[Dec-2022] CompTIA CAS-004 Official Cert Guide PDF [Q27-Q41]

Rate this post

[Dec-2022] CompTIA CAS-004 Official Cert Guide PDF

Exam CAS-004: CompTIA Advanced Security Practitioner (CASP+) Exam – PassTestking

Certification Topics of CompTIA CAS-004 Exam

Our CompTIA CAS-004 exam dumps covers the following objectives of CompTIA CAS-004 Exam.

Cybersecurity Practitioner Skills, Engineer
Cybersecurity Practitioner Skills, Architect & Engineer
Cybersecurity Management Skills
Cybersecurity Management Skills

What is the exam cost of CompTIA CAS-004 Exam Certification

The exam cost of CompTIA CAS-004 Exam Certification is $466 USD.

For more information about the CompTIA CAS-004 Exam visit the following reference link:

CompTIA CAS-004 Exam’s Reference link

QUESTION 27
A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability.
The company would like to determine whether it is vulnerable to this active campaign.
Which of the following should the company use to make this determination?

Threat hunting

A system penetration test

Log analysis within the SIEM tool

The Cyber Kill Chain

QUESTION 28
A company is preparing to deploy a global service.
Which of the following must the company do to ensure GDPR compliance? (Choose two.)

Inform users regarding what data is stored.

Provide opt-in/out for marketing messages.

Provide data deletion capabilities.

Provide optional data encryption.

Grant data access to third parties.

Provide alternative authentication techniques.

QUESTION 29
After a security incident, a network security engineer discovers that a portion of the company’s sensitive external traffic has been redirected through a secondary ISP that is not normally used.
Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

Disable BGP and implement a single static route for each internal network.

Implement a BGP route reflector.

Implement an inbound BGP prefix list.

Disable BGP and implement OSPF.

QUESTION 30
A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.
Which of the following offers an authoritative decision about whether the evidence was obtained legally?

Lawyers

Court

Upper management team

Police

QUESTION 31
A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.
Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

Union filesystem overlay

Cgroups

Linux namespaces

Device mapper

QUESTION 32
A developer wants to develop a secure external-facing web application. The developer is looking for an online community that produces tools, methodologies, articles, and documentation in the field of
web-application security Which of the following is the BEST option?

ICANN

PCI DSS

OWASP

CSA

NIST

QUESTION 33
A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.
Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?

The company will have access to the latest version to continue development.

The company will be able to force the third-party developer to continue support.

The company will be able to manage the third-party developer’s development process.

The company will be paid by the third-party developer to hire a new development team.

QUESTION 34
A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot phase, services are not connecting properly to secure LDAP. Block is an except of output from the troubleshooting session:

Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

The clients may not trust idapt by default.

The secure LDAP service is not started, so no connections can be made.

Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.

Secure LDAP should be running on UDP rather than TCP.

The company is using the wrong port. It should be using port 389 for secure LDAP.

Secure LDAP does not support wildcard certificates.

The clients may not trust Chicago by default.

QUESTION 35
A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.
Which of the following would satisfy the requirement?

NIDS

NIPS

WAF

Reverse proxy

QUESTION 36
An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security?

Limit access to the system using a jump box.

Place the new system and legacy system on separate VLANs

Deploy the legacy application on an air-gapped system.

Implement MFA to access the legacy system.

QUESTION 37
A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.
Which of the following should a security architect recommend?

A DLP program to identify which files have customer data and delete them

An ERP program to identify which processes need to be tracked

A CMDB to report on systems that are not configured to security baselines

A CRM application to consolidate the data and provision access based on the process and need

QUESTION 38
A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:
1. The network supports core applications that have 99.99% uptime.
2. Configuration updates to the SD-WAN routers can only be initiated from the management service.
3. Documents downloaded from websites must be scanned for malware.
Which of the following solutions should the network architect implement to meet the requirements?

Reverse proxy, stateful firewalls, and VPNs at the local sites

IDSs, WAFs, and forward proxy IDS

DoS protection at the hub site, mutual certificate authentication, and cloud proxy

IPSs at the hub, Layer 4 firewalls, and DLP

QUESTION 39
A security engineer needs 10 implement a CASB to secure employee user web traffic. A Key requirement is mat relevant event data must be collected from existing on-premises infrastructure components and consumed by me CASB to expand traffic visibility. The solution must be nighty resilient to network outages. Which of the following architectural components would BEST meet these requirements?

Log collection

Reverse proxy

AWAF

API mode

QUESTION 40
The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?

Root cause analysis

Continuity of operations plan

After-action report

Lessons learned

QUESTION 41
In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company’s availability requirements. During a postmortem analysis, the following issues were highlighted:
1. International users reported latency when images on the web page were initially loading.
2. During times of report processing, users reported issues with inventory when attempting to place orders.
3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.
Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?

Serve static content via distributed CDNs, create a read replica of the central database and pull reports from there, and auto-scale API servers based on performance.

Increase the bandwidth for the server that delivers images, use a CDN, change the database to a non-relational database, and split the ten API servers across two load balancers.

Serve images from an object storage bucket with infrequent read times, replicate the database across different regions, and dynamically create API servers based on load.

Serve static-content object storage across different regions, increase the instance size on the managed relational database, and distribute the ten API servers across multiple regions.