CAS-004 | Best Quality CompTIA CAS-004 Training Online

NEW QUESTION 1
An organization is designing a network architecture that must meet the following requirements: Users will only be able to access predefined services.
Each user will have a unique allow list defined for access.
The system will construct one-to-one subject/object access paths dynamically.
Which of the following architectural designs should the organization use to meet these requirements?

• A. Peer-to-peer secure communications enabled by mobile applications
• B. Proxied application data connections enabled by API gateways
• C. Microsegmentation enabled by software-defined networking
• D. VLANs enabled by network infrastructure devices

Answer: C

NEW QUESTION 2
An organization’s hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.
Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

• A. Deploy a SOAR tool.
• B. Modify user password history and length requirements.
• C. Apply new isolation and segmentation schemes.
• D. Implement decoy files on adjacent hosts.

Answer: C

Explanation:
Reference: https://www.cynet.com/network-attacks/network-attacks-and-network-security-threats/

NEW QUESTION 3
A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company’s services to ensure false positives do not drop legitimate traffic.
Which of the following would satisfy the requirement?

• A. NIDS
• B. NIPS
• C. WAF
• D. Reverse proxy

Answer: B

Explanation:
Reference: https://subscription.packtpub.com/book/networking-and-servers/9781782174905/5/ch05lvl1sec38/differentiatingbetween-nids-and-nips

NEW QUESTION 4
Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

• A. Key sharing
• B. Key distribution
• C. Key recovery
• D. Key escrow

Answer: B

Explanation:
Reference: https://www.open.edu/openlearn/ocw/mod/oucontent/view.php?id=48322§ion=1.3

NEW QUESTION 5
Which of the following is a benefit of using steganalysis techniques in forensic response?

• A. Breaking a symmetric cipher used in secure voice communications
• B. Determining the frequency of unique attacks against DRM-protected media
• C. Maintaining chain of custody for acquired evidence
• D. Identifying least significant bit encoding of data in a .wav file

Answer: D

Explanation:
Reference: https://www.garykessler.net/library/fsc_stego.html

NEW QUESTION 6
The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership .
Which of the follow would MOST likely be used?

• A. MOU
• B. OLA
• C. NDA
• D. SLA

Answer: A

NEW QUESTION 7
An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.
Which of the following historian server locations will allow the business to get the required reports in an ?? and IT environment?

• A. In the ?? environment, use a VPN from the IT environment into the ?? environment.
• B. In the ?? environment, allow IT traffic into the ?? environment.
• C. In the IT environment, allow PLCs to send data from the ?? environment to the IT environment.
• D. Use a screened subnet between the ?? and IT environments.

Answer: A

NEW QUESTION 8
A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/ auth.log: graphic.ssh_auth_log.
Which of the following actions would BEST address the potential risks by the activity in the logs?

• A. Alerting the misconfigured service account password
• B. Modifying the AllowUsers configuration directive
• C. Restricting external port 22 access
• D. Implementing host-key preferences

Answer: C

Explanation:
Reference: https://www.rapid7.com/blog/post/2017/10/04/how-to-secure-ssh-server-using-port-knocking-on-ubuntu-linux/

NEW QUESTION 9
A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.
Which of the following would be BEST to proceed with the transformation?

• A. An on-premises solution as a backup
• B. A load balancer with a round-robin configuration
• C. A multicloud provider solution
• D. An active-active solution within the same tenant

Answer: D

NEW QUESTION 10
An analyst execute a vulnerability scan against an internet-facing DNS server and receives the
following report:

Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?

• A. Password cracker
• B. Port scanner
• C. Account enumerator
• D. Exploitation framework

Answer: A

NEW QUESTION 11
An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned .
Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

• A. Peer review
• B. Regression testing
• C. User acceptance
• D. Dynamic analysis

Answer: A

NEW QUESTION 12
A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users. Which of the following would be BEST for the developer to perform? (Choose two.)

• A. Utilize code signing by a trusted third party.
• B. Implement certificate-based authentication.
• C. Verify MD5 hashes.
• D. Compress the program with a password.
• E. Encrypt with 3DES.
• F. Make the DACL read-only.

Answer: AB

NEW QUESTION 13
A small business requires a low-cost approach to theft detection for the audio recordings it produces and sells. Which of the following techniques will MOST likely meet the business’s needs?

• A. Performing deep-packet inspection of all digital audio files
• B. Adding identifying filesystem metadata to the digital audio files
• C. Implementing steganography
• D. Purchasing and installing a DRM suite

Answer: C

Explanation:
Reference: https://portswigger.net/daily-swig/what-is-steganography-a-complete-guide-to-the-ancient-art-of-concealingmessages

NEW QUESTION 14
A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.
Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

• A. Union filesystem overlay
• B. Cgroups
• C. Linux namespaces
• D. Device mapper

Answer: B

Explanation:
Reference: https://www.ibm.com/support/pages/deep-dive-yarn-cgroups-hadoop-dev

NEW QUESTION 15
A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of
assets, such as workstation, servers, and laptops.
Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the
company?

• A. Increased network latency
• B. Unavailable of key escrow
• C. Inability to selected AES-256 encryption
• D. Removal of user authentication requirements

Answer: A

NEW QUESTION 16
DRAG DROP
An organization is planning for disaster recovery and continuity of operations. INSTRUCTIONS
Review the following scenarios and instructions. Match each relevant finding to the affected host.
After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding. Each finding may be used more than once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button. Select and Place:

A.

• A.

Answer: A

NEW QUESTION 17
An organization recently started processing, transmitting, and storing its customers’ credit card information. Within a week of doing so, the organization suffered a massive breach that resulted in the exposure of the customers’ information.
Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?

• A. NIST
• B. GDPR
• C. PCI DSS
• D. ISO

Answer: C

Explanation:
Reference: https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

NEW QUESTION 18
......