[2025年04月02日] 最新CAS-004試験問題集には高得点で一発合格
無料提供中CAS-004ブレーン問題集とCAS-004リアル試験問題
CompTIA CAS-004試験の受験者は、通常、5年以上のITセキュリティでの実務経験を持つ経験豊富なITプロフェッショナルです。この試験は、実世界のシナリオにスキルと知識を適用する能力を試験するように設計されており、ITセキュリティ分野でキャリアアップを図りたいプロフェッショナルには優れた選択肢です。
質問 # 120
A security analyst is investigating a series of suspicious emails by employees to the security team. The email appear to come from a current business partner and do not contain images or URLs. No images or URLs were stripped from the message by the security tools the company uses instead, the emails only include the following in plain text.
Which of the following should the security analyst perform?
- A. Pull the devices of the affected employees from the network in case they are infected with a zero-day virus.
- B. Configure the email gateway to automatically quarantine all messages originating from the business partner.
- C. Block the IP address for the business partner at the perimeter firewall.
- D. Contact the security department at the business partner and alert them to the email event.
正解:D
解説:
Explanation
The best option for the security analyst to perform is to contact the security department at the business partner and alert them to the email event. The email appears to be a phishing attempt that tries to trick the employees into revealing their login credentials by impersonating a legitimate sender. The security department at the business partner should be notified so they can investigate the source and scope of the attack and take appropriate actions to protect their systems and users. Verified References:
https://www.comptia.org/training/books/casp-cas-004-study-guide , https://us-cert.cisa.gov/ncas/tips/ST04-014
質問 # 121
A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:
Unauthorized insertions into application development environments
Authorized insiders making unauthorized changes to environment configurations
Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)
- A. Model user behavior and monitor for deviations from normal.
- B. Perform static code analysis of committed code and generate summary reports.
- C. Continuously monitor code commits to repositories and generate summary logs.
- D. Monitor dependency management tools and report on susceptible third-party libraries.
- E. Implement an XML gateway and monitor for policy violations.
- F. Install an IDS on the development subnet and passively monitor for vulnerable services.
正解:B、C
質問 # 122
A company hired a third party to develop software as part of its strategy to be quicker to market. The company's policy outlines the following requirements:
https://i.postimg.cc/8P9sB3zx/image.png
The credentials used to publish production software to the container registry should be stored in a secure location.
Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.
Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?
- A. MFA
- B. Key vault
- C. Local secure password file
- D. TPM
正解:B
質問 # 123
Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts partial responsibility for application-level controls to the cloud provider. In the shared responsibility model, which of the following levels of service meets this requirement?
- A. PaaS
- B. FaaS
- C. SaaS
- D. laaS
正解:A
解説:
With the PAAS the responsibility is shared where the CSP would manage the underlying OS and the customer would manage the software that is running on top of the OS.
質問 # 124
A web service provider has just taken on a very large contract that comes with requirements that are currently not being implemented in order to meet contractual requirements, the company must achieve the following thresholds
* 99 99% uptime
* Load time in 3 seconds
* Response time = <1 0 seconds
Starting with the computing environment, which of the following should a security engineer recommend to BEST meet the requirements? (Select THREE)
- A. Implementing RAID on the backup servers
- B. Utilizing redundant power for all developer workstations
- C. Lowering storage input/output
- D. Deploying a content delivery network
- E. Ensuring technological diversity on critical servers
- F. Implementing server clusters
- G. Installing a firewall at corporate headquarters
- H. Employing bare-metal loading of applications
正解:C、D、F
解説:
To meet the contractual requirements of the web service provider, a security engineer should recommend the following actions:
* Deploying a content delivery network (CDN): A CDN is a distributed system of servers that delivers web content to users based on their geographic location, the origin of the content, and the performance of the network. A CDN can help improve the uptime, load time, and response time of web services by caching content closer to the users, reducing latency and bandwidth consumption. A CDN can also help mitigate distributed denial-of-service (DDoS) attacks by absorbing or filtering malicious traffic before it reaches the origin servers, reducing the impact on the web service availability12.
* Implementing server clusters: A server cluster is a group of servers that work together to provide high availability, scalability, and load balancing for web services. A server cluster can help improve the uptime, load time, and response time of web services by distributing the workload across multiple servers, reducing the risk of single points of failure and performance bottlenecks. A server cluster can also help recover from failures by automatically switching to another server in case of a malfunction34.
* Lowering storage input/output (I/O): Storage I/O is the amount of data that can be read from or written to a storage device in a given time. Storage I/O can affect the performance of web services by limiting the speed of data transfer between the servers and the storage devices. Lowering storage I/O can help improve the load time and response time of web services by reducing the latency and congestion of data access. Lowering storage I/O can be achieved by using faster storage devices, such as solid-state drives (SSDs), optimizing the storage layout and configuration, such as using RAID or striping, and caching frequently accessed data in memory5 .
Installing a firewall at corporate headquarters is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services. A firewall is a device or software that filters and blocks unwanted network traffic based on predefined rules. A firewall can help improve the security of web services by preventing unauthorized access and attacks, but it may also introduce additional latency and complexity to the network.
Employing bare-metal loading of applications is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services. Bare-metal loading is a technique that allows applications to run directly on hardware without an operating system or a hypervisor. Bare-metal loading can help improve the performance and efficiency of applications by eliminating the overhead and interference of other software layers, but it may also increase the difficulty and cost of deployment and maintenance.
Implementing RAID on the backup servers is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services. RAID (redundant array of independent disks) is a technique that combines multiple disks into a logical unit that provides improved performance, reliability, or both. RAID can help improve the availability and security of backup data by protecting it from disk failures or corruption, but it may also introduce additional complexity and overhead to the backup process.
Utilizing redundant power for all developer workstations is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services. Redundant power is a technique that provides multiple sources of power for an IT system in case one fails. Redundant power can help improve the availability and reliability of developer workstations by preventing them from losing power due to outages or surges, but it may also increase the cost and energy consumption of the system.
Ensuring technological diversity on critical servers is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services.
Technological diversity is a technique that uses different types of hardware, software, or platforms in an IT environment. Technological diversity can help improve resilience by reducing single points of failure and increasing compatibility, but it may also introduce additional complexity and inconsistency to the environment. References: What Is CDN? How Does CDN Work? | Imperva, What Is Server Clustering? | IBM, What Is Server Clustering? | IBM, Server Clustering: What It Is & How It Works | Liquid Web, Storage I/O Performance - an overview | ScienceDirect Topics, [How to Improve Storage I/O Performance | StarWind Blog], [What Is Firewall Security? | Cisco], [What is Bare Metal? | IBM], [What is RAID? | Dell Technologies US], [What Is Redundant Power Supply? | Dell Technologies US], [Technological Diversity - an overview | ScienceDirect Topics]
質問 # 125
After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst create to address future incidents?
- A. Root cause analysis
- B. Communication plan
- C. Lessons learned
- D. Runbook
正解:D
解説:
A runbook is a detailed guide that provides step-by-step instructions on how to respond to specific types of incidents. It is used by the SOC team to ensure a consistent, organized, and efficient response to incidents. In this case, after the incident investigation, creating a runbook would help standardize the response process for future security incidents, enabling the team to act quickly and effectively. CASP+ emphasizes the importance of having detailed runbooks for incident response as part of an organization's overall incident response strategy.
Reference:
CASP+ CAS-004 Exam Objectives: Domain 2.0 - Enterprise Security Operations (Incident Response and Runbooks) CompTIA CASP+ Study Guide: Incident Response Procedures and Runbooks
質問 # 126
A company is looking to fortify its cybersecurity defenses and is focusing on its network infrastructure. The solution cannot affect the availability of the company's services to ensure false positives do not drop legitimate traffic.
Which of the following would satisfy the requirement?
- A. NIDS
- B. Reverse proxy
- C. NIPS
- D. WAF
正解:A
解説:
Reference:
https://owasp.org/www-community/controls/Intrusion_Detection
質問 # 127
A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.
Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?
- A. The company will have access to the latest version to continue development.
- B. The company will be able to manage the third-party developer's development process.
- C. The company will be paid by the third-party developer to hire a new development team.
- D. The company will be able to force the third-party developer to continue support.
正解:D
質問 # 128
An analyst execute a vulnerability scan against an internet-facing DNS server and receives the following report:
Which of the following tools should the analyst use FIRST to validate the most critical vulnerability?
- A. Account enumerator
- B. Port scanner
- C. Exploitation framework
- D. Password cracker
正解:D
質問 # 129
A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:
Which of the following MOST appropriate corrective action to document for this finding?
- A. The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.
- B. The product owner should perform a business impact assessment regarding the ability to implement a WAF.
- C. The system administrator should evaluate dependencies and perform upgrade as necessary.
- D. The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.
正解:B
質問 # 130
A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:
Which of the following ciphers should the security analyst remove to support the business requirements?
- A. TLS_CHACHA20_POLY1305_SHA256
- B. TLS_AES_128_CCM_8_SHA256
- C. TLS_AES_128_GCM_SHA256
- D. TLS_DHE_DSS_WITH_RC4_128_SHA
正解:D
解説:
This document requires that Transport Layer Security (TLS) clients and servers never negotiate the use of RC4 cipher suites when they establish connections.
https://datatracker.ietf.org/doc/html/rfc7465
質問 # 131
A company has a website with a huge database. The company wants to ensure that a DR site could be brought online quickly in the event of a failover, and end users would miss no more than 30 minutes of data. Which of the following should the company do to meet these objectives?
- A. Store the nightly full backups at the DR site.
- B. Build a content caching system at the DR site.
- C. Increase the network bandwidth to the DR site.
- D. Implement real-time replication for the DR site.
正解:D
解説:
Real-time replication ensures that data is continuously mirrored to the DR site, minimizing data loss to within the recovery point objective (RPO) of 30 minutes. This method aligns with CASP+ objective 3.1, which emphasizes continuity and disaster recovery strategies to maintain business operations with minimal downtime and data loss.
________________________________________
質問 # 132
Following a recent security incident on a web server the security analyst takes HTTP traffic captures for further investigation.
The analyst suspects certain jpg files have important data hidden within them.
Which of the following tools will help get all the pictures from within the HTTP traffic captured to a specified folder?
- A. dd
- B. memdump
- C. nbtstat
- D. tshark
正解:D
質問 # 133
A security engineer is reviewing a record of events after a recent data breach incident that Involved the following:
* A hacker conducted reconnaissance and developed a footprint of the company s Internet-facing web application assets.
* A vulnerability in a third-party horary was exploited by the hacker, resulting in the compromise of a local account.
* The hacker took advantage of the account's excessive privileges to access a data store and exfiltrate the data without detection.
Which of the following is the BEST solution to help prevent this type of attack from being successful in the future?
- A. User behavior analysis
- B. Dynamic analysis
- C. Software composition analysis
- D. Web application firewall
- E. Secure web gateway
正解:D
解説:
A web application firewall (WAF) is a security device that inspects web application traffic and can detect and prevent malicious activity such as SQL injection, cross-site scripting, and malicious file uploads. This type of attack could have been prevented if a WAF was in place to monitor and block malicious traffic. Resources:
CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 4: "Web Application Firewalls," Wiley, 2018. https://www.wiley.com/en-us/CompTIA+Advanced+Security+Practitioner+CASP%2B+Study+Guide%2C+2nd+Edition-p-9781119396582
質問 # 134
A disaster recovery team learned of several mistakes that were made during the last disaster recovery parallel test. Computational resources ran out at 70% of restoration of critical services.
Which of the following should be modified to prevent the issue from reoccurring?
- A. Recovery point objective
- B. Mission-essential functions
- C. Recovery time objective
- D. Recovery service level
正解:D
解説:
Reference: https://www.nakivo.com/blog/disaster-recovery-in-cloud-computing/ The recovery service level is a metric that defines the minimum level of service or performance that a system or process must provide after a disaster or disruption. The recovery service level can include parameters such as availability, capacity, throughput, latency, etc. The recovery service level should be modified to prevent the issue of running out of computational resources at 70% of restoration of critical services. The recovery service level should be aligned with the recovery point objective (RPO) and the recovery time objective (RTO), which are the maximum acceptable amount of data loss and downtime respectively. References: https://www.
techopedia.com/definition/29836/recovery-service-level https://www.ibm.com/cloud/learn/recovery-point- objective https://www.ibm.com/cloud/learn/recovery-time-objective
質問 # 135
A security manager has written an incident response playbook for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook?
- A. Threat emulation
- B. Automated vulnerability scanning
- C. Centralized logging, data analytics, and visualization
- D. Threat hunting
正解:A
解説:
Explanation
Threat emulation is the method that should be used to test an incident response playbook for insider attacks.
Threat emulation is a technique that simulates real-world attacks using realistic scenarios, tactics, techniques, and procedures (TTPs) of threat actors. Threat emulation can help evaluate the effectiveness of an incident response plan by testing how well it can detect, respond to, contain, eradicate, recover from, and learn from an attack.
References: [CompTIA CASP+ Study Guide, Second Edition, page 461]
質問 # 136
An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:
mbedTLS: ca certificate undefined
Which of the following is the root cause of this issue?
- A. The VPN client configuration is missing the CA private key.
- B. OpenSSL is not configured to support PKCS#12 certificate files.
- C. The iOS keychain imported only the client public and private keys.
- D. iOS devices have an empty root certificate chain by default.
正解:C
解説:
The root cause of this issue is that the iOS keychain imported only the client public and private keys, but not the CA certificate. A PKCS#12 file (.p12 or .pfx) is a file format that contains a certificate and its private key, optionally protected by a password. A PKCS#12 file can also contain intermediate certificates or root certificates that are needed to verify the certificate chain. However, when importing a PKCS#12 file into the iOS keychain, only the certificate and its private key are imported, not the CA certificate. This means that the iOS device cannot verify the authenticity of the certificate, and displays the error message "mbedTLS: ca certificate undefined". To fix this issue, the CA certificate needs to be imported separately into the iOS keychain, either manually or using a configuration profile. Verified References:
https://developer.apple.com/documentation/devicemanagement/certificatepkcs12
https://support.apple.com/guide/deployment/distribute-certificates-depcdc9a6a3f/web
https://openvpn.net/faq/how-do-i-use-a-client-certificate-and-private-key-from-the-ios-keychain/
質問 # 137
A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process 'memory location. Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?
- A. Noexecute
- B. Execute never
- C. Total memory encryption
- D. Virtual memory protection
正解:B
解説:
Explanation
Execute never is a technology that can be enabled on the ARM architecture to prevent malware from inserting itself in another process' memory location. Execute never (also known as XN or NX) is a feature that marks certain memory regions as non-executable, meaning that they cannot be used to run code. This prevents malware from exploiting buffer overflows or other memory corruption vulnerabilities to inject malicious code into another process' memory space.
References: [CompTIA CASP+ Study Guide, Second Edition, page 295]
質問 # 138
A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.
Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?
- A. A jump box in the screened subnet
- B. A general VPN solution to the primary network
- C. FIM on the servers storing the data
- D. NAC to control authorized endpoints
正解:D
解説:
Network Access Control (NAC) is used to bolster the network security by restricting the availability of network resources to managed endpoints that don't satisfy the compliance requirements of the Organization.
質問 # 139
Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?
- A. Privacy risks are minimized.
- B. Biometric authenticators are immutable.
- C. Zero trust is achieved.
- D. The likelihood of account compromise is reduced.
正解:D
質問 # 140
A company with only U S -based customers wants to allow developers from another country to work on the company's website However, the company plans to block normal internet traffic from the other country Which of the following strategies should the company use to accomplish this objective? (Select two).
- A. Employ a reverse proxy for the developers
- B. Have the developers use the company's VPN
- C. Implement a WAP for the website
- D. Use NAT to enable access for the developers
- E. Block foreign IP addresses from accessing the website
- F. Give the developers access to a jump box on the network
正解:B、F
解説:
Having developers use the company's VPN can provide them with secure access to the network while still allowing the company to block normal internet traffic from the other country. A jump box serves as a secure entry point for administrators or in this case, developers, to connect before launching any administrative tasks or accessing further areas of the network. This setup maintains security while still providing necessary access.
質問 # 141
A new mandate by the corporate security team requires that all endpoints must meet a security baseline before accessing the corporate network. All servers and desktop computers are scanned by the dedicated internal scanner appliance installed in each subnet. However, remote worker laptops do not access the network regularly. Which of the following is the BEST option for the security team to ensure remote worker laptops are scanned before being granted access to the corporate network?
- A. Install a vulnerability scanning agent on each remote laptop to submit scan data.
- B. Implement network access control to perform host validation of installed patches.
- C. Create a vulnerability scanning subnet for remote workers to connect to on the network at headquarters.
- D. Create an 802.1X implementation with certificate-based device identification.
正解:A
質問 # 142
An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:
- Protection from DoS attacks against its infrastructure and web applications is in place.
- Highly available and distributed DNS is implemented.
- Static content is cached in the CDN.
- A WAF is deployed inline and is in block mode.
- Multiple public clouds are utilized in an active-passive architecture.
With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?
- A. The API gateway endpoints are being directly targeted.
- B. The site is experiencing a brute-force credential attack.
- C. The public cloud provider is applying QoS to the inbound customer traffic.
- D. A DDoS attack is targeted at the CDN.
正解:C
質問 # 143
Application owners are reporting performance issues with traffic using port 1433 from the cloud environment.
A security administrator has various pcap files to analyze the data between the related source and destination servers. Which of the following tools should be used to help troubleshoot the issue?
- A. Exploit framework
- B. Fuzz testing
- C. Wireless vulnerability scan
- D. Password cracker
- E. Protocol analyzer
正解:E
解説:
A protocol analyzer, such as Wireshark, is a tool used to capture and analyze network traffic. It allows security administrators to inspect individual packets, understand the traffic flow, and identify any unusual patterns or issues that may be impacting performance, such as high latency or unusual volume of traffic on a specific port.
質問 # 144
While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.
Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?
- A. Notify law enforcement.
- B. Request that the affected servers be restored immediately.
- C. Pay the ransom within 48 hours.
- D. Isolate the servers to prevent the spread.
正解:D
解説:
Isolating the servers is the best immediate action to take after reporting the incident to the management team, as it can limit the damage and contain the ransomware infection. Paying the ransom is not advisable, as it does not guarantee the recovery of the data and may encourage further attacks. Notifying law enforcement is a possible step, but not the next one after reporting. Requesting that the affected servers be restored immediately may not be feasible or effective, as it depends on the availability and integrity of backups, and it does not address the root cause of the attack. Verified Reference: https://www.comptia.org/blog/what-is-ransomware-and-how-to-protect-yourself https://www.comptia.org/certifications/comptia-advanced-security-practitioner
質問 # 145
......
CAS-004合格させる問題集でCompTIA24時間で試験合格できます:https://jp.fast2test.com/CAS-004-premium-file.html
CompTIA CAS-004実際の問題とブレーン問題集:https://drive.google.com/open?id=118JcFVpTII6VOFGwYWgFcAWJh_50_ERp