CAS-004 Online Practice Questions and Answers

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

1.

Leaked to the media via printing of the documents

2.

Sent to a personal email address

3.

Accessed and viewed by systems administrators

4.

Uploaded to a file storage site

Which of the following would mitigate the department's concerns?

A. Data loss detection, reverse proxy, EDR, and PGP

B. VDI, proxy, CASB, and DRM

C. Watermarking, forward proxy, DLP, and MFA

D. Proxy, secure VPN, endpoint encryption, and AV

A security architect is reviewing the following proposed corporate firewall architecture and configuration: Both firewalls are stateful and provide Layer 7 filtering and routing. The company has the following requirements:

1.

Web servers must receive all updates via HTTP/S from the corporate network.

2.

Web servers should not initiate communication with the Internet.

3.

Web servers should only connect to preapproved corporate database servers.

4.

Employees' computing devices should only connect to web services over ports 80 and 443.

Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

A. Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443

B. Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443

C. Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535

D. Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535

E. Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535

F. Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443

A company just released a new video card. Due to limited supply and nigh demand, attackers are employing automated systems to purchase the device through the company's web store so they can resell it on the secondary market. The company's Intended customers are frustrated. A security engineer suggests implementing a CAPTCHA system on the web store to help reduce the number of video cards purchased through automated systems. Which of the following now describes the level of risk?

A. Inherent Low

B. Mitigated

C. Residual

D. Transferred

A security analyst needs to recommend a remediation to the following threat:

Which of the following actions should the security analyst propose to prevent this successful exploitation?

A. Patch the system.

B. Update the antivirus.

C. Install a host-based firewall.

D. Enable TLS 1.2.

A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal?

A. Utilize the SAN certificate to enable a single certificate for all regions.

B. Deploy client certificates to all devices in the network.

C. Configure certificate pinning inside the application.

D. Enable HSTS on the application's server side for all communication.

Prior to a risk assessment inspection, the Chief Information Officer tasked the systems administrator with analyzing and reporting any configuration issues on the information systems, and then verifying existing security settings. Which of the following would be BEST to use?

A. SCAP

B. CVSS

C. XCCDF

D. CMDB

A security analyst is reviewing the data portion acquired from the following command:

tcpdump -lnvi icmp and src net 192.168.1.0/24 and dst net 0.0.0.0/0 -w output.pcap

The data portion of the packet capture shows the following:

The analyst suspects that a data exfiltration attack is occurring using a pattern in which the last five digits are encoding sensitive information. Which of the following technologies and associated rules should the analyst implement to stop this specific attack? (Choose two.)

A. Intrusion prevention system

B. Data loss prevention

C. sed -e 's/a-z.*0-9.*//g'

D. reject icmp any any <> any any (msg:"alert"; regex [a-z]{26}[0-9]{5})

E. Second-generation firewall

F. drop icmp from 192.168.1.0/24 to 0.0.0.0/0

A bank hired a security architect to improve its security measures against the latest threats. The solution must meet the following requirements:

1.

Recognize and block fake websites.

2.

Decrypt and scan encrypted traffic on standard and non-standard ports.

3.

Use multiple engines for detection and prevention.

4.

Have central reporting.

Which of the following is the BEST solution the security architect can propose?

A. CASB

B. Web filtering

C. NGFW

D. EDR

A security analyst is investigating unapproved cloud services that are being used in the organization. Which of the following would best allow for discovery of shadow IT?

A. Monitoring for sign-up emails of cloud services

B. Centralizing WAF deployment in the data center

C. Setting up a reverse proxy and web filtering software

D. Performing attack surface analysis

To bring digital evidence in a court of law, the evidence must be:

A. material.

B. tangible.

C. consistent.

D. conserved.