comptia cas-004 practice test

A small software company deployed a new web application after a network security scan found no vulnerabilities. A customer using this application reported malicious activity believed to be associated with the application. During an investigation, the company discovered that the customer closed the browser tab and connected to another application, using the same credentials on both platforms. Which of the following detection methods should the software company implement before deploying the next version?

• A. Multifactor authentication
• B. Static application code scanning
• C. Stronger password policy
• D. A SIEM

Leveraging cryptographic solutions to protect data that is in use ensures the data is encrypted:

• A. when it is passed across a local network.
• B. in memory during processing
• C. when it is written to a system's solid-state drive.
• D. by an enterprise hardware security module.

A security analyst observes the following while looking through network traffic in a company's cloud log:

Which of the following steps should the security analyst take FIRST?

• A. Quarantine 10.0.5.52 and run a malware scan against the host.
• B. Access 10.0.5.52 via EDR and identify processes that have network connections.
• C. Isolate 10.0.50.6 via security groups.
• D. Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

A company is acquiring a competitor, and the security team is performing due diligence activities on the competitor prior to the acquisition. The team found a recent compliance audit of the competitor's environment that shows a mature security infrastructure, but it lacks a cohesive policy and process framework. Based on the audit findings, the security team determines the competitor's existing security capabilities are sufficient, but they will need to incorporate additional security policies. Which of the following risk management strategies is the security team recommending?

• A. Mitigate and avoid
• B. Transfer and accept
• C. Avoid and transfer
• D. Accept and mitigate

A security analyst wants to keep track of all outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT, which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

• A. X-Forwarded-Proto
• B. X-Forwarded-For
• C. Cache-Control
• D. Strict-Transport-Security
• E. Content-Security-Policy

A BIA of a popular online retailer identified several mission-essential functions that would take more than seven days to recover in the event of an outage. Which of the following should be considered when setting priorities for the restoration of these functions?

• A. Supply chain issues
• B. Revenue generation
• C. Warm-site operations
• D. Scheduled impacts to future projects

A security administrator has been tasked with hardening a domain controller against lateral movement attacks. Below is an output of running services:



Which of the following configuration changes must be made to complete this task?

• A. Stop the Print Spooler service and set the startup type to disabled.
• B. Stop the DNS Server service and set the startup type to disabled.
• C. Stop the Active Directory Web Services service and set the startup type to disabled.
• D. Stop Credential Manager service and leave the startup type to disabled.

A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is that the traffic is occurring on a non-standard port (TCP 40322). Which of the following commands should the security engineer use FIRST to find the malicious process?

• A. tcpdump
• B. netstat
• C. tasklist
• D. traceroute
• E. ipconfig

A company is preparing to deploy a global service.
Which of the following must the company do to ensure GDPR compliance? (Choose two.)

• A. Inform users regarding what data is stored.
• B. Provide opt-in/out for marketing messages.
• C. Provide data deletion capabilities.
• D. Provide optional data encryption.
• E. Grant data access to third parties.
• F. Provide alternative authentication techniques.

A systems administrator is preparing to run a vulnerability scan on a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produce accurate information especially regarding configuration settings.
Which of the following scan types will provide the systems administrator with the MOST accurate information?

• A. A passive, credentialed scan
• B. A passive, non-credentialed scan
• C. An active, non-credentialed scan
• D. An active, credentialed scan