Free CompTIA CAS-004 Exam Dumps and CAS-004 Exam Questions

Question No: 1

MultipleChoice

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer

facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead and be resistant to offline password attacks. Which of the following should the security consultant recommend?

Options

AWPA2-Preshared Key

BWPA3-Enterprise

CWPA3-Personal

DWPA2-Enterprise

Question No: 2

MultipleChoice

Which of the following technologies should the company deploy to meet its security objectives? (Select TWO)_

Options

ANAC

BWAF

CNIDS

DReverse proxy

ENGFW

FBastion host

Question No: 3

MultipleChoice

An administrator at a software development company would like to protect the integrity of the company's applications with digital signatures. The developers report that the signing process keeps failing

on all applications. The same key pair used for signing, however, is working properly on the website, is valid, and is issued by a trusted CA. Which of the following is MOST likely the cause of the

signature failing?

Options

AThe NTP server is set incorrectly for the developers

BThe CA has included the certificate in its CRL.

CThe certificate is set for the wrong key usage.

DEach application is missing a SAN or wildcard entry on the certificate

Question No: 4

MultipleChoice

A security analyst runs a vulnerability scan on a network administrator's workstation. The network administrator has direct administrative access to the company's SSO web portal. The vulnerability scan uncovers critical vulnerabilities with equally high CVSS scores for the user's browser, OS, email client, and an offline password manager. Which of the following should the security analyst patch FIRST?

Options

AEmail client

BPassword manager

CBrowser

DOS

Question No: 5

MultipleChoice

A company hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements:

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options

ATPM

BLocal secure password file

CMFA

DKey vault

Question No: 6

MultipleChoice

A security engineer is reviewing a record of events after a recent data breach incident that Involved the following:

* A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets.

* A vulnerability in a third-party horary was exploited by the hacker, resulting in the compromise of a local account.

* The hacker took advantage of the account's excessive privileges to access a data store and exfilltrate the data without detection.

Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?

Options

ADynamic analysis

BSecure web gateway

CSoftware composition analysis

DUser behavior analysis

EWeb application firewall

Question No: 7

MultipleChoice

A company's employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely ? (Select TWO.)

Options

AOutdated escalation attack

BPrivilege escalation attack

CVPN on the mobile device

DUnrestricted email administrator accounts

EChief use of UDP protocols

FDisabled GPS on mobile devices

Question No: 8

DragDrop

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Question No: 9

MultipleChoice

A company's employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email traveling . Which of the following is the MOST likely explanation? (Select TWO.)

Options

AOutdated escalation attack

BPrivilege escalation attack

CVPN on the mobile device

DUnrestricted email administrator accounts

EChief use of UDP protocols

FDisabled GPS on mobile devices

Question No: 10

MultipleChoice

An organization decided to begin issuing corporate mobile device users microSD HSMs that must be installed in the mobile devices in order to access corporate resources remotely Which of the following features of these devices MOST likely led to this decision? (Select TWO.)

Options

ASoftware-backed keystore

BEmbedded cryptoprocessor

CHardware-backed public key storage

DSupport for stream ciphers

EDecentralized key management

FTPM 2.0 attestation services