CAS-004 PDF問題集で2025年04月09日試験問題 有効なCAS-004問題集
究極のCAS-004準備ガイドで無料最新のCompTIA練習テスト問題集
Comptia CAS-004(Comptia Advanced Security Practitioner(CASP+))認定試験は、サイバーセキュリティの分野でキャリアを進めたいIT専門家向けに設計された高度なレベルの認定です。認定試験は、複雑なサイバーセキュリティソリューションの設計、実装、および管理における候補者の知識とスキルを検証します。
質問 # 223
A security architect was asked to modify an existing internal network design to accommodate the following requirements for RDP:
* Enforce MFA for RDP
* Ensure RDP connections are only allowed with secure ciphers.
The existing network is extremely complex and not well segmented. Because of these limitations, the company has requested that the connections not be restricted by network-level firewalls Of ACLs.
Which of the following should the security architect recommend to meet these requirements?
- A. Implement a reverse proxy for remote desktop with a secure cipher configuration enforced.
- B. Implement a bastion host with a secure cipher configuration enforced.
- C. Implement a remote desktop gateway server, enforce secure ciphers, and configure to use OTP
- D. Implement a GPO that enforces TLS cipher suites and limits remote desktop access to only VPN users.
正解:C
解説:
A remote desktop gateway server is a solution that allows users to connect to remote desktops or applications over the internet using the Remote Desktop Protocol (RDP). A remote desktop gateway server can enforce MFA for RDP by integrating with Azure AD MFA using the Network Policy Server (NPS) extension. The NPS extension can send an OTP (one-time password) to the user's phone or mobile app as a second factor of authentication. A remote desktop gateway server can also enforce secure ciphers by configuring the SSL Cipher Suite Order Group Policy setting to specify the preferred order of cipher suites for TLS/SSL connections. Verified Reference:
https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-plan-access-from-anywhere
https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg
https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings#ssl-cipher-suite-order
質問 # 224
A security engineer needs to implement a solution to increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. The endpoint security team is overwhelmed with alerts and wants a solution that has minimal operational burdens. Additionally, the solution must maintain a positive user experience after implementation.
Which of the following is the BEST solution to meet these objectives?
- A. Implement EDR, keep users in the local administrators group, and enable user behavior analytics.
- B. Implement EDR, remove users from the local administrators group, and enable privilege escalation monitoring.
- C. Implement Privileged Access Management (PAM), keep users in the local administrators group, and enable local administrator account monitoring.
- D. Implement PAM, remove users from the local administrators group, and prompt users for explicit approval when elevated privileges are required.
正解:D
解説:
PAM (Privileged Access Management) is a solution that can increase the security posture of user endpoints by providing more visibility and control over local administrator accounts. By implementing PAM, removing users from the local administrators group, and prompting users for explicit approval when elevated privileges are required, the security engineer can reduce the attack surface, prevent unauthorized access, and enforce the principle of least privilege. Implementing PAM, keeping users in the local administrators group, and enabling local administrator account monitoring may not provide enough control or visibility over local administrator accounts, as users could still abuse or compromise their privileges. Implementing EDR (Endpoint Detection and Response) may not provide enough control or visibility over local administrator accounts, as EDR is mainly focused on detecting and responding to threats, not managing privileges. Enabling user behavior analytics may not provide enough control or visibility over local administrator accounts, as user behavior analytics is mainly focused on identifying anomalies or risks in user activity, not managing privileges. Verified References:
https://www.comptia.org/blog/what-is-pamhttps://partners.comptia.org/docs/default-source/resources/casp-conte
質問 # 225
A server in a manufacturing environment is running an end-of-life operating system. The vulnerability management team is recommending that the server be upgraded to a supported operating system, but the ICS software running on the server is not compatible with modem operating systems. Which of the following compensating controls should be implemented to BEST protect the server?
- A. HIPS
- B. Antivirus
- C. Application allow list
- D. Host-based firewall
正解:D
解説:
host-based firewall A software application running on a single host and designed to protect only that host.
質問 # 226
While investigating a security event, an analyst finds evidence that a user opened an email attachment from an unknown source. Shortly after the user opened the attachment, a group of servers experienced a large amount of network and resource activity. Upon investigating the servers, the analyst discovers the servers were encrypted by ransomware that is demanding payment within 48 hours or all data will be destroyed. The company has no response plans for ransomware.
Which of the following is the NEXT step the analyst should take after reporting the incident to the management team?
- A. Notify law enforcement.
- B. Isolate the servers to prevent the spread.
- C. Request that the affected servers be restored immediately.
- D. Pay the ransom within 48 hours.
正解:B
解説:
Isolating the servers is the best immediate action to take after reporting the incident to the management team, as it can limit the damage and contain the ransomware infection. Paying the ransom is not advisable, as it does not guarantee the recovery of the data and may encourage further attacks. Notifying law enforcement is a possible step, but not the next one after reporting. Requesting that the affected servers be restored immediately may not be feasible or effective, as it depends on the availability and integrity of backups, and it does not address the root cause of the attack. Verified References:
https://www.comptia.org/blog/what-is-ransomware-and-how-to-protect-yourselfhttps://www.comptia.org/certific
質問 # 227
A customer requires secure communication of subscribed web services at all times, but the company currently signs its own certificate requests to an internal CA. Which of the following approaches will best meet the customer's requirements?
- A. Process a CSR for a server authentication certificate.
- B. Request a software signing certificate from a public CA.
- C. Submit a CSR for a wildcard certificate to a public CA.
- D. Generate a CSR to the local CA for email encryption.
正解:A
解説:
Step by Step Explanation:
* Server authentication certificates are used to secure web communication (e.g., HTTPS).
* Submitting a CSR (Certificate Signing Request) for a server authentication certificate ensures the web services can securely establish encrypted communication.
* Other options, such as email encryption or software signing, do not apply in this scenario.
Reference: CASP+ Exam Objectives 2.3 - Apply cryptographic techniques to secure communications.
質問 # 228
A pharmaceutical company was recently compromised by ransomware. Given the following EDR output from the process investigation:
On which of the following devices and processes did the ransomware originate?
- A. cpt-ws018, powershell.exe
- B. cpt-ws002, NO-AV.exe
- C. cpt-ws002, DearCry.exe
- D. cpt-ws026, NO-AV.exe
- E. cpt-ws026, DearCry.exe
正解:D
解説:
The EDR output shows the process tree of the ransomware infection. The root node is NO-AV.exe, which is a malicious executable that disables antivirus software and downloads the DearCry ransomware. The NO-AV.exe process was launched on cpt-ws026 by a user named John. The DearCry.exe process was then launched on cpt-ws026 by NO-AV.exe and propagated to other devices via SMB. Therefore, the ransomware originated from cpt-ws026 and NO-AV.exe. Verified References:
* https://www.microsoft.com/security/blog/2021/03/12/analyzing-dearcry-ransomware-the-first-attack-to-ex
* https://www.crowdstrike.com/blog/dearcry-ransomware-analysis/
質問 # 229
Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?
- A. BCM
- B. BIA
- C. SLA
- D. BCP
- E. RTO
正解:D
解説:
BCP refers to the plan and processes used during a response to a disruptive event.
質問 # 230
A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:
Which of the following ciphers should the security analyst remove to support the business requirements?
- A. TLS_AES_128_CCM_8_SHA256
- B. TLS_AES_128_GCM_SHA256
- C. TLS_CHACHA20_POLY1305_SHA256
- D. TLS_DHE_DSS_WITH_RC4_128_SHA
正解:D
解説:
The security analyst should remove the cipher TLS_DHE_DSS_WITH_RC4_128_SHA to support the business requirements, as it is considered weak and vulnerable to on-path attacks. RC4 is an outdated stream cipher that has been deprecated by major browsers and protocols due to its flaws and weaknesses. The other ciphers are more secure and compliant with secure-by-design principles and PCI DSS. Verified Reference: https://www.comptia.org/blog/what-is-a-cipher https://partners.comptia.org/docs/default-source/resources/casp-content-guide
質問 # 231
An application engineer is using the Swagger framework to leverage REST APIs to authenticate endpoints. The engineer is receiving HTTP 403 responses. Which of the following should the engineer do to correct this issue? (Select two).
- A. Obtain a public key.
- B. Obtain a hash value.
- C. Obtain a security token.
- D. Leverage OAuth for authentication.
- E. Leverage Kerberos for authentication
- F. Leverage LDAP for authentication.
正解:C、D
解説:
The HTTP 403 error indicates that the engineer does not have the appropriate permissions to access the endpoint. To correct this, the engineer should obtain a security token and leverage OAuth for authentication. OAuth is a widely used authorization framework for securing API endpoints, and obtaining a security token is a key step in authenticating API requests. These two steps will ensure the correct authentication process is followed, allowing access to the required API resources. CASP+ emphasizes the importance of using secure authentication mechanisms like OAuth for modern web applications and APIs.
Reference:
CASP+ CAS-004 Exam Objectives: Domain 3.0 - Enterprise Security Architecture (API Security, OAuth) CompTIA CASP+ Study Guide: API Security and OAuth for Authentication
質問 # 232
A security administrator wants to allow external organizations to cryptographically validate the company's domain name in email messages sent by employees. Which of the following should the security administrator implement?
- A. DKIM
- B. TLS
- C. SPF
- D. S/MIME
正解:A
質問 # 233
A company is implementing SSL inspection. During the next six months, multiple web applications that will be separated out with subdomains will be deployed.
Which of the following will allow the inspection of the data without multiple certificate deployments?
- A. Include all available cipher suites.
- B. Implement certificate pinning.
- C. Use a third-party CA.
- D. Create a wildcard certificate.
正解:D
解説:
A wildcard certificate is a certificate that can be used for multiple subdomains of a domain, such as
*.example.com. This would allow the inspection of the data without multiple certificate deployments, as one wildcard certificate can cover all the subdomains that will be separated out with subdomains. Including all available cipher suites may not help with inspecting the data without multiple certificate deployments, as cipher suites are used for negotiating encryption and authentication algorithms, not for verifying certificates.
Using a third-party CA (certificate authority) may not help with inspecting the data without multiple certificate deployments, as a third-party CA is an entity that issues and validates certificates, not a type of certificate.
Implementing certificate pinning may not help with inspecting the data without multiple certificate deployments, as certificate pinning is a technique that hardcodes the expected certificate or public key in the application code, not a type of certificate. Verified References:
https://www.comptia.org/blog/what-is-a-wildcard-certificate
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
質問 # 234
A hospitality company experienced a data breach that included customer Pll. The hacker used social engineering to convince an employee to grant a third-party application access to some company documents within a cloud file storage service. Which of the following is the BEST solution to help prevent this type of attack in the future?
- A. NGFW for web traffic inspection and activity monitoring
- B. Targeted employee training and awareness exercises
- C. CSPM for application configuration control
- D. CASB for OAuth application permission control
正解:D
解説:
The company should use CASB for OAuth application permission control to help prevent this type of attack in the future. CASB stands for cloud access security broker, which is a software tool that monitors and enforces security policies for cloud applications. CASB can help control which third-party applications can access the company's cloud file storage service and what permissions they have. CASB can also detect and block any unauthorized or malicious applications that try to access the company's data. Verified References:
https://www.kaspersky.com/resource-center/threats/how-to-avoid-social-engineering-attacks
https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/understanding-preventing-social-engin
https://www.indusface.com/blog/10-ways-businesses-can-prevent-social-engineering-attacks/
質問 # 235
A security analyst sees that a hacker has discovered some keys and they are being made available on a public website. The security analyst is then able to successfully decrypt the data using the keys from the website. Which of the following should the security analyst recommend to protect the affected data?
- A. Key escrow
- B. Key revocation
- C. Key rotation
- D. Zeroization
- E. Cryptographic obfuscation
正解:E
質問 # 236
A developer wants to maintain integrity to each module of a program and ensure the code cannot be altered by malicious users.
Which of the following would be BEST for the developer to perform? (Choose two.)
- A. Make the DACL read-only.
- B. Verify MD5 hashes.
- C. Implement certificate-based authentication.
- D. Compress the program with a password.
- E. Utilize code signing by a trusted third party.
- F. Encrypt with 3DES.
正解:B、E
質問 # 237
A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.
Which of the following would provide the BEST boot loader protection?
- A. TPM
- B. HSM
- C. PKI
- D. UEFI/BIOS
正解:A
解説:
A TPM (trusted platform module) is a hardware device that can provide boot loader protection by storing cryptographic keys and verifying the integrity of the boot process. An HSM (hardware security module) is similar to a TPM, but it is used for storing keys for applications, not for booting. A PKI (public key infrastructure) is a system of certificates and keys that can provide encryption and authentication, but not boot loader protection. UEFI/BIOS are firmware interfaces that control the boot process, but they do not provide protection by themselves. Verified References: https://www.comptia.org/blog/what-is-a-tpm-trusted-platform- module https://partners.comptia.org/docs/default-source/resources/casp-content-guide
質問 # 238
The Chief information Officer (CIO) asks the system administrator to improve email security at the company based on the following requirements:
* Transaction being requested by unauthorized individuals.
* Complete discretion regarding client names, account numbers, and investment information.
* Malicious attackers using email to malware and ransomeware.
* Exfiltration of sensitive company information.
The cloud-based email solution will provide anti-malware reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the boar's concerns for this email migration?
- A. SSL VPN
- B. Data loss prevention
- C. Application whitelisting
- D. Endpoint detection response
正解:B
質問 # 239
A web service provider has just taken on a very large contract that comes with requirements that are currently not being implemented in order to meet contractual requirements, the company must achieve the following thresholds
* 99 99% uptime
* Load time in 3 seconds
* Response time = <1 0 seconds
Starting with the computing environment, which of the following should a security engineer recommend to BEST meet the requirements? (Select THREE)
- A. Ensuring technological diversity on critical servers
- B. Utilizing redundant power for all developer workstations
- C. Implementing server clusters
- D. Employing bare-metal loading of applications
- E. Installing a firewall at corporate headquarters
- F. Implementing RAID on the backup servers
- G. Deploying a content delivery network
- H. Lowering storage input/output
正解:C、G、H
解説:
To meet the contractual requirements of the web service provider, a security engineer should recommend the following actions:
Deploying a content delivery network (CDN): A CDN is a distributed system of servers that delivers web content to users based on their geographic location, the origin of the content, and the performance of the network. A CDN can help improve the uptime, load time, and response time of web services by caching content closer to the users, reducing latency and bandwidth consumption. A CDN can also help mitigate distributed denial-of-service (DDoS) attacks by absorbing or filtering malicious traffic before it reaches the origin servers, reducing the impact on the web service availability12.
Implementing server clusters: A server cluster is a group of servers that work together to provide high availability, scalability, and load balancing for web services. A server cluster can help improve the uptime, load time, and response time of web services by distributing the workload across multiple servers, reducing the risk of single points of failure and performance bottlenecks. A server cluster can also help recover from failures by automatically switching to another server in case of a malfunction34.
Lowering storage input/output (I/O): Storage I/O is the amount of data that can be read from or written to a storage device in a given time. Storage I/O can affect the performance of web services by limiting the speed of data transfer between the servers and the storage devices. Lowering storage I/O can help improve the load time and response time of web services by reducing the latency and congestion of data access. Lowering storage I/O can be achieved by using faster storage devices, such as solid-state drives (SSDs), optimizing the storage layout and configuration, such as using RAID or striping, and caching frequently accessed data in memory5 .
Installing a firewall at corporate headquarters is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services. A firewall is a device or software that filters and blocks unwanted network traffic based on predefined rules. A firewall can help improve the security of web services by preventing unauthorized access and attacks, but it may also introduce additional latency and complexity to the network.
Employing bare-metal loading of applications is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services. Bare-metal loading is a technique that allows applications to run directly on hardware without an operating system or a hypervisor. Bare-metal loading can help improve the performance and efficiency of applications by eliminating the overhead and interference of other software layers, but it may also increase the difficulty and cost of deployment and maintenance.
Implementing RAID on the backup servers is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services. RAID (redundant array of independent disks) is a technique that combines multiple disks into a logical unit that provides improved performance, reliability, or both. RAID can help improve the availability and security of backup data by protecting it from disk failures or corruption, but it may also introduce additional complexity and overhead to the backup process.
Utilizing redundant power for all developer workstations is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services. Redundant power is a technique that provides multiple sources of power for an IT system in case one fails. Redundant power can help improve the availability and reliability of developer workstations by preventing them from losing power due to outages or surges, but it may also increase the cost and energy consumption of the system.
Ensuring technological diversity on critical servers is not a recommended action to meet the contractual requirements, as it does not directly affect the uptime, load time, or response time of web services. Technological diversity is a technique that uses different types of hardware, software, or platforms in an IT environment. Technological diversity can help improve resilience by reducing single points of failure and increasing compatibility, but it may also introduce additional complexity and inconsistency to the environment. Reference: What Is CDN? How Does CDN Work? | Imperva, What Is Server Clustering? | IBM, What Is Server Clustering? | IBM, Server Clustering: What It Is & How It Works | Liquid Web, Storage I/O Performance - an overview | ScienceDirect Topics, [How to Improve Storage I/O Performance | StarWind Blog], [What Is Firewall Security? | Cisco], [What is Bare Metal? | IBM], [What is RAID? | Dell Technologies US], [What Is Redundant Power Supply? | Dell Technologies US], [Technological Diversity - an overview | ScienceDirect Topics]
質問 # 240
An e-commerce company is running a web server on premises, and the resource utilization is usually less than
30%. During the last two holiday seasons, the server experienced performance issues because of too many connections, and several customers were not able to finalize purchase orders. The company is looking to change the server configuration to avoid this kind of performance issue.
Which of the following is the MOST cost-effective solution?
- A. Move the server to a cloud provider.
- B. Upgrade the server with a new one.
- C. Buy a new server and create an active-active cluster.
- D. Change the operating system.
正解:A
解説:
Explanation
Moving the server to a cloud provider is the most cost-effective solution to avoid performance issues caused by too many connections during peak seasons, such as holidays. Moving the server to a cloud provider can provide scalability, elasticity, and availability for the web server, as it can adjust its resources and capacity according to the demand and traffic. Moving the server to a cloud provider can also reduce operational and maintenance costs, as the cloud provider can handle the infrastructure and security aspects. Changing the operating system may not help avoid performance issues, as it could introduce compatibility or functionality problems, and it may not address the resource or capacity limitations. Buying a new server and creating an active-active cluster may help avoid performance issues, but it may not be cost-effective, as it could involve hardware and software expenses, as well as complex configuration and management tasks. Upgrading the server with a new one may help avoid performance issues, but it may not be cost-effective, as it could involve hardware and software expenses, as well as migration and testing efforts. Verified References:
https://www.comptia.org/blog/what-is-cloud-computing
https://partners.comptia.org/docs/default-source/resources/casp-content-guide
質問 # 241
An organization established an agreement with a partner company for specialized help desk services. A senior security officer within the organization Is tasked with providing documentation required to set up a dedicated VPN between the two entities. Which of the following should be required?
- A. ISA
- B. NDA
- C. SLA
- D. MOU
正解:A
解説:
An ISA, or interconnection security agreement, is a document that should be required to set up a dedicated VPN between two entities that provide specialized help desk services. An ISA defines the technical and security requirements for establishing, operating, and maintaining a secure connection between two or more organizations. An ISA also specifies the roles and responsibilities of each party, the security controls and policies to be implemented, the data types and classifications to be exchanged, and the incident response procedures to be followed.
質問 # 242
A company wants to configure its wireless network to require username and password authentication. Which of the following should the system administrator implement?
- A. WPS
- B. TKIP
- C. PEAP
- D. PKI
正解:C
質問 # 243
A software developer is working on a piece of code required by a new software package. The code should use a protocol to verify the validity of a remote identity. Which of the following should the developer implement in the code?
- A. HSTS
- B. OCSP
- C. CRL
- D. RSA
正解:B
解説:
Another means of providing up to date information regarding the status of a certificate is to check the certificate's status on an Online Certificate Status Protocol (OCSP) server, referred to as an OCSP responder. Rather than return a whole CRL, this just communicates the status of the requested certificate. Details of the OCSP responder service should be published in the certificate.
質問 # 244
A security compliance requirement states that specific environments that handle sensitive data must be protected by need-to-know restrictions and can only connect to authorized endpoints. The requirement also states that a DLP solution within the environment must be used to control the data from leaving the environment.
Which of the following should be implemented for privileged users so they can support the environment from their workstations while remaining compliant?
- A. A jump box in the screened subnet
- B. FIM on the servers storing the data
- C. NAC to control authorized endpoints
- D. A general VPN solution to the primary network
正解:D
質問 # 245
A vulnerability scanner detected an obsolete version of an open-source file-sharing application on one of a company's Linux servers. While the software version is no longer supported by the OSS community, the company's Linux vendor backported fixes, applied them for all current vulnerabilities, and agrees to support the software in the future.
Based on this agreement, this finding is BEST categorized as a:
- A. true positive.
- B. true negative.
- C. false negative.
- D. false positive.
正解:A
解説:
A true positive is a finding that is confirmed as a valid vulnerability. In this case, the vulnerability was identified and then patched and supported by the Linux vendor, making it a true positive.
質問 # 246
A security administrator at a global organization wants to update password complexity rules for a system containing personally identifiable information. Which of the following would be the best resource for this information?
- A. NIST
- B. GDPR
- C. COPPA
- D. CMMI
正解:A
解説:
Step by Step
NIST (National Institute of Standards and Technology): Provides comprehensive password guidelines (e.g., SP 800-63B) widely used for securing systems, including handling PII.
GDPR (General Data Protection Regulation): Focuses on data privacy laws rather than technical password policies.
CMMI (Capability Maturity Model Integration): Addresses process improvement, not password complexity.
COPPA (Children's Online Privacy Protection Act): Focuses on child data privacy, not password rules.
質問 # 247
......
合格率 取得する秘訣はCAS-004認定試験エンジンPDF:https://jp.fast2test.com/CAS-004-premium-file.html
今すぐ試そう!高評価CompTIA CAS-004試験問題集:https://drive.google.com/open?id=1kyH5rkirsjNpGLctVrG9DAOqODK1gwN-