[Q220-Q239] Ultimate Guide to Prepare CAS-004 with Accurate PDF Questions [Apr 16, 2024]

Ultimate Guide to Prepare CAS-004 with Accurate PDF Questions [Apr 16, 2024]

Pass CompTIA With GuideTorrent Exam Dumps

NEW QUESTION # 220
An engineering team is developing and deploying a fleet of mobile devices to be used for specialized inventory management purposes. These devices should:
* Be based on open-source Android for user familiarity and ease.
* Provide a single application for inventory management of physical assets.
* Permit use of the camera be only the inventory application for the purposes of scanning
* Disallow any and all configuration baseline modifications.
* Restrict all access to any device resource other than those requirement ?

• A. Write a MAC sepolicy that defines domains with rules, label the inventory application, build the policy, and set to enforcing mode.
• B. Set an application wrapping policy, wrap the application, distributes the inventory APK via the MAM tool, and test the application restrictions.
• C. Swap out Android Linux kernel version for >2,4,0, but the internet build Android, remove unnecessary functions via MDL, configure to block network access, and perform integration testing
• D. Build and install an Android middleware policy with requirements added, copy the file into/ user/init, and then built the inventory application.

Answer: B

NEW QUESTION # 221
A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.
Which of the following is the BEST solution to meet these objectives?

• A. Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
• B. Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
• C. Implement EDR, keep users in the local administrators group, and enable user behavior analytics.
• D. Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.

Answer: A

Explanation:
Explanation
PAM (Privileged Access Management) is a solution that can increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. By implementing PAM, removing users from the local administrators group, and prompting users for explicit approval when elevated privileges are required, the security engineer can reduce the attack surface, prevent unauthorized access, and enforce the principle of least privilege. Implementing PAM, keeping users in the local administrators group, and enabling local administrator account monitoring may not provide enough control or visibility over local administrator accounts, as users could still abuse or compromise their privileges. Implementing EDR (Endpoint Detection and Response) may not provide enough control or visibility over local administrator accounts, as EDR is mainly focused on detecting and responding to threats, not managing privileges. Enabling user behavior analytics may not provide enough control or visibility over local administrator accounts, as user behavior analytics is mainly focused on identifying anomalies or risks in user activity, not managing privileges. Verified References: https://www.comptia.org/blog/what-is-pam
https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION # 222
Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?

• A. The image must be password protected against changes.
• B. The disk containing the image must be placed in a seated container.
• C. A duplicate copy of the image must be maintained
• D. A hash value of the image must be computed.

Answer: D

NEW QUESTION # 223
Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts most of the responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?

• A. PaaS
• B. Faas
• C. SaaS
• D. IaaS

Answer: C

NEW QUESTION # 224
An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?

• A. SLA
• B. NDA
• C. ISA
• D. MOU

Answer: C

Explanation:
An ISA, or interconnection security agreement, is a document that should be required to set up a dedicated VPN between two entities that provide specialized help desk services. An ISA defines the technical and security requirements for establishing, operating, and maintaining a secure connection between two or more organizations. An ISA also specifies the roles and responsibilities of each party, the security controls and policies to be implemented, the data types and classifications to be exchanged, and the incident response procedures to be followed.

NEW QUESTION # 225

An organization is planning for disaster recovery and continuity of operations.
INSTRUCTIONS
Review the following scenarios and instructions. Match each relevant finding to the affected host.
After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.
Each finding may be used more than once.
If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Answer:

Explanation:

NEW QUESTION # 226
A security architect Is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been Implemented to prevent these types of risks?

• A. Source code escrows
• B. Software audits
• C. Code reviews
• D. Supply chain visibility

Answer: A

Explanation:
Explanation
A source code escrow is a legal agreement that involves a third party holding the source code of a software application on behalf of the software vendor and the software licensee. The source code escrow ensures that the licensee can access the source code in case the vendor goes out of business, fails to provide maintenance or support, or breaches the contract terms.
A source code escrow would have prevented the risk of having an old application that is not covered for maintenance anymore because the software company is no longer in business, because it would:
Allow the licensee to obtain the source code and continue to update, fix, or modify the application according to their needs.
Protect the vendor's intellectual property rights and prevent unauthorized disclosure or use of the source code.
Provide a legal framework and a trusted mediator for resolving any disputes or issues between the vendor and the licensee.

NEW QUESTION # 227
A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications.
To prevent further compromises, the company has decided it will only allow authorized applications to run on its systems. Which of the following should the company implement?

• A. Permit listing
• B. HIPS
• C. Signing
• D. Access control

Answer: A

NEW QUESTION # 228
In a shared responsibility model for PaaS, which of the following is a customer's responsibility?

• A. Network security
• B. Physical security
• C. Host infrastructure
• D. OS security

Answer: D

Explanation:
In a shared responsibility model for PaaS, the customer's responsibility is OS security. PaaS stands for Platform as a Service, which is a cloud service model that provides a platform for customers to develop, run, and manage applications without having to deal with the underlying infrastructure. The cloud provider is responsible for the physical security, network security, and host infrastructure of the platform, while the customer is responsible for the security of the operating system, the application, and the data. The customer needs to ensure that the operating system is patched, configured, and protected from malware and unauthorized access. Verified References:
https://learn.microsoft.com/en-us/azure/security/fundamentals/shared-responsibility
https://www.techtarget.com/searchcloudcomputing/feature/The-cloud-shared-responsibility-model-for-IaaS
https://www.splunk.com/en_us/blog/learn/shared-responsibility-model.html

NEW QUESTION # 229
An organization's hunt team thinks a persistent threats exists and already has a foothold in the enterprise network.
Which of the following techniques would be BEST for the hunt team to use to entice the adversary to uncover malicious activity?

• A. Modify user password history and length requirements.
• B. Deploy a SOAR tool.
• C. Apply new isolation and segmentation schemes.
• D. Implement decoy files on adjacent hosts.

Answer: D

Explanation:
Implementing decoy files on adjacent hosts is a technique that can entice the adversary to uncover malicious activity, as it can lure them into accessing fake or irrelevant data that can trigger an alert or reveal their presence. Decoy files are also known as honeyfiles or honeypots, and they are part of deception technology. Deploying a SOAR (Security Orchestration Automation and Response) tool may not entice the adversary to uncover malicious activity, as SOAR is mainly focused on automating and streamlining security operations, not deceiving attackers. Modifying user password history and length requirements may not entice the adversary to uncover malicious activity, as it could affect legitimate users and not reveal the attacker's actions. Applying new isolation and segmentation schemes may not entice the adversary to uncover malicious activity, as it could limit their access and movement, but not expose their presence. Verified Reference: https://www.comptia.org/blog/what-is-deception-technology https://partners.comptia.org/docs/default-source/resources/casp-content-guide

NEW QUESTION # 230
A security is assisting the marketing department with ensuring the security of the organization's social media platforms. The two main concerns are:
The Chief marketing officer (CMO) email is being used department wide as the username The password has been shared within the department Which of the following controls would be BEST for the analyst to recommend?

• A. Have periodic, scheduled reviews to determine which OAuth configuration are set for each media platform.
• B. Create multiple social media accounts for all marketing user to separate their actions.
• C. Configure MFA for all users to decrease their reliance on other authentication.
• D. Ensue the password being shared is sufficiently and not written down anywhere.

Answer: C

NEW QUESTION # 231
Which of the following objectives BEST supports leveraging tabletop exercises in business continuity planning?

• A. Assess the effectiveness of documented processes against a realistic scenario.
• B. Determine the optimal placement of hot/warm sites within the enterprise architecture.
• C. Establish new staff roles and responsibilities for continuity of operations.
• D. Create new processes for identified gaps in continuity planning.

Answer: A

NEW QUESTION # 232
A small business would like to provide guests who are using mobile devices encrypted WPA3 access without first distributing PSKs or other credentials. Which of the following features will enable the business to meet this objective?

• A. Perfect forward secrecy
• B. Simultaneous Authentication of Equals
• C. Extensible Authentication Protocol
• D. Enhanced open

Answer: B

NEW QUESTION # 233
A company is preparing to deploy a global service.
Which of the following must the company do to ensure GDPR compliance? (Choose two.)

• A. Grant data access to third parties.
• B. Provide data deletion capabilities.
• C. Provide optional data encryption.
• D. Provide opt-in/out for marketing messages.
• E. Provide alternative authentication techniques.
• F. Inform users regarding what data is stored.

Answer: D,F

NEW QUESTION # 234
Given the following log snippet from a web server:

Which of the following BEST describes this type of attack?

• A. Cross-site scripting
• B. Cross-site request forgery
• C. Brute-force
• D. SQL injection

Answer: D

Explanation:
Clearly trying to pass SQL code for the user field, this is clearly an example of SQL injection.
Cross site forgery is when you try to bypass or change the web path to by pass the index.

NEW QUESTION # 235
A company launched a new service and created a landing page within its website network for users to access the service. Per company policy, all websites must utilize encryption for any authentication pages. A junior network administrator proceeded to use an outdated procedure to order new certificates. Afterward, customers are reporting the following error when accessing a new web page: NET:ERR_CERT_COMMON_NAME_INVALID. Which of the following BEST describes what the administrator should do NEXT?

• A. Request a new certificate with the correct organizational unit for the company's website.
• B. Request a new certificate with the correct subject alternative name that includes the new websites.
• C. Request a new certificate with the same information but including the old certificate on the CRL.
• D. Request a new certificate with a stronger encryption strength and the latest cipher suite.

Answer: C

NEW QUESTION # 236
A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on management of the company's website and services. The Chief information Security Officer (CISO) insist all available resources in the proposal must be dedicated, but managing a private cloud is not an option. Which of the following is the BEST solution for this company?

• A. Multinency SaaS
• B. Community cloud service model
• C. Single-tenancy SaaS
• D. On-premises cloud service model

Answer: C

Explanation:
Explanation
A single-tenancy SaaS solution is the best solution for this company. SaaS stands for software as a service, which is a cloud-based model that allows customers to access applications hosted by a provider over the internet. A single-tenancy SaaS solution means that the company has its own dedicated instance of the application and its underlying infrastructure, which offers more control, customization, and security than a multi-tenancy SaaS solution where multiple customers share the same resources. A single-tenancy SaaS solution also eliminates the need for managing a private cloud or an on-premises infrastructure. Verified References: https://www.comptia.org/training/books/casp-cas-004-study-guide ,
https://www.ibm.com/cloud/learn/saas

NEW QUESTION # 237
An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS components. of the following TPM structures enables this storage functionality?

• A. Platform configuration registers
• B. Endorsement tickets
• C. Command tag structures with MAC schemes
• D. Clock/counter structures

Answer: A

Explanation:
Explanation
TPMs provide the ability to store measurements of code and data that can be used to ensure that code and data remain unchanged over time. This is done through Platform Configuration Registers (PCRs), which are structures used to store measurements of code and data. The measurements are taken during the boot process and can be used to compare the state of the system at different times, which can be used to detect any changes to the system and verify that the system has not been tampered with.

NEW QUESTION # 238
A satellite communications ISP frequently experiences outages and degraded modes of operation over one of its legacy satellite links due to the use of deprecated hardware and software. Three days per week, on average, a contracted company must follow a checklist of 16 different high-latency commands that must be run in serial to restore nominal performance. The ISP wants this process to be automated.
Which of the following techniques would be BEST suited for this requirement?

• A. Provide the contractors with direct access to satellite telemetry data.
• B. Reduce link latency on the affected ground and satellite segments.
• C. Deploy SOAR utilities and runbooks.
• D. Replace the associated hardware.

Answer: C

Explanation:
Explanation
Deploying SOAR (Security Orchestration Automation and Response) utilities and runbooks is the best technique for automating the process of restoring nominal performance on a legacy satellite link due to degraded modes of operation caused by deprecated hardware and software.

NEW QUESTION # 239
......

Latest CAS-004 Exam Dumps - Valid and Updated Dumps: https://testking.guidetorrent.com/CAS-004-dumps-questions.html