CAS-004 Sample Practice Exam Questions 2023 Updated Verified [Q40-Q62]

CAS-004 Sample Practice Exam Questions 2023 Updated Verified

Exam Study Guide Free Practice Test LAST UPDATED CAS-004

NEW QUESTION 40
A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization.
Which of the following actions would BEST resolve the issue? (Choose two.)

• A. Deploy a SIEM.
• B. Deploy an IDS.
• C. Deploy a reverse proxy
• D. Deploy a WAF.
• E. Use containers.
• F. Conduct input sanitization.
• G. Patch the OS

Answer: D,F

Explanation:
Explanation
A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe.

 

NEW QUESTION 41
A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

Which of the following would BEST mitigate this vulnerability?

• A. Network intrusion prevention
• B. Input validation
• C. CAPTCHA
• D. Data encoding

Answer: B

 

NEW QUESTION 42
An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs. Which of the following programming languages is the MOST relevant for PLCs?

• A. Rust
• B. Java
• C. C
• D. Python
• E. Ladder logic

Answer: E

 

NEW QUESTION 43
A developer implement the following code snippet.

Which of the following vulnerabilities does the code snippet resolve?

• A. Information leakage
• B. Missing session limit
• C. SQL inject
• D. Buffer overflow

Answer: A

 

NEW QUESTION 44
Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

• A. Ledger analysis software
• B. Log reduction and visualization tools
• C. Proof of work analysis
• D. Traffic interceptor log analysis

Answer: B

 

NEW QUESTION 45
An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack?

• A. A turbine would overheat and cause physical harm.
• B. Data would be exfiltrated through the data diodes.
• C. The SCADA equipment could not be maintained.
• D. The engineers would need to go to the historian.

Answer: A

 

NEW QUESTION 46
An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors. Which of the following categories BEST describes this type of vendor risk?

• A. Remote code signing
• B. Side-load attack
• C. SDLC attack
• D. Supply chain attack

Answer: D

 

NEW QUESTION 47
Which of the following allows computation and analysis of data within a ciphertext without knowledge of the plaintext?

• A. Lattice-based cryptography
• B. Asymmetric cryptography
• C. Homomorphic encryption
• D. Quantum computing

Answer: B

 

NEW QUESTION 48
A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.
Which of the following would be the BEST solution against this type of attack?

• A. HSTS
• B. Cookies
• C. Wildcard certificates
• D. Certificate pinning

Answer: A

 

NEW QUESTION 49
Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

• A. Falsified status reporting; remotely wipe the device.
• B. Impossible travel; disable the device's account and access while investigating.
• C. Malicious installation of an application; change the MDM configuration to remove application ID 1220.
• D. Resource leak; recover the device for analysis and clean up the local storage.

Answer: C

 

NEW QUESTION 50
A company's SOC has received threat intelligence about an active campaign utilizing a specific vulnerability.
The company would like to determine whether it is vulnerable to this active campaign.
Which of the following should the company use to make this determination?

• A. Log analysis within the SIEM tool
• B. The Cyber Kill Chain
• C. Threat hunting
• D. A system penetration test

Answer: C

 

NEW QUESTION 51
A security engineer needs to recommend a solution that will meet the following requirements:
Identify sensitive data in the provider's network
Maintain compliance with company and regulatory guidelines
Detect and respond to insider threats, privileged user threats, and compromised accounts Enforce datacentric security, such as encryption, tokenization, and access control Which of the following solutions should the security engineer recommend to address these requirements?

• A. CASB
• B. WAF
• C. DLP
• D. SWG

Answer: A

Explanation:
https://www.mcafee.com/enterprise/en-us/security-awareness/cloud/what-is-a-casb.html

 

NEW QUESTION 52
A customer reports being unable to connect to a website at www.test.com to consume services. The customer notices the web application has the following published cipher suite:

Which of the following is the MOST likely cause of the customer's inability to connect?

• A. Weak ciphers are being used.
• B. The public key should be using ECDSA.
• C. The server name should be test.com.
• D. The default should be on port 80.

Answer: A

 

NEW QUESTION 53
A security engineer is hardening a company's multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open:
22
25
110
137
138
139
445
Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company's distribution process.
Which of the following would be the BEST solution to harden the system?

• A. Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.
• B. Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.
• C. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.
• D. Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.

Answer: B

 

NEW QUESTION 54
Which of the following controls primarily detects abuse of privilege but does not prevent it?

• A. Off-boarding
• B. Least privilege
• C. Job rotation
• D. Separation of duties

Answer: A

 

NEW QUESTION 55
A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?

• A. Accept
• B. Transfer
• C. Avoid
• D. Mitigate

Answer: D

 

NEW QUESTION 56
A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.
Which of the following should a security architect recommend?

• A. A DLP program to identify which files have customer data and delete them
• B. An ERP program to identify which processes need to be tracked
• C. A CMDB to report on systems that are not configured to security baselines
• D. A CRM application to consolidate the data and provision access based on the process and need

Answer: A

 

NEW QUESTION 57
A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

Which of the following ciphers should the security analyst remove to support the business requirements?

• A. TLS_AES_128_CCM_8_SHA256
• B. TLS_CHACHA20_POLY1305_SHA256
• C. TLS_DHE_DSS_WITH_RC4_128_SHA
• D. TLS_AES_128_GCM_SHA256

Answer: C

 

NEW QUESTION 58
A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.
Which of the following would provide the BEST boot loader protection?

• A. UEFI/BIOS
• B. PKI
• C. TPM
• D. HSM

Answer: A

 

NEW QUESTION 59
A company is preparing to deploy a global service.
Which of the following must the company do to ensure GDPR compliance? (Choose two.)

• A. Provide alternative authentication techniques.
• B. Provide data deletion capabilities.
• C. Inform users regarding what data is stored.
• D. Provide opt-in/out for marketing messages.
• E. Grant data access to third parties.
• F. Provide optional data encryption.

Answer: B,C

Explanation:
The main rights for individuals under the GDPR are to:
allow subject access
have inaccuracies corrected
have information erased
prevent direct marketing
prevent automated decision-making and profiling
allow data portability (as per the paragraph above)
source: https://www.clouddirect.net/11-things-you-must-do-now-for-gdpr-compliance/

 

NEW QUESTION 60
A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output:

The penetration testers MOST likely took advantage of:

• A. A plain-text password disclosure
• B. A TOC/TOU vulnerability
• C. An integer overflow vulnerability
• D. A buffer overflow vulnerability

Answer: B

 

NEW QUESTION 61
An organization is planning for disaster recovery and continuity of operations.
INSTRUCTIONS
Review the following scenarios and instructions. Match each relevant finding to the affected host.
After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.
Each finding may be used more than once.
If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:

 

NEW QUESTION 62
......

The New CAS-004 2023 Updated Verified Study Guides & Best Courses: https://dumpscertify.torrentexam.com/CAS-004-exam-latest-torrent.html