[2024年11月30日] 合格率取得する秘訣はCAS-004認定試験エンジンPDF [Q73-Q96]

Share

[2024年11月30日] 合格率取得する秘訣はCAS-004認定試験エンジンPDF

CAS-004試験問題集合格できるには更新された2024年11月テスト問題集


CASP+ 資格認定は、サイバーセキュリティ分野で経験を持ち、キャリアを次のレベルに引き上げたい人に最適です。リスク管理、エンタープライズセキュリティアーキテクチャ、調査、協業など、幅広いトピックをカバーしています。この認定により、プロフェッショナルはリスクを評価し軽減する能力、安全なソリューションを設計する能力、および最善の実践を実装して組織の情報資産を保護する能力を証明できます。

 

質問 # 73
An organization developed an incident response plan. Which of the following would be BEST to assess the effectiveness of the plan?

  • A. Creating a playbook
  • B. Requesting a third-party review
  • C. Generating a checklist by organizational unit
  • D. Performing a tabletop exercise
  • E. Establishing role succession and call lists

正解:D


質問 # 74
A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.
Which of the following encryption methods should the cloud security engineer select during the implementation phase?

  • A. Array controller-based
  • B. Instance-based
  • C. Storage-based
  • D. Proxy-based

正解:C

解説:
Explanation
We recommend that you encrypt your virtual hard disks (VHDs) to help protect your boot volume and data volumes at rest in storage, along with your encryption keys and secrets. Azure Disk Encryption helps you encrypt your Windows and Linux IaaS virtual machine disks. Azure Disk Encryption uses the industry-standard BitLocker feature of Windows and the DM-Crypt feature of Linux to provide volume encryption for the OS and the data disks. The solution is integrated with Azure Key Vault to help you control and manage the disk-encryption keys and secrets in your key vault subscription. The solution also ensures that all data on the virtual machine disks are encrypted at rest in Azure Storage.https://docs.microsoft.com/en-us/azure/security/fundamentals/iaas


質問 # 75
A security analyst notices a number of SIEM events that show the following activity:

Which of the following response actions should the analyst take FIRST?

  • A. Disable local administrator privileges on the endpoints.
  • B. Restart Microsoft Windows Defender.
  • C. Configure the forward proxy to block 40.90.23.154.
  • D. Disable powershell.exe on all Microsoft Windows endpoints.

正解:C

解説:
The SIEM events show that powershell.exe was executed on multiple endpoints with an outbound connection to 40.90.23.154, which is an IP address associated with malicious activity. This could indicate a malware infection or a command-and-control channel. The best response action is to configure the forward proxy to block 40.90.23.154, which would prevent further communication with the malicious IP address. Disabling powershell.exe on all endpoints may not be feasible or effective, as it could affect legitimate operations and not remove the malware. Restarting Microsoft Windows Defender may not detect or stop the malware, as it could have bypassed or disabled it. Disabling local administrator privileges on the endpoints may not prevent the malware from running or communicating, as it could have escalated privileges or used other methods. Verified Reference: https://www.comptia.org/blog/what-is-a-forward-proxy https://partners.comptia.org/docs/default-source/resources/casp-content-guide


質問 # 76
A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization websites are:
* www.mycompany.org
* www.mycompany.com
* campus.mycompany.com
* wiki. mycompany.org
The solution must save costs and be able to protect all websites. Users should be able to notify the cloud security engineer of any on-path attacks. Which of the following is the BEST solution?

  • A. Purchase one certificate for each website.
  • B. Purchase one wildcard certificate.
  • C. Implement self-signed certificates.
  • D. Purchase one SAN certificate.

正解:B

解説:
Purchasing one wildcard certificate is the best solution to protect multiple websites hosted by an organization in a cloud-hosted WAF. A wildcard certificate is a type of SSL/TLS certificate that can secure a domain name and any number of its subdomains with a single certificate. For example, a wildcard certificate for
*.mycompany.com can secure www.mycompany.com, campus.mycompany.com, and any other subdomain under mycompany.com. A wildcard certificate can save costs and simplify management compared to purchasing individual certificates for each website.
References: [CompTIA CASP+ Study Guide, Second Edition, page 301]


質問 # 77
Given the following log snippet from a web server:

Which of the following BEST describes this type of attack?

  • A. SQL injection
  • B. Cross-site scripting
  • C. Cross-site request forgery
  • D. Brute-force

正解:A

解説:
Clearly trying to pass SQL code for the user field, this is clearly an example of SQL injection.
Cross site forgery is when you try to bypass or change the web path to by pass the index.


質問 # 78
An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

  • A. Enable the x-Forwarded-For header al the load balancer.
  • B. Install a software-based HIDS on the application servers.
  • C. Use stored procedures on the database server.
  • D. Install a certificate signed by a trusted CA.
  • E. Store the value of the $_server ( ' REMOTE_ADDR ' ] received by the web servers.

正解:D


質問 # 79
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.
Which of the following should the organization perform NEXT?

  • A. Move to the next risk in the register.
  • B. Recalculate the magnitude of impact.
  • C. Update the organization's threat model.
  • D. Assess the residual risk.

正解:B


質問 # 80
An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice.
Which of the following should the organization consider FIRST to address this requirement?

  • A. Implement a change management plan to ensure systems are using the appropriate versions.
  • B. Design an appropriate warm site for business continuity.
  • C. Hire additional on-call staff to be deployed if an event occurs.
  • D. Identify critical business processes and determine associated software and hardware requirements.

正解:D

解説:
When developing a plan, the first thing to consider is the business process and their impact on operations. A warm site does not make sense even if it were to be first, as a warm site does not replicate in a manner that provides "moments notice" fail over.


質問 # 81
A security architect needs to implement a CASB solution for an organization with a highly distributed remote workforce. One Of the requirements for the implementation includes the capability to discover SaaS applications and block access to those that are unapproved or identified as risky. Which of the following would BEST achieve this objective?

  • A. Deploy endpoint agents that monitor local web traffic to enforce DLP and encryption policies.
  • B. Implement cloud infrastructure to proxy all user web traffic and control access according to centralized policy.
  • C. Implement cloud infrastructure to proxy all user web traffic to enforce DI-P and encryption policies.
  • D. Deploy endpoint agents that monitor local web traffic and control access according to centralized policy.

正解:B

解説:
CASBs provide you with visibility into how clients and other network nodes are using cloud services. Some of the functions of a CASB are:
- Enable single sign-on authentication and enforce access controls and authorizations from the enterprise network to the cloud provider.
- Scan for malware and rogue or non-compliant device access.
- Monitor and audit user and resource activity.
- Mitigate data exfiltration by preventing access to unauthorized cloud services from managed devices.


質問 # 82
The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements:
* Monitors traffic to and from both local NAS and cloud-based file repositories
* Prevents on-site staff who are accessing sensitive customer Pll documents on file repositories from accidentally or deliberately sharing sensitive documents on personal Saa$S solutions
* Uses document attributes to reduce false positives
* Is agentless and not installed on staff desktops or laptops
Which of the following when installed and configured would BEST meet the CSO's requirements? (Select TWO).

  • A. NGFW
  • B. CASB
  • C. UEBA
  • D. UTM
  • E. HIPS
  • F. DLP

正解:B、F

解説:
DLP, or data loss prevention, and CASB, or cloud access security broker, are the solutions that when installed and configured would best meet the CSO's requirements. DLP is a technology that monitors and prevents unauthorized or accidental data leakage or exfiltration from an organization's network or devices. DLP can use document attributes, such as metadata, keywords, or fingerprints, to identify and classify sensitive data and enforce policies on how they can be accessed, transferred, or shared. CASB is a technology that acts as a proxy or intermediary between an organization's cloud services and its users. CASB can provide visibility, compliance, threat protection, and data security for cloud-based applications and data. CASB can also prevent on-site staff from accessing personal SaaS solutions that are not authorized by the organization.
References: [CompTIA CASP+ Study Guide, Second Edition, pages 281-282 and 424-425]


質問 # 83
A security engineer has been asked to close all non-secure connections from the corporate network. The engineer is attempting to understand why the corporate UTM will not allow users to download email via IMAPS. The engineer formulates a theory and begins testing by creating the firewall ID 58, and users are able to download emails correctly by using IMAP instead. The network comprises three VLANs:

The security engineer looks at the UTM firewall rules and finds the following:

Which of the following should the security engineer do to ensure IMAPS functions properly on the corporate user network?

  • A. Contact the email service provider and ask if the company IP is blocked.
  • B. Create an IMAPS firewall rule to ensure email is allowed.
  • C. Make sure the UTM certificate is imported on the corporate computers.
  • D. Confirm the email server certificate is installed on the corporate computers.

正解:B

解説:
IMAPS (Internet Message Access Protocol Secure) is a protocol that allows users to access and manipulate email messages on a remote mail server over a secure connection. IMAPS uses SSL/TLS encryption to protect the communication between the client and the server. IMAPS uses port 993 by default. To ensure IMAPS functions properly on the corporate user network, the security engineer should create an IMAPS firewall rule on the UTM (Unified Threat Management) device that allows traffic from VLAN 10 (Corporate Users) to VLAN 20 (Email Server) over port 993. The existing firewall rules do not allow this traffic, as they only allow HTTP (port 80), HTTPS (port 443), and SMTP (port 25). References:
https://www.techopedia.com/definition/2460/internet-message-access-protocol-secure-imapshttps://www.sophos


質問 # 84
A company hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements:
The credentials used to publish production software to the container registry should be stored in a secure location.
Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.
Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

  • A. Local secure password file
  • B. Key vault
  • C. MFA
  • D. TPM

正解:D


質問 # 85
After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used.
Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

  • A. Disable BGP and implement OSPF.
  • B. Disable BGP and implement a single static route for each internal network.
  • C. Implement an inbound BGP prefix list.
  • D. Implement a BGP route reflector.

正解:D


質問 # 86
A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:
1. The network supports core applications that have 99.99% uptime.
2. Configuration updates to the SD-WAN routers can only be initiated
from the management service.
3. Documents downloaded from websites must be scanned for malware.
Which of the following solutions should the network architect implement to meet the requirements?

  • A. Reverse proxy, stateful firewalls, and VPNs at the local sites
  • B. IDSs, WAFs, and forward proxy IDS
  • C. IPSs at the hub, Layer 4 firewalls, and DLP
  • D. DoS protection at the hub site, mutual certificate authentication, and cloud proxy

正解:D

解説:
To meet the requirements, the network architect should implement the following solutions:
DoS protection at the hub site: To ensure the network supports core applications with 99.99% uptime, the network architect should implement DoS (denial of service) protection at the hub site.
This can help to prevent DoS attacks, which can disrupt the availability of the network and its applications.
Mutual certificate authentication: To ensure that configuration updates to the SD-WAN routers can only be initiated from the management service, the network architect should implement mutual certificate authentication. This involves requiring the management service to present a valid certificate before it can initiate configuration updates, and requiring the SD-WAN routers to present a valid certificate before they can accept updates.
Cloud proxy: To ensure that documents downloaded from websites are scanned for malware, the network architect should implement a cloud proxy. A cloud proxy is a security service that is hosted in the cloud and can be used to inspect traffic for malware and other threats before it reaches the network.


質問 # 87
A small bank is evaluating different methods to address and resolve the following requirements
" Must be able to store credit card data using the smallest amount of data possible
* Must be compliant with PCI DSS
* Must maintain confidentiality if one piece of the layer is compromised Which of the following is the best solution for the bank?

  • A. Homomorphic encryption
  • B. Masking
  • C. Scrubbing
  • D. Tokenization

正解:D

解説:
Tokenization is the process of replacing sensitive data, like credit card numbers, with unique identification symbols (tokens) that retain all the essential information without compromising its security. This method is compliant with PCI DSS requirements as it ensures that actual credit card data is not stored or processed, thus minimizing the risk of data breaches. Tokenization also maintains confidentiality even if part of the data handling system is compromised, as the tokens do not hold any exploitable data.


質問 # 88
A PaaS provider deployed a new product using a DevOps methodology.
Because DevOps is used to support both development and production assets inherent separation of duties is limited.
To ensure compliance with security frameworks that require a specific set of controls relating to separation of duties the organization must design and implement an appropriate compensating control.
Which of the following would be MOST suitable in this scenario?

  • A. Configuration of MFA and context-based login restrictions for all DevOps personnel
  • B. Development of standard code libraries and usage of the WS-security module on all web servers
  • C. Configuration of increased levels of logging, monitoring and alerting on production access
  • D. Implementation of peer review, static code analysis and web application penetration testing against the staging environment

正解:C


質問 # 89
A bank is working with a security architect to find the BEST solution to detect database management system compromises. The solution should meet the following requirements:
* Work at the application layer
* Send alerts on attacks from both privileged and malicious users
* Have a very low false positive
Which of the following should the architect recommend?

  • A. FIM
  • B. DAM
  • C. NIPS
  • D. UTM
  • E. WAF

正解:B


質問 # 90
A cloud security architect has been tasked with selecting the appropriate solution given the following:
* The solution must allow the lowest RTO possible.
* The solution must have the least shared responsibility possible.
* Patching should be a responsibility of the CSP.
Which of the following solutions can BEST fulfill the requirements?

  • A. Private
  • B. Paas
  • C. Saas
  • D. laas

正解:C

解説:
SaaS, or software as a service, is the solution that can best fulfill the requirements of having the lowest RTO possible, the least shared responsibility possible, and patching as a responsibility of the CSP. SaaS is a cloud service model that provides users with access to software applications hosted and managed by the CSP over the internet. SaaS has the lowest RTO (recovery time objective), which is the maximum acceptable time for restoring a system or service after a disruption, because it does not require any installation, configuration, or maintenance by the users. SaaS also has the least shared responsibility possible because most of the security aspects are handled by the CSP, such as patching, updating, backup, encryption, authentication, etc.
References: [CompTIA CASP+ Study Guide, Second Edition, pages 403-404]


質問 # 91
A new corporate policy requires that all employees have access to corporate resources on personal mobile devices.
The information assurance manager is concerned about the potential for inadvertent and malicious data disclosure if a device is lost, while users are concerned about corporate overreach.
Which of the following controls would address these concerns and should be reflected in the company's mobile device policy?

  • A. install remote wiping capabilities
  • B. Ensure all company communications use a VPN
  • C. Place corporate applications in a container
  • D. Enable geolocation on all devices

正解:C


質問 # 92
A security architect works for a manufacturing organization that has many different branch offices. The architect is looking for a way to reduce traffic and ensure the branch offices receive the latest copy of revoked certificates issued by the CA at the organization's headquarters location. The solution must also have the lowest power requirement on the CA.
Which of the following is the BEST solution?

  • A. Deploy an RA on each branch office.
  • B. Send the new CRLs by using GPO.
  • C. Configure clients to use OCSP.
  • D. Use Delta CRLs at the branches.

正解:C

解説:
Reference:
OCSP (Online Certificate Status Protocol) is a protocol that allows clients to check the revocation status of certificates in real time by querying an OCSP responder server. This would enable the organization to determine whether it is vulnerable to the active campaign utilizing a specific vulnerability, as it would show if any certificates have been compromised or revoked. Deploying an RA (registration authority) on each branch office may not help with checking the revocation status of certificates, as an RA is responsible for verifying the identity of certificate applicants, not issuing or revoking certificates. Using Delta CRLs (certificate revocation lists) at the branches may not provide timely or accurate information on certificate revocation status, as CRLs are updated periodically and may not reflect the latest changes. Implementing an inbound BGP (Border Gateway Protocol) prefix list may not help with checking the revocation status of certificates, as BGP is a protocol for routing network traffic between autonomous systems, not verifying certificates. Verified Reference: https://www.comptia.org/blog/what-is-ocsp https://partners.comptia.org/docs/default-source/resources/casp-content-guide


質問 # 93
A Chief Information Security Officer (CISO) is creating a security committee involving multiple business units of the corporation.
Which of the following is the BEST justification to ensure collaboration across business units?

  • A. The CISO is uniquely positioned to control the flow of vulnerability information between business units.
  • B. Without business unit collaboration, risks introduced by one unit that affect another unit may go without compensating controls.
  • C. A risk to one business unit is a risk avoided by all business units, and liberal BYOD policies create new and unexpected avenues for attackers to exploit enterprises.
  • D. A single point of coordination is required to ensure cybersecurity issues are addressed in protected, compartmentalized groups.

正解:B


質問 # 94
A development team releases updates to an application regularly.
The application is compiled with several standard open-source security products that require a minimum version for compatibility.
During the security review portion of the development cycle, which of the following should be done to minimize possible application vulnerabilities?

  • A. The developers should require an exact version of the open-source security products, preventing the introduction of new vulnerabilities.
  • B. The application development team should move to an Agile development approach to identify security concerns faster
  • C. The application should eliminate the use of open-source libraries and products to prevent known vulnerabilities from being included.
  • D. The change logs for the third-party libraries should be reviewed for security patches, which may need to be included in the release.

正解:D


質問 # 95
A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:
1. The network supports core applications that have 99.99% uptime.
2. Configuration updates to the SD-WAN routers can only be initiated from the management service.
3. Documents downloaded from websites must be scanned for malware.
Which of the following solutions should the network architect implement to meet the requirements?

  • A. Reverse proxy, stateful firewalls, and VPNs at the local sites
  • B. IDSs, WAFs, and forward proxy IDS
  • C. IPSs at the hub, Layer 4 firewalls, and DLP
  • D. DoS protection at the hub site, mutual certificate authentication, and cloud proxy

正解:B


質問 # 96
......

CAS-004テスト問題練習は2024年最新のに更新された445問あります:https://jp.fast2test.com/CAS-004-premium-file.html

更新されたプレミアムCAS-004試験エンジンPDF:https://drive.google.com/open?id=118JcFVpTII6VOFGwYWgFcAWJh_50_ERp


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어