Recommend!!

Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

CompTIA
Exam Questions CAS-004
CompTIA Advanced Security Practitioner (CASP+) Exam

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

NEW QUESTION 1
Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A
security analyst notices that many vulnerabilities that were previously scored as medium are now breaching higher thresholds. Upon further investigation, the
analyst notices certain ratings are not aligned with the approved system categorization. Which of the following can the analyst do to get a better picture of the risk
while adhering to the organization's policy?

A. Align the exploitability metrics to the predetermined system categorization.

B. Align the remediation levels to the predetermined system categorization.
C. Align the impact subscore requirements to the predetermined system categorization.
D. Align the attack vectors to the predetermined system categorization.

Answer: C

Explanation:
Aligning the impact subscore requirements to the predetermined system categorization can help the analyst get a better picture of the risk while adhering to the
organization’s policy. The impact subscore is one of the components of the CVSS base score, which reflects the severity of a vulnerability. The impact subscore is
calculated based on three metrics: confidentiality, integrity, and availability. These metrics can be adjusted according to the system categorization, which defines
the security objectives and requirements for a system based on its potential impact on an organization’s operations and assets. By aligning the impact subscore
requirements to the system categorization, the analyst can ensure that the CVSS scores reflect the true impact of a vulnerability on a specific system and prioritize
remediation accordingly.

NEW QUESTION 2
Ann, a CIRT member, is conducting incident response activities on a network that consists
of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise
belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management .
However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

A. Traffic interceptor log analysis

B. Log reduction and visualization tools
C. Proof of work analysis
D. Ledger analysis software

Answer: B

NEW QUESTION 3
A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to
on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal?

A. Utilize the SAN certificate to enable a single certificate for all regions.
B. Deploy client certificates to all devices in the network.
C. Configure certificate pinning inside the application.
D. Enable HSTS on the application's server side for all communication.

Answer: C

Explanation:
Certificate pinning is a technique that embeds one or more trusted certificates or public keys inside an application, and verifies that any certificate presented by a
server matches one of those certificates or public keys. Certificate pinning can prevent on-path attacks, such as man-in-the-middle (MITM) attacks, which intercept
and modify the communication between a client and a server.
Configuring certificate pinning inside the application would allow the mobile application developer to create a global, highly scalable, secure chat application that is
not susceptible to on-path attacks while the user is traveling in potentially hostile regions, because it would:
? Ensure that only trusted servers can communicate with the application, by
rejecting any server certificate that does not match one of the pinned certificates or public keys.
? Protect the confidentiality, integrity, and authenticity of the chat messages, by
preventing any attacker from intercepting, modifying, or impersonating them.
? Enhance the security of the application by reducing its reliance on external factors, such as certificate authorities (CAs), certificate revocation lists (CRLs), or
online certificate status protocol (OCSP).

NEW QUESTION 4
A security analyst discovered that a database administrator's workstation was compromised by malware. After examining the Jogs. the compromised workstation
was observed connecting to multiple databases through ODBC. The following query behavior was captured:

Assuming this query was used to acquire and exfiltrate data, which of the following types of
data was compromised, and what steps should the incident response plan contain?
A) Personal health information: Inform the human resources department of the breach and review the DLP logs.
) Account history; Inform the relationship managers of the breach and create new accounts for the affected users.
C) Customer IDs: Inform the customer service department of the breach and work to change the account numbers.
D) PAN: Inform the legal department of the breach and look for this data in dark web monitoring.

A. Option A
B. Option B
C. Option C
D. Option D

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

Answer: D

NEW QUESTION 5
A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's
experience. The SaaS provider does not have a mature security program A recent vulnerability scan of the SaaS provider's systems shows multiple critical
vulnerabilities attributed to very old and outdated Oss. Which of the following solutions would prevent these vulnerabilities from being introduced into the
company's existing infrastructure?

A. Segment the systems to reduce the attack surface if an attack occurs

B. Migrate the services to new systems with a supported and patched OS.
C. Patch the systems to the latest versions of the existing OSs
D. Install anti-malwar
E. HIPS, and host-based firewalls on each of the systems

Answer: B

NEW QUESTION 6
A company requires a task to be carried by more than one person concurrently. This is an example of:

A. separation of d duties.
B. dual control
C. least privilege
D. job rotation

Answer: B

Explanation:
Dual control is a security principle that requires two or more authorized individuals to perform a task concurrently. This reduces the risk of fraud, error, or misuse of
sensitive assets or information. Verified References: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://www.isaca.org/resources/isaca-
journal/issues/2018/volume-1/using-dual-control-to- mitigate-risk

NEW QUESTION 7
An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization’s
headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the
social media application:
Low latency for all mobile users to improve the users’ experience SSL offloading to improve web server performance
Protection against DoS and DDoS attacks High availability
Which of the following should the organization implement to BEST ensure all requirements are met?

A. A cache server farm in its datacenter

B. A load-balanced group of reverse proxy servers with SSL acceleration
C. A CDN with the origin set to its datacenter
D. Dual gigabit-speed Internet connections with managed DDoS prevention

Answer: B

NEW QUESTION 8
An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PI I and identity information, such as passport numbers. The
SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:
1) There will be a 520,000 per day revenue loss for each day the system is delayed going into production.
2) The inherent risk is high.
3) The residual risk is low.
4) There will be a staged deployment to the solution rollout to the contact center. Which of the following risk-handling techniques will BEST meet the organization's
requirements?

A. Apply for a security exemption, as the risk is too high to accept.

B. Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.
C. Accept the risk, as compensating controls have been implemented to manage the risk.
D. Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

Answer: D

NEW QUESTION 9
Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

A. Malicious installation of an application; change the MDM configuration to remove application ID 1220.
B. Resource leak; recover the device for analysis and clean up the local storage.
C. Impossible travel; disable the device’s account and access while investigating.
D. Falsified status reporting; remotely wipe the device.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

Answer: C

Explanation:
The device event logs show that the device was in two different locations (New York and London) within a short time span (one hour), which indicates impossible
travel. This could be a sign of a compromised device or account. The best response action is to disable the device’s account and access while investigating the
incident. Malicious installation of an application is not evident from the logs, nor is resource leak or falsified status reporting. Verified References:
https://www.comptia.org/blog/what-is-impossible- travel https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION 10
A forensic expert working on a fraud investigation for a US-based company collected a few disk images as evidence.
Which of the following offers an authoritative decision about whether the evidence was obtained legally?

A. Lawyers
B. Court
C. Upper management team
D. Police

Answer: A

NEW QUESTION 10
A security analyst at a global financial firm was reviewing the design of a cloud-based system to identify opportunities to improve the security of the architecture.
The system was recently involved in a data breach after a vulnerability was exploited within a virtual machine's operating system. The analyst observed the VPC in
which the system was located was not peered with the security VPC that contained the centralized vulnerability scanner due to the cloud provider's limitations.
Which of the following is the BEST course of action to help prevent this situation m the near future?

A. Establish cross-account trusts to connect all VPCs via API for secure configuration scanning.
B. Migrate the system to another larger, top-tier cloud provider and leverage the additional VPC peering flexibility.
C. Implement a centralized network gateway to bridge network traffic between all VPCs.
D. Enable VPC traffic mirroring for all VPCs and aggregate the data for threat detection.

Answer: A

Explanation:
The BEST course of action for the security analyst to help prevent a similar situation in the near future is to Establish cross-account trusts to connect all VPCs via
API for secure configuration scanning (A). Cross-account trusts allow for VPCs to be securely connected for the purpose of secure configuration scanning, which
can help to identify and remediate vulnerabilities within the system.

NEW QUESTION 15
A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders.
Which of the following techniques would the company use to evaluate data confidentiality controls?

A. Eavesdropping
B. On-path
C. Cryptanalysis
D. Code signing
E. RF sidelobe sniffing

Answer: A

NEW QUESTION 17
Which of the following BEST sets expectation between the security team and business units within an organization?

A. Risk assessment
B. Memorandum of understanding
C. Business impact analysis
D. Business partnership agreement
E. Services level agreement

Answer: E

Explanation:
A service level agreement (SLA) is the best option to set expectations between the security team and business units within an organization. An SLA is a document
that defines the scope, quality, roles, responsibilities, and metrics of a service provided by one party to another. An SLA can help align the security team’s
objectives and activities with the business units’ needs and expectations, as well as establish accountability and communication channels. Verified References:
https://www.comptia.org/training/books/casp-cas-004-study-guide , https://searchitchannel.techtarget.com/definition/service-level-agreement

NEW QUESTION 18
A company has hired a security architect to address several service outages on the endpoints due to new malware. The Chief Executive Officer’s laptop was
impacted while working from home. The goal is to prevent further endpoint disruption. The edge network is protected by a web proxy.
Which of the following solutions should the security architect recommend?

A. Replace the current antivirus with an EDR solution.

B. Remove the web proxy and install a UTM appliance.
C. Implement a deny list feature on the endpoints.
D. Add a firewall module on the current antivirus solution.

Answer: A

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

Explanation:
Replacing the current antivirus with an EDR (endpoint detection and response) solution is the best solution for addressing several service outages on the
endpoints due to new malware. An EDR solution is a technology that provides advanced capabilities for detecting, analyzing, and responding to threats or
incidents on endpoints, such as computers, laptops, mobile devices, or servers. An EDR solution can use behavioral analysis, machine learning, threat
intelligence, or other methods to identify new or unknown malware that may evade traditional antivirus solutions. An EDR solution can also provide automated or
manual remediation actions, such as isolating, blocking, or removing malware from endpoints. Removing the web proxy and installing a UTM (unified threat
management) appliance is not a good solution for addressing service outages on endpoints due to new malware, as it could expose endpoints to more threats or
attacks by removing a layer of protection that filters web traffic, as well as not provide sufficient detection or response capabilities for endpoint-specific malware.
Implementing a deny list feature on endpoints is not a good solution for addressing service outages on endpoints due to new malware, as it could be ineffective or
impractical for blocking new or unknown malware that may not be on the deny list, as well as not provide sufficient detection or response capabilities for endpoint-
specific malware. Adding a firewall module on the current antivirus solution is not a good solution for addressing service outages on endpoints due to new
malware, as it could introduce compatibility or performance issues for endpoints by adding an additional feature that may not be integrated or optimized with the
antivirus solution, as well as not provide sufficient detection or response capabilities for endpoint-specific malware. Verified References:
https://www.comptia.org/blog/what-is-edr https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION 23
An application server was recently upgraded to prefer TLS 1.3, and now users are unable to connect their clients to the server. Attempts to reproduce the error are
confirmed, and clients are reporting the following:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Which of the following is MOST likely the root cause?

A. The client application is testing PFS.

B. The client application is configured to use ECDHE.
C. The client application is configured to use RC4.
D. The client application is configured to use AES-256 in GCM.

Answer: C

Explanation:
Reference: https://kinsta.com/knowledgebase/err_ssl_version_or_cipher_mismatch/
The client application being configured to use RC4 is the most likely root cause of why users are unable to connect their clients to the server that prefers TLS 1.3.
RC4 is an outdated and insecure symmetric-key encryption algorithm that has been deprecated and removed from TLS 1.3, which is the latest version of the
protocol that provides secure communication between clients and servers. If the client application is configured to use RC4, it will not be able to negotiate a secure
connection with the server that prefers TLS 1.3, resulting in an error message such as ERR_SSL_VERSION_OR_CIPHER_MISMATCH. The client application
testing PFS (perfect forward secrecy) is not a likely root cause of why users are unable to connect their clients to the server that prefers TLS 1.3, as PFS is a
property that ensures that session keys derived from a set of long-term keys cannot be compromised if one of them is compromised in the future. PFS is supported
and recommended by TLS 1.3, which uses ephemeral Diffie-Hellman or elliptic curve Diffie-Hellman key exchange methods to achieve PFS. The client application
being configured to use ECDHE (elliptic curve Diffie-Hellman ephemeral) is not a likely root cause of why users are unable to connect their clients to the server that
prefers TLS 1.3, as ECDHE is a key exchange method that provides PFS and high performance by using elliptic curve cryptography to generate ephemeral keys
for each session. ECDHE is supported and recommended by TLS 1.3, which uses ECDHE as the default key exchange method. The client application being
configured to use AES-256 in GCM (Galois/Counter Mode) is not a likely root cause of why users are unable to connect
their clients to the server that prefers TLS 1.3, as AES-256 in GCM is an encryption mode that provides confidentiality and integrity by using AES with a 256-bit key
and GCM as an authenticated encryption mode. AES-256 in GCM is supported and recommended by TLS 1.3, which uses AES-256 in GCM as one of the default
encryption modes. Verified References: https://www.comptia.org/blog/what-is-tls-13 https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION 28
The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking
application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

A. Black-box testing
B. Gray-box testing
C. Red-team hunting
D. White-box testing
E. Blue-learn exercises

Answer: C

NEW QUESTION 30
A security engineer needs to recommend a solution that will meet the following requirements:
Identify sensitive data in the provider’s network
Maintain compliance with company and regulatory guidelines
Detect and respond to insider threats, privileged user threats, and compromised accounts Enforce datacentric security, such as encryption, tokenization, and
access control
Which of the following solutions should the security engineer recommend to address these requirements?

A. WAF
B. CASB
C. SWG
D. DLP

Answer: D

Explanation:
DLP (data loss prevention) is a solution that can meet the following requirements: identify sensitive data in the provider’s network, maintain compliance with
company and regulatory guidelines, detect and respond to insider threats, privileged user threats, and compromised accounts, and enforce data-centric security,
such as encryption, tokenization, and access control. DLP can monitor, classify, and protect data in motion, at rest, or in use, and prevent unauthorized disclosure
or exfiltration. WAF (web application firewall) is a solution that can protect web applications from common attacks, such as SQL injection or cross-site scripting, but
it does not address the requirements listed. CASB (cloud access security broker) is a solution that can enforce policies and controls for accessing cloud services
and applications, but it does not address the requirements listed. SWG (secure web gateway) is a solution that can monitor and filter web traffic to prevent
malicious or unauthorized access, but it does not address the requirements listed. Verified References: https://www.comptia.org/blog/what-is-data-loss-prevention

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

https://partners.comptia.org/docs/default-source/resources/casp-content-guid

NEW QUESTION 31
A cybersecurity analyst receives a ticket that indicates a potential incident is occurring. There has been a large in log files generated by a generated by a website
containing a ‘’Contact US’’ form. The analyst must determine if the increase in website traffic is due to a recent marketing campaign of if this is a potential
incident. Which of the following would BEST assist the analyst?

A. Ensuring proper input validation is configured on the ‘’Contact US’’ form

B. Deploy a WAF in front of the public website
C. Checking for new rules from the inbound network IPS vendor
D. Running the website log files through a log reduction and analysis tool

Answer: D

NEW QUESTION 34
A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively
for package tracking.
After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?

A. Protecting
B. Permissive
C. Enforcing
D. Mandatory

Answer: C

Explanation:
Reference: https://source.android.com/security/selinux/customize
SELinux (Security-Enhanced Linux) is a security module for Linux systems that provides mandatory access control (MAC) policies for processes and files. SELinux
can operate in three modes:
Enforcing: SELinux enforces the MAC policies and denies access based on rules. Permissive: SELinux does not enforce the MAC policies but only logs actions
that would
have been denied if running in enforcing mode.
Disabled: SELinux is turned off.
To ensure its custom Android devices are used exclusively for package tracking, the company must configure SELinux to run in enforcing mode. This mode will
prevent any unauthorized actions or applications from running on the devices and protect them from potential threats or misuse. References:
https://access.redhat.com/documentation/en- us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/chap-security- enhanced_linux-
introduction#sect-Security-Enhanced_Linux-Modes https://source.android.com/security/selinux

NEW QUESTION 37
A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of
the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

A. Increased network latency

B. Unavailable of key escrow
C. Inability to selected AES-256 encryption
D. Removal of user authentication requirements

Answer: C

Explanation:
The inability to select AES-256 encryption will most likely be a limiting factor when selecting mobile device managers for the company. AES-256 is a symmetric
encryption algorithm that uses a 256-bit key to encrypt and decrypt data. It is considered one of the strongest encryption methods available and is widely used for
securing sensitive data. Mobile device managers are software applications that allow administrators to remotely manage and secure mobile devices used by
employees. However, not all mobile device managers may support AES-256 encryption or allow the company to enforce it as a policy on all mobile devices.
Verified References: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://searchmobilecomputing.techtarget.com/definition/mobile-device-
management

NEW QUESTION 40
A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force
attacks. The following settings meet the existing compliance guidelines:
Must have a minimum of 15 characters Must use one number
Must use one capital letter
Must not be one of the last 12 passwords used
Which of the following policies should be added to provide additional security?

A. Shared accounts
B. Password complexity
C. Account lockout
D. Password history
E. Time-based logins

Answer: C

Explanation:
Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/security- policy-settings/account-lockout-threshold

NEW QUESTION 42

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump
boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString
('https://content.comptia.org/casp/whois.psl');whois
Which of the following security controls would have alerted and prevented the next phase of the attack?

A. Antivirus and UEBA

B. Reverse proxy and sandbox
C. EDR and application approved list
D. Forward proxy and MFA

Answer: C

Explanation:
An EDR and whitelist should protect from this attack.

NEW QUESTION 46
A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:
Support all phases of the SDLC. Use tailored website portal software.
Allow the company to build and use its own gateway software. Utilize its own data management platform.
Continue using agent-based security tools.
Which of the following cloud-computing models should the CIO implement?

A. SaaS
B. PaaS
C. MaaS
D. IaaS

Answer: D

Explanation:
Reference: https://www.bmc.com/blogs/saas-vs-paas-vs-iaas-whats-the-difference-and- how-to-choose/

NEW QUESTION 51
A security engineer at a company is designing a system to mitigate recent setbacks caused competitors that are beating the company to market with the new
products. Several of the products incorporate propriety enhancements developed by the engineer’s company. The network already includes a SEIM and a NIPS
and requires 2FA for all user access. Which of the following system should the engineer consider NEXT to mitigate the associated risks?

A. DLP
B. Mail gateway
C. Data flow enforcement
D. UTM

Answer: A

Explanation:
A DLP system is the best option for the company to mitigate the risk of losing its proprietary enhancements to competitors. DLP stands for data loss prevention,
which is a set of tools and policies that aim to prevent unauthorized access, disclosure, or exfiltration of sensitive data. DLP can monitor, filter, encrypt, or block
data transfers based on predefined rules and criteria, such as content, source, destination, etc. DLP can help protect the company’s intellectual property and trade
secrets from being compromised by malicious actors or accidental leaks. Verified References: https://www.comptia.org/training/books/casp-cas-004-study-guide ,
https://www.csoonline.com/article/3245746/what-is-dlp-data-loss-prevention-and-how- does-it-work.html

NEW QUESTION 54
A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email
filtering system:

Which of the following meets the budget needs of the business?

A. Filter ABC
B. Filter XYZ
C. Filter GHI
D. Filter TUV

Answer: B

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

Explanation:
Filter XYZ is the best option that meets the budget needs of the business. Filter XYZ has an ALE of $1 million per year, which is lower than any other filter option.
ALE stands for annualized loss expectancy, which is a measure of how much money a business can expect to lose due to a risk over a year. ALE is calculated by
multiplying the annualized rate of occurrence (ARO) of an event by the single loss expectancy (SLE) of an event. ARO is how often an event is expected to occur
in a year. SLE is how much money an event will cost each time it occurs. Therefore, ALE = ARO x SLE. Filter XYZ has an ARO of 0.1 and an SLE of $10 million,
so ALE = 0.1 x $10 million = $1 million. Verified References: https://www.comptia.org/training/books/casp-cas-004-study-guide ,
https://www.techopedia.com/definition/24771/annualized-loss-expectancy-ale

NEW QUESTION 59
Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.
Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?

A. Drive wiping
B. Degaussing
C. Purging
D. Physical destruction

Answer: B

Explanation:
Reference: https://securis.com/data-destruction/degaussing-as-a-service/

NEW QUESTION 63
A networking team was asked to provide secure remote access to all company employees. The team decided to use client-to-site VPN as a solution. During a
discussion, the Chief Information Security Officer raised a security concern and asked the networking team to route the Internet traffic of remote users through the
main office infrastructure. Doing this would prevent remote users from accessing the Internet through their local networks while connected to the VPN.
Which of the following solutions does this describe?

A. Full tunneling
B. Asymmetric routing
C. SSH tunneling
D. Split tunneling

Answer: A

Explanation:
The concern is users operating in a spit tunnel config which is what is being described. Using a Full Tunnel would route traffic from all applications through a single
tunnel. https://cybernews.com/what-is-vpn/split-tunneling/

NEW QUESTION 67
A company created an external, PHP-based web application for its customers. A security researcher reports that the application has the Heartbleed vulnerability.
Which of the following would BEST resolve and mitigate the issue? (Select TWO).

A. Deploying a WAF signature

B. Fixing the PHP code
C. Changing the web server from HTTPS to HTTP
D. UsingSSLv3
E. Changing the code from PHP to ColdFusion
F. Updating the OpenSSL library

Answer: AF

Explanation:
Deploying a web application firewall (WAF) signature is a way to detect and block attempts to exploit the Heartbleed vulnerability on the web server. A WAF
signature is a pattern that matches a known attack vector, such as a malicious heartbeat request. By deploying a WAF signature, the company can protect its web
application from Heartbleed attacks until the underlying vulnerability is fixed.
Updating the OpenSSL library is the ultimate way to fix and mitigate the Heartbleed vulnerability. The OpenSSL project released version 1.0.1g on April 7, 2014,
which patched the bug by adding a bounds check to the heartbeat function. By updating the OpenSSL library on the web server, the company can eliminate the
vulnerability and prevent any future exploitation.
* B. Fixing the PHP code is not a way to resolve or mitigate the Heartbleed vulnerability, because the vulnerability is not in the PHP code, but in the OpenSSL
library that handles the SSL/TLS encryption for the web server.
* C. Changing the web server from HTTPS to HTTP is not a way to resolve or mitigate the Heartbleed vulnerability, because it would expose all the web traffic to
eavesdropping and tampering by attackers. HTTPS provides confidentiality, integrity, and authentication for web communications, and should not be disabled for
security reasons.
* D. Using SSLv3 is not a way to resolve or mitigate the Heartbleed vulnerability, because SSLv3 is an outdated and insecure protocol that has been deprecated
and replaced by TLS. SSLv3 does not support modern cipher suites, encryption algorithms, or security features, and is vulnerable to various attacks, such as
POODLE.
* E. Changing the code from PHP to ColdFusion is not a way to resolve or mitigate the Heartbleed vulnerability, because the vulnerability is not related to the
programming language of the web application, but to the OpenSSL library that handles the SSL/TLS encryption for the web server.
https://owasp.org/www-community/vulnerabilities/Heartbleed_Bug https://heartbleed.com/

NEW QUESTION 70
An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation.
The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this
attack?

A. A turbine would overheat and cause physical harm.

B. The engineers would need to go to the historian.
C. The SCADA equipment could not be maintained.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

D. Data would be exfiltrated through the data diodes.

Answer: A

NEW QUESTION 72
A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials. Which of
the following features will enable the business to meet this objective?

A. Simultaneous Authentication of Equals

B. Enhanced open
C. Perfect forward secrecy
D. Extensible Authentication Protocol

Answer: A

NEW QUESTION 73
A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation:
graphic.linux_randomization.prg
Which of the following technologies would mitigate the manipulation of memory segments?

A. NX bit
B. ASLR
C. DEP
D. HSM

Answer: B

Explanation:
https://eklitzke.org/memory-protection-and-aslr
ASLR (Address Space Layout Randomization) is a technology that can mitigate the manipulation of memory segments caused by a buffer overflow attack. ASLR
randomizes the location of memory segments, such as the stack, heap, or libraries, making it harder for an attacker to predict or control where to inject malicious
code or overwrite memory segments. NX bit (No-eXecute bit) is a technology that can mitigate the execution of malicious code injected by a buffer overflow attack.
NX bit marks certain memory segments as non-executable, preventing an attacker from running code in those segments. DEP (Data Execution Prevention) is a
technology that can mitigate the execution of malicious code injected by a buffer overflow attack. DEP uses hardware and software mechanisms to mark certain
memory regions as data-only, preventing an attacker from running code in those regions. HSM (Hardware Security Module) is a device that can provide
cryptographic functions and key storage, but it does not mitigate the manipulation of memory segments
caused by a buffer overflow attack. Verified References: https://www.comptia.org/blog/what-is-aslr https://partners.comptia.org/docs/default-
source/resources/casp-content-guide

NEW QUESTION 78
An organization is running its e-commerce site in the cloud. The capacity is sufficient to meet the organization's needs throughout most of the year, except during
the holidays when the organization plans to introduce a new line of products and expects an increase in traffic. The organization is not sure how well its products
will be received. To address this issue, the organization needs to ensure that:
* System capacity is optimized.
* Cost is reduced.
Which of the following should be implemented to address these requirements? (Select
TWO).

A. Containerization
B. Load balancer
C. Microsegmentation
D. Autoscaling
E. CDN
F. WAF

Answer: BD

Explanation:
Load balancer and autoscaling are the solutions that should be implemented to address the requirements of optimizing system capacity and reducing cost for an e-
commerce site in the cloud. A load balancer is a device or service that distributes incoming network traffic across multiple servers or instances based on various
criteria, such as availability, performance, or location. A load balancer can improve system capacity by balancing the workload and preventing overloading or
underutilization of resources. Autoscaling is a feature that allows cloud services to automatically adjust the number of servers or instances based on the demand or
predefined rules. Autoscaling can reduce cost by scaling up or down the resources as needed, avoiding unnecessary expenses or wastage. References:
[CompTIA CASP+ Study Guide, Second Edition, pages 406-407 and 410]

NEW QUESTION 80
An organization’s assessment of a third-party, non-critical vendor reveals that the vendor does not have cybersecurity insurance and IT staff turnover is high. The
organization uses the vendor to move customer office equipment from one service location to another. The vendor acquires customer data and access to the
business via an API. Given this information, which of the following is a noted risk?

A. Feature delay due to extended software development cycles

B. Financial liability from a vendor data breach
C. Technical impact to the API configuration
D. The possibility of the vendor’s business ceasing operations

Answer: A

Explanation:
Reference: https://legal.thomsonreuters.com/en/insights/articles/data-breach-liability

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

NEW QUESTION 85
A company security engineer arrives at work to face the following scenario:
1) Website defacement
2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand
3) A Job offer from the company's competitor
4) A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses
originating from a foreign adversary country resulted in exfiltrated data
Which of the following threat actors Is MOST likely involved?

A. Organized crime
B. Script kiddie
C. APT/nation-state
D. Competitor

Answer: C

Explanation:
An Advanced Persistent Threat (APT) is an attack that is targeted, well-planned, and conducted over a long period of time by a nation-state actor. The evidence
provided in the scenario indicates that the security analyst has identified a foreign adversary, which is strong evidence that an APT/nation-state actor is responsible
for the attack. Resources: CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 5: “Advanced Persistent Threats,” Wiley, 2018.
https://www.wiley.com/en- us/CompTIA+Advanced+Security+Practitioner+CASP%2B+Study+Guide%2C+2nd+Edition
-p-9781119396582

NEW QUESTION 87
A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through
the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests
implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now
describes the level of risk?

A. Inherent
B. Low
C. Mitigated
D. Residual.
E. Transferred

Answer: D

NEW QUESTION 91
Company A is establishing a contractual with Company B. The terms of the agreement are formalized in a document covering the payment terms, limitation of
liability, and intellectual property rights. Which of the following documents will MOST likely contain these elements

A. Company A-B SLA v2.docx

B. Company A OLA v1b.docx
C. Company A MSA v3.docx
D. Company A MOU v1.docx
E. Company A-B NDA v03.docx

Answer: C

Explanation:
A MSA stands for master service agreement, which is a document that covers the general terms and conditions of a contractual relationship between two parties.
It usually includes payment terms, limitation of liability, intellectual property rights, dispute resolution, and other clauses that apply to all services provided by one
party to another. Verified References: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://www.upcounsel.com/master-service-agreement

NEW QUESTION 96
A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company’s website and services.
The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which
of the following is the BEST solution for this company?

A. Community cloud service model

B. Multinency SaaS
C. Single-tenancy SaaS
D. On-premises cloud service model

Answer: C

Explanation:
A single-tenancy SaaS solution is the best solution for this company. SaaS stands for software as a service, which is a cloud-based model that allows customers
to access applications hosted by a provider over the internet. A single-tenancy SaaS solution means that the company has its own dedicated instance of the
application and its underlying infrastructure, which offers more control, customization, and security than a multi-tenancy SaaS solution where multiple customers
share the same resources. A single- tenancy SaaS solution also eliminates the need for managing a private cloud or an on- premises infrastructure. Verified
References: https://www.comptia.org/training/books/casp- cas-004-study-guide , https://www.ibm.com/cloud/learn/saas

NEW QUESTION 97
A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system
gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced
within the year but is still critical at the moment.
Which of the following should the security administrator do to mitigate the risk?

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

A. Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement.
B. Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management.
C. Suggest that the networking team contact the original embedded system’s vendor to get an update to the system that does not require Flash.
D. Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.

Answer: D

NEW QUESTION 99
Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

A. Biometric authenticators are immutable.

B. The likelihood of account compromise is reduced.
C. Zero trust is achieved.
D. Privacy risks are minimized.

Answer: B

Explanation:
Reference: https://cloudworks.no/en/5-benefits-of-passwordless-authentication/

NEW QUESTION 102

A security engineer is hardening a company’s multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports
are open:
22
25
110
137
138
139
445
Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company’s distribution process.
Which of the following would be the BEST solution to harden the system?

A. Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.
B. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.
C. Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.
D. Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.

Answer: A

NEW QUESTION 106

An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the
hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

A. SDLC attack
B. Side-load attack
C. Remote code signing
D. Supply chain attack

Answer: D

NEW QUESTION 107

A company provides guest WiFi access to the internet and physically separates the guest network from the company’s internal WIFI. Due to a recent incident in
which an attacker gained access to the compay’s intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the
following must be installed on authorized hosts for this new configuration to work properly?

A. Active Directory OPOs

B. PKI certificates
C. Host-based firewall
D. NAC persistent agent

Answer: B

NEW QUESTION 111

A security analyst discovered that the company’s WAF was not properly configured. The main web server was breached, and the following payload was found in
one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

A. CAPTCHA
B. Input validation
C. Data encoding

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

D. Network intrusion prevention

Answer: B

Explanation:
Reference: https://hdivsecurity.com/owasp-xml-external-entities-xxe

NEW QUESTION 115

A company wants to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure sensitive application
components. Which of the following should the company implement to ensure the architecture is portable?

A. Virtualized emulators
B. Type 2 hypervisors
C. Orchestration
D. Containerization

Answer: D

Explanation:
Containerization is a technology that allows applications to run in isolated and portable environments called containers. Containers are lightweight and self-
contained units that
include all the dependencies, libraries, and configuration files needed for an application to run. Containers can be deployed on any platform that supports the
container runtime engine, such as Docker or Kubernetes.
Containerization would allow the company to refactor a monolithic application to take advantage of cloud native services and service microsegmentation to secure
sensitive application components, because containerization would:
? Enable the application to be split into smaller and independent components
(microservices) that can communicate with each other through APIs or message queues.
? Allow the application to leverage cloud native services, such as load balancers,
databases, or serverless functions, that can be integrated with containers through configuration files or environment variables.
? Enhance the security of the application by isolating each container from other
containers and the host system, and applying fine-grained access control policies and network rules to each container or group of containers.
? Ensure the portability of the application by enabling it to run on any cloud provider
or platform that supports containers, without requiring any changes to the application code or configuration.

NEW QUESTION 118

During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege
levels.
Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

A. Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.
B. Perform ASIC password cracking on the host.
C. Read the /etc/passwd file to extract the usernames.
D. Initiate unquoted service path exploits.
E. Use the UNION operator to extract the database schema.

Answer: A

Explanation:
Reference: https://docs.rapid7.com/insightvm/elevating-permissions/
Spawning a shell using sudo and an escape string is a valid Linux post-exploitation method that can exploit a misconfigured sudoers file and allow a standard user
to execute commands as root. ASIC password cracking is used to break hashed passwords, not to elevate privileges. Reading the /etc/passwd file may reveal
usernames, but not passwords or privileges. Unquoted service path exploits are applicable to Windows systems, not Linux. Using the UNION operator is a SQL
injection technique, not a Linux post-exploitation method. Verified References: https://www.comptia.org/blog/what-is-post-exploitation
https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION 119

A security consultant needs to protect a network of electrical relays that are used for monitoring and controlling the energy used in a manufacturing facility.
Which of the following systems should the consultant review before making a recommendation?

A. CAN
B. ASIC
C. FPGA
D. SCADA

Answer: D

Explanation:
Reference: https://www.sciencedirect.com/topics/computer-science/protective-relay

NEW QUESTION 124

To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within Its proprietary software. Which of the following
should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?

A. Include stable, long-term releases of third-party libraries instead of using newer versions.
B. Ensure the third-party library implements the TLS and disable weak ciphers.
C. Compile third-party libraries into the main code statically instead of using dynamic loading.
D. Implement an ongoing, third-party software and library review and regression testing.

Answer: D

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

Explanation:
Implementing an ongoing, third-party software and library review and regression testing is the best way to maximize risk reduction from vulnerabilities introduced
by OpenSSL. Third-party software and libraries are often used by developers to save time and resources, but they may also introduce security risks if they are not
properly maintained and updated. By reviewing and testing the third-party software and library regularly, the company can ensure that they are using the latest and
most secure version of OpenSSL, and that their proprietary software is compatible and functional with it. References: [CompTIA CASP+ Study Guide, Second
Edition, page 362]

NEW QUESTION 126

Which of the following processes involves searching and collecting evidence during an investigation or lawsuit?

A. E-discovery
B. Review analysis
C. Information governance
D. Chain of custody

Answer: A

Explanation:
E-discovery is the process of searching and collecting evidence during an investigation or lawsuit. E-discovery involves identifying, preserving, processing,
reviewing, analyzing, and producing electronically stored information (ESI) that is relevant for a legal case or investigation. E-discovery can be used to find
evidence in email, business communications, social media, online documents, databases, and other digital sources. The other options are either irrelevant or less
effective for the given scenario

NEW QUESTION 127

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets
on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should
the analyst use NEXT?

A. Software Decomplier
B. Network enurrerator
C. Log reduction and analysis tool
D. Static code analysis

Answer: D

NEW QUESTION 129

Users are reporting intermittent access issues with a new cloud application that was recently added to the network. Upon investigation, the security administrator
notices the human resources department is able to run required queries with the new application, but the marketing department is unable to pull any needed
reports on various resources using the new application. Which of the following MOST likely needs to be done to avoid this in the future?

A. Modify the ACLS.

B. Review the Active Directory.
C. Update the marketing department's browser.
D. Reconfigure the WAF.

Answer: A

Explanation:
Modifying the ACLs (access control lists) is the most likely solution to avoid the intermittent access issues with the new cloud application. ACLs are used to define
permissions for different users and groups to access resources on a network. The problem may be caused by incorrect or missing ACLs for the marketing
department that prevent them from accessing the cloud application or its data sources. The other options are either irrelevant or less effective for the given
scenario.

NEW QUESTION 132

An organization wants to perform a scan of all its systems against best practice security configurations.
Which of the following SCAP standards, when combined, will enable the organization to view each of the configuration checks in a machine-readable checklist
format for fill automation? (Choose two.)

A. ARF
B. XCCDF
C. CPE
D. CVE
E. CVSS
F. OVAL

Answer: BF

Explanation:
Reference: https://www.govinfo.gov/content/pkg/GOVPUB-C13- 9ecd8eae582935c93d7f410e955dabb6/pdf/GOVPUB-C13-
9ecd8eae582935c93d7f410e955dabb6.pdf (p.12)
XCCDF (Extensible Configuration Checklist Description Format) and OVAL (Open Vulnerability and Assessment Language) are two SCAP (Security Content
Automation Protocol) standards that can enable the organization to view each of the configuration
checks in a machine-readable checklist format for full automation. XCCDF is a standard for expressing security checklists and benchmarks, while OVAL is a
standard for expressing system configuration information and vulnerabilities. ARF (Asset Reporting Format) is a standard for expressing the transport format of
information about assets, not configuration checks. CPE (Common Platform Enumeration) is a standard for identifying and naming hardware, software, and
operating systems, not configuration checks. CVE (Common Vulnerabilities and Exposures) is a standard for identifying and naming publicly known cybersecurity
vulnerabilities, not configuration checks. CVSS (Common Vulnerability Scoring System) is a standard for assessing the severity of cybersecurity vulnerabilities, not
configuration checks. Verified References: https://www.comptia.org/blog/what-is-scap https://partners.comptia.org/docs/default-source/resources/casp-content-
guide

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

NEW QUESTION 135

A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and
do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the
following in plain text.

Which of the following should the security analyst perform?

A. Contact the security department at the business partner and alert them to the email event.
B. Block the IP address for the business partner at the perimeter firewall.
C. Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.
D. Configure the email gateway to automatically quarantine all messages originating from the business partner.

Answer: A

Explanation:
The best option for the security analyst to perform is to contact the security department at the business partner and alert them to the email event. The email
appears to be a phishing attempt that tries to trick the employees into revealing their login credentials by impersonating a legitimate sender. The security
department at the business partner should be notified so they can investigate the source and scope of the attack and take appropriate actions to protect their
systems and users. Verified References: https://www.comptia.org/training/books/casp-cas-004-study-guide , https://us-cert.cisa.gov/ncas/tips/ST04-014

NEW QUESTION 137

A pharmaceutical company recently experienced a security breach within its customer- facing web portal. The attackers performed a SQL injection attack and
exported tables from the company’s managed database, exposing customer information.
The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

A. The pharmaceutical company

B. The cloud software provider
C. The web portal software vendor
D. The database software vendor

Answer: A

NEW QUESTION 139

An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

A. Password cracker
B. Port scanner
C. Account enumerator
D. Exploitation framework

Answer: A

NEW QUESTION 143

A software development company makes Its software version available to customers from a web portal. On several occasions, hackers were able to access the
software repository to change the package that is automatically published on the website. Which of the following would be the BEST technique to ensure the
software the users download is the official software released by the company?

A. Distribute the software via a third-party repository.

B. Close the web repository and deliver the software via email.
C. Email the software link to all customers.
D. Display the SHA checksum on the website.

Answer: D

NEW QUESTION 144

A software development company is building a new mobile application for its social media platform. The company wants to gain its Users' rust by reducing the risk
of on-path attacks between the mobile client and its servers and
by implementing stronger digital trust. To support users’ trust, the company has released the following internal guidelines:
* Mobile clients should verify the identity of all social media servers locally.
* Social media servers should improve TLS performance of their certificate status.
* Social media servers should inform the client to only use HTTPS.
Given the above requirements, which of the following should the company implement? (Select TWO).

A. Quick UDP internet connection

B. OCSP stapling
C. Private CA
D. DNSSEC
E. CRL
F. HSTS

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

G. Distributed object model

Answer: BF

Explanation:
OCSP stapling and HSTS are the best options to meet the requirements of reducing the risk of on-path attacks and implementing stronger digital trust. OCSP
stapling allows the
social media servers to improve TLS performance by sending a signed certificate status along with the certificate, eliminating the need for the client to contact the
CA separately. HSTS allows the social media servers to inform the client to only use HTTPS and prevent downgrade attacks.

NEW QUESTION 149

The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an
assessment. Which of the following should the CISO have each party sign?

A. SLA
B. ISA
C. Permissions and access
D. Rules of engagement

Answer: D

Explanation:
Rules of engagement are legal documents that should be signed by all parties involved in an assessment to ensure they understand their roles and
responsibilities. Rules of engagement define the scope, objectives, methods, deliverables, limitations, and expectations of an assessment project. They also
specify the legal and ethical boundaries, communication channels, escalation procedures, and reporting formats for the assessment. Rules of engagement help to
avoid misunderstandings, conflicts, or liabilities during or after an assessment.
References: [CompTIA CASP+ Study Guide, Second Edition, page 34]

NEW QUESTION 151

Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to
output?

A. Importing the availability of messages

B. Ensuring non-repudiation of messages
C. Enforcing protocol conformance for messages
D. Assuring the integrity of messages

Answer: D

Explanation:
Assuring the integrity of messages is the most important security objective when applying cryptography to control messages that tell an ICS (industrial control
system) how much electrical power to output. Integrity is the security objective that ensures the accuracy and completeness of data or information, preventing
unauthorized modifications or tampering. Assuring the integrity of messages can prevent malicious or accidental changes to the control messages that could affect
the operation or safety of the ICS or the electrical power output. Importing the availability of messages is not a security objective when applying cryptography, but a
security objective that ensures the accessibility and usability of data or information, preventing unauthorized denial or disruption of service.
Ensuring non-repudiation of messages is not a security objective when applying cryptography, but a security objective that ensures the authenticity and
accountability of data or information, preventing unauthorized denial or dispute of actions or transactions. Enforcing protocol conformance for messages is not a
security objective when applying cryptography, but a security objective that ensures the compliance and consistency of data or information, preventing
unauthorized deviations or violations of rules or standards. Verified References: https://www.comptia.org/blog/what-is-integrity
https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION 154

A security architect is designing a solution for a new customer who requires significant security capabilities in its environment. The customer has provided the
architect with the following set of requirements:
* Capable of early detection of advanced persistent threats.
* Must be transparent to users and cause no performance degradation.
+ Allow integration with production and development networks seamlessly.
+ Enable the security team to hunt and investigate live exploitation techniques.
Which of the following technologies BEST meets the customer's requirements for security capabilities?

A. Threat Intelligence
B. Deception software
C. Centralized logging
D. Sandbox detonation

Answer: B

Explanation:
Deception software is a technology that creates realistic but fake assets (such as servers, applications, data, etc.) that mimic the real environment and lure
attackers into interacting with them. By doing so, deception software can help detect advanced persistent threats (APTs) that may otherwise evade traditional
security tools12
. Deception software can also provide valuable insights into the attacker’s tactics, techniques, and procedures (TTPs) by capturing their actions and behaviors on
the decoys 13.
Deception software can meet the customer’s requirements for security capabilities because:
? It is capable of early detection of APTs by creating attractive targets for them and
alerting security teams when they are engaged12.
? It is transparent to users and causes no performance degradation because it does not interfere with legitimate traffic or resources13.
? It allows integration with production and development networks seamlessly because it can create decoys that match the network topology and configuration13.
? It enables the security team to hunt and investigate live exploitation techniques because it can record and analyze the attacker’s activities on the decoys13.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

NEW QUESTION 158

Which of the following terms refers to the delivery of encryption keys to a CASB or a third- party entity?

A. Key sharing
B. Key distribution
C. Key recovery
D. Key escrow

Answer: D

Explanation:
Key escrow is a process that involves storing encryption keys with a trusted third party, such as a CASB (Cloud Access Security Broker) or a government agency.
Key escrow can enable authorized access to encrypted data in case of emergencies, legal issues, or data recovery. However, key escrow also introduces some
risks and challenges, such as trust, security, and privacy. References: https://www.techopedia.com/definition/1772/key-escrow
https://searchsecurity.techtarget.com/definition/key-escrow

NEW QUESTION 162

A security analyst sees that a hacker has discovered some keys and they are being made
available on a public website. The security analyst is then able to successfully decrypt the data using the keys from the website. Which of the following should the
security analyst recommend to protect the affected data?

A. Key rotation
B. Key revocation
C. Key escrow
D. Zeroization
E. Cryptographic obfuscation

Answer: E

NEW QUESTION 165

A mobile administrator is reviewing the following mobile device DHCP logs to ensure the proper mobile settings are applied to managed devices:

Which of the following mobile configuration settings is the mobile administrator verifying?

A. Service set identifier authentication

B. Wireless network auto joining
C. 802.1X with mutual authentication
D. Association MAC address randomization

Answer: B

Explanation:
Wireless network auto joining is the mobile configuration setting that the mobile administrator is verifying by reviewing the mobile device DHCP logs. Wireless
network auto joining is a feature that allows mobile devices to automatically connect to a predefined wireless network without requiring user intervention or
authentication. This can be useful for corporate or trusted networks that need frequent access by mobile devices. The DHCP logs show that the mobile devices are
assigned IP addresses from the wireless network with SSID “CorpWiFi”, which indicates that they are auto joining this network. References: [CompTIA CASP+
Study Guide, Second Edition, page 420]

NEW QUESTION 167

An analyst received a list of IOCs from a government agency. The attack has the following characteristics:
* 1. The attack starts with bulk phishing.
* 2. If a user clicks on the link, a dropper is downloaded to the computer.
* 3. Each of the malware samples has unique hashes tied to the user.
The analyst needs to identify whether existing endpoint controls are effective. Which of the following risk mitigation techniques should the analyst use?

A. Update the incident response plan.

B. Blocklist the executable.
C. Deploy a honeypot onto the laptops.
D. Detonate in a sandbox.

Answer: D

Explanation:
Detonating the malware in a sandbox is the best way to analyze its behavior and determine whether the existing endpoint controls are effective. A sandbox is an
isolated environment that mimics a real system but prevents any malicious actions from affecting the actual system. By detonating the malware in a sandbox, the
analyst can observe how it interacts with the system, what files it creates or modifies, what network connections it establishes, and what indicators of compromise
it exhibits. This can help the analyst identify the malware’s capabilities, objectives, and weaknesses. A sandbox can also help the analyst compare different
malware samples and determine if they are related or part of the same campaign.
* A. Updating the incident response plan is not a risk mitigation technique, but rather a proactive measure to prepare for potential incidents. It does not help the
analyst identify whether existing endpoint controls are effective against the malware.
* B. Blocklisting the executable is a risk mitigation technique that can prevent the malware from running on the system, but it does not help the analyst analyze its
behavior or determine whether existing endpoint controls are effective. Moreover, blocklisting may not be feasible if each malware sample has a unique hash tied
to the user.
* C. Deploying a honeypot onto the laptops is a risk mitigation technique that can lure attackers away from the real systems and collect information about their

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

activities, but it does not help the analyst analyze the malware’s behavior or determine whether existing endpoint controls are effective. A honeypot is also more
suitable for detecting network- based attacks rather than endpoint-based attacks.

NEW QUESTION 172

A bank hired a security architect to improve its security measures against the latest threats The solution must meet the following requirements
• Recognize and block fake websites
• Decrypt and scan encrypted traffic on standard and non-standard ports
• Use multiple engines for detection and prevention
• Have central reporting
Which of the following is the BEST solution the security architect can propose?

A. CASB
B. Web filtering
C. NGFW
D. EDR

Answer: C

Explanation:
A next-generation firewall (NGFW) is a device or software that provides advanced network security features beyond the traditional firewall functions. A NGFW can
provide the following capabilities:
? Recognize and block fake websites, using URL filtering and reputation-based
analysis
? Decrypt and scan encrypted traffic on standard and non-standard ports, using SSL/TLS inspection and deep packet inspection
? Use multiple engines for detection and prevention, such as antivirus, intrusion prevention system (IPS), application control, and sandboxing
? Have central reporting, using a unified management console and dashboard A cloud access security broker (CASB) is a device or software that acts as an
intermediary between cloud service users and cloud service providers. A CASB can provide various security functions such as visibility, compliance, data security,
and threat protection, but it does not provide all the capabilities of a NGFW. Web filtering is a technique that blocks or allows web access based on predefined
criteria such as categories, keywords, or reputation. Web filtering can help recognize and block fake websites, but it does not provide all the capabilities of a
NGFW. Endpoint detection and response (EDR) is a technology that monitors and analyzes the activity and behavior of endpoints such as computers or mobile
devices. EDR can help detect and respond to advanced threats, but it does not provide all the capabilities of a NGFW. References: [CompTIA Advanced Security
Practitioner (CASP+) Certification Exam Objectives], Domain 2: Enterprise
Security Architecture, Objective 2.2: Select appropriate hardware and software solutions

NEW QUESTION 177

A cloud security architect has been tasked with selecting the appropriate solution given the following:
* The solution must allow the lowest RTO possible.
* The solution must have the least shared responsibility possible.
« Patching should be a responsibility of the CSP.
Which of the following solutions can BEST fulfill the requirements?

A. Paas
B. laas
C. Private
D. Saas

Answer: D

Explanation:
SaaS, or software as a service, is the solution that can best fulfill the requirements of having the lowest RTO possible, the least shared responsibility possible, and
patching as a responsibility of the CSP. SaaS is a cloud service model that provides users with access to software applications hosted and managed by the CSP
over the internet. SaaS has the lowest RTO (recovery time objective), which is the maximum acceptable time for restoring a system or service after a disruption,
because it does not require any installation, configuration, or maintenance by the users. SaaS also has the least shared responsibility possible because most of
the security aspects are handled by the CSP, such as patching, updating, backup, encryption, authentication, etc.
References: [CompTIA CASP+ Study Guide, Second Edition, pages 403-404]

NEW QUESTION 179

A threat hunting team receives a report about possible APT activity in the network. Which of the following threat management frameworks should the team
implement?

A. NIST SP 800-53
B. MITRE ATT&CK
C. The Cyber Kill Chain
D. The Diamond Model of Intrusion Analysis

Answer: B

Explanation:
MITRE ATT&CK is a threat management framework that provides a comprehensive and detailed knowledge base of adversary tactics and techniques based on
real-world observations. It can help threat hunting teams to identify, understand, and prioritize potential threats, as well as to develop effective detection and
response strategies. MITRE ATT&CK covers the entire lifecycle of a cyberattack, from initial access to impact, and provides information on how to mitigate, detect,
and hunt for each technique. It also includes threat actor profiles, software descriptions, and data sources that can be used for threat intelligence and analysis.
Verified References:
? https://attack.mitre.org/
? https://resources.infosecinstitute.com/topic/top-threat-modeling-frameworks-stride- owasp-top-10-mitre-attck-framework/
? https://www.ibm.com/topics/threat-management

NEW QUESTION 181

A Chief Information Officer is considering migrating all company data to the cloud to save money on expensive SAN storage.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

Which of the following is a security concern that will MOST likely need to be addressed during migration?

A. Latency
B. Data exposure
C. Data loss
D. Data dispersion

Answer: B

Explanation:
Data exposure is a security concern that will most likely need to be addressed during migration of all company data to the cloud, as it could involve sensitive or
confidential data being accessed or disclosed by unauthorized parties. Data exposure could occur due to misconfigured cloud services, insecure data transfers,
insider threats, or malicious attacks. Data exposure could also result in compliance violations, reputational damage, or legal liabilities. Latency is not a security
concern, but a performance concern that could affect the speed or quality of data access or transmission. Data loss is not a security concern, but a availability
concern that could affect the integrity or recovery of data. Data dispersion is not a security concern, but a management concern that could affect the visibility or
control of data. Verified References: https://www.comptia.org/blog/what-is-data-exposure
https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION 183

Which of the following controls primarily detects abuse of privilege but does not prevent it?

A. Off-boarding
B. Separation of duties
C. Least privilege
D. Job rotation

Answer: A

NEW QUESTION 186

An organization is considering a BYOD standard to support remote working. The first iteration of the solution will utilize only approved collaboration applications
and the ability to move corporate data between those applications. The security team has concerns about the following:
Unstructured data being exfiltrated after an employee leaves the organization Data being exfiltrated as a result of compromised credentials
Sensitive information in emails being exfiltrated
Which of the following solutions should the security team implement to mitigate the risk of data loss?

A. Mobile device management, remote wipe, and data loss detection

B. Conditional access, DoH, and full disk encryption
C. Mobile application management, MFA, and DRM
D. Certificates, DLP, and geofencing

Answer: C

Explanation:
Mobile application management (MAM) is a solution that allows the organization to control and secure the approved collaboration applications and the data within
them on personal devices. MAM can prevent unstructured data from being exfiltrated by restricting the ability to move, copy, or share data between applications.
Multi-factor authentication (MFA) is a solution that requires the user to provide more than one piece of evidence to prove their identity when accessing corporate
data. MFA can prevent data from being exfiltrated as a result of compromised credentials by adding an extra layer of security. Digital rights management (DRM) is
a solution that protects the intellectual property rights of digital content by enforcing policies and permissions on how the content can be used, accessed, or
distributed. DRM can prevent sensitive information in emails from being exfiltrated by encrypting the content and limiting the actions that can be performed on it,
such as forwarding, printing, or copying. Verified References:
? https://www.manageengine.com/data-security/what-is/byod.html
? https://www.cimcor.com/blog/7-scariest-byod-security-risks-how-to-mitigate

NEW QUESTION 190

An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:
* Be based on open-source Android for user familiarity and ease.
* Provide a single application for inventory management of physical assets.
* Permit use of the camera be only the inventory application for the purposes of scanning
* Disallow any and all configuration baseline modifications.
* Restrict all access to any device resource other than those requirement ?

A. Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.
B. Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.
C. Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove unnecessary functions via MDL, configure to block network access, and
perform integration testing
D. Build and install an Android middleware policy with requirements added, copy the file into/ user/init, and then built the inventory application.

Answer: A

NEW QUESTION 191

Which of the following protocols is a low power, low data rate that allows for the creation of PAN networks?

A. Zigbee
B. CAN
C. DNP3
D. Modbus

Answer: A

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

Explanation:
Reference: https://urgentcomm.com/2007/11/01/connecting-on-a-personal-level/

NEW QUESTION 192

A global organization's Chief Information Security Officer (CISO) has been asked to analyze the risks involved in a plan to move the organization's current MPLS-
based WAN network to use commodity Internet and SD-WAN hardware. The SD-WAN provider is currently highly regarded but Is a regional provider. Which of the
following is MOST likely identified as a potential risk by the CISO?

A. The SD-WAN provider would not be able to handle the organization's bandwidth requirements.
B. The operating costs of the MPLS network are too high for the organization.
C. The SD-WAN provider uses a third party for support.
D. Internal IT staff will not be able to properly support remote offices after the migration.

Answer: C

Explanation:
SD-WAN (Software-Defined Wide Area Network) is a technology that allows organizations to use multiple, low-cost Internet connections to create a secure and
dynamic WAN. SD- WAN can provide benefits such as lower costs, higher performance, and easier management compared to traditional WAN technologies, such
as MPLS (Multiprotocol Label Switching).
However, SD-WAN also introduces some potential risks, such as:
? The reliability and security of the Internet connections, which may vary depending on the location, provider, and traffic conditions.
? The compatibility and interoperability of the SD-WAN hardware and software, which may come from different vendors or use different standards.
? The availability and quality of the SD-WAN provider’s support, which may depend
on the provider’s size, reputation, and outsourcing practices.
In this case, the CISO would most likely identify the risk that the SD-WAN provider uses a third party for support, because this could:
? Affect the organization’s ability to resolve issues or request changes in a timely
and effective manner.
? Expose the organization’s network data and configuration to unauthorized or malicious parties.
? Increase the complexity and uncertainty of the SD-WAN service level agreement (SLA) and contract terms.

NEW QUESTION 197

A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a
privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the
exploit is missing, making it harder to recommend remediation’s. Given the following output:

The penetration testers MOST likely took advantage of:

A. A TOC/TOU vulnerability
B. A plain-text password disclosure
C. An integer overflow vulnerability
D. A buffer overflow vulnerability

Answer: A

NEW QUESTION 198

The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security
of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

A. Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewal

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

B. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit claus
C. Regularly assess the supplier’s post-contract renewal with a dedicated risk management team.
D. Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all supplier
E. Store findings from the reviews in a database for all other business units and risk teams to reference.
F. Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all
design and operational controls based on best practice standard and report the finding back to upper management.
G. Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are
reviewed andmanaged based on the supplier’s ratin
H. Report finding units that rely on the suppliers and the various risk teams.

Answer: D

Explanation:
A governance program that rates suppliers based on their access to data, the type of data, and how they access the data is the best way to manage the risk of
handling and security of customer data by third parties. This allows the company to assign key controls that are reviewed and managed based on the supplier’s
rating and report findings to the relevant units and risk teams. Verified References: https://www.comptia.org/training/books/casp-cas-004-study-guide ,
https://www.isaca.org/resources/isaca-journal/issues/2018/volume-1/third-party-risk- management

NEW QUESTION 203

An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the
organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS
components. of the following TPM structures enables this storage functionality?

A. Endorsement tickets
B. Clock/counter structures
C. Command tag structures with MAC schemes
D. Platform configuration registers

Answer: D

Explanation:
TPMs provide the ability to store measurements of code and data that can be used to ensure that code and data remain unchanged over time. This is done
through Platform Configuration Registers (PCRs), which are structures used to store measurements of code and data. The measurements are taken during the
boot process and can be used to compare the state of the system at different times, which can be used to detect any changes to the system and verify that the
system has not been tampered with.

NEW QUESTION 205

An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible
application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load
balancer cannot store the logs. The following are sample log snippets:

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

A. Enable the x-Forwarded-For header al the load balancer.

B. Install a software-based HIDS on the application servers.
C. Install a certificate signed by a trusted CA.
D. Use stored procedures on the database server.
E. Store the value of the $_server ( ‘ REMOTE_ADDR ' ] received by the web servers.

Answer: C

NEW QUESTION 206

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is
reviewing the following web server configuration:

Which of the following ciphers should the security analyst remove to support the business requirements?

A. TLS_AES_128_CCM_8_SHA256

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

B. TLS_DHE_DSS_WITH_RC4_128_SHA
C. TLS_CHACHA20_POLY1305_SHA256
D. TLS_AES_128_GCM_SHA256

Answer: B

Explanation:
The security analyst should remove the cipher TLS_DHE_DSS_WITH_RC4_128_SHA to support the business requirements, as it is considered weak and
vulnerable to on-path attacks. RC4 is an outdated stream cipher that has been deprecated by major browsers and protocols due to its flaws and weaknesses. The
other ciphers are more secure and compliant with secure-by-design principles and PCI DSS. Verified References: https://www.comptia.org/blog/what-is-a-cipher
https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION 207

An IT administrator is reviewing all the servers in an organization and notices that a server is missing crucial practice against a recent exploit that could gain root
access.
Which of the following describes the administrator’s discovery?

A. A vulnerability
B. A threat
C. A breach
D. A risk

Answer: A

Explanation:
Reference: https://www.beyondtrust.com/blog/entry/privilege-escalation-attack-defense-
explained

NEW QUESTION 208

A forensic investigator would use the foremost command for:

A. cloning disks.
B. analyzing network-captured packets.
C. recovering lost files.
D. extracting features such as email addresses

Answer: C

NEW QUESTION 209

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-
source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.
Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

A. Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
B. Change privileged usernames, review the OS logs, and deploy hardware tokens.
C. Implement MFA, review the application logs, and deploy a WAF.
D. Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

Answer: C

Explanation:
Reference: https://www.microfocus.com/en-us/what-is/sast
Implementing MFA can add an extra layer of security to protect against unauthorized access if the vulnerability is exploited. Reviewing the application logs can
help identify if any attempts have been made to exploit the vulnerability, and deploying a WAF can help block any attempts to exploit the vulnerability. While the
other options may provide some level of security, they may not directly address the vulnerability and may not reduce the risk to an acceptable level.

NEW QUESTION 212

A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that have hit the company. The data Indicates most of the attacks
came through a
fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful. Which of the following should the
CSO implement?

A. Simulating a spam campaign

B. Conducting a sanctioned vishing attack
C. Performing a risk assessment
D. Executing a penetration test

Answer: A

Explanation:
A spam campaign is a mass distribution of unsolicited or fraudulent emails that may contain malicious links, attachments, or requests. Spam campaigns are often
used by attackers to deliver ransomware, which is a type of malware that encrypts the victim’s data and demands a ransom for its decryption.
Simulating a spam campaign would allow the Chief Security Officer (CSO) to evaluate whether the training has been successful in reducing the number of
successful ransomware attacks that have hit the company, because it would:
? Test the employees’ ability to recognize and avoid clicking on fake or malicious
emails, which is one of the main vectors for ransomware infection.
? Measure the effectiveness of the training by comparing the click-through rate and the infection rate before and after the training.
? Provide feedback and reinforcement to the employees by informing them of their performance and reminding them of the best practices for email security.

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

NEW QUESTION 215

A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator
accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must
maintain a positive user experience after implementation.
Which of the following is the BEST solution to meet these objectives?

A. Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
B. Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
C. Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.
D. Implement EDR, keep users in the local administrators group, and enable user behavior analytics.

Answer: B

Explanation:
PAM (Privileged Access Management) is a solution that can increase the security posture of user endpoints by providing more visibility and control over local
administrator accounts. By implementing PAM, removing users from the local administrators group, and prompting users for explicit approval when elevated
privileges are required, the security engineer can reduce the attack surface, prevent unauthorized access, and enforce the principle of least privilege. Implementing
PAM, keeping users in the local administrators group, and enabling local administrator account monitoring may not provide enough control or visibility over local
administrator accounts, as users could still abuse or compromise their privileges. Implementing EDR (Endpoint Detection and Response) may not provide enough
control or visibility over local administrator accounts, as EDR is mainly focused on detecting and responding to threats, not managing privileges. Enabling user
behavior analytics may not provide enough control or visibility over local administrator accounts, as user behavior analytics is mainly focused on identifying
anomalies or risks in user activity, not managing privileges. Verified References: https://www.comptia.org/blog/what-is-pam
https://partners.comptia.org/docs/default- source/resources/casp-content-guide

NEW QUESTION 218

A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation Part of this transformation involves a
move to cloud servers to ensure a scalable, high-performance, online user experience The current architecture includes:
• Directory servers
• Web servers
• Database servers
• Load balancers
• Cloud-native VPN concentrator
• Remote access server
The MSP must secure this environment similarly to the infrastructure on premises Which of the following should the MSP put in place to BEST meet this objective?
(Select THREE)

A. Content delivery network

B. Virtual next-generation firewall
C. Web application firewall
D. Software-defined WAN
E. External vulnerability scans
F. Containers
G. Microsegmentation

Answer: BCG

Explanation:
A virtual next-generation firewall (vNGFW) is a software version of a NGFW that can be deployed on cloud servers to provide advanced network security features.
A vNGFW can help secure the cloud environment similarly to the infrastructure on premises by providing functions such as URL filtering, SSL/TLS inspection, deep
packet inspection, antivirus, IPS, application control, and sandboxing. A web application firewall (WAF) is a device or software that filters and blocks malicious web
traffic from reaching an application. A WAF can help secure the web servers in the cloud environment by protecting them from common attacks such as SQL
injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). Microsegmentation is a technique that divides a network into smaller segments or
zones based on criteria such as identity, role, or function. Microsegmentation can help secure the cloud environment by isolating different types of servers and
applying granular security policies to each segment.
A content delivery network (CDN) is a distributed system of servers that delivers web content to users based on their geographic location, the origin of the content,
and the performance of the network. A CDN can help improve the availability and performance of web applications by caching content closer to the users, reducing
latency and bandwidth consumption. However, a CDN does not provide the same level of security as a vNGFW or a WAF. Software-defined WAN (SD-WAN) is a
technology that uses software to manage the connectivity and routing of wide area network (WAN) traffic across multiple links or carriers. SD-WAN can help
improve the reliability and efficiency of WAN connections by
dynamically selecting the best path for each application based on factors such as bandwidth, latency, cost, and quality of service (QoS). However, SD-WAN does
not provide the same level of security as a vNGFW or a WAF. External vulnerability scans are assessments that identify and report on the vulnerabilities and
weaknesses of an IT system from an external perspective. External vulnerability scans can help improve the security posture of an IT system by providing visibility
into its exposure to potential threats. However, external vulnerability scans do not provide the same level of protection as a vNGFW or a WAF. Containers are units
of software that package an application and its dependencies into a standardized format that can run on any platform or environment. Containers can help improve
the portability and scalability of applications by allowing them to run independently from the underlying infrastructure. However, containers do not provide the same
level of security as microsegmentation. References: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 2: Enterprise
Security Architecture, Objective 2.3: Implement solutions for the secure use of cloud services

NEW QUESTION 223

A software company wants to build a platform by integrating with another company's established product. Which of the following provisions would be MOST
important to include when drafting an agreement between the two companies?

A. Data sovereignty
B. Shared responsibility
C. Source code escrow
D. Safe harbor considerations

Answer: B

Explanation:
When drafting an agreement between two companies, it is important to clearly define the responsibilities of each party. This is particularly relevant when a

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

software company is looking to integrate with an established product. A shared responsibility agreement ensures that both parties understand their respective
responsibilities and are able to work together efficiently and effectively. For example, the software company might be responsible for integrating the product and
ensuring it meets user needs, while the established product provider might be responsible for providing ongoing support and maintenance. By outlining these
responsibilities in the agreement, both parties can ensure that the platform is built and maintained successfully. References: CompTIA Advanced Security
Practitioner (CASP+) Study Guide, Chapter 8, Working with Third Parties.

NEW QUESTION 226

Which of the following are risks associated with vendor lock-in? (Choose two.)

A. The client can seamlessly move data.

B. The vendor can change product offerings.
C. The client receives a sufficient level of service.
D. The client experiences decreased quality of service.
E. The client can leverage a multicloud approach.
F. The client experiences increased interoperability.

Answer: BD

Explanation:
Reference: https://www.cloudflare.com/learning/cloud/what-is-vendor-lock-
in/#:~:text=Vendor%20lock%2Din%20can%20become,may%20involve%20reformatting%2 0the%20data
Vendor lock-in is a situation where a client becomes dependent on a vendor for products or services and cannot easily switch to another vendor without substantial
costs or inconvenience. Some of the risks associated with vendor lock-in are that the vendor can change product offerings, such as by discontinuing or modifying
features, increasing prices, or reducing support, and that the client experiences decreased quality of service, such as by having poor performance, reliability, or
security. These risks could affect the client’s business operations, satisfaction, or competitiveness. The client can seamlessly move data, the client receives a
sufficient level of service, and the client can leverage a multicloud approach are not risks associated with vendor lock-in, but potential benefits of avoiding vendor
lock-in. Verified References: https://www.comptia.org/blog/what-is-vendor- lock-in https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION 231

A company has moved its sensitive workloads lo the cloud and needs to ensure high availability and resiliency of its web-based application. The cloud architecture
team was given the following requirements
• The application must run at 70% capacity at all times
• The application must sustain DoS and DDoS attacks.
• Services must recover automatically.
Which of the following should the cloud architecture team implement? (Select THREE).

A. Read-only replicas
B. BCP
C. Autoscaling
D. WAF
E. CDN
F. Encryption
G. Continuous snapshots
H. Containenzation

Answer: CDF

Explanation:
The cloud architecture team should implement Autoscaling (C), WAF (D) and Encryption (F). Autoscaling (C) will ensure that the application is running at 70%
capacity at all times. WAF (D) will protect the application from DoS and DDoS attacks. Encryption (F) will protect the data from unauthorized access and ensure
that the sensitive workloads remain secure.

NEW QUESTION 232

A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.
Which of the following will allow the inspection of the data without multiple certificate deployments?

A. Include all available cipher suites.

B. Create a wildcard certificate.
C. Use a third-party CA.
D. Implement certificate pinning.

Answer: B

Explanation:
A wildcard certificate is a certificate that can be used for multiple subdomains of a domain, such as *.example.com. This would allow the inspection of the data
without multiple certificate deployments, as one wildcard certificate can cover all the subdomains that will be separated out with subdomains. Including all available
cipher suites may not help with inspecting the data without multiple certificate deployments, as cipher suites are used for negotiating encryption and authentication
algorithms, not for verifying certificates. Using a third-party CA (certificate authority) may not help with inspecting the data without multiple certificate deployments,
as a third-party CA is an entity that issues and validates certificates, not a type of certificate. Implementing certificate pinning may not help with inspecting the data
without multiple certificate deployments, as certificate pinning is a technique that hardcodes the expected certificate or public key in the application code, not a type
of certificate. Verified References: https://www.comptia.org/blog/what-is-a-wildcard- certificate https://partners.comptia.org/docs/default-source/resources/casp-
content-guide

NEW QUESTION 234

A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC
into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee’ PC on the wireless network and finds the PC still
not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the
following is MOST likely the problem?

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

A. The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.
B. The DHCP server has a reservation for the PC’s MAC address for the wired interface.
C. The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.
D. The DHCP server is unavailable, so no IP address is being sent back to the PC.

Answer: A

NEW QUESTION 237

A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected
piece of code is performing a lot of input/output (I/O) on the disk drive.

Based on the output above, from which of the following process IDs can the analyst begin an investigation?

A. 65
B. 77
C. 83
D. 87

Answer: D

Explanation:
The process ID 87 can be the starting point for an investigation of a possible buffer overflow attack, as it shows a high percentage of CPU utilization (99.7%) and a
suspicious command name (graphic.linux_randomization.prg). A buffer overflow attack is a type of attack that exploits a vulnerability in an application or system
that allows an attacker to write data beyond the allocated buffer size, potentially overwriting memory segments and executing malicious code. A high CPU
utilization could indicate that the process is performing intensive or abnormal operations, such as a buffer overflow attack. A suspicious command name could
indicate that the process is trying to disguise itself or evade detection, such as by mimicking a legitimate program or using random characters. The other process
IDs do not show signs of a buffer overflow attack, as they have low CPU utilization and normal command names. Verified References:
https://www.comptia.org/blog/what-is-buffer-overflow https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION 242

Company A acquired Company . During an audit, a security engineer found Company B’s environment was inadequately patched. In response, Company A
placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A’s security program.
Which of the following risk-handling techniques was used?

A. Accept
B. Avoid
C. Transfer
D. Mitigate

Answer: D

Explanation:
Reference: https://www.pivotpointsecurity.com/blog/risk-tolerance-in-business/

NEW QUESTION 243

An organization is designing a network architecture that must meet the following requirements:
Users will only be able to access predefined services. Each user will have a unique allow list defined for access.
The system will construct one-to-one subject/object access paths dynamically.
Which of the following architectural designs should the organization use to meet these requirements?

A. Peer-to-peer secure communications enabled by mobile applications

B. Proxied application data connections enabled by API gateways
C. Microsegmentation enabled by software-defined networking
D. VLANs enabled by network infrastructure devices

Answer: C

Explanation:
Microsegmentation enabled by software-defined networking is an architectural design that can meet the requirements of allowing users to access only predefined
services, having unique allow lists defined for each user, and constructing one- to-one subject/object access paths dynamically. Microsegmentation is a technique
that divides a network into smaller segments or zones based on granular criteria, such as applications, services, users, or devices. Microsegmentation can provide
fine-grained access control and isolation for network resources, preventing unauthorized or lateral movements within the network. Software-defined networking is a
technology that decouples the control plane from the data plane in network devices, allowing centralized and programmable management of network functions and
policies. Software-defined networking can enable microsegmentation by dynamically creating and enforcing network segments or zones based on predefined rules
or policies. Peer-to-peer secure communications enabled by mobile applications is not an architectural design that can meet the requirements of allowing users to
access only predefined services, having unique allow lists defined for each user, and constructing one-to-one subject/object access paths dynamically, as peer-to-
peer secure communications is a technique that allows direct and encrypted communication between two or more parties without relying on a central server or
intermediary. Proxied application data connections enabled by API gateways is not an architectural design that can meet the requirements of allowing users to
access only predefined services, having unique allow lists defined for each user, and constructing one- to-one subject/object access paths dynamically, as proxied
application data connections is a technique that allows indirect and filtered communication between applications or services through an intermediary device or
service that can modify or monitor the traffic. VLANs (virtual local area networks) enabled by network infrastructure devices is not an architectural design that can
meet the requirements of allowing users to access only predefined services, having unique allow lists defined for each user, and constructing one- to-one
subject/object access paths dynamically, as VLANs are logical segments of a physical network that can group devices or users based on common criteria, such as

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

function, department, or location. Verified References: https://www.comptia.org/blog/what- is-microsegmentation https://partners.comptia.org/docs/default-

source/resources/casp- content-guide

NEW QUESTION 248

A company based in the United States holds insurance details of EU citizens. Which of the following must be adhered to when processing EU citizens' personal,
private, and confidential data?

A. The principle of lawful, fair, and transparent processing

B. The right to be forgotten principle of personal data erasure requests
C. The non-repudiation and deniability principle
D. The principle of encryption, obfuscation, and data masking

Answer: A

NEW QUESTION 250

Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the
local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external
resources while not sacrificing threat visibility.
Which of the following would be the BEST option to implement?

A. Distributed connection allocation

B. Local caching
C. Content delivery network
D. SD-WAN vertical heterogeneity

Answer: D

Explanation:
SD-WAN (software-defined wide area network) vertical heterogeneity is a technique that can help preserve network bandwidth and increase speed to both internal
and external resources while not sacrificing threat visibility. SD-WAN vertical heterogeneity involves using different types of network links (such as broadband,
cellular, or satellite) for different types of traffic (such as voice, video, or data) based on their performance and security requirements. This can optimize the
network efficiency and reliability, as well as provide granular visibility and control over traffic flows. Distributed connection allocation is not a technique for
preserving network bandwidth and increasing speed, but a method for distributing network connections among multiple servers or devices. Local caching is not a
technique for preserving network bandwidth and increasing speed, but a method for storing frequently accessed data locally to reduce latency or load times.
Content delivery network is not a technique for preserving network bandwidth and increasing speed, but a system of distributed servers that deliver web content to
users based on their geographic location. Verified References: https://www.comptia.org/blog/what-is-sd-wan https://partners.comptia.org/docs/default-
source/resources/casp-content-guide

NEW QUESTION 253

A company in the financial sector receives a substantial number of customer transaction requests via email. While doing a root-cause analysis conceding a
security breach, the CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used by a customer relations employee who has access to
several of the compromised accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT finds undocumented services running on
the device. Which of the following controls would reduce the discovery time for similar in the future.

A. Implementing application blacklisting

B. Configuring the mall to quarantine incoming attachment automatically
C. Deploying host-based firewalls and shipping the logs to the SIEM
D. Increasing the cadence for antivirus DAT updates to twice daily

Answer: C

NEW QUESTION 258

An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue.
However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer
integrate into the process to BEST prevent this type of behavior?

A. Peer review
B. Regression testing
C. User acceptance
D. Dynamic analysis

Answer: A

NEW QUESTION 261

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team
and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year.
Which of the following will MOST likely secure the data on the lost device?

A. Require a VPN to be active to access company data.

B. Set up different profiles based on the person’s risk.
C. Remotely wipe the device.
D. Require MFA to access company applications.

Answer: C

Explanation:
Remotely wiping the device is the best way to secure the data on the lost device, as it would erase all the data and prevent unauthorized access. Requiring a VPN
to be active to access company data may not protect the data on the device itself, as it could be stored locally or cached. Setting up different profiles based on the

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

person’s risk may not prevent data loss or theft, as it depends on the level of access and encryption. Requiring MFA to access company applications may not
protect the data on the device itself, as it could be stored locally or cached. Verified References: https://www.comptia.org/blog/what- is-byod
https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION 263

A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells.
Which of the following techniques will MOST likely meet the business’s needs?

A. Performing deep-packet inspection of all digital audio files

B. Adding identifying filesystem metadata to the digital audio files
C. Implementing steganography
D. Purchasing and installing a DRM suite

Answer: C

Explanation:
Steganography is a technique that can hide data within other files or media, such as images, audio, or video. This can provide a low-cost approach to theft
detection for the audio recordings produced and sold by the small business, as it can embed identifying information or watermarks in the audio files that can reveal
their origin or ownership. Performing deep-packet inspection of all digital audio files may not be feasible or effective for theft detection, as it could consume a lot of
bandwidth and resources, and it may not detect hidden data within encrypted packets. Adding identifying filesystem metadata to the digital audio files may not
provide enough protection for theft detection, as filesystem metadata can be easily modified or removed by unauthorized parties. Purchasing and installing a DRM
(digital rights management) suite may not be a low-cost approach for theft detection, as it could involve licensing fees and hardware requirements. Verified
References: https://www.comptia.org/blog/what-is-steganography https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION 265

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the
required reports.
Which of the following historian server locations will allow the business to get the required reports in an and IT environment?

A. In the environment, use a VPN from the IT environment into the environment.
B. In the environment, allow IT traffic into the environment.
C. In the IT environment, allow PLCs to send data from the environment to the IT environment.
D. Use a screened subnet between the and IT environments.

Answer: D

Explanation:
A screened subnet is a network segment that separates two different environments, such as (operational technology) and IT (information technology), and
provides security controls to limit and monitor the traffic between them. This would allow the business to get the required reports from the historian server without
exposing the environment to unnecessary risks. Using a VPN, allowing IT traffic, or allowing PLCs to send data are less secure options that could compromise the
environment. Verified References: https://www.comptia.org/blog/what-is-operational-technology https://partners.comptia.org/docs/default-source/resources/casp-
content-guide

NEW QUESTION 267

A host on a company’s network has been infected by a worm that appears to be spreading via SMB. A security analyst has been tasked with containing the
incident while also maintaining evidence for a subsequent investigation and malware analysis.
Which of the following steps would be best to perform FIRST?

A. Turn off the infected host immediately.

B. Run a full anti-malware scan on the infected host.
C. Modify the smb.conf file of the host to prevent outgoing SMB connections.
D. Isolate the infected host from the network by removing all network connections.

Answer: D

NEW QUESTION 271

A company’s SOC has received threat intelligence about an active campaign utilizing a specific vulnerability. The company would like to determine whether it is
vulnerable to this active campaign.
Which of the following should the company use to make this determination?

A. Threat hunting
B. A system penetration test
C. Log analysis within the SIEM tool
D. The Cyber Kill Chain

Answer: B

Explanation:
The security analyst should remove the cipher TLS_DHE_DSS_WITH_RC4_128_SHA to support the business requirements, as it is considered weak and
vulnerable to on-path attacks. RC4 is an outdated stream cipher that has been deprecated by major browsers and protocols due to its flaws and weaknesses. The
other ciphers are more secure and compliant with secure-by-design principles and PCI DSS. Verified References: https://www.comptia.org/blog/what-is-a-cipher
https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION 276

A security analyst is reviewing the following output:

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

Which of the following would BEST mitigate this type of attack?

A. Installing a network firewall

B. Placing a WAF inline
C. Implementing an IDS
D. Deploying a honeypot

Answer: B

Explanation:
The output shows a SQL injection attack that is trying to exploit a web application. A WAF (Web Application Firewall) is a security solution that can detect and
block malicious web requests, such as SQL injection, XSS, CSRF, etc. Placing a WAF inline would prevent the attack from reaching the web server and database.
References: https://owasp.org/www-community/attacks/SQL_Injection https://www.cloudflare.com/learning/ddos/glossary/web-application-firewall-waf/

NEW QUESTION 279

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An
employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

A. Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.
B. Required all laptops to connect to the VPN before accessing email.
C. Implement cloud-based content filtering with sandboxing capabilities.
D. Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Answer: C

Explanation:
Implementing cloud-based content filtering with sandboxing capabilities is the best solution for preventing malicious software installation on the employee’s laptop
due to opening an email attachment that appeared to be a claim form. Cloud-based content filtering is a technique that uses a cloud service to filter or block web
traffic based on predefined rules or policies, preventing unauthorized or malicious access to web resources or services. Cloud-based content filtering can prevent
malicious software installation on the employee’s laptop due to opening an email attachment that appeared to be a claim form, as it can scan or analyze email
attachments before they reach the mailbox and block or quarantine them if they are malicious. Sandboxing is a technique that uses an isolated or virtualized
environment to execute or test suspicious or untrusted code or applications, preventing them from affecting the host system or network. Sandboxing can prevent
malicious software installation on the employee’s laptop due to opening an email attachment that appeared to be a claim form, as it can run or detonate email
attachments in a safe environment and observe their behavior or impact before allowing them to reach the mailbox. Implementing application whitelisting and
adding only the email client to the whitelist for laptops in the claims processing department is not a good solution for preventing malicious software installation on
the employee’s laptop due to opening an email attachment that appeared to be a claim form, as it could affect the usability or functionality of other applications on
the laptops that may be needed for work purposes, as well as not prevent malicious software from running within the email client. Requiring all laptops to connect
to the VPN (virtual private network) before accessing email is not a good solution for preventing malicious software installation on the employee’s laptop due to
opening an email attachment that appeared to be a claim form, as it could introduce latency or performance issues for accessing email, as well as not prevent
malicious software from reaching or executing on the laptops. Installing a mail gateway to scan incoming messages and strip attachments before they reach the
mailbox is not a good solution for preventing malicious software installation on the employee’s laptop due to opening an email attachment that appeared to be a
claim form, as it could affect the normal operations or functionality of email communication, as well as not prevent legitimate attachments from reaching the
mailbox. Verified References: https://www.comptia.org/blog/what-is-cloud- based-content-filtering https://partners.comptia.org/docs/default-source/resources/casp-
content-guide

NEW QUESTION 280

A security analyst observes the following while looking through network traffic in a company's cloud log:

Which of the following steps should the security analyst take FIRST?

A. Quarantine 10.0.5.52 and run a malware scan against the host.

B. Access 10.0.5.52 via EDR and identify processes that have network connections.
C. Isolate 10.0.50.6 via security groups.
D. Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

Answer: D

NEW QUESTION 282

A company wants to improve the security of its web applications that are running on in- house servers A risk assessment has been performed and the following
capabilities are desired:
• Terminate SSL connections at a central location
• Manage both authentication and authorization for incoming and outgoing web service calls
• Advertise the web service API

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

• Implement DLP and anti-malware features

Which of the following technologies will be the BEST option?

A. WAF
B. XML gateway
C. ESB gateway
D. API gateway

Answer: D

Explanation:
An API gateway is a device or software that acts as an intermediary between clients and servers that provide web services through application programming
interfaces (APIs). An API gateway can provide various functions such as:
? Terminating SSL connections at a central location, reducing the overhead on the backend servers and simplifying certificate management
? Managing both authentication and authorization for incoming and outgoing web service calls, enforcing security policies and access control
? Advertising the web service API, providing documentation and discovery features for developers and consumers
? Implementing DLP and anti-malware features, preventing data leakage and malicious code injection A web application firewall (WAF) is a device or software that
filters and blocks malicious web traffic from reaching an application. A WAF can provide some protection for web services, but it does not provide all the functions
of an API gateway. An XML gateway is a device or software that validates, transforms, and routes XML messages between clients and servers that provide web
services. An XML gateway can provide some functions of an API gateway, but it is limited to XML-based web services and does not support other formats such as
JSON. An enterprise service bus (ESB) gateway is a device or software that integrates and orchestrates multiple web services into a single service or application.
An ESB gateway can provide some functions of an API gateway, but it is more focused on business logic and workflow rather than security and performance.
References: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 2: Enterprise Security Architecture, Objective 2.3:
Implement solutions for the secure use of cloud services

NEW QUESTION 284

......

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

 Recommend!! Get the Full CAS-004 dumps in VCE and PDF From SurePassExam
https://www.surepassexam.com/CAS-004-exam-dumps.html (342 New Questions)

Thank You for Trying Our Product

We offer two products:

1st - We have Practice Tests Software with Actual Exam Questions

2nd - Questons and Answers in PDF Format

CAS-004 Practice Exam Features:

* CAS-004 Questions and Answers Updated Frequently

* CAS-004 Practice Questions Verified by Expert Senior Certified Staff

* CAS-004 Most Realistic Questions that Guarantee you a Pass on Your FirstTry

* CAS-004 Practice Test Questions in Multiple Choice Formats and Updatesfor 1 Year

100% Actual & Verified — Instant Download, Please Click

Order The CAS-004 Practice Test Here

Passing Certification Exams Made Easy visit - https://www.surepassexam.com

Powered by TCPDF (www.tcpdf.org)