https://www.lead4pass.com/cas-004.html 2021 Latest lead4pass CAS-004 PDF and VCE dumps Download CAS-004 Q&As CompTIA Advanced Security Practitioner (CASP+) Pass CompTIA CAS-004 Exam with 100% Guarantee Free Download Real Questions & Answers PDF and VCE file from: https://www.lead4pass.com/cas-004.html 100% Passing Guarantee 100% Money Back Assurance Following Questions and Answers are all new published by CompTIA Official Exam Center Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 1 / 10
CAS-004 Exam PDF Free Share
Mar 16, 2022
Free sharing of the 12-track CAS-004 exam PDF, available for download online
Complete CAS-004 dumps with PDF and VCE: https://www.lead4pass.com/cas-004.html (Total Questions: 255 Q&A)
Welcome message from author
Download the latest updated CAS-004 exam PDF to help you progress
Transcript
CAS-004-pubCAS-004Q&As
Pass CompTIA CAS-004 Exam with 100% Guarantee
Free Download Real Questions & Answers PDF and VCE file from:
https://www.lead4pass.com/cas-004.html
100% Passing Guarantee 100% Money Back Assurance
Following Questions and Answers are all new published by CompTIA Official Exam Center
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 1 / 10
QUESTION 1
A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company\\'s products. The analyst believes a malicious actor is scanning the web form. To know which security controls to put in place, the analyst first needs to determine the type of activity occurring to design a control. Given the log below:
Which of the following is the MOST likely type of activity occurring?
A. SQL injection
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 2 / 10
B. XSS scanning
QUESTION 2
The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router\\'s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company\\'s external router\\'s IP which is 128.20.176.19:
11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400 Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration?
A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company\\'s ISP should be contacted and instructed to block the malicious packets.
B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication.
C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks.
D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company\\'s external router to block incoming UDP port 19 traffic.
Correct Answer: A
The exhibit displays logs that are indicative of an active fraggle attack. A Fraggle attack is similar to a smurf attack in that it is a denial of service attack, but the difference is that a fraggle attack makes use of ICMP and UDP ports 7 and 19. Thus when the senior engineer uses a network analyzer to identify the attack he should contact the company\\'s ISP to block those malicious packets.
QUESTION 3
Given the following output from a security tool in Kali:
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 3 / 10
A. Log reduction
B. Network enumerator
QUESTION 4
An organization relies heavily on third-party mobile applications for official use within a BYOD deployment scheme An excerpt from an approved text-based-chat client application AndroidManifest xml is as follows:
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 4 / 10
Which of the following would restrict application permissions while minimizing the impact to normal device operations?
A. Add the application to the enterprise mobile whitelist.
B. Use the MDM to disable the devices\\' recording microphones and SMS.
C. Wrap the application before deployment.
D. Install the application outside of the corporate container.
Correct Answer: B
QUESTION 5
A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An additional split- tunnel VPN provides bi-directional connectivity back to the main office, which provides voice connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless. Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality when making phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating excessive network traffic. After malware removal, the information security department is asked to review the configuration and suggest changes to prevent this from happening again. Which of the following denotes the BEST way to mitigate future malware risk?
A. Deploy new perimeter firewalls at all stores with UTM functionality.
B. Change antivirus vendors at the store and the corporate office.
C. Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution.
D. Deploy a proxy server with content filtering at the corporate office and route all traffic through it.
Correct Answer: A
A perimeter firewall is located between the local network and the Internet where it can screen network traffic flowing in and out of the organization. A firewall with unified threat management (UTM) functionalities includes anti-malware capabilities.
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 5 / 10
QUESTION 6
A technician is reviewing the following log:
Which of the following tools should the organization implement to reduce the highest risk identified in this log?
A. NIPS
B. DLP
C. NGFW
D. SIEM
QUESTION 7
To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions.
Which of the following approaches is described?
A. Blue team
B. Red team
C. Black box
D. White team
Correct Answer: C
QUESTION 8
Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company\\'s final software releases? (Choose two.)
A. Unsecure protocols
C. Weak passwords
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 6 / 10
D. Included third-party libraries
QUESTION 9
During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels. Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?
A. Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.
B. Perform ASIC password cracking on the host.
C. Read the /etc/passwd file to extract the usernames.
D. Initiate unquoted service path exploits.
E. Use the UNION operator to extract the database schema.
Correct Answer: C
Which of the following provides the BEST risk calculation methodology?
A. Annual Loss Expectancy (ALE) x Value of Asset
B. Potential Loss x Event Probability x Control Failure Probability
C. Impact x Threat x Vulnerability
D. Risk Likelihood x Annual Loss Expectancy (ALE)
Correct Answer: B
Of the options given, the BEST risk calculation methodology would be Potential Loss x Event Probability x Control Failure Probability. This exam is about computer and data security so `loss\\' caused by risk is not necessarily a monetary value.
For example:
Potential Loss could refer to the data lost in the event of a data storage failure.
Event probability could be the risk a disk drive or drives failing.
Control Failure Probability could be the risk of the storage RAID not being able to handle the number of failed hard
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 7 / 10
drives without losing data.
QUESTION 11
An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization $10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution?
A. $0
B. $7,500
C. $10,000
D. $12,500
E. $15,000
Correct Answer: B
The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as: ALE = ARO x SLE Single Loss Expectancy (SLE) is mathematically expressed as: Asset value (AV) x Exposure Factor (EF) SLE = AV x EF - Thus the Single Loss Expectancy (SLE) = ALE/ARO = $15,000 / 2 = $ 7,500 References: http://www.financeformulas.net/Return_on_Investment.html
https://en.wikipedia.org/wiki/Risk_assessment
QUESTION 12
A company has expenenced negative publicity associated with users giving out their credentials accidentally or sharing intellectual secrets were not properly defined. The company recently implemented some new policies and is now testing
their effectiveness. Over the last three months, the number of phishing victims-dropped from 100 to only two in the last test The DLP solution that was implemented catches potential material leaks, and the user responsible is retrained
Personal email accounts and USB drives are restricted from the corporate network.
Given the improvements, which of the following would a security engineer identify as being needed in a gap analysis?
A. Additional corporate-wide training on phishing.
B. A policy outlining what is and is not acceptable on social media.
C. Notifications when a user falls victim to a phishing attack.
D. Positive DLP preventions with stronger enforcement.
Correct Answer: B
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 8 / 10
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 9 / 10
https://www.lead4pass.com/cas-004.html 2021 Latest lead4pass CAS-004 PDF and VCE dumps Download
To Read the Whole Q&As, please purchase the Complete Version from Our website.
Try our product !
100% Guaranteed Success 100% Money Back Guarantee 365 Days Free Update Instant Download After Purchase 24x7 Customer Support Average 99.9% Success Rate More than 800,000 Satisfied Customers Worldwide Multi-Platform capabilities - Windows, Mac, Android, iPhone, iPod, iPad, Kindle
We provide exam PDF and VCE of Cisco, Microsoft, IBM, CompTIA, Oracle and other IT Certifications. You can view Vendor list of All Certification Exams offered:
https://www.lead4pass.com/allproducts
Need Help Please provide as much detail as possible so we can best assist you. To update a previously submitted ticket:
Any charges made through this site will appear as Global Simulators Limited. All trademarks are the property of their respective owners.
Copyright © lead4pass, All Rights Reserved.
Powered by TCPDF (www.tcpdf.org)
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 10 / 10
Pass CompTIA CAS-004 Exam with 100% Guarantee
Free Download Real Questions & Answers PDF and VCE file from:
https://www.lead4pass.com/cas-004.html
100% Passing Guarantee 100% Money Back Assurance
Following Questions and Answers are all new published by CompTIA Official Exam Center
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 1 / 10
QUESTION 1
A security analyst sees some suspicious entries in a log file from a web server website, which has a form that allows customers to leave feedback on the company\\'s products. The analyst believes a malicious actor is scanning the web form. To know which security controls to put in place, the analyst first needs to determine the type of activity occurring to design a control. Given the log below:
Which of the following is the MOST likely type of activity occurring?
A. SQL injection
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 2 / 10
B. XSS scanning
QUESTION 2
The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router\\'s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company\\'s external router\\'s IP which is 128.20.176.19:
11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400 Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration?
A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company\\'s ISP should be contacted and instructed to block the malicious packets.
B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication.
C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks.
D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company\\'s external router to block incoming UDP port 19 traffic.
Correct Answer: A
The exhibit displays logs that are indicative of an active fraggle attack. A Fraggle attack is similar to a smurf attack in that it is a denial of service attack, but the difference is that a fraggle attack makes use of ICMP and UDP ports 7 and 19. Thus when the senior engineer uses a network analyzer to identify the attack he should contact the company\\'s ISP to block those malicious packets.
QUESTION 3
Given the following output from a security tool in Kali:
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 3 / 10
A. Log reduction
B. Network enumerator
QUESTION 4
An organization relies heavily on third-party mobile applications for official use within a BYOD deployment scheme An excerpt from an approved text-based-chat client application AndroidManifest xml is as follows:
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 4 / 10
Which of the following would restrict application permissions while minimizing the impact to normal device operations?
A. Add the application to the enterprise mobile whitelist.
B. Use the MDM to disable the devices\\' recording microphones and SMS.
C. Wrap the application before deployment.
D. Install the application outside of the corporate container.
Correct Answer: B
QUESTION 5
A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An additional split- tunnel VPN provides bi-directional connectivity back to the main office, which provides voice connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless. Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality when making phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating excessive network traffic. After malware removal, the information security department is asked to review the configuration and suggest changes to prevent this from happening again. Which of the following denotes the BEST way to mitigate future malware risk?
A. Deploy new perimeter firewalls at all stores with UTM functionality.
B. Change antivirus vendors at the store and the corporate office.
C. Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution.
D. Deploy a proxy server with content filtering at the corporate office and route all traffic through it.
Correct Answer: A
A perimeter firewall is located between the local network and the Internet where it can screen network traffic flowing in and out of the organization. A firewall with unified threat management (UTM) functionalities includes anti-malware capabilities.
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 5 / 10
QUESTION 6
A technician is reviewing the following log:
Which of the following tools should the organization implement to reduce the highest risk identified in this log?
A. NIPS
B. DLP
C. NGFW
D. SIEM
QUESTION 7
To prepare for an upcoming audit, the Chief Information Security Officer (CISO) asks for all 1200 vulnerabilities on production servers to be remediated. The security engineer must determine which vulnerabilities represent real threats that can be exploited so resources can be prioritized to migrate the most dangerous risks. The CISO wants the security engineer to act in the same manner as would an external threat, while using vulnerability scan results to prioritize any actions.
Which of the following approaches is described?
A. Blue team
B. Red team
C. Black box
D. White team
Correct Answer: C
QUESTION 8
Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company\\'s final software releases? (Choose two.)
A. Unsecure protocols
C. Weak passwords
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 6 / 10
D. Included third-party libraries
QUESTION 9
During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels. Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?
A. Spawn a shell using sudo and an escape string such as sudo vim -c ‘!sh’.
B. Perform ASIC password cracking on the host.
C. Read the /etc/passwd file to extract the usernames.
D. Initiate unquoted service path exploits.
E. Use the UNION operator to extract the database schema.
Correct Answer: C
Which of the following provides the BEST risk calculation methodology?
A. Annual Loss Expectancy (ALE) x Value of Asset
B. Potential Loss x Event Probability x Control Failure Probability
C. Impact x Threat x Vulnerability
D. Risk Likelihood x Annual Loss Expectancy (ALE)
Correct Answer: B
Of the options given, the BEST risk calculation methodology would be Potential Loss x Event Probability x Control Failure Probability. This exam is about computer and data security so `loss\\' caused by risk is not necessarily a monetary value.
For example:
Potential Loss could refer to the data lost in the event of a data storage failure.
Event probability could be the risk a disk drive or drives failing.
Control Failure Probability could be the risk of the storage RAID not being able to handle the number of failed hard
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 7 / 10
drives without losing data.
QUESTION 11
An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization $10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution?
A. $0
B. $7,500
C. $10,000
D. $12,500
E. $15,000
Correct Answer: B
The annualized loss expectancy (ALE) is the product of the annual rate of occurrence (ARO) and the single loss expectancy (SLE). It is mathematically expressed as: ALE = ARO x SLE Single Loss Expectancy (SLE) is mathematically expressed as: Asset value (AV) x Exposure Factor (EF) SLE = AV x EF - Thus the Single Loss Expectancy (SLE) = ALE/ARO = $15,000 / 2 = $ 7,500 References: http://www.financeformulas.net/Return_on_Investment.html
https://en.wikipedia.org/wiki/Risk_assessment
QUESTION 12
A company has expenenced negative publicity associated with users giving out their credentials accidentally or sharing intellectual secrets were not properly defined. The company recently implemented some new policies and is now testing
their effectiveness. Over the last three months, the number of phishing victims-dropped from 100 to only two in the last test The DLP solution that was implemented catches potential material leaks, and the user responsible is retrained
Personal email accounts and USB drives are restricted from the corporate network.
Given the improvements, which of the following would a security engineer identify as being needed in a gap analysis?
A. Additional corporate-wide training on phishing.
B. A policy outlining what is and is not acceptable on social media.
C. Notifications when a user falls victim to a phishing attack.
D. Positive DLP preventions with stronger enforcement.
Correct Answer: B
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 8 / 10
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 9 / 10
https://www.lead4pass.com/cas-004.html 2021 Latest lead4pass CAS-004 PDF and VCE dumps Download
To Read the Whole Q&As, please purchase the Complete Version from Our website.
Try our product !
100% Guaranteed Success 100% Money Back Guarantee 365 Days Free Update Instant Download After Purchase 24x7 Customer Support Average 99.9% Success Rate More than 800,000 Satisfied Customers Worldwide Multi-Platform capabilities - Windows, Mac, Android, iPhone, iPod, iPad, Kindle
We provide exam PDF and VCE of Cisco, Microsoft, IBM, CompTIA, Oracle and other IT Certifications. You can view Vendor list of All Certification Exams offered:
https://www.lead4pass.com/allproducts
Need Help Please provide as much detail as possible so we can best assist you. To update a previously submitted ticket:
Any charges made through this site will appear as Global Simulators Limited. All trademarks are the property of their respective owners.
Copyright © lead4pass, All Rights Reserved.
Powered by TCPDF (www.tcpdf.org)
Latest CAS-004 Dumps | CAS-004 Practice Test | CAS-004 Braindumps 10 / 10
Related Documents
