfake

B.

Know your customer

C.

Identity proofing

D.

Passwordless

Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal?

A.

MOU

B.

NDA

C.

SLA

D.

ISA

A security analyst observes the following while looking through network traffic in a company's cloud log:

Which of the following steps should the security analyst take FIRST?

A.

Quarantine 10.0.5.52 and run a malware scan against the host.

B.

Access 10.0.5.52 via EDR and identify processes that have network connections.

C.

Isolate 10.0.50.6 via security groups.

D.

Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

A security architect is given the following requirements to secure a rapidly changing enterprise with an increasingly distributed and remote workforce

• Cloud-delivered services

• Full network security stack

• SaaS application security management

• Minimal latency for an optimal user experience

• Integration with the cloud 1AM platform

Which of the following is the BEST solution?

A.

Routing and Remote Access Service (RRAS)

B.

NGFW

C.

Managed Security Service Provider (MSSP)

D.

SASE

A company’s product site recently had failed API calls, resulting in customers being unable to check out and purchase products. This type of failure could lead to the loss of customers and damage to the company’s reputation in the market.

Which of the following should the company implement to address the risk of system unavailability?

A.

User and entity behavior analytics

B.

Redundant reporting systems

C.

A self-healing system

D.

Application controls

A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.

Which of the following systems should the consultant review before making a recommendation?

A.

CAN

B.

ASIC

C.

FPGA

D.

SCADA

A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the incident while also maintaining evidence for a subsequent investigation and malware analysis.

Which of the following steps would be best to perform FIRST?

A.

Turn off the infected host immediately.

B.

Run a full anti-malware scan on the infected host.

C.

Modify the smb.conf file of the host to prevent outgoing SMB connections.

D.

Isolate the infected host from the network by removing all network connections.

A large number of emails have been reported, and a security analyst is reviewing the following information from the emails:

As part of the image process, which of the following is the FIRST step the analyst should take?

A.

Block the email address carl b@comptia1 com, as it is sending spam to subject matter experts

B.

Validate the final "Received" header against the DNS entry of the domain.

C.

Compare the 'Return-Path" and "Received" fields.

D.

Ignore the emails, as SPF validation is successful, and it is a false positive

The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank’s risk committee is to ensure:

A.

Budgeting for cybersecurity increases year over year.

B.

The committee knows how much work is being done.

C.

Business units are responsible for their own mitigation.

D.

The bank is aware of the status of cybersecurity risks

A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation’s. Given the following output:

The penetration testers MOST likely took advantage of:

A.

A TOC/TOU vulnerability

B.

A plain-text password disclosure

C.

An integer overflow vulnerability

D.

A buffer overflow vulnerability

A review of the past year’s attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information.

Which of the following would be BEST for the company to implement?

A.

A WAF

B.

An IDS

C.

A SIEM

D.

A honeypot

A threat analyst notices the following URL while going through the HTTP logs.

Which of the following attack types is the threat analyst seeing?

A.

SQL injection

B.

CSRF

C.

Session hijacking

D.

XSS

A municipal department receives telemetry data from a third-party provider The server collecting telemetry sits in the municipal departments screened network and accepts connections from the third party over HTTPS. The daemon has a code execution vulnerability from a lack of input sanitization of out-of-bound messages, and therefore, the cybersecurity engineers would like to Implement nsk mitigations. Which of the following actions, if combined, would BEST prevent exploitation of this vulnerability? (Select TWO).

A.

Implementing a TLS inspection proxy on-path to enable monitoring and policy enforcement

B.

Creating a Linux namespace on the telemetry server and adding to it the servicing HTTP daemon

C.

Installing and configuring filesystem integrity monitoring service on the telemetry server

D.

Implementing an EDR and alert on Identified privilege escalation attempts to the SIEM

E.

Subscribing to a UTM service that enforces privacy controls between the internal network and the screened subnet

F.

Using the published data schema to monitor and block off nominal telemetry messages

A company requires a task to be carried by more than one person concurrently. This is an example of:

A.

separation of d duties.

B.

dual control

C.

least privilege

D.

job rotation

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the timeof the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

A.

Software Decomplier

B.

Network enurrerator

C.

Log reduction and analysis tool

D.

Static code analysis