CAS-004 Free Questions

CompTIA Advanced Security Practitioner

(CASP+) Exam

https://www.passquestion.com/CAS-004.html
Question 1
A security engineer at a company is designing a system to mitigate recent
setbacks caused competitors that are beating the company to market with the
new products. Several of the products incorporate propriety enhancements
developed by the engineer’s company. The network already includes a SEIM
and a NIPS and requires 2FA for all user access.
Which of the following system should the engineer consider NEXT to mitigate
the associated risks?
A. DLP
B. Mail gateway
C. Data flow enforcement
D. UTM
Answer: A
Question 2
A Chief Information Officer is considering migrating all company data to the
cloud to save money on expensive SAN storage.
Which of the following is a security concern that will MOST likely need to be
addressed during migration?
A. Latency
B. Data exposure
C. Data loss
D. Data dispersion
Answer: A
Question 3
An organization recently started processing, transmitting, and storing its customers’ credit card
information. Within a week of doing so, the organization suffered a massive breach that resulted in
the exposure of the customers’ information.
Which of the following provides the BEST guidance for protecting such information while it is at rest
and in transit?
A. NIST
B. GDPR
C. PCI DSS
D. ISO
Answer: C
Question 4
A cybersecurity analyst receives a ticket that indicates a potential incident is
occurring. There has been a large in log files generated by a generated by a
website containing a ‘’Contact US’’ form. The analyst must determine if
the increase in website traffic is due to a recent marketing campaign of if this is a
potential incident.
Which of the following would BEST assist the analyst?
A. Ensuring proper input validation is configured on the ‘’Contact US’’
form
B. Deploy a WAF in front of the public website
C. Checking for new rules from the inbound network IPS vendor
D. Running the website log files through a log reduction and analysis tool
Answer: D
Question 5
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest
assessment. For one of the risks, a full remediation was not possible, but the organization was able to
successfully apply mitigations to reduce the likelihood of impact.
Which of the following should the organization perform NEXT?
A. Assess the residual risk.
B. Update the organization’s threat model.
C. Move to the next risk in the register.
D. Recalculate the magnitude of impact.
Answer: D
Question 6
A security architect for a large, multinational manufacturer needs to design and implement a security
solution to monitor traffic.
When designing the solution, which of the following threats should the security architect focus on to
prevent attacks against the network?
A. Packets that are the wrong size or length
B. Use of any non-DNP3 communication on a DNP3 port
C. Multiple solicited responses over time
D. Application of an unsupported encryption algorithm
Answer: C
Question 7
An application server was recently upgraded to prefer TLS 1.3, and now users are unable
to connect their clients to the server.
Attempts to reproduce the error are confirmed, and clients are reporting the following:
ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Which of the following is MOST likely the root cause?
A. The client application is testing PFS.
B. The client application is configured to use ECDHE.
C. The client application is configured to use RC4.
D. The client application is configured to use AES-256 in GCM.
Answer: C
Question 8
Which of the following is the MOST important security objective when applying cryptography to
control messages that tell an ICS how much electrical power to output?
A. Importing the availability of messages
B. Ensuring non-repudiation of messages
C. Enforcing protocol conformance for messages
D. Assuring the integrity of messages
Answer: D
Question 9
A security engineer was auditing an organization’s current software development practice and
discovered that multiple open-source libraries were Integrated into the organization’s software. The
organization currently performs SAST and DAST on the software it develops.
Which of the following should the organization incorporate into the SDLC to ensure the security of
the open-source libraries?
A. Perform additional SAST/DAST on the open-source libraries.
B. Implement the SDLC security guidelines.
C. Track the library versions and monitor the CVE website for related vulnerabilities.
D. Perform unit testing of the open-source libraries.
Answer: B
Question 10
Which of the following are risks associated with vendor lock-in? (Choose two.)
A. The client can seamlessly move data.
B. The vendor can change product offerings.
C. The client receives a sufficient level of service.
D. The client experiences decreased quality of service.
E. The client can leverage a multicloud approach.
F. The client experiences increased interoperability.
Answer: B,D