CAS-004のPDF問題集で2025年02月25日試験問題 有効なCAS-004問題集
究極のCAS-004準備ガイドで無料最新のCompTIA練習テスト問題集
質問 # 186
Which of the following is a risk associated with SDN?
- A. Reduced visibility of scaling capabilities
- B. Expanded attack surface
- C. Increased hardware management costs
- D. New firmware vulnerabilities
正解:B
解説:
A risk associated with SDN is the expanded attack surface that it introduces. SDN is a network architecture that decouples the control plane from the data plane, allowing centralized and programmable management of network devices and traffic. However, this also exposes new attack vectors and vulnerabilities that can compromise the security and performance of the network. For example, an attacker can target the SDN controller, which is the core component that communicates with and controls the network devices. A successful attack on the SDN controller can result in denial of service, unauthorized access, data leakage, or network hijacking. An attacker can also exploit the communication channels between the SDN controller and the network devices, such as the OpenFlow protocol, to intercept, modify, or inject malicious messages or commands. Additionally, an attacker can leverage malicious or compromised applications that run on top of the SDN controller to manipulate or disrupt the network behavior. Verified References:
* https://www.isaca.org/resources/isaca-journal/issues/2016/volume-4/benefits-and-the-security-risk-of- software-defined-networking
* https://link.springer.com/article/10.1007/s40860-022-00171-8
質問 # 187
An auditor Is reviewing the logs from a web application to determine the source of an Incident. The web application architecture Includes an Internet-accessible application load balancer, a number of web servers In a private subnet, application servers, and one database server In a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:
Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?
- A. Use stored procedures on the database server.
- B. Store the value of the $_server ( ' REMOTE_ADDR ' ] received by the web servers.
- C. Install a certificate signed by a trusted CA.
- D. Enable the x-Forwarded-For header al the load balancer.
- E. Install a software-based HIDS on the application servers.
正解:C
質問 # 188
A security researcher detonated some malware in a lab environment and identified the following commands running from the EDR tool:
With which of the following MITRE ATT&CK TTPs is the command associated? (Select TWO).
- A. OS credential dumping
- B. Indirect command execution
- C. External remote services
- D. System information discovery
- E. Network denial of service
- F. Inhibit system recovery
正解:A、D
解説:
OS credential dumping is the process of obtaining account login and password information, normally in the form of a hash or a clear text password, from the operating system and software. System information discovery is the process of gathering information about the system, such as hostname, IP address, OS version, running processes, etc. Both of these techniques are commonly used by adversaries to gain access to sensitive data and resources on the target system. The command shown in the image is using Mimikatz, a tool that can dump credentials from memory, and also querying the system information using WMIC. Verified References:
* https://attack.mitre.org/techniques/T1003/
* https://attack.mitre.org/techniques/T1082/
* https://github.com/gentilkiwi/mimikatz
* https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmic
質問 # 189
Due to internal resource constraints, the management team has asked the principal security architect to recommend a solution that shifts most of the responsibility for application-level controls to the cloud provider.
In the shared responsibility model, which of the following levels of service meets this requirement?
- A. Faas
- B. PaaS
- C. SaaS
- D. IaaS
正解:C
質問 # 190
A local university that has a global footprint is undertaking a complete overhaul of its website and associated systems. Some of the requirements are:
* Handle an increase in customer demand of resources
* Provide quick and easy access to information
* Provide high-quality streaming media
* Create a user-friendly interface
Which of the following actions should be taken FIRST?
- A. Deploy high-availability web servers.
- B. Enhance network access controls.
- C. Implement a content delivery network.
- D. Migrate to a virtualized environment.
正解:C
解説:
A content delivery network (CDN) is a geographically distributed network of servers that can cache content close to end users, allowing for faster and more efficient delivery of web content, such as images, videos, and streaming media. A CDN can also handle an increase in customer demand of resources, provide high-quality streaming media, and create a user-friendly interface by reducing latency and bandwidth consumption. A CDN can also improve the security and availability of the website by mitigating DDoS attacks and providing redundancy. Verified References:
https://www.cloudflare.com/learning/cdn/what-is-a-cdn/
https://learn.microsoft.com/en-us/azure/cdn/cdn-overview
https://en.wikipedia.org/wiki/Content_delivery_network
質問 # 191
Which of the following testing plans is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions?
- A. Full interruption test
- B. Disaster recovery checklist
- C. Parallel test
- D. Tabletop exercise
正解:D
解説:
Explanation
A tabletop exercise is a type of testing plan that is used to discuss disaster recovery scenarios with representatives from multiple departments within an incident response team but without taking any invasive actions. A tabletop exercise is a simulation of a potential disaster or incident that involves a verbal or written discussion of how each department would respond to it. The purpose of a tabletop exercise is to identify gaps, weaknesses, or conflicts in the disaster recovery plan, and to improve communication and coordination among the team members.
References: [CompTIA CASP+ Study Guide, Second Edition, page 455]
質問 # 192
A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:
The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:
Which of the following is an appropriate security control the company should implement?
- A. Parameterize a query in the path variable to prevent SQL injection.
- B. Restrict directory permission to read-only access.
- C. Separate the items in the system call to prevent command injection.
- D. Use server-side processing to avoid XSS vulnerabilities in path input.
正解:C
解説:
The company using the wrong port is the most likely root cause of why secure LDAP is not working. Secure LDAP is a protocol that provides secure communication between clients and servers using LDAP (Lightweight Directory Access Protocol), which is a protocol that allows querying and modifying directory services over TCP/IP. Secure LDAP uses SSL (Secure Sockets Layer) or TLS (Transport Layer Security) to encrypt LDAP traffic and prevent unauthorized disclosure or interception.
質問 # 193
A threat analyst notices the following URL while going through the HTTP logs.
Which of the following attack types is the threat analyst seeing?
- A. CSRF
- B. SQL injection
- C. XSS
- D. Session hijacking
正解:C
解説:
XSS stands for cross-site scripting, which is a type of attack that injects malicious code into a web page that is then executed by the browser of a victim. The URL in the question contains a script tag that tries to execute a JavaScript code from an external source, which is a sign of XSS. Verified References: https://www.comptia.
org/training/books/casp-cas-004-study-guide , https://owasp.org/www-community/attacks/xss/
質問 # 194
An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:
- Protection from DoS attacks against its infrastructure and web applications is in place.
- Highly available and distributed DNS is implemented.
- Static content is cached in the CDN.
- A WAF is deployed inline and is in block mode.
- Multiple public clouds are utilized in an active-passive architecture.
With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?
- A. A DDoS attack is targeted at the CDN.
- B. The API gateway endpoints are being directly targeted.
- C. The public cloud provider is applying QoS to the inbound customer traffic.
- D. The site is experiencing a brute-force credential attack.
正解:D
質問 # 195
A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.
Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?
- A. Implement MFA, review the application logs, and deploy a WAF.
- B. Change privileged usernames, review the OS logs, and deploy hardware tokens.
- C. Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
- D. Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.
正解:A
解説:
Reference:
Implementing MFA can add an extra layer of security to protect against unauthorized access if the vulnerability is exploited. Reviewing the application logs can help identify if any attempts have been made to exploit the vulnerability, and deploying a WAF can help block any attempts to exploit the vulnerability. While the other options may provide some level of security, they may not directly address the vulnerability and may not reduce the risk to an acceptable level.
質問 # 196
A security analyst is reading the results of a successful exploit that was recently conducted by third-party penetration testers. The testers reverse engineered a privileged executable. In the report, the planning and execution of the exploit is detailed using logs and outputs from the test However, the attack vector of the exploit is missing, making it harder to recommend remediation's. Given the following output:
The penetration testers MOST likely took advantage of:
- A. A TOC/TOU vulnerability
- B. A buffer overflow vulnerability
- C. An integer overflow vulnerability
- D. A plain-text password disclosure
正解:A
質問 # 197
A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:
Which of the following meets the budget needs of the business?
- A. Filter GHI
- B. Filter ABC
- C. Filter TUV
- D. Filter XYZ
正解:A
質問 # 198
An organization recently recovered from an attack that featured an adversary injecting Malicious logic into OS bootloaders on endpoint devices Therefore, the organization decided to require the use of TPM for measured boot and attestation, monitoring each component from the IJEFI through the full loading of OS components. of the following TPM structures enables this storage functionality?
- A. Endorsement tickets
- B. Clock/counter structures
- C. Command tag structures with MAC schemes
- D. Platform configuration registers
正解:D
質問 # 199
A firewall administrator needs to ensure all traffic across the company network is inspected. The administrator gathers data and finds the following information regarding the typical traffic in the network:
Which of the following is the BEST solution to ensure the administrator can complete the assigned task?
- A. A full-tunnel VPN
- B. SSL/TLS decryption
- C. An endpoint DLP solution
- D. Web content filtering
正解:D
質問 # 200
A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer's software. The security researcher asks for the manager's advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher?
- A. Publish proof-of-concept exploit code on a personal blog.
- B. Collect proof that the exploit works in order to expedite the process.
- C. Recommend legal consultation about the process.
- D. Visit a bug bounty website for the latest information.
正解:C
解説:
When a security researcher identifies a vulnerability, especially one involving remote code execution, they must navigate a process that protects them legally and ethically. The best advice here is to consult with legal professionals to understand any liabilities, such as potential violations of non-disclosure agreements (NDAs) or intellectual property concerns. Legal consultation ensures that the researcher follows responsible disclosure practices and avoids legal repercussions, which aligns with CASP+ guidance on managing vulnerabilities and the responsible handling of sensitive security information. CompTIA CASP+ emphasizes the importance of adhering to legal and regulatory frameworks when reporting vulnerabilities, especially when dealing with former employers or clients.
References:
* CASP+ CAS-004 Exam Objectives: Domain 1.0 - Risk Management (Responsible Disclosure, Legal Concerns)
* CompTIA CASP+ Study Guide: Handling Vulnerabilities and Legal Considerations
質問 # 201
A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.
Which of the following encryption methods should the cloud security engineer select during the implementation phase?
- A. Proxy-based
- B. Instance-based
- C. Storage-based
- D. Array controller-based
正解:C
解説:
We recommend that you encrypt your virtual hard disks (VHDs) to help protect your boot volume and data volumes at rest in storage, along with your encryption keys and secrets. Azure Disk Encryption helps you encrypt your Windows and Linux IaaS virtual machine disks. Azure Disk Encryption uses the industry- standard BitLocker feature of Windows and the DM-Crypt feature of Linux to provide volume encryption for the OS and the data disks. The solution is integrated with Azure Key Vault to help you control and manage the disk-encryption keys and secrets in your key vault subscription. The solution also ensures that all data on the virtual machine disks are encrypted at rest in Azure Storage. https://docs.microsoft.com/en-us/azure
/security/fundamentals/iaas
質問 # 202
An organization's finance system was recently attacked. A forensic analyst is reviewing the contents Of the compromised files for credit card data.
Which of the following commands should the analyst run to BEST determine whether financial data was lost?
- A. Option D
- B. Option A
- C. Option B
- D. Option C
正解:D
質問 # 203
Given the following log snippet from a web server:
Which of the following BEST describes this type of attack?
- A. Brute-force
- B. SQL injection
- C. Cross-site request forgery
- D. Cross-site scripting
正解:B
質問 # 204
A company's SOC has received threat intelligence about an active campaign utilizing a specific vulnerability.
The company would like to determine whether it is vulnerable to this active campaign.
Which of the following should the company use to make this determination?
- A. A system penetration test
- B. Log analysis within the SIEM tool
- C. The Cyber Kill Chain
- D. Threat hunting
正解:A
解説:
The security analyst should remove the cipher TLS_DHE_DSS_WITH_RC4_128_SHA to support the business requirements, as it is considered weak and vulnerable to on-path attacks. RC4 is an outdated stream cipher that has been deprecated by major browsers and protocols due to its flaws and weaknesses. The other ciphers are more secure and compliant with secure-by-design principles and PCI DSS. Verified References:
https://www.comptia.org/blog/what-is-a-cipher https://partners.comptia.org/docs/default-source/resources
/casp-content-guide
質問 # 205
A security analyst is reviewing SIEM events and is uncertain how to handle a particular event.
The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.
Based on this information, the security analyst acknowledges this alert.
Which of the following event classifications is MOST likely the reason for this action?
- A. Non-automated response
- B. True negative
- C. False negative
- D. False positive
正解:D
解説:
The security analyst acknowledges this alert because it is a false positive. A false positive is an event classification that indicates a benign or normal activity is mistakenly flagged as malicious or suspicious by the SIEM system. A false positive can occur due to misconfigured rules, outdated signatures, or faulty algorithms.
A false positive can waste the security analyst's time and resources, so it is important to acknowledge and dismiss it after verifying that it is not a real threat. Verified References:
https://www.ibm.com/topics/siem
https://www.microsoft.com/en-us/security/business/security-101/what-is-siem
https://www.splunk.com/en_us/data-insider/what-is-siem.html
質問 # 206
Company A acquired Company B.
During an audit, a security engineer found Company B's environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A's security program.
Which of the following risk-handling techniques was used?
- A. Accept
- B. Transfer
- C. Mitigate
- D. Avoid
正解:C
質問 # 207
A company wants to improve the security of its web applications that are running on in-house servers A risk assessment has been performed and the following capabilities are desired:
* Terminate SSL connections at a central location
* Manage both authentication and authorization for incoming and outgoing web service calls
* Advertise the web service API
* Implement DLP and anti-malware features
Which of the following technologies will be the BEST option?
- A. API gateway
- B. XML gateway
- C. WAF
- D. ESB gateway
正解:A
解説:
An API gateway is a device or software that acts as an intermediary between clients and servers that provide web services through application programming interfaces (APIs). An API gateway can provide various functions such as:
* Terminating SSL connections at a central location, reducing the overhead on the backend servers and simplifying certificate management
* Managing both authentication and authorization for incoming and outgoing web service calls, enforcing security policies and access control
* Advertising the web service API, providing documentation and discovery features for developers and consumers
* Implementing DLP and anti-malware features, preventing data leakage and malicious code injection A web application firewall (WAF) is a device or software that filters and blocks malicious web traffic from reaching an application. A WAF can provide some protection for web services, but it does not provide all the functions of an API gateway. An XML gateway is a device or software that validates, transforms, and routes XML messages between clients and servers that provide web services. An XML gateway can provide some functions of an API gateway, but it is limited to XML-based web services and does not support other formats such as JSON. An enterprise service bus (ESB) gateway is a device or software that integrates and orchestrates multiple web services into a single service or application. An ESB gateway can provide some functions of an API gateway, but it is more focused on business logic and workflow rather than security and performance. References: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 2: Enterprise Security Architecture, Objective 2.3:
Implement solutions for the secure use of cloud services
質問 # 208
A security analyst notices a number of SIEM events that show the following activity:
Which of the following response actions should the analyst take FIRST?
- A. Restart Microsoft Windows Defender.
- B. Disable local administrator privileges on the endpoints.
- C. Disable powershell.exe on all Microsoft Windows endpoints.
- D. Configure the forward proxy to block 40.90.23.154.
正解:D
解説:
The SIEM events show that powershell.exe was executed on multiple endpoints with an outbound connection to 40.90.23.154, which is an IP address associated with malicious activity. This could indicate a malware infection or a command-and-control channel. The best response action is to configure the forward proxy to block 40.90.23.154, which would prevent further communication with the malicious IP address. Disabling powershell.exe on all endpoints may not be feasible or effective, as it could affect legitimate operations and not remove the malware. Restarting Microsoft Windows Defender may not detect or stop the malware, as it could have bypassed or disabled it. Disabling local administrator privileges on the endpoints may not prevent the malware from running or communicating, as it could have escalated privileges or used other methods.
Verified References: https://www.comptia.org/blog/what-is-a-forward-proxy https://partners.comptia.org/docs
/default-source/resources/casp-content-guide
質問 # 209
......
合格率 取得する秘訣はCAS-004認定試験エンジンPDF:https://jp.fast2test.com/CAS-004-premium-file.html
今すぐ試そう!高評価CompTIA CAS-004試験問題集:https://drive.google.com/open?id=1kyH5rkirsjNpGLctVrG9DAOqODK1gwN-