• support@dumpspool.com

PDF Only

$35.00 Free Updates Upto 90 Days

  • CAS-004 Dumps PDF
  • 444 Questions
  • Updated On July 04, 2024

PDF + Test Engine

$60.00 Free Updates Upto 90 Days

  • CAS-004 Question Answers
  • 444 Questions
  • Updated On July 04, 2024

Test Engine

$50.00 Free Updates Upto 90 Days

  • CAS-004 Practice Questions
  • 444 Questions
  • Updated On July 04, 2024
Check Our Free CompTIA CAS-004 Online Test Engine Demo.

How to pass CompTIA CAS-004 exam with the help of dumps?

DumpsPool provides you the finest quality resources you’ve been looking for to no avail. So, it's due time you stop stressing and get ready for the exam. Our Online Test Engine provides you with the guidance you need to pass the certification exam. We guarantee top-grade results because we know we’ve covered each topic in a precise and understandable manner. Our expert team prepared the latest CompTIA CAS-004 Dumps to satisfy your need for training. Plus, they are in two different formats: Dumps PDF and Online Test Engine.

How Do I Know CompTIA CAS-004 Dumps are Worth it?

Did we mention our latest CAS-004 Dumps PDF is also available as Online Test Engine? And that’s just the point where things start to take root. Of all the amazing features you are offered here at DumpsPool, the money-back guarantee has to be the best one. Now that you know you don’t have to worry about the payments. Let us explore all other reasons you would want to buy from us. Other than affordable Real Exam Dumps, you are offered three-month free updates.

You can easily scroll through our large catalog of certification exams. And, pick any exam to start your training. That’s right, DumpsPool isn’t limited to just CompTIA Exams. We trust our customers need the support of an authentic and reliable resource. So, we made sure there is never any outdated content in our study resources. Our expert team makes sure everything is up to the mark by keeping an eye on every single update. Our main concern and focus are that you understand the real exam format. So, you can pass the exam in an easier way!

IT Students Are Using our CompTIA Advanced Security Practitioner (CASP+) Exam Dumps Worldwide!

It is a well-established fact that certification exams can’t be conquered without some help from experts. The point of using CompTIA Advanced Security Practitioner (CASP+) Exam Practice Question Answers is exactly that. You are constantly surrounded by IT experts who’ve been through you are about to and know better. The 24/7 customer service of DumpsPool ensures you are in touch with these experts whenever needed. Our 100% success rate and validity around the world, make us the most trusted resource candidates use. The updated Dumps PDF helps you pass the exam on the first attempt. And, with the money-back guarantee, you feel safe buying from us. You can claim your return on not passing the exam.

How to Get CAS-004 Real Exam Dumps?

Getting access to the real exam dumps is as easy as pressing a button, literally! There are various resources available online, but the majority of them sell scams or copied content. So, if you are going to attempt the CAS-004 exam, you need to be sure you are buying the right kind of Dumps. All the Dumps PDF available on DumpsPool are as unique and the latest as they can be. Plus, our Practice Question Answers are tested and approved by professionals. Making it the top authentic resource available on the internet. Our expert has made sure the Online Test Engine is free from outdated & fake content, repeated questions, and false plus indefinite information, etc. We make every penny count, and you leave our platform fully satisfied!

CompTIA CAS-004 Exam Details:

Exam Name CompTIA Advanced Security Practitioner (CASP+)
Exam Code CAS-004
Exam Provider CompTIA
Cost $466 USD (as of 2024)
Exam Format Multiple choice and performance-based questions
Passing Score 750 on a scale of 100-900
Prerequisites At least ten years of IT administration experience, with at least five years of hands-on technical security experience. Experience should be at the enterprise level with multiple operating systems.

CompTIA Advanced Security Practitioner (CASP+) Exam Section Breakdowns

Section Percentage
Enterprise Security Domain 20%
Risk Management 19%
Research and Analysis 21%
Integration of Computing 20%
Technical Integration of Enterprise Security 20%


What is CAS-004 Exam?

Accreditation in cybersecurity at an advanced level for security architects and senior security engineers who oversee and enhance an organization's cybersecurity readiness is the CompTIA Advanced Security Practitioner (CASP+) certification.

Companies That Assisted in the Creation of CompTIA CASP+

Exam Details for CAS-004 Certification:

  • •  Exam Codes: CAS-004
  • •  Launch Date: October 6, 2021
  • •  Exam Description: In order to support a resilient enterprise, CASP+ addresses the technical knowledge and abilities needed to plan, engineer, integrate, and deploy secure solutions across complex settings while taking governance, risk, and compliance needs into account.
  • •  Number of Questions: Maximum of 90 questions
  • •  Type of Questions: Multiple-choice and performance-based
  • •  Length of Test: 165 Minutes
  • •  Passing Score: This test has no scaled score; it’s pass/fail only.
  • •  Recommended Experience: A minimum of ten years of general hands-on IT experience, with at least five years of broad hands-on security experience.
  • •  Languages: English, Japanese and Thai
  • •  Retirement: Usually three years after launch
  • •  Testing Provider:Pearson VUE

CAS-004: A Benchmark for IT Professionals

The CompTIA CASP+ certification is regarded as a standard for IT security professionals and is recognized worldwide. The purpose of the certification test is to evaluate a candidate's competence to manage security incidents and responses, create and implement security policies and procedures, and analyze and assess security risks. The exam also assesses the candidate's familiarity with new developments in IT security trends and technology.

How to pass CompTIA Advanced Security Practitioner (CASP+) CAS-004 exam?

Create an Effective Study Schedule

Now that you are aware of the domains and all of the subjects they cover, it is time to create an effective study program. Plan your studies wisely and put everything that belongs in the same category together. As you move between them, pick up new knowledge about the previous domain and prepare for the next. When creating your study plan, you should also consider the following:

  •   The date of your CompTIA CAS-004 exam, or the time you can register for it?
  •   The price of the training course and any additional funds you have set aside.
  •   The most effective teaching method for your type of learning.
  •   The information you already know.

CompTIA CAS-004 dumps pdf

You may not be familiar with the rules and processes for taking exams, as this is an entry-level exam. Take a CompTIA CAS-004 practice test to decompress after reviewing all of the exam objectives. You could use the CompTIA CAS-004 Braindumps to gain a sense of the exam. With the help of these engaging practise tests, you can identify your areas of weakness. They also assist you in strengthening your areas of weakness and providing an unbiased evaluation of your preparations.

Discover the Format of the CompTIA CAS-004 Exam

Everything you need to prepare for the CompTIA Advanced Security Practitioner (CASP+) CAS-004 test may be found on the official website. Investigate it carefully. The website also has a plethora of helpful connections and information, such as training programs, study materials, etc. Find out more about the exam's formats, question kinds, passing score, certification, etc.

Purchase the Appropriate Study Materials

Question and answer sets for CompTIA CAS-004 are easily accessible on any device. They are a useful tool for assessing your comprehension of the CAS-004 CompTIA Advanced Security Practitioner (CASP+) test. Utilizing these study aids will be very beneficial to you, particularly when creating an effective study routine.

Frequently Asked Questions

CompTIA CAS-004 Sample Question Answers

Question # 1

Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

A. Importing the availability of messages
B. Ensuring non-repudiation of messages
C. Enforcing protocol conformance for messages
D. Assuring the integrity of messages

Question # 2

A company is moving most of its customer-facing production systems to the cloud-facingproduction systems to the cloud. IaaS is the service model being used. The ChiefExecutive Officer is concerned about the type of encryption available and requires thesolution must have the highest level of security.Which of the following encryption methods should the cloud security engineer select duringthe implementation phase?

A. Instance-based
B. Storage-based
C. Proxy-based
D. Array controller-based

Question # 3

Which of the following is required for an organization to meet the ISO 27018 standard?

A. All Pll must be encrypted.
B. All network traffic must be inspected.
C. GDPR equivalent standards must be met
D. COBIT equivalent standards must be met

Question # 4

A security architect works for a manufacturing organization that has many different branchoffices. The architect is looking for a way to reduce traffic and ensure the branch officesreceive the latest copy of revoked certificates issued by the CA at the organization’sheadquarters location. The solution must also have the lowest power requirement on theCA.Which of the following is the BEST solution?

A. Deploy an RA on each branch office.
B. Use Delta CRLs at the branches.
C. Configure clients to use OCSP.
D. Send the new CRLs by using GPO.

Question # 5

Which of the following controls primarily detects abuse of privilege but does not prevent it?

A. Off-boarding
B. Separation of duties
C. Least privilege
D. Job rotation

Question # 6

During a remodel, a company’s computer equipment was moved to a secure storage roomwith cameras positioned on both sides of the door. The door is locked using a card readerissued by the security team, and only the security team and department managers haveaccess to the room. The company wants to be able to identify any unauthorized individualswho enter the storage room by following an authorized employee.Which of the following processes would BEST satisfy this requirement?

A. Monitor camera footage corresponding to a valid access request.
B. Require both security and management to open the door.
C. Require department managers to review denied-access requests.
D. Issue new entry badges on a weekly basis.

Question # 7

A security architect was asked to modify an existing internal network design toaccommodate the following requirements for RDP:• Enforce MFA for RDP• Ensure RDP connections are only allowed with secure ciphers.The existing network is extremely complex and not well segmented. Because of theselimitations, the company has requested that the connections not be restricted by networklevelfirewalls Of ACLs.Which of the following should the security architect recommend to meet theserequirements?

A. Implement a reverse proxy for remote desktop with a secure cipher configurationenforced.
B. Implement a bastion host with a secure cipher configuration enforced.
C. Implement a remote desktop gateway server, enforce secure ciphers, and configure touse OTP
D. Implement a GPO that enforces TLS cipher suites and limits remote desktop access toonly VPN users.

Question # 8

A company is looking at sending historical backups containing customer PII to a cloudservice provider to save on storage costs. Which of the following is the MOST importantconsideration before making this decision?

A. Availability
B. Data sovereignty
C. Geography
D. Vendor lock-in

Question # 9

Clients are reporting slowness when attempting to access a series of load-balanced APIsthat do not require authentication. The servers that host the APIs are showing heavy CPUutilization. No alerts are found on the WAFs sitting in front of the APIs.Which of the following should a security engineer recommend to BEST remedy theperformance issues in a timely manner?

A. Implement rate limiting on the API.
B. Implement geoblocking on the WAF.
C. Implement OAuth 2.0 on the API.
D. Implement input validation on the API.

Question # 10

An organization is referencing NIST best practices for BCP creation while reviewing currentinternal organizational processes for mission-essential items.Which of the following phases establishes the identification and prioritization of criticalsystems and functions?

A. Review a recent gap analysis.
B. Perform a cost-benefit analysis.
C. Conduct a business impact analysis.
D. Develop an exposure factor matrix.

Question # 11

A cybersecurity analyst created the following tables to help determine the maximum budgetamount the business can justify spending on an improved email filtering system: Which of the following meets the budget needs of the business?

A. Filter ABC
B. Filter XYZ
C. Filter GHI
D. Filter TUV

Question # 12

A developer wants to develop a secure external-facing web application. The developer islooking for an online community that produces tools, methodologies, articles, anddocumentation in the field ofweb-application security Which of the following is the BEST option?


Question # 13

An organization recently recovered from an attack that featured an adversary injectingMalicious logic into OS bootloaders on endpoint devices Therefore, the organizationdecided to require the use of TPM for measured boot and attestation, monitoring eachcomponent from the IJEFI through the full loading of OS components. of the following TPMstructures enables this storage functionality?

A. Endorsement tickets
B. Clock/counter structures
C. Command tag structures with MAC schemes
D. Platform configuration registers

Question # 14

A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is novisibility from the WAF for the web application.Which of the following is the MOST likely cause?

A. The user agent client is not compatible with the WAF.
B. A certificate on the WAF is expired.
C. HTTP traffic is not forwarding to HTTPS to decrypt.
D. Old, vulnerable cipher suites are still being used.

Question # 15

A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy thefollowing requirements:Support all phases of the SDLC.Use tailored website portal software.Allow the company to build and use its own gateway software.Utilize its own data management platform.Continue using agent-based security tools.Which of the following cloud-computing models should the CIO implement?

A. SaaS
B. PaaS
C. MaaS
D. IaaS

Question # 16

A small business requires a low-cost approach to theft detection for the audio recordings itproduces and sells.Which of the following techniques will MOST likely meet the business’s needs?

A. Performing deep-packet inspection of all digital audio files
B. Adding identifying filesystem metadata to the digital audio files
C. Implementing steganography
D. Purchasing and installing a DRM suite

Question # 17

Which of the following is the BEST disaster recovery solution when resources are runningin a cloud environment?

A. Remote provider BCDR
B. Cloud provider BCDR
C. Alternative provider BCDR
D. Primary provider BCDR

Question # 18

Which of the following is the MOST important cloud-specific risk from the CSP’s viewpoint?

A. Isolation control failure
B. Management plane breach
C. Insecure data deletion
D. Resource exhaustion

Question # 19

Which of the following agreements includes no penalties and can be signed by two entitiesthat are working together toward the same goal?


Question # 20

A security analyst is reviewing the following output: Which of the following would BEST mitigate this type of attack?

A. Installing a network firewall
B. Placing a WAF inline
C. Implementing an IDS
D. Deploying a honeypot

Question # 21

A review of the past year’s attack patterns shows that attackers stopped reconnaissanceafter finding a susceptible system to compromise. The company would like to find a way touse this information to protect the environment while still gaining valuable attackinformation.Which of the following would be BEST for the company to implement?

D. A honeypot

Question # 22

A security auditor needs to review the manner in which an entertainment device operates.The auditor is analyzing the output of a port scanning tool to determine the next steps inthe security review. Given the following log output.The best option for the auditor to use NEXT is:

A. A SCAP assessment.
B. Reverse engineering
C. Fuzzing
D. Network interception.

Question # 23

A security analyst discovered that the company's WAF was not properly configured. Themain web server was breached, and the following payload was found in one of themalicious requests: Which of the following would BEST mitigate this vulnerability?

A. Network intrusion prevention
B. Data encoding
C. Input validation

Question # 24

A threat hunting team receives a report about possible APT activity in the network.Which of the following threat management frameworks should the team implement?

A. NIST SP 800-53
C. The Cyber Kill Chain
D. The Diamond Model of Intrusion Analysis

Question # 25

An auditor Is reviewing the logs from a web application to determine the source of anIncident. The web application architecture Includes an Internet-accessible application loadbalancer, a number of web servers In a private subnet, application servers, and onedatabase server In a tiered configuration. The application load balancer cannot store thelogs. The following are sample log snippets: Which of the following should the auditor recommend to ensure future incidents can betraced back to the sources?

A. Enable the x-Forwarded-For header al the load balancer.
B. Install a software-based HIDS on the application servers.
C. Install a certificate signed by a trusted CA.
D. Use stored procedures on the database server.
E. Store the value of the $_server ( ‘ REMOTE_ADDR ' ] received by the web servers.

Question # 26

A security analyst is performing a vulnerability assessment on behalf of a client. Theanalyst must define what constitutes a risk to the organization.Which of the following should be the analyst’s FIRST action?

A. Create a full inventory of information and data assets.
B. Ascertain the impact of an attack on the availability of crucial resources.
C. Determine which security compliance standards should be followed.
D. Perform a full system penetration test to determine the vulnerabilities.

Question # 27

A customer reports being unable to connect to a website at www.test.com to consume services. The customer notices the web application has the following published cipher suite: Which of the following is the MOST likely cause of the customer’s inability to connect?

A. Weak ciphers are being used.
B. The public key should be using ECDSA.
C. The default should be on port 80.
D. The server name should be test.com.

Question # 28

A security analyst discovered that the company’s WAF was not properly configured. Themain web server was breached, and the following payload was found in one of themalicious requests: Which of the following would BEST mitigate this vulnerability?

B. Input validation
C. Data encoding
D. Network intrusion prevention

Question # 29

A cybersecurity analyst discovered a private key that could have been exposed.Which of the following is the BEST way for the analyst to determine if the key has beencompromised?


Question # 30

A penetration tester obtained root access on a Windows server and, according to the rulesof engagement, is permitted to perform post-exploitation for persistence.Which of the following techniques would BEST support this?

A. Configuring systemd services to run automatically at startup
B. Creating a backdoor
C. Exploiting an arbitrary code execution exploit
D. Moving laterally to a more authoritative server/service

Question # 31

Immediately following the report of a potential breach, a security engineer creates aforensic image of the server in question as part of the organization incident responseprocedure. Which of the must occur to ensure the integrity of the image?

A. The image must be password protected against changes.
B. A hash value of the image must be computed.
C. The disk containing the image must be placed in a seated container.
D. A duplicate copy of the image must be maintained

Question # 32

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of thefollowing will MOST likely be a limiting factor when selecting mobile device managers forthe company?

A. Increased network latency
B. Unavailable of key escrow
C. Inability to selected AES-256 encryption
D. Removal of user authentication requirements

Question # 33

A security consultant needs to set up wireless security for a small office that does not haveActive Directory. Despite the lack of central account management, the office managerwants to ensure a high level of defense to prevent brute-force attacks against wirelessauthentication.Which of the following technologies would BEST meet this need?

A. Faraday cage
D. WEP 128 bit

Question # 34

A security analyst discovered that a database administrator's workstation wascompromised by malware. After examining the Jogs. the compromised workstation wasobserved connecting to multiple databases through ODBC. The following query behaviorwas captured: Assuming this query was used to acquire and exfiltrate data, which of the following types ofdata was compromised, and what steps should the incident response plan contain?A) Personal health information: Inform the human resources department of the breach andreview the DLP logs.) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.C) Customer IDs: Inform the customer service department of the breach and work tochange the account numbers.D) PAN: Inform the legal department of the breach and look for this data in dark webmonitoring.

A. Option A
B. Option B
C. Option C
D. Option D

Question # 35

A security analyst is reviewing network connectivity on a Linux workstation and examiningthe active TCP connections using the command line.Which of the following commands would be the BEST to run to view only active Internetconnections?

A. sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’
B. sudo netstat -nlt -p | grep “ESTABLISHED”
C. sudo netstat -plntu | grep -v “Foreign Address”
D. sudo netstat -pnut -w | column -t -s $’\w’
E. sudo netstat -pnut | grep -P ^tcp

Question # 36

Which of the following terms refers to the delivery of encryption keys to a CASB or a thirdpartyentity?

A. Key sharing
B. Key distribution
C. Key recovery
D. Key escrow

Question # 37

A software house is developing a new application. The application has the followingrequirements:Reduce the number of credential requests as much as possibleIntegrate with social networksAuthenticate usersWhich of the following is the BEST federation method to use for the application?

A. WS-Federation
B. OpenID
C. OAuth

Question # 38

The Chief information Officer (CIO) wants to establish a non-banding agreement with athird party that outlines the objectives of the mutual arrangement dealing with datatransfers between both organizations before establishing a format partnership. Which of thefollow would MOST likely be used?


Question # 39

A security analyst wants to keep track of alt outbound web connections from workstations.The analyst's company uses an on-premises web filtering solution that forwards theoutbound traffic to a perimeter firewall. When the security analyst gets the connectionevents from the firewall, the source IP of the outbound web traffic is the translated IP of theweb filtering solution. Considering this scenario involving source NAT. which of thefollowing would be the BEST option to inject in the HTTP header to include the real sourceIP from workstations?

A. X-Forwarded-Proto
B. X-Forwarded-For
C. Cache-Control
D. Strict-Transport-Security
E. Content-Security-Policy

Question # 40

A security engineer at a company is designing a system to mitigate recent setbacks causedcompetitors that are beating the company to market with the new products. Several of theproducts incorporate propriety enhancements developed by the engineer’s company. Thenetwork already includes a SEIM and a NIPS and requires 2FA for all user access. Whichof the following system should the engineer consider NEXT to mitigate the associatedrisks?

B. Mail gateway
C. Data flow enforcement

Question # 41

A security is assisting the marketing department with ensuring the security of theorganization’s social media platforms. The two main concerns are:The Chief marketing officer (CMO) email is being used department wide as the usernameThe password has been shared within the departmentWhich of the following controls would be BEST for the analyst to recommend?

A. Configure MFA for all users to decrease their reliance on other authentication.
B. Have periodic, scheduled reviews to determine which OAuth configuration are set foreach media platform.
C. Create multiple social media accounts for all marketing user to separate their actions.
D. Ensue the password being shared is sufficiently and not written down anywhere.

Question # 42

A security engineer needs to recommend a solution that will meet the followingrequirements:Identify sensitive data in the provider’s networkMaintain compliance with company and regulatory guidelinesDetect and respond to insider threats, privileged user threats, and compromised accountsEnforce datacentric security, such as encryption, tokenization, and access controlWhich of the following solutions should the security engineer recommend to address theserequirements?


Question # 43

A local government that is investigating a data exfiltration claim was asked to review thefingerprint of the malicious user's actions. An investigator took a forensic image of the VMan downloaded the image to a secured USB drive to share with the government. Which ofthe following should be taken into consideration during the process of releasing the drive tothe government?

A. Encryption in transit
B. Legal issues
C. Chain of custody
D. Order of volatility
E. Key exchange

Question # 44

The OS on several servers crashed around the same time for an unknown reason. Theservers were restored to working condition, and all file integrity was verified. Which of thefollowing should the incident response team perform to understand the crash and prevent itin the future?

A. Root cause analysis
B. Continuity of operations plan
C. After-action report
D. Lessons learned

Question # 45

A company’s product site recently had failed API calls, resulting in customers being unableto check out and purchase products. This type of failure could lead to the loss of customersand damage to the company’s reputation in the market. Which of the following should the company implement to address the risk of systemunavailability?

A. User and entity behavior analytics
B. Redundant reporting systems
C. A self-healing system
D. Application controls

Question # 46

A company wants to quantify and communicate the effectiveness of its security controls butmust establish measures. Which of the following is MOST likely to be included in aneffective assessment roadmap for these controls?

A. Create a change management process.
B. Establish key performance indicators.
C. Create an integrated master schedule.
D. Develop a communication plan.
E. Perform a security control assessment.

Question # 47

An attack team performed a penetration test on a new smart card system. The team demonstrated that by subjecting the smart card to high temperatures, the secret key couldbe revealed.Which of the following side-channel attacks did the team use?

A. Differential power analysis
B. Differential fault analysis
C. Differential temperature analysis
D. Differential timing analysis

Question # 48

A forensic investigator would use the foremost command for:

A. cloning disks.
B. analyzing network-captured packets.
C. recovering lost files.
D. extracting features such as email addresses

Question # 49

A security analyst receives an alert from the SIEM regarding unusual activity on anauthorized public SSH jump server. To further investigate, the analyst pulls the event logsdirectly from /var/log/auth.log: graphic.ssh_auth_log.Which of the following actions would BEST address the potential risks by the activity in thelogs?

A. Alerting the misconfigured service account password
B. Modifying the AllowUsers configuration directive
C. Restricting external port 22 access
D. Implementing host-key preferences

Question # 50

A company requires a task to be carried by more than one person concurrently. This is anexample of:

A. separation of d duties.
B. dual control
C. least privilege
D. job rotation

Question # 51

A high-severity vulnerability was found on a web application and introduced to theenterprise. The vulnerability could allow an unauthorized user to utilize an open-sourcelibrary to view privileged user information. The enterprise is unwilling to accept the risk, butthe developers cannot fix the issue right away.Which of the following should be implemented to reduce the risk to an acceptable level untilthe issue can be fixed?

A. Scan the code with a static code analyzer, change privileged user passwords, andprovide security training.
B. Change privileged usernames, review the OS logs, and deploy hardware tokens.
C. Implement MFA, review the application logs, and deploy a WAF.
D. Deploy a VPN, configure an official open-source library repository, and perform a fullapplication review for vulnerabilities.

Question # 52

A high-severity vulnerability was found on a web application and introduced to theenterprise. The vulnerability could allow an unauthorized user to utilize an open-sourcelibrary to view privileged user information. The enterprise is unwilling to accept the risk, butthe developers cannot fix the issue right away.Which of the following should be implemented to reduce the risk to an acceptable level untilthe issue can be fixed?

A. Scan the code with a static code analyzer, change privileged user passwords, andprovide security training.
B. Change privileged usernames, review the OS logs, and deploy hardware tokens.
C. Implement MFA, review the application logs, and deploy a WAF.
D. Deploy a VPN, configure an official open-source library repository, and perform a fullapplication review for vulnerabilities.

Question # 53

A security engineer needs 10 implement a CASB to secure employee user web traffic. AKey requirement is mat relevant event data must be collected from existing on-premisesinfrastructure components and consumed by me CASB to expand traffic visibility. Thesolution must be nighty resilient to network outages. Which of the following architecturalcomponents would BEST meet these requirements?

A. Log collection
B. Reverse proxy
D. API mode

Question # 54

An attacker infiltrated the code base of a hardware manufacturer and inserted malwarebefore the code was compiled. The malicious code is now running at the hardware levelacross a number of industries and sectors. Which of the following categories BESTdescribes this type of vendor risk?

A. SDLC attack
B. Side-load attack
C. Remote code signing
D. Supply chain attack

Question # 55

Due to adverse events, a medium-sized corporation suffered a major operational disruptionthat caused its servers to crash and experience a major power outage. Which of thefollowing should be created to prevent this type of issue in the future?


Question # 56

A pharmaceutical company recently experienced a security breach within its customerfacingweb portal. The attackers performed a SQL injection attack and exported tables fromthe company’s managed database, exposing customer information.The company hosts the application with a CSP utilizing the IaaS model. Which of thefollowing parties is ultimately responsible for the breach?

A. The pharmaceutical company
B. The cloud software provider
C. The web portal software vendor
D. The database software vendor

Question # 57

A security architect is reviewing the following proposed corporate firewall architecture and configuration: Both firewalls are stateful and provide Layer 7 filtering and routing. The company has thefollowing requirements:Web servers must receive all updates via HTTP/S from the corporate network.Web servers should not initiate communication with the Internet. Web servers should only connect to preapproved corporate database servers.Employees’ computing devices should only connect to web services over ports 80 and 443.Which of the following should the architect recommend to ensure all requirements are metin the MOST secure manner? (Choose two.)

A. Add the following to Firewall_A: 15 PERMIT FROM TO TCP80,443
B. Add the following to Firewall_A: 15 PERMIT FROM TO TCP80,443
C. Add the following to Firewall_A: 15 PERMIT FROM TO TCP/UDP0-65535
D. Add the following to Firewall_B: 15 PERMIT FROM TO TCP/UDP0-65535
E. Add the following to Firewall_B: 15 PERMIT FROM TO TCP/UDP 0-65535
F. Add the following to Firewall_B: 15 PERMIT FROM TO 80,443

Question # 58

The Chief information Officer (CIO) of a large bank, which uses multiple third-partyorganizations to deliver a service, is concerned about the handling and security ofcustomer data by the parties. Which of the following should be implemented to BESTmanage the risk?

A. Establish a review committee that assesses the importance of suppliers and ranks themaccording to contract renewals. At the time of contract renewal, incorporate designs andoperational controls into the contracts and a right-to-audit clause. Regularly assess thesupplier’s post-contract renewal with a dedicated risk management team.
B. Establish a team using members from first line risk, the business unit, and vendormanagement to assess only design security controls of all suppliers. Store findings fromthe reviews in a database for all other business units and risk teams to reference.
C. Establish an audit program that regularly reviews all suppliers regardless of the datathey access, how they access the data, and the type of data, Review all design andoperational controls based on best practice standard and report the finding back to uppermanagement.
D. Establish a governance program that rates suppliers based on their access to data, thetype of data, and how they access the data Assign key controls that are reviewed andmanaged based on the supplier’s rating. Report finding units that rely on the suppliers andthe various risk teams.

Question # 59

An organization developed a social media application that is used by customers in multipleremote geographic locations around the world. The organization’s headquarters and onlydatacenter are located in New York City. The Chief Information Security Officer wants toensure the following requirements are met for the social media application:Low latency for all mobile users to improve the users’ experienceSSL offloading to improve web server performanceProtection against DoS and DDoS attacksHigh availabilityWhich of the following should the organization implement to BEST ensure all requirementsare met?

A. A cache server farm in its datacenter
B. A load-balanced group of reverse proxy servers with SSL acceleration
C. A CDN with the origin set to its datacenter
D. Dual gigabit-speed Internet connections with managed DDoS prevention

Question # 60

An organization’s existing infrastructure includes site-to-site VPNs between datacenters. Inthe past year, a sophisticated attacker exploited a zero-day vulnerability on the VPNconcentrator. Consequently,the Chief Information Security Officer (CISO) is making infrastructure changes to mitigatethe risk of service loss should another zero-day exploit be used against the VPN solution.Which of the following designs would be BEST for the CISO to use?

A. Adding a second redundant layer of alternate vendor VPN concentrators
B. Using Base64 encoding within the existing site-to-site VPN connections
C. Distributing security resources across VPN sites
D. Implementing IDS services with each VPN concentrator
E. Transitioning to a container-based architecture for site-based services

Question # 61

A large number of emails have been reported, and a security analyst is reviewing thefollowing information from the emails: As part of the image process, which of the following is the FIRST step the analyst shouldtake?

A. Block the email address carl b@comptia1 com, as it is sending spam to subject matterexperts
B. Validate the final "Received" header against the DNS entry of the domain.
C. Compare the 'Return-Path" and "Received" fields.
D. Ignore the emails, as SPF validation is successful, and it is a false positive

Question # 62

Company A is establishing a contractual with Company B. The terms of the agreement areformalized in a document covering the payment terms, limitation of liability, and intellectualproperty rights. Which of the following documents will MOST likely contain these elements

A. Company A-B SLA v2.docx
B. Company A OLA v1b.docx
C. Company A MSA v3.docx
D. Company A MOU v1.docx
E. Company A-B NDA v03.docx

Question # 63

The Chief Information Security Officer of a startup company has asked a security engineerto implement a software security program in an environment that previously had littleoversight.Which of the following testing methods would be BEST for the engineer to utilize in thissituation?

A. Software composition analysis
B. Code obfuscation
C. Static analysis
D. Dynamic analysis

Question # 64

A company is looking for a solution to hide data stored in databases. The solution mustmeet the following requirements:Be efficient at protecting the production environmentNot require any change to the applicationAct at the presentation layerWhich of the following techniques should be used?

A. Masking
B. Tokenization
C. Algorithmic
D. Random substitution

Question # 65

An organization requires a contractual document that includes• An overview of what is covered• Goals and objectives• Performance metrics for each party• A review of how the agreement is managed by all partiesWhich of the following BEST describes this type of contractual document?


Question # 66

A large telecommunications equipment manufacturer needs to evaluate the strengths ofsecurity controls in a new telephone network supporting first responders. Which of thefollowing techniques would the company use to evaluate data confidentiality controls?

A. Eavesdropping
B. On-path
C. Cryptanalysis
D. Code signing
E. RF sidelobe sniffing

Question # 67

A municipal department receives telemetry data from a third-party provider The servercollecting telemetry sits in the municipal departments screened network and acceptsconnections from the third party over HTTPS. The daemon has a code executionvulnerability from a lack of input sanitization of out-of-bound messages, and therefore, thecybersecurity engineers would like to Implement nsk mitigations. Which of the followingactions, if combined, would BEST prevent exploitation of this vulnerability? (Select TWO).

A. Implementing a TLS inspection proxy on-path to enable monitoring and policyenforcement
B. Creating a Linux namespace on the telemetry server and adding to it the servicing HTTPdaemon
C. Installing and configuring filesystem integrity monitoring service on the telemetry server
D. Implementing an EDR and alert on Identified privilege escalation attempts to the SIEM
E. Subscribing to a UTM service that enforces privacy controls between the internalnetwork and the screened subnet
F. Using the published data schema to monitor and block off nominal telemetry messages

Question # 68

An organization’s assessment of a third-party, non-critical vendor reveals that the vendordoes not have cybersecurity insurance and IT staff turnover is high. The organization usesthe vendor to move customer office equipment from one service location to another. Thevendor acquires customer data and access to the business via an API.Given this information, which of the following is a noted risk?

A. Feature delay due to extended software development cycles
B. Financial liability from a vendor data breach
C. Technical impact to the API configuration
D. The possibility of the vendor’s business ceasing operations

Question # 69

A business stores personal client data of individuals residing in the EU in order to processrequests for mortgage loan approvals.Which of the following does the business’s IT manager need to consider?

A. The availability of personal data
B. The right to personal data erasure
C. The company’s annual revenue
D. The language of the web application

Question # 70

An application server was recently upgraded to prefer TLS 1.3, and now users are unableto connect their clients to the server. Attempts to reproduce the error are confirmed, andclients are reporting the following: ERR_SSL_VERSION_OR_CIPHER_MISMATCHWhich of the following is MOST likely the root cause?

A. The client application is testing PFS.
B. The client application is configured to use ECDHE.
C. The client application is configured to use RC4.
D. The client application is configured to use AES-256 in GCM.

Question # 71

The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to abank’s risk committee is to ensure:

A. Budgeting for cybersecurity increases year over year.
B. The committee knows how much work is being done.
C. Business units are responsible for their own mitigation.
D. The bank is aware of the status of cybersecurity risks

Question # 72

A company's Chief Information Officer wants to Implement IDS software onto the currentsystem's architecture to provide an additional layer of security. The software must be ableto monitor system activity, provide Information on attempted attacks, and provide analysisof malicious activities to determine the processes or users Involved. Which of the followingwould provide this information?


Question # 73

A company processes data subject to NDAs with partners that define the processing andstorage constraints for the covered data. The agreements currently do not permit movingthe covered data to the cloud, and the company would like to renegotiate the terms of theagreements.Which of the following would MOST likely help the company gain consensus to move thedata to the cloud?

A. Designing data protection schemes to mitigate the risk of loss due to multitenancy
B. Implementing redundant stores and services across diverse CSPs for high availability
C. Emulating OS and hardware architectures to blur operations from CSP view
D. Purchasing managed FIM services to alert on detected modifications to covered data

Question # 74

While investigating a security event, an analyst finds evidence that a user opened an emailattachment from an unknown source. Shortly after the user opened the attachment, agroup of servers experienced a large amount of network and resource activity. Uponinvestigating the servers, the analyst discovers the servers were encrypted by ransomwarethat is demanding payment within 48 hours or all data will be destroyed. The company hasno response plans for ransomware.Which of the following is the NEXT step the analyst should take after reporting the incidentto the management team?

A. Pay the ransom within 48 hours.
B. Isolate the servers to prevent the spread.
C. Notify law enforcement.
D. Request that the affected servers be restored immediately.

Question # 75

An engineering team is developing and deploying a fleet of mobile devices to be used forspecialized inventory management purposes. These devices should:* Be based on open-source Android for user familiarity and ease.* Provide a single application for inventory management of physical assets.* Permit use of the camera be only the inventory application for the purposes of scanning* Disallow any and all configuration baseline modifications.* Restrict all access to any device resource other than those requirement ?

A. Set an application wrapping policy, wrap the application, distributes the inventory APKvia the MAM tool, and test the application restrictions.
B. Write a MAC sepolicy that defines domains with rules, label the inventory application,build the policy, and set to enforcing mode.
C. Swap out Android Linux kernel version for >2,4,0, but the internet build Android, removeunnecessary functions via MDL, configure to block network access, and perform integrationtesting
D. Build and install an Android middleware policy with requirements added, copy the fileinto/ user/init, and then built the inventory application.

Question # 76

A company that uses AD is migrating services from LDAP to secure LDAP. During the pilotphase, services are not connecting properly to secure LDAP. Block is an except of outputfrom the troubleshooting session: Which of the following BEST explains why secure LDAP is not working? (Select TWO.)

A. The clients may not trust idapt by default.
B. The secure LDAP service is not started, so no connections can be made.
C. Danvills.com is under a DDoS-inator attack and cannot respond to OCSP requests.
D. Secure LDAP should be running on UDP rather than TCP.
E. The company is using the wrong port. It should be using port 389 for secure LDAP.
F. Secure LDAP does not support wildcard certificates.
G. The clients may not trust Chicago by default.

Question # 77

A development team created a mobile application that contacts a company’s back-endAPIs housed in a PaaS environment. The APIs have been experiencing high processorutilization due to scraping activities. The security engineer needs to recommend a solutionthat will prevent and remedy the behavior.Which of the following would BEST safeguard the APIs? (Choose two.)

A. Bot protection
B. OAuth 2.0
C. Input validation
D. Autoscaling endpoints
E. Rate limiting
F. CSRF protection

Question # 78

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL.Results document as output. Which of the following would enable the engineer to interpretthe results in a human readable form? (Select TWO.)

A. Text editor
B. OOXML editor
C. Event Viewer
D. XML style sheet
E. SCAP tool
F. Debugging utility

Question # 79

city government's IT director was notified by the City council that the followingcybersecurity requirements must be met to be awarded a large federal grant:+ Logs for all critical devices must be retained for 365 days to enable monitoring and threathunting.+ All privileged user access must be tightly controlled and tracked to mitigate compromisedaccounts.+ Ransomware threats and zero-day vulnerabilities must be quickly identified.Which of the following technologies would BEST satisfy these requirements? (SelectTHREE).

A. Endpoint protection
B. Log aggregator
C. Zero trust network access
E. Cloud sandbox

Question # 80

An enterprise is undergoing an audit to review change management activities whenpromoting code to production. The audit reveals the following:• Some developers can directly publish code to the production environment.• Static code reviews are performed adequately.• Vulnerability scanning occurs on a regularly scheduled basis per policy.Which of the following should be noted as a recommendation within the audit report?

A. Implement short maintenance windows.
B. Perform periodic account reviews.
C. Implement job rotation.
D. Improve separation of duties.

Question # 81

An IT administrator is reviewing all the servers in an organization and notices that a serveris missing crucial practice against a recent exploit that could gain root access.Which of the following describes the administrator’s discovery?

A. A vulnerability
B. A threat
C. A breach
D. A risk

Question # 82

An organization wants to perform a scan of all its systems against best practice securityconfigurations.Which of the following SCAP standards, when combined, will enable the organization toview each of the configuration checks in a machine-readable checklist format for fillautomation? (Choose two.)


Question # 83

A company is looking to fortify its cybersecurity defenses and is focusing on its networkinfrastructure. The solution cannot affect the availability of the company’s services toensure false positives do not drop legitimate traffic.Which of the following would satisfy the requirement?

D. Reverse proxy

Question # 84

Given the following log snippet from a web server: Which of the following BEST describes this type of attack?

A. SQL injection
B. Cross-site scripting
C. Brute-force
D. Cross-site request forgery

Question # 85

An organization's finance system was recently attacked. A forensic analyst is reviewing thecontents Of the compromised files for credit card data.Which of the following commands should the analyst run to BEST determine whetherfinancial data was lost?

A. Option A
B. Option B
C. Option C
D. Option D

Question # 86

Ann, a CIRT member, is conducting incident response activities on a network that consistsof several hundred virtual servers and thousands of endpoints and users. The networkgenerates more than 10,000 log messages per second. The enterprise belong to a large,web-based cryptocurrency startup, Ann has distilled the relevant information into an easilydigestible report for executive management . However, she still needs to collect evidenceof the intrusion that caused the incident. Which of the following should Ann use to gatherthe required information?

A. Traffic interceptor log analysis
B. Log reduction and visualization tools
C. Proof of work analysis
D. Ledger analysis software

Question # 87

The Chief information Officer (CIO) asks the system administrator to improve email securityat the company based on the following requirements:* Transaction being requested by unauthorized individuals.* Complete discretion regarding client names, account numbers, and investmentinformation.* Malicious attackers using email to malware and ransomeware.* Exfiltration of sensitive company information.The cloud-based email solution will provide anti-malware reputation-based scanning,signature-based scanning, and sandboxing. Which of the following is the BEST option toresolve the boar’s concerns for this email migration?

A. Data loss prevention
B. Endpoint detection response
D. Application whitelisting

Question # 88

A security analyst at a global financial firm was reviewing the design of a cloud-basedsystem to identify opportunities to improve the security of the architecture. The system wasrecently involved in a data breach after a vulnerability was exploited within a virtualmachine's operating system. The analyst observed the VPC in which the system waslocated was not peered with the security VPC that contained the centralized vulnerabilityscanner due to the cloud provider's limitations. Which of the following is the BEST courseof action to help prevent this situation m the near future?

A. Establish cross-account trusts to connect all VPCs via API for secure configurationscanning.
B. Migrate the system to another larger, top-tier cloud provider and leverage the additionalVPC peering flexibility.
C. Implement a centralized network gateway to bridge network traffic between all VPCs.
D. Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.

Question # 89

An attacker infiltrated an electricity-generation site and disabled the safety instrumentedsystem. Ransomware was also deployed on the engineering workstation. The environmenthas back-to-back firewalls separating the corporate and OT systems. Which of thefollowing is the MOST likely security consequence of this attack?

A. A turbine would overheat and cause physical harm.
B. The engineers would need to go to the historian.
C. The SCADA equipment could not be maintained.
D. Data would be exfiltrated through the data diodes.