Get ready to pass the CAS-004 Exam right now using our CompTIA CASP Exam Package
A fully updated 2023 CAS-004 Exam Dumps exam guide from training expert Prep4sureGuide
NEW QUESTION # 64
A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:
The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:
Which of the following is an appropriate security control the company should implement?
- A. Use server-side processing to avoid XSS vulnerabilities in path input.
- B. Parameterize a query in the path variable to prevent SQL injection.
- C. Separate the items in the system call to prevent command injection.
- D. Restrict directory permission to read-only access.
Answer: C
NEW QUESTION # 65
An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card dat a. Which of the following commands should the analyst run to BEST determine whether financial data was lost?
- A. Option D
- B. Option C
- C. Option B
- D. Option A
Answer: B
NEW QUESTION # 66
A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output:
The penetration testers MOST likely took advantage of:
- A. An integer overflow vulnerability
- B. A TOC/TOU vulnerability
- C. A buffer overflow vulnerability
- D. A plain-text password disclosure
Answer: B
NEW QUESTION # 67
A company in the financial sector receives a substantial number of customer transaction requests via email.
While doing a root-cause analysis conceding a security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but theCIRT finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.
- A. Implementing application blacklisting
- B. Deploying host-based firewalls and shipping the logs to the SIEM
- C. Increasing the cadence for antivirus DAT updates to twice daily
- D. Configuring the mall to quarantine incoming attachment automatically
Answer: B
NEW QUESTION # 68
A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.
Which of the following encryption methods should the cloud security engineer select during the implementation phase?
- A. Proxy-based
- B. Array controller-based
- C. Instance-based
- D. Storage-based
Answer: D
Explanation:
We recommend that you encrypt your virtual hard disks (VHDs) to help protect your boot volume and data volumes at rest in storage, along with your encryption keys and secrets. Azure Disk Encryption helps you encrypt your Windows and Linux IaaS virtual machine disks. Azure Disk Encryption uses the industry-standard BitLocker feature of Windows and the DM-Crypt feature of Linux to provide volume encryption for the OS and the data disks. The solution is integrated with Azure Key Vault to help you control and manage the disk-encryption keys and secrets in your key vault subscription. The solution also ensures that all data on the virtual machine disks are encrypted at rest in Azure Storage. https://docs.microsoft.com/en-us/azure/security/fundamentals/iaas
NEW QUESTION # 69
An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.
Which of the following historian server locations will allow the business to get the required reports in an OT and IT environment?
- A. Use a screened subnet between the OT and IT environments.
- B. In the OT environment, use a VPN from the IT environment into the OT environment.
- C. In the OT environment, allow IT traffic into the OT environment.
- D. In the IT environment, allow PLCs to send data from the OT environment to the IT environment.
Answer: B
NEW QUESTION # 70
A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form?
(Select TWO.)
- A. OOXML editor
- B. Text editor
- C. SCAP tool
- D. XML style sheet
- E. Event Viewer
- F. Debugging utility
Answer: A,D
NEW QUESTION # 71
A security engineer was auditing an organization's current software development practice and discovered that multiple open-source libraries were Integrated into the organization's software. The organization currently performs SAST and DAST on the software it develops.
Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?
- A. Perform additional SAST/DAST on the open-source libraries.
- B. Perform unit testing of the open-source libraries.
- C. Track the library versions and monitor the CVE website for related vulnerabilities.
- D. Implement the SDLC security guidelines.
Answer: D
NEW QUESTION # 72
A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.
Which of the following commands would be the BEST to run to view only active Internet connections?
- A. sudo netstat -nlt -p | grep "ESTABLISHED"
- B. sudo netstat -pnut -w | column -t -s $'\w'
- C. sudo netstat -antu | grep "LISTEN" | awk '{print$5}'
- D. sudo netstat -plntu | grep -v "Foreign Address"
- E. sudo netstat -pnut | grep -P ^tcp
Answer: A
NEW QUESTION # 73
A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs:
The security engineer looks at the UTM firewall rules and finds the following:
Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?
- A. Create an IMAPS firewall rule to ensure email is allowed.
- B. Confirm the email server certificate is installed on the corporate computers.
- C. Make sure the UTM certificate is imported on the corporate computers.
- D. Contact the email service provider and ask if the company IP is blocked.
Answer: C
NEW QUESTION # 74
A company hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements:
The credentials used to publish production software to the container registry should be stored in a secure location.
Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.
Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?
- A. MFA
- B. Key vault
- C. Local secure password file
- D. TPM
Answer: D
NEW QUESTION # 75
A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output:
The penetration testers MOST likely took advantage of:
- A. An integer overflow vulnerability
- B. A TOC/TOU vulnerability
- C. A buffer overflow vulnerability
- D. A plain-text password disclosure
Answer: B
NEW QUESTION # 76
A security analyst is reviewing the following output:
Which of the following would BEST mitigate this type of attack?
- A. Deploying a honeypot
- B. Placing a WAF inline
- C. Implementing an IDS
- D. Installing a network firewall
Answer: B
NEW QUESTION # 77
A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form?
(Select TWO.)
- A. XML style sheet
- B. SCAP tool
- C. Text editor
- D. OOXML editor
- E. Event Viewer
- F. Debugging utility
Answer: B,C
NEW QUESTION # 78
Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?
- A. Enforcing protocol conformance for messages
- B. Assuring the integrity of messages
- C. Ensuring non-repudiation of messages
- D. Importing the availability of messages
Answer: B
NEW QUESTION # 79
A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.
Which of the following scan types will provide the systems administrator with the MOST accurate information?
- A. A passive, non-credentialed scan
- B. An active, non-credentialed scan
- C. An active, credentialed scan
- D. A passive, credentialed scan
Answer: D
NEW QUESTION # 80
A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking.
After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?
- A. Enforcing
- B. Protecting
- C. Permissive
- D. Mandatory
Answer: A
NEW QUESTION # 81
A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access.
Which of the following risk techniques did the department use in this situation?
- A. Transfer
- B. Mitigate
- C. Accept
- D. Avoid
Answer: B
NEW QUESTION # 82
A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:
The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:
Which of the following is an appropriate security control the company should implement?
- A. Use server-side processing to avoid XSS vulnerabilities in path input.
- B. Parameterize a query in the path variable to prevent SQL injection.
- C. Separate the items in the system call to prevent command injection.
- D. Restrict directory permission to read-only access.
Answer: C
NEW QUESTION # 83
Based on PCI DSS v3.4, One Particular database field can store data, but the data must be unreadable. which of the following data objects meets this requirement?
- A. PAN
- B. expiration date
- C. Cardholder name
- D. CVV2
Answer: A
NEW QUESTION # 84
An organization is planning for disaster recovery and continuity of operations.
INSTRUCTIONS
Review the following scenarios and instructions. Match each relevant finding to the affected host.
After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.
Each finding may be used more than once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.
Answer:
Explanation:
NEW QUESTION # 85
A security auditor needs to review the manner in which an entertainment device operates. The auditor is analyzing the output of a port scanning tool to determine the next steps in the security review. Given the following log output.
The best option for the auditor to use NEXT is:
- A. Reverse engineering
- B. Network interception.
- C. Fuzzing
- D. A SCAP assessment.
Answer: D
NEW QUESTION # 86
An organization requires a contractual document that includes
* An overview of what is covered
* Goals and objectives
* Performance metrics for each party
* A review of how the agreement is managed by all parties
Which of the following BEST describes this type of contractual document?
- A. BAA
- B. SLA
- C. ISA
- D. NDA
Answer: B
NEW QUESTION # 87
During a remodel, a company's computer equipment was moved to a secure storage room with cameras positioned on both sides of the door. The door is locked using a card reader issued by the security team, and only the security team and department managers have access to the room. The company wants to be able to identify any unauthorized individuals who enter the storage room by following an authorized employee.
Which of the following processes would BEST satisfy this requirement?
- A. Require both security and management to open the door.
- B. Monitor camera footage corresponding to a valid access request.
- C. Issue new entry badges on a weekly basis.
- D. Require department managers to review denied-access requests.
Answer: B
NEW QUESTION # 88
......
Master 2023 Latest The Questions CompTIA CASP and Pass CAS-004 Real Exam!: https://www.prep4sureguide.com/CAS-004-prep4sure-exam-guide.html
Practice To CAS-004 - Prep4sureGuide Remarkable Practice On your CompTIA Advanced Security Practitioner (CASP+) Exam Exam: https://drive.google.com/open?id=1UllvoilDT8qS8m1DgZFLzMa0o71YKgix