Summer Sale Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

CompTIA Advanced Security Practitioner (CASP+) Exam Question and Answers

CompTIA Advanced Security Practitioner (CASP+) Exam

Last Update Jun 8, 2023
Total Questions : 254

We are offering FREE CAS-004 CompTIA exam questions. All you do is to just go and sign up. Give your details, prepare CAS-004 free exam questions and then go for complete pool of CompTIA Advanced Security Practitioner (CASP+) Exam test questions that will help you more.

CAS-004 pdf

CAS-004 PDF

$35  $99.99
CAS-004 Engine

CAS-004 Testing Engine

$42  $119.99
CAS-004 PDF + Engine

CAS-004 PDF + Testing Engine

$56  $159.99
Questions 1

A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.

Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

Options:

A.  

Union filesystem overlay

B.  

Cgroups

C.  

Linux namespaces

D.  

Device mapper

Discussion 0
Questions 2

During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.

Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?

Options:

A.  

Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.

B.  

Perform ASIC password cracking on the host.

C.  

Read the /etc/passwd file to extract the usernames.

D.  

Initiate unquoted service path exploits.

E.  

Use the UNION operator to extract the database schema.

Discussion 0
Questions 3

A threat analyst notices the following URL while going through the HTTP logs.

Which of the following attack types is the threat analyst seeing?

Options:

A.  

SQL injection

B.  

CSRF

C.  

Session hijacking

D.  

XSS

Discussion 0
Questions 4

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

Which of the following is an appropriate security control the company should implement?

Options:

A.  

Restrict directory permission to read-only access.

B.  

Use server-side processing to avoid XSS vulnerabilities in path input.

C.  

Separate the items in the system call to prevent command injection.

D.  

Parameterize a query in the path variable to prevent SQL injection.

Discussion 0
Questions 5

A development team created a mobile application that contacts a company’s back-end APIs housed in a PaaS environment. The APIs have been experiencing high processor utilization due to scraping activities. The security engineer needs to recommend a solution that will prevent and remedy the behavior.

Which of the following would BEST safeguard the APIs? (Choose two.)

Options:

A.  

Bot protection

B.  

OAuth 2.0

C.  

Input validation

D.  

Autoscaling endpoints

E.  

Rate limiting

F.  

CSRF protection

Discussion 0
Questions 6

Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal?

Options:

A.  

MOU

B.  

NDA

C.  

SLA

D.  

ISA

Discussion 0
Questions 7

A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company’s Linux servers. While the software version is no longer supported by the OSS community, the company’s Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.

Based on this agreement, this finding is BEST categorized as a:

Options:

A.  

true positive.

B.  

true negative.

C.  

false positive.

D.  

false negative.

Discussion 0
Questions 8

Ann, a CIRT member, is conducting incident response activities on a network that consists of several hundred virtual servers and thousands of endpoints and users. The network generates more than 10,000 log messages per second. The enterprise belong to a large, web-based cryptocurrency startup, Ann has distilled the relevant information into an easily digestible report for executive management . However, she still needs to collect evidence of the intrusion that caused the incident. Which of the following should Ann use to gather the required information?

Options:

A.  

Traffic interceptor log analysis

B.  

Log reduction and visualization tools

C.  

Proof of work analysis

D.  

Ledger analysis software

Discussion 0
Questions 9

The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership. Which of the follow would MOST likely be used?

Options:

A.  

MOU

B.  

OLA

C.  

NDA

D.  

SLA

Discussion 0
Questions 10

While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.

Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?

Options:

A.  

Pay the ransom within 48 hours.

B.  

Isolate the servers to prevent the spread.

C.  

Notify law enforcement.

D.  

Request that the affected servers be restored immediately.

Discussion 0
Questions 11

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

Options:

A.  

Software Decomplier

B.  

Network enurrerator

C.  

Log reduction and analysis tool

D.  

Static code analysis

Discussion 0
Questions 12

Immediately following the report of a potential breach, a security engineer creates a forensic image of the server in question as part of the organization incident response procedure. Which of the must occur to ensure the integrity of the image?

Options:

A.  

The image must be password protected against changes.

B.  

A hash value of the image must be computed.

C.  

The disk containing the image must be placed in a seated container.

D.  

A duplicate copy of the image must be maintained

Discussion 0
Questions 13

A large telecommunications equipment manufacturer needs to evaluate the strengths of security controls in a new telephone network supporting first responders. Which of the following techniques would the company use to evaluate data confidentiality controls?

Options:

A.  

Eavesdropping

B.  

On-path

C.  

Cryptanalysis

D.  

Code signing

E.  

RF sidelobe sniffing

Discussion 0
Questions 14

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.

Which of the following historian server locations will allow the business to get the required reports in an ОТ and IT environment?

Options:

A.  

In the ОТ environment, use a VPN from the IT environment into the ОТ environment.

B.  

In the ОТ environment, allow IT traffic into the ОТ environment.

C.  

In the IT environment, allow PLCs to send data from the ОТ environment to the IT environment.

D.  

Use a screened subnet between the ОТ and IT environments.

Discussion 0
Questions 15

A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.

Which of the following should the security analyst perform?

Options:

A.  

Contact the security department at the business partner and alert them to the email event.

B.  

Block the IP address for the business partner at the perimeter firewall.

C.  

Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.

D.  

Configure the email gateway to automatically quarantine all messages originating from the business partner.

Discussion 0
Questions 16

An application developer is including third-party background security fixes in an application. The fixes seem to resolve a currently identified security issue. However, when the application is released to the public, report come In that a previously vulnerability has returned. Which of the following should the developer integrate into the process to BEST prevent this type of behavior?

Options:

A.  

Peer review

B.  

Regression testing

C.  

User acceptance

D.  

Dynamic analysis

Discussion 0
Questions 17

An organization mat provides a SaaS solution recently experienced an incident involving customer data loss. The system has a level of sell-healing that includes monitoring performance and available resources. When me system detects an issue, the self-healing process is supposed to restart pans of me software.

During the incident, when me self-healing system attempted to restart the services, available disk space on the data drive to restart all the services was inadequate. The self-healing system did not detect that some services did not fully restart and declared me system as fully operational. Which of the following BEST describes me reason why the silent failure occurred?

Options:

A.  

The system logs rotated prematurely.

B.  

The disk utilization alarms are higher than what me service restarts require.

C.  

The number of nodes in me self-healing cluster was healthy,

D.  

Conditional checks prior to the service restart succeeded.

Discussion 0
Questions 18

A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.

Which of the following should the company use to prevent data theft?

Options:

A.  

Watermarking

B.  

DRM

C.  

NDA

D.  

Access logging

Discussion 0
Questions 19

A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:

Only users with corporate-owned devices can directly access servers hosted by the cloud provider.

The company can control what SaaS applications each individual user can access.

User browser activity can be monitored.

Which of the following solutions would BEST meet these requirements?

Options:

A.  

IAM gateway, MDM, and reverse proxy

B.  

VPN, CASB, and secure web gateway

C.  

SSL tunnel, DLP, and host-based firewall

D.  

API gateway, UEM, and forward proxy

Discussion 0
Questions 20

An HVAC contractor requested network connectivity permission to remotely support/troubleshoot equipment issues at a company location. Currently, the company does not have a process that allows vendors remote access to the corporate network Which of the following solutions represents the BEST course of action to allow the contractor access?

Options:

A.  

Add the vendor's equipment to the existing network Give the vendor access through the standard corporate VPN

B.  

Give the vendor a standard desktop PC to attach the equipment to Give the vendor access through the standard corporate VPN

C.  

Establish a certification process for the vendor Allow certified vendors access to the VDI to monitor and maintain the HVAC equipment

D.  

Create a dedicated segment with no access to the corporate network Implement dedicated VPN hardware for vendor access

Discussion 0
Questions 21

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location.

Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

Options:

A.  

Execute never

B.  

No-execute

C.  

Total memory encryption

D.  

Virtual memory encryption

Discussion 0
Questions 22

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.

Which of the following should be the analyst’s FIRST action?

Options:

A.  

Create a full inventory of information and data assets.

B.  

Ascertain the impact of an attack on the availability of crucial resources.

C.  

Determine which security compliance standards should be followed.

D.  

Perform a full system penetration test to determine the vulnerabilities.

Discussion 0
Questions 23

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.

Which of the following should the organization perform NEXT?

Options:

A.  

Assess the residual risk.

B.  

Update the organization’s threat model.

C.  

Move to the next risk in the register.

D.  

Recalculate the magnitude of impact.

Discussion 0
Questions 24

A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

Options:

A.  

Inherent

Low

B.  

Mitigated

C.  

Residual

D.  

Transferred

Discussion 0
Questions 25

Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices in the organization. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.

Which of the following would be the BEST option to implement?

Options:

A.  

Distributed connection allocation

B.  

Local caching

C.  

Content delivery network

D.  

SD-WAN vertical heterogeneity

Discussion 0
Questions 26

A networking team asked a security administrator to enable Flash on its web browser. The networking team explained that an important legacy embedded system gathers SNMP information from various devices. The system can only be managed through a web browser running Flash. The embedded system will be replaced within the year but is still critical at the moment.

Which of the following should the security administrator do to mitigate the risk?

Options:

A.  

Explain to the networking team the reason Flash is no longer available and insist the team move up the timetable for replacement.

B.  

Air gap the legacy system from the network and dedicate a laptop with an end-of-life OS on it to connect to the system via crossover cable for management.

C.  

Suggest that the networking team contact the original embedded system’s vendor to get an update to the system that does not require Flash.

D.  

Isolate the management interface to a private VLAN where a legacy browser in a VM can be used as needed to manage the system.

Discussion 0
Questions 27

A software development company makes Its software version available to customers from a web portal. On several occasions, hackers were able to access the software repository to change the package that is automatically published on the website. Which of the following would be the BEST technique to ensure the software the users download is the official software released by the company?

Options:

A.  

Distribute the software via a third-party repository.

B.  

Close the web repository and deliver the software via email.

C.  

Email the software link to all customers.

D.  

Display the SHA checksum on the website.

Discussion 0
Questions 28

A company provides guest WiFi access to the internet and physically separates the guest network from the company’s internal WIFI. Due to a recent incident in which an attacker gained access to the compay’s intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

Options:

A.  

Active Directory OPOs

B.  

PKI certificates

C.  

Host-based firewall

D.  

NAC persistent agent

Discussion 0
Questions 29

A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?

Options:

A.  

Encryption in transit

B.  

Legal issues

C.  

Chain of custody

D.  

Order of volatility

E.  

Key exchange

Discussion 0
Questions 30

A security engineer thinks the development team has been hard-coding sensitive environment variables in its code.

Which of the following would BEST secure the company’s CI/CD pipeline?

Options:

A.  

Utilizing a trusted secrets manager

B.  

Performing DAST on a weekly basis

C.  

Introducing the use of container orchestration

D.  

Deploying instance tagging

Discussion 0
Questions 31

A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.

Which of the following should be modified to prevent the issue from reoccurring?

Options:

A.  

Recovery point objective

B.  

Recovery time objective

C.  

Mission-essential functions

D.  

Recovery service level

Discussion 0
Questions 32

An organization is designing a network architecture that must meet the following requirements:

Users will only be able to access predefined services.

Each user will have a unique allow list defined for access.

The system will construct one-to-one subject/object access paths dynamically.

Which of the following architectural designs should the organization use to meet these requirements?

Options:

A.  

Peer-to-peer secure communications enabled by mobile applications

B.  

Proxied application data connections enabled by API gateways

C.  

Microsegmentation enabled by software-defined networking

D.  

VLANs enabled by network infrastructure devices

Discussion 0
Questions 33

An e-commerce company is running a web server on premises, and the resource utilization is usually less than 30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.

Which of the following is the MOST cost-effective solution?

Options:

A.  

Move the server to a cloud provider.

B.  

Change the operating system.

C.  

Buy a new server and create an active-active cluster.

D.  

Upgrade the server with a new one.

Discussion 0
Questions 34

A security analyst is validating the MAC policy on a set of Android devices. The policy was written to ensure non-critical applications are unable to access certain resources. When reviewing dmesg, the analyst notes many entries such as:

Despite the deny message, this action was still permit following is the MOST likely fix for this issue?

Options:

A.  

Add the objects of concern to the default context.

B.  

Set the devices to enforcing

C.  

Create separate domain and context files for irc.

D.  

Rebuild the policy, reinstall, and test.

Discussion 0
Questions 35

A company’s claims processed department has a mobile workforce that receives a large number of email submissions from personal email addresses. An employees recently received an email that approved to be claim form, but it installed malicious software on the employee’s laptop when was opened.

Options:

A.  

Impalement application whitelisting and add only the email client to the whitelist for laptop in the claims processing department.

B.  

Required all laptops to connect to the VPN before accessing email.

C.  

Implement cloud-based content filtering with sandboxing capabilities.

D.  

Install a mail gateway to scan incoming messages and strip attachments before they reach the mailbox.

Discussion 0
Questions 36

An organization's finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.

Which of the following commands should the analyst run to BEST determine whether financial data was lost?

Options:

A.  

Option A

B.  

Option B

C.  

Option C

D.  

Option D

Discussion 0
Questions 37

An organization is assessing the security posture of a new SaaS CRM system that handles sensitive PI I and identity information, such as passport numbers. The SaaS CRM system does not meet the organization's current security standards. The assessment identifies the following:

1) There will be a 520,000 per day revenue loss for each day the system is delayed going into production.

2) The inherent risk is high.

3) The residual risk is low.

4) There will be a staged deployment to the solution rollout to the contact center.

Which of the following risk-handling techniques will BEST meet the organization's requirements?

Options:

A.  

Apply for a security exemption, as the risk is too high to accept.

B.  

Transfer the risk to the SaaS CRM vendor, as the organization is using a cloud service.

C.  

Accept the risk, as compensating controls have been implemented to manage the risk.

D.  

Avoid the risk by accepting the shared responsibility model with the SaaS CRM provider.

Discussion 0
Questions 38

An organization requires a legacy system to incorporate reference data into a new system. The organization anticipates the legacy system will remain in operation for the next 18 to 24 months. Additionally, the legacy system has multiple critical vulnerabilities with no patches available to resolve them. Which of the following is the BEST design option to optimize security?

Options:

A.  

Limit access to the system using a jump box.

B.  

Place the new system and legacy system on separate VLANs

C.  

Deploy the legacy application on an air-gapped system.

D.  

Implement MFA to access the legacy system.

Discussion 0