Free CAS-004 Sample Questions — CompTIA Advanced Security Practitioner (CASP+) CAS-004

A systems administrator confirms that the company's remote server is providing the following list of preferred ciphers: • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) • TLS_RSA_WITH_RC4_128_SHA (0x5) • TLS_RSA_WITH_RC4_128_MD5 (0x4) Nevertheless, when the systems administrator's browser connects to the server, it negotiates TLS_RSA_WITH_RC4_128_MD5 (0x4), while all other employees' browsers negotiate TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030). Which of the following describes a potential attack to the systems administrator's browser?

• A. cipher mismatch
• B. Key rotation
• C. downgrade attack
• D. compromised key
• E. Rekeying

A security analyst has been tasked with assessing a new API. The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities. Which of the following should the analyst use to achieve this goal?

• A. Static analysis
• B. Input validation
• C. Fuzz testing
• D. Post-exploitation

A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in the service being unavailable. Which of the following would BEST prevent this scenario form happening again?

• A. Performing routine tabletop exercises
• B. Implementing scheduled, full interruption tests
• C. Backing up system log reviews
• D. Performing department disaster recovery walk-throughs

The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements: • Monitors traffic to and from both local NAS and cloud-based file repositories • Prevents on-site staff who are accessing sensitive customer PII documents on file repositories from accidentally or deliberately sharing sensitive documents on personal SaaS solutions • Uses document attributes to reduce false positives • Is agentless and not installed on staff desktops or laptops Which of the following when installed and configured would BEST meet the CSO’s requirements? (Choose two.)

• A. DLP
• B. NGFW
• C. UTM
• D. UEBA
• E. CASB
• F. HIPS

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the LEAST amount of downtime. Which of the following should the analyst perform?

• A. Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics
• B. Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics
• C. Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics
• D. Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics

A review of the past year's attack patterns shows that attackers stopped reconnaissance after finding a susceptible system to compromise. The company would like to find a way to use this information to protect the environment while still gaining valuable attack information. Which of the following would be BEST for the company to implement?

• A. WAF
• B. An IDS
• C. SIEM
• D. honeypot

A company performs an annual attack surface analysis and identifies a large number of unexpected, external-facing systems. The Chief Information Security Officer wishes to ensure this issue does not reoccur. Which of the following should the company do?

• A. Update the company’s risk profile
• B. Minimize errors in the risk assessment metrics
• C. Continuously monitor key risk indicators
• D. Reduce the costs associated with performing risk assessments

A company's Chief Information Security Officer is concerned that the company's proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC. Which of the following compensating controls would be BEST to implement in this situation?

• A. EDR
• B. SIEM
• C. HIDS
• D. UEBA

A security engineer is performing a vulnerability management scan on multihomed Linux systems. The engineer notices that the vulnerability count is high due to the fact that each vulnerability is multiplied by the number of NICs on each system. Which of the following should the engineer do to deduplicate the vulnerabilities and to associate the vulnerabilities with a particular host?

• A. Use a SCAP scanner
• B. Deploy an agent
• C. Initiate a discovery scan
• D. Perform an Nmap scan

Prior to a risk assessment inspection, the Chief Information Officer tasked the systems administrator with analyzing and reporting any configuration issues on the information systems, and then verifying existing security settings. Which of the following would be BEST to use?

• A. SCAP
• B. CVSS
• C. XCCDF
• D. CMDB

An ISP is receiving reports from a portion of its customers who state that typosquatting is occurring when they type in a portion of the URL for the ISP’s website. The reports state that customers are being directed to an advertisement website that is asking for personal information. The security team has verified the DNS system is returning proper results and has no known IOCs. Which of the following should the security team implement to best mitigate this situation?

• A. DNSSEC
• B. DNS filtering
• C. Multifactor authentication
• D. Self-signed certificates
• E. Revocation of compromised certificates

A partner organization is requesting that a security administrator exchange S/MIME certificates for email between the two organizations. The partner organization is most likely trying to:

• A. utilize digital signatures to ensure data integrity
• B. reduce the amount of impersonation spam the organization receives
• C. enable a more decentralized IT infrastructure
• D. eliminate the organization’s business email compromise risks

A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications. To prevent further compromises, the company has decided it will only allow authorized applications to run on its systems. Which of the following should the company implement?

• A. Signing
• B. Access control
• C. HIPS
• D. Permit listing

A security engineer notices the company website allows users to select which country they reside in, such as the following example: https://mycompany.com/main.php?Country=US Which of the following vulnerabilities would MOST likely affect this site?

• A. SQL injection
• B. Remote file inclusion
• C. Directory traversal
• D. Unsecure references

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact. Which of the following should the organization perform NEXT?

• A. Assess the residual risk
• B. Update the organization's threat model
• C. Move to the next risk in the register
• D. Recalculate the magnitude of impact

An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely. Which of the following features of these devices MOST likely led to this decision? (Choose two.)

• A. Software-backed keystore
• B. Embedded cryptoprocessor
• C. Hardware-backed public key storage
• D. Support for stream ciphers
• E. Decentralized key management
• F. TPM 2.0 attestation services

A security engineer is concerned about the threat of side-channel attacks. The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from its normal operating range. As a result, the part deteriorated more quickly than the mean time to failure. A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the part failed. Which of the following solutions would be BEST to prevent a side-channel attack in the future?

• A. Installing online hardware sensors
• B. Air gapping important ICS and machines
• C. Implementing a HIDS
• D. Installing a SIEM agent on the endpoint

Which of the following is used to assess compliance with internal and external requirements?

• A. RACI matrix
• B. Audit report
• C. After-action report
• D. Business continuity plan

Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?

• A. Key escrow
• B. TPM
• C. Trust models
• D. Code signing

A company security engineer arrives at work to face the following scenario: 1. Website defacement 2. Calls from the company president indicating the website needs to be fixed immediately because it is damaging the brand 3. A job offer from the company's competitor 4. A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data Which of the following threat actors is MOST likely involved?

• A. Organized crime
• B. Script kiddie
• C. APT/nation-state
• D. Competitor