CAS-004認定お試し[2024年06月14日] 最新CAS-004のPDF問題集 [Q142-Q163]

Share

CAS-004認定お試し[2024年06月14日] 最新CAS-004のPDF問題集

ベストCompTIA CAS-004学習ガイドと問題集でof2024年更新

質問 # 142
A security analyst wants to keep track of alt outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outbound traffic to a perimeter firewall. When the security analyst gets the connection events from the firewall, the source IP of the outbound web traffic is the translated IP of the web filtering solution. Considering this scenario involving source NAT. which of the following would be the BEST option to inject in the HTTP header to include the real source IP from workstations?

  • A. Strict-Transport-Security
  • B. X-Forwarded-Proto
  • C. Content-Security-Policy
  • D. X-Forwarded-For
  • E. Cache-Control

正解:D


質問 # 143
A software house is developing a new application. The application has the following requirements:
Reduce the number of credential requests as much as possible

Integrate with social networks

Authenticate users

Which of the following is the BEST federation method to use for the application?

  • A. OpenID
  • B. OAuth
  • C. WS-Federation
  • D. SAML

正解:D

解説:
SAML and OAuth2 are open standard protocols designed with different, but related goals.
Primarily, SAML 2.0 is designed to authenticate a user, so providing user identity data to a service. OAuth 2.0 is designed as an authorization protocol permitting a user to share access to specific resources with a service provider.


質問 # 144
Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.
Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?

  • A. Capture all log and feed then to a SIEM and then for cloud service events
  • B. Implement a CASB solution and track cloud service use cases for greater visibility.
  • C. Implement a user-behavior system to associate user events and cloud service creation events.
  • D. Compile a list of firewall requests and compare than against interesting cloud services.

正解:C


質問 # 145
Joe an application security engineer is performing an audit of an environmental control application.
He has implemented a robust SDLC process and is reviewing API calls available to the application.
During the review, Joe finds the following in a log file.

Which of the following would BEST mitigate the issue Joe has found?

  • A. Deploy a WAF in front of the API and implement rate limiting
  • B. Ensure the API uses SNMPv1.
  • C. Perform authentication via a secure channel
  • D. Verify the API uses HTTP GET instead of POST

正解:C


質問 # 146
The Chief Information Security Officer is concerned about the possibility of employees downloading
'malicious files from the internet and 'opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

  • A. Scan all downloads using an antivirus engine on the web proxy.
  • B. Integrate the web proxy with threat intelligence feeds.
  • C. Block known malware sites on the web proxy.
  • D. Execute the files in the sandbox on the web proxy.

正解:D

解説:
Explanation
Executing the files in the sandbox on the web proxy is the best solution to reduce the risk of employees downloading and opening malicious files from the internet. A sandbox is a secure and isolated environment that can run untrusted or potentially harmful code without affecting the rest of the system. By executing the files in the sandbox, the web proxy can analyze their behavior and detect any malicious activity before allowing them to reach the corporate workstations.
References: [CompTIA CASP+ Study Guide, Second Edition, page 273]


質問 # 147
A company's Chief Information Security Officer is concerned that the company's proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.
Which of the following compensating controls would be BEST to implement in this situation?

  • A. EDR
  • B. UEBA
  • C. HIDS
  • D. SIEM

正解:D


質問 # 148
An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card dat a. Which of the following commands should the analyst run to BEST determine whether financial data was lost?

  • A. Option B
  • B. Option A
  • C. Option D
  • D. Option C

正解:D


質問 # 149
A team is at the beginning stages of designing a new enterprise-wide application. The new application will have a large database and require a capital investment in hardware. The Chief Information Officer (IO) has directed the team to save money and reduce the reliance on the datacenter, and the vendor must specialize in hosting large databases in the cloud. Which of the following cloud-hosting options would BEST meet these needs?

  • A. Community IaaS
  • B. Multi-tenancy SaaS
  • C. Single-tenancy PaaS
  • D. Hybrid IaaS

正解:C


質問 # 150
A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company's Chief Financial Officer loses a phone multiple times a year.
Which of the following will MOST likely secure the data on the lost device?

  • A. Require MFA to access company applications.
  • B. Require a VPN to be active to access company data.
  • C. Remotely wipe the device.
  • D. Set up different profiles based on the person's risk.

正解:C

解説:
Explanation
Remotely wiping the device is the best way to secure the data on the lost device, as it would erase all the data and prevent unauthorized access. Requiring a VPN to be active to access company data may not protect the data on the device itself, as it could be stored locally or cached. Setting up different profiles based on the person's risk may not prevent data loss or theft, as it depends on the level of access and encryption. Requiring MFA to access company applications may not protect the data on the device itself, as it could be stored locally or cached. Verified References: https://www.comptia.org/blog/what-is-byod
https://partners.comptia.org/docs/default-source/resources/casp-content-guide


質問 # 151
A company security engineer arrives at work to face the following scenario:
1) Website defacement
2) Calls from the company president indicating the website needs to be fixed Immediately because It Is damaging the brand
3) A Job offer from the company's competitor
4) A security analyst's investigative report, based on logs from the past six months, describing how lateral movement across the network from various IP addresses originating from a foreign adversary country resulted in exfiltrated data Which of the following threat actors Is MOST likely involved?

  • A. Competitor
  • B. Script kiddie
  • C. APT/nation-state
  • D. Organized crime

正解:C

解説:
Explanation
An Advanced Persistent Threat (APT) is an attack that is targeted, well-planned, and conducted over a long period of time by a nation-state actor. The evidence provided in the scenario indicates that the security analyst has identified a foreign adversary, which is strong evidence that an APT/nation-state actor is responsible for the attack. Resources:
CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter 5: "Advanced Persistent Threats," Wiley,
2018. https://www.wiley.com/en-us/CompTIA+Advanced+Security+Practitioner+CASP%2B+Study+Guide%2C


質問 # 152
A company's SOC has received threat intelligence about an active campaign utilizing a specific vulnerability.
The company would like to determine whether it is vulnerable to this active campaign.
Which of the following should the company use to make this determination?

  • A. A system penetration test
  • B. The Cyber Kill Chain
  • C. Log analysis within the SIEM tool
  • D. Threat hunting

正解:D


質問 # 153
A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.
Which of the following would be BEST to proceed with the transformation?

  • A. A load balancer with a round-robin configuration
  • B. An on-premises solution as a backup
  • C. A multicloud provider solution
  • D. An active-active solution within the same tenant

正解:C

解説:
Explanation
An active-active cluster does nothing if the cloud provider goes down. One of the main features of multi-cloud is redundancy.https://www.cloudflare.com/learning/cloud/what-is-multicloud/


質問 # 154
A SOC analyst is reviewing malicious activity on an external, exposed web server. During the investigation, the analyst determines specific traffic is not being logged, and there is no visibility from the WAF for the web application.
Which of the following is the MOST likely cause?

  • A. A certificate on the WAF is expired.
  • B. Old, vulnerable cipher suites are still being used.
  • C. HTTP traffic is not forwarding to HTTPS to decrypt.
  • D. The user agent client is not compatible with the WAF.

正解:C

解説:
Explanation
This could be the cause of the lack of visibility from the WAF (Web Application Firewall) for the web application, as the WAF may not be able to inspect or block unencrypted HTTP traffic. To solve this issue, the web server should redirect all HTTP requests to HTTPS and use SSL/TLS certificates to encrypt the traffic.


質問 # 155
A security analyst notices a number of SIEM events that show the following activity:

Which of the following response actions should the analyst take FIRST?

  • A. Restart Microsoft Windows Defender.
  • B. Disable local administrator privileges on the endpoints.
  • C. Disable powershell.exe on all Microsoft Windows endpoints.
  • D. Configure the forward proxy to block 40.90.23.154.

正解:D

解説:
top the data exfiltration and sever all malicious traffic first, and then clean up the internal mess.


質問 # 156
An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack?

  • A. A turbine would overheat and cause physical harm.
  • B. The engineers would need to go to the historian.
  • C. Data would be exfiltrated through the data diodes.
  • D. The SCADA equipment could not be maintained.

正解:A


質問 # 157
A company just released a new video card. Due to limited supply and high demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

  • A. Mitigated
  • B. Low
  • C. Inherent
  • D. Residual.
  • E. Transferred

正解:D


質問 # 158
An organization based in the United States is planning to expand its operations into the European market later in the year Legal counsel is exploring the additional requirements that must be established as a result of the expansion. The BEST course of action would be to

  • A. revise the employee provisioning and deprovisioning procedures
  • B. complete a quantitative risk assessment
  • C. complete a security questionnaire focused on data privacy.
  • D. draft a memorandum of understanding

正解:C


質問 # 159
A company hired a third party to develop software as part of its strategy to be quicker to market.
The company's policy outlines the following requirements:
- The credentials used to publish production software to the container
registry should be stored in a secure location.
- Access should be restricted to the pipeline service account, without
the ability for the third-party developer to read the credentials
directly.
Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

  • A. Local secure password file
  • B. Key vault
  • C. MFA
  • D. TPM

正解:B

解説:
Key Vault is a cloud service for securely storing and accessing secrets. A secret is anything that you want to tightly control access to, such as API keys, passwords, certificates, or cryptographic keys. Key Vault service supports two types of containers: vaults and managed hardware security module (HSM).
https://intellipaat.com/blog/what-is-azure-key-vault/


質問 # 160
An organization's finance system was recently attacked. A forensic analyst is reviewing the contents of the compromised files for credit card dat a. Which of the following commands should the analyst run to BEST determine whether financial data was lost?

  • A. Option B
  • B. Option A
  • C. Option D
  • D. Option C

正解:D


質問 # 161
A network administrator for a completely air-gapped and closed system has noticed that anomalous external files have been uploaded to one of the critical servers. The administrator has reviewed logs in the SIEM that were collected from security appliances, network infrastructure devices, and endpoints.
Which of the following processes, if executed, would be MOST likely to expose an attacker?

  • A. Looking for privileged credential reuse on the network
  • B. Reviewing video from IP cameras within the facility
  • C. Implementing integrity checks on endpoint computing devices
  • D. Reconfiguring the SIEM connectors to collect data from the perimeter network hosts

正解:B

解説:
Reviewing video from IP cameras within the facility would be the most likely process to expose an attacker who has compromised an air-gapped system. Since air-gapped systems are isolated from external networks, an attacker would need physical access to the system or use some covert channel to communicate with it. Video surveillance could reveal any unauthorized or suspicious activity within the facility that could be related to the attack. Verified References:
https://www.welivesecurity.com/wp-content/uploads/2021/12/eset_jumping_the_air_gap_wp.pdf
https://en.wikipedia.org/wiki/Air-Gap_Malware
https://www.techtarget.com/searchsecurity/essentialguide/How-air-gap-attacks-challenge-the-notion-of-sec


質問 # 162
A financial institution has several that currently employ the following controls:
* The severs follow a monthly patching cycle.
* All changes must go through a change management process.
* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.
* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.
An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process.
Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

  • A. Disable automatic patch update capabilities on the servers
  • B. Enhanced audit logging on the jump servers and ship the logs to the SIEM.
  • C. Implement file integrity monitoring with automated alerts on the servers.
  • D. Require more than one approver for all change management requests.

正解:C


質問 # 163
......

有効なCAS-004試験 最新問題で2024年最新の学習ガイド:https://jp.fast2test.com/CAS-004-premium-file.html

トップクラスCompTIA CAS-004試験最先端学習ガイド!練習問題バージョン:https://drive.google.com/open?id=118JcFVpTII6VOFGwYWgFcAWJh_50_ERp


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어