• Home
  • Articles
  • Get Ready with CAS-004 Exam Dumps (2022) [Q29-Q53]

Get Ready with CAS-004 Exam Dumps (2022) [Q29-Q53]

Share

Get Ready with CAS-004 Exam Dumps (2022)

Realistic CAS-004 Dumps are Available for Instant Access

NEW QUESTION 29
The Chief information Officer (CIO) of a large bank, which uses multiple third-party organizations to deliver a service, is concerned about the handling and security of customer data by the parties. Which of the following should be implemented to BEST manage the risk?

  • A. Establish a governance program that rates suppliers based on their access to data, the type of data, and how they access the data Assign key controls that are reviewed and managed based on the supplier's rating. Report finding units that rely on the suppliers and the various risk teams.
  • B. Establish a review committee that assesses the importance of suppliers and ranks them according to contract renewals. At the time of contract renewal, incorporate designs and operational controls into the contracts and a right-to-audit clause. Regularly assess the supplier's post-contract renewal with a dedicated risk management team.
  • C. Establish a team using members from first line risk, the business unit, and vendor management to assess only design security controls of all suppliers. Store findings from the reviews in a database for all other business units and risk teams to reference.
  • D. Establish an audit program that regularly reviews all suppliers regardless of the data they access, how they access the data, and the type of data, Review all design and operational controls based on best practice standard and report the finding back to upper management.

Answer: B

 

NEW QUESTION 30
A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.
Which of the following should be the analyst's FIRST action?

  • A. Ascertain the impact of an attack on the availability of crucial resources.
  • B. Create a full inventory of information and data assets.
  • C. Determine which security compliance standards should be followed.
  • D. Perform a full system penetration test to determine the vulnerabilities.

Answer: B

 

NEW QUESTION 31
An organization is designing a network architecture that must meet the following requirements:
Users will only be able to access predefined services.
Each user will have a unique allow list defined for access.
The system will construct one-to-one subject/object access paths dynamically.
Which of the following architectural designs should the organization use to meet these requirements?

  • A. Peer-to-peer secure communications enabled by mobile applications
  • B. Microsegmentation enabled by software-defined networking
  • C. Proxied application data connections enabled by API gateways
  • D. VLANs enabled by network infrastructure devices

Answer: B

 

NEW QUESTION 32
A Chief Information Officer (CIO) wants to implement a cloud solution that will satisfy the following requirements:
Support all phases of the SDLC.
Use tailored website portal software.
Allow the company to build and use its own gateway software.
Utilize its own data management platform.
Continue using agent-based security tools.
Which of the following cloud-computing models should the CIO implement?

  • A. MaaS
  • B. IaaS
  • C. SaaS
  • D. PaaS

Answer: B

 

NEW QUESTION 33
All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:
Leaked to the media via printing of the documents
Sent to a personal email address
Accessed and viewed by systems administrators
Uploaded to a file storage site
Which of the following would mitigate the department's concerns?

  • A. Watermarking, forward proxy, DLP, and MFA
  • B. Data loss detection, reverse proxy, EDR, and PGP
  • C. Proxy, secure VPN, endpoint encryption, and AV
  • D. VDI, proxy, CASB, and DRM

Answer: D

 

NEW QUESTION 34
Which of the following technologies allows CSPs to add encryption across multiple data storages?

  • A. Symmetric encryption
  • B. Homomorphic encryption
  • C. Data dispersion
  • D. Bit splitting

Answer: A

 

NEW QUESTION 35
A security engineer is troubleshooting an issue in which an employee is getting an IP address in the range on the wired network. The engineer plus another PC into the same port, and that PC gets an IP address in the correct range. The engineer then puts the employee' PC on the wireless network and finds the PC still not get an IP address in the proper range. The PC is up to date on all software and antivirus definitions, and the IP address is not an APIPA address. Which of the following is MOST likely the problem?

  • A. The WiFi network is using WPA2 Enterprise, and the computer certificate has the wrong IP address in the SAN field.
  • B. The company is using 802.1x for VLAN assignment, and the user or computer is in the wrong group.
  • C. The DHCP server has a reservation for the PC's MAC address for the wired interface.
  • D. The DHCP server is unavailable, so no IP address is being sent back to the PC.

Answer: B

 

NEW QUESTION 36
A company is preparing to deploy a global service.
Which of the following must the company do to ensure GDPR compliance? (Choose two.)

  • A. Inform users regarding what data is stored.
  • B. Provide data deletion capabilities.
  • C. Grant data access to third parties.
  • D. Provide alternative authentication techniques.
  • E. Provide optional data encryption.
  • F. Provide opt-in/out for marketing messages.

Answer: A,B

 

NEW QUESTION 37
A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.
Which of the following encryption methods should the cloud security engineer select during the implementation phase?

  • A. Proxy-based
  • B. Storage-based
  • C. Instance-based
  • D. Array controller-based

Answer: C

 

NEW QUESTION 38
Which of the following agreements includes no penalties and can be signed by two entities that are working together toward the same goal?

  • A. NDA
  • B. MOU
  • C. ISA
  • D. SLA

Answer: B

 

NEW QUESTION 39
A threat analyst notices the following URL while going through the HTTP logs.

Which of the following attack types is the threat analyst seeing?

  • A. Session hijacking
  • B. CSRF
  • C. SQL injection
  • D. XSS

Answer: D

 

NEW QUESTION 40
The Chief information Officer (CIO) wants to establish a non-banding agreement with a third party that outlines the objectives of the mutual arrangement dealing with data transfers between both organizations before establishing a format partnership. Which of the follow would MOST likely be used?

  • A. OLA
  • B. NDA
  • C. MOU
  • D. SLA

Answer: C

 

NEW QUESTION 41
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of impact.
Which of the following should the organization perform NEXT?

  • A. Move to the next risk in the register.
  • B. Recalculate the magnitude of impact.
  • C. Update the organization's threat model.
  • D. Assess the residual risk.

Answer: B

 

NEW QUESTION 42
A security architect is given the following requirements to secure a rapidly changing enterprise with an increasingly distributed and remote workforce
* Cloud-delivered services
* Full network security stack
* SaaS application security management
* Minimal latency for an optimal user experience
* Integration with the cloud 1AM platform
Which of the following is the BEST solution?

  • A. NGFW
  • B. Managed Security Service Provider (MSSP)
  • C. Routing and Remote Access Service (RRAS)
  • D. SASE

Answer: D

 

NEW QUESTION 43
Ransomware encrypted the entire human resources fileshare for a large financial institution. Security operations personnel were unaware of the activity until it was too late to stop it. The restoration will take approximately four hours, and the last backup occurred 48 hours ago. The management team has indicated that the RPO for a disaster recovery event for this data classification is 24 hours.
Based on RPO requirements, which of the following recommendations should the management team make?

  • A. Leave the current backup schedule intact and pay the ransom to decrypt the data.
  • B. Decrease the frequency of backups and pay the ransom to decrypt the data.
  • C. Leave the current backup schedule intact and make the human resources fileshare read-only.
  • D. Increase the frequency of backups and create SIEM alerts for IOCs.

Answer: D

 

NEW QUESTION 44
SIMULATION
You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.
The company's hardening guidelines indicate the following:
There should be one primary server or service per device.
Only default ports should be used.
Non-secure protocols should be disabled.
INSTRUCTIONS
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.
For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:
The IP address of the device
The primary server or service of the device (Note that each IP should by associated with one service/port only) The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines) If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:
10.1.45.65 SFTP Server Disable 8080
10.1.45.66 Email Server Disable 415 and 443
10.1.45.67 Web Server Disable 21, 80
10.1.45.68 UTM Appliance Disable 21

 

NEW QUESTION 45
A security analyst is researching containerization concepts for an organization. The analyst is concerned about potential resource exhaustion scenarios on the Docker host due to a single application that is overconsuming available resources.
Which of the following core Linux concepts BEST reflects the ability to limit resource allocation to containers?

  • A. Union filesystem overlay
  • B. Device mapper
  • C. Cgroups
  • D. Linux namespaces

Answer: C

 

NEW QUESTION 46
An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice.
Which of the following should the organization consider FIRST to address this requirement?

  • A. Identify critical business processes and determine associated software and hardware requirements.
  • B. Design an appropriate warm site for business continuity.
  • C. Hire additional on-call staff to be deployed if an event occurs.
  • D. Implement a change management plan to ensure systems are using the appropriate versions.

Answer: B

 

NEW QUESTION 47
Which of the following terms refers to the delivery of encryption keys to a CASB or a third-party entity?

  • A. Key escrow
  • B. Key distribution
  • C. Key sharing
  • D. Key recovery

Answer: A

 

NEW QUESTION 48
A security architect is reviewing the following proposed corporate firewall architecture and configuration:

Both firewalls are stateful and provide Layer 7 filtering and routing. The company has the following requirements:
Web servers must receive all updates via HTTP/S from the corporate network.
Web servers should not initiate communication with the Internet.
Web servers should only connect to preapproved corporate database servers.
Employees' computing devices should only connect to web services over ports 80 and 443.
Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

  • A. Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535
  • B. Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535
  • C. Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443
  • D. Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443
  • E. Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535
  • F. Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443

Answer: B,D

 

NEW QUESTION 49
The OS on several servers crashed around the same time for an unknown reason. The servers were restored to working condition, and all file integrity was verified. Which of the following should the incident response team perform to understand the crash and prevent it in the future?

  • A. Continuity of operations plan
  • B. Root cause analysis
  • C. After-action report
  • D. Lessons learned

Answer: B

 

NEW QUESTION 50
A company provides guest WiFi access to the internet and physically separates the guest network from the company's internal WIFI. Due to a recent incident in which an attacker gained access to the compay's intend WIFI, the company plans to configure WPA2 Enterprise in an EAP- TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly?

  • A. Host-based firewall
  • B. Active Directory OPOs
  • C. PKI certificates
  • D. NAC persistent agent

Answer: C

 

NEW QUESTION 51
A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.
Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

  • A. Change privileged usernames, review the OS logs, and deploy hardware tokens.
  • B. Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
  • C. Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.
  • D. Implement MFA, review the application logs, and deploy a WAF.

Answer: D

 

NEW QUESTION 52
The Chief information Security Officer (CISO) of a small locate bank has a compliance requirement that a third-party penetration test of the core banking application must be conducted annually. Which of the following services would fulfill the compliance requirement with the LOWEST resource usage?

  • A. White-box testing
  • B. Blue-learn exercises
  • C. Gray-box testing
  • D. Black-box testing
  • E. Red-team hunting

Answer: E

 

NEW QUESTION 53
......

Download Exam CAS-004 Practice Test Questions with 100% Verified Answers: https://freetorrent.pdfdumps.com/CAS-004-valid-exam.html

Related Articles

more
CompTIA CAS-004 Certification Practice Exam

Updated Pdf Study Questions & Free Download Demo is the Reliable Study Material for you to rely on. Free try the Pdf Demo for a pre-test and choose our Exam Study Pdf Torrent for successfully pass. 100% Pass is the guarantee of our Exam Practice Material.

Latest PDF Dumps

Useful Links

Contact Us

Our Working Time: ( GMT 0:00-15:00 )
From Monday to Saturday

Support: Contact now 

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Copyright © 2026 PDFDumps NETWORK CO.,LIMITED. All Rights Reserved. All trademarks used are properties of their respective owners. Privacy Policy