Free CompTIA Advanced Security Practitioner (CASP+) Exam CAS-004 Exam Practice Test

A company's Chief Information Security Officer is concerned that the company's proposed move to the cloud could lead to a lack of visibility into network traffic flow logs within the VPC.Which of the following compensating controls would be BEST to implement in this situation?

• EDR
• SIEM
• HIDS
• UEBA

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the for the time surrounding the identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

• Software Decomplier
• Network enurrerator
• Log reduction and analysis tool
• Static code analysis

A company wants to protect its intellectual property from theft. The company has already applied ACLs and DACs.Which of the following should the company use to prevent data theft?

• Watermarking
• DRM
• NDA
• Access logging

A security engineer has been informed by the firewall team that a specific Windows workstation is part of a command-and-control network. The only information the security engineer is receiving is thatthe traffic is occurring on a non-standard port (TCP 40322). Which of the following commands should the security engineer use FIRST to find the malicious process?

• tcpdump
• netstar
• tasklist
• traceroute
• ipconfig

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:1. The network supports core applications that have 99.99% uptime.2. Configuration updates to the SD-WAN routers can only be initiated from the management service.3. Documents downloaded from websites must be scanned for malware.Which of the following solutions should the network architect implement to meet the requirements?

• Reverse proxy, stateful firewalls, and VPNs at the local sites
• IDSs, WAFs, and forward proxy IDS
• DoS protection at the hub site, mutual certificate authentication, and cloud proxy
• IPSs at the hub, Layer 4 firewalls, and DLP

A mobile application developer is creating a global, highly scalable, secure chat application. The developer would like to ensure the application is not susceptible to on-path attacks while the user is traveling in potentially hostile regions. Which of the following would BEST achieve that goal?

• Utilize the SAN certificate to enable a single certificate for all regions.
• Deploy client certificates to all devices in the network.
• Configure certificate pinning inside the application.
• Enable HSTS on the application's server side for all communication.

A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?

• True negative
• False negative
• False positive
• Non-automated response

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.Which of the following should the security team recommend FIRST?

• Investigating a potential threat identified in logs related to the identity management system
• Updating the identity management system to use discretionary access control
• Beginning research on two-factor authentication to later introduce into the identity management system
• Working with procurement and creating a requirements document to select a new IAM system/vendor

A cybersecurity analyst discovered a private key that could have been exposed.Which of the following is the BEST way for the analyst to determine if the key has been compromised?

• HSTS
• CRL
• CSRs
• OCSP

An organization developed a social media application that is used by customers in multiple remote geographic locations around the world. The organization's headquarters and only datacenter are located in New York City. The Chief Information Security Officer wants to ensure the following requirements are met for the social media application:Low latency for all mobile users to improve the users' experienceSSL offloading to improve web server performanceProtection against DoS and DDoS attacksHigh availabilityWhich of the following should the organization implement to BEST ensure all requirements are met?

• A cache server farm in its datacenter
• A load-balanced group of reverse proxy servers with SSL acceleration
• A CDN with the origin set to its datacenter
• Dual gigabit-speed Internet connections with managed DDoS prevention