Lead4Pass CAS-004 dumps provide candidates with up-to-date and valid exam materials! And with PDF and VCE two learning formats, they both contain the latest exam questions and answers, you can choose arbitrarily!
Download CAS-004 dumps with PDF and VCE: https://www.leads4pass.com/cas-004.html (297 Q&A), practice test all actual exam questions, and provide difficult problem annotations to help you really master all exams gist, Make sure you pass the exam with ease.

What’s more, Lead4Pass CAS-004 dumps share some latest exam practice questions for free:

TypeNumber of exam questionsExam nameExam code
Free12CompTIA Advanced Security Practitioner (CASP+)CAS-004
QUESTION 1:

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server.

To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log. Which of the following actions would BEST address the potential risks of the activity in the logs?

A. Alerting the misconfigured service account password

B. Modifying the AllowUsers configuration directive

C. Restricting external port 22 access

D. Implementing host-key preferences

Correct Answer: C

QUESTION 2:

Within change management, winch of the following ensures functions are earned out by multiple employees?

A. Least privilege

B. Mandatory vacation

C. Separator of duties

D. Job rotation

Correct Answer: A

QUESTION 3:

A security administrator configured the account policies per security implementation guidelines. However, the accounts still appear to be susceptible to brute-force attacks. The following settings meet the existing compliance guidelines:

1.
Must have a minimum of 15 characters
2.
Must use one number
3.
Must use one capital letter
4.

Must not be one of the last 12 passwords used

Which of the following policies should be added to provide additional security?

A. Shared accounts

B. Password complexity

C. Account lockout

D. Password history

E. Time-based logins

Correct Answer: C

Reference: https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/account-lockout-threshold

QUESTION 4:

A pharmaceutical company recently experienced a security breach within its customer-facing web portal. The attackers performed a SQL injection attack and exported tables from the company\’s managed database, exposing customer information.

The company hosts the application with a CSP utilizing the IaaS model. Which of the following parties is ultimately responsible for the breach?

A. The pharmaceutical company

B. The cloud software provider

C. The web portal software vendor

D. The database software vendor

Correct Answer: B

QUESTION 5:

Clients are reporting slowness when attempting to access a series of load-balanced APIs that do not require authentication. The servers that host the APIs are showing heavy CPU utilization. No alerts are found on the WAFs sitting in front of the APIs.

Which of the following should a security engineer recommend to BEST remedy the performance issues in a timely manner?

A. Implement rate limiting on the API.

B. Implement geoblocking on the WAF.

C. Implement OAuth 2.0 on the API.

D. Implement input validation on the API.

Correct Answer: C

QUESTION 6:

A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.

When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ?? network?

A. Packets that are the wrong size or length

B. Use of any non-DNP3 communication on a DNP3 port

C. Multiple solicited responses over time

D. Application of an unsupported encryption algorithm

Correct Answer: C

QUESTION 7:

A company publishes several APIs for customers and is required to use keys to segregate customer data sets. Which of the following would be the BEST to use to store customer keys?

A. A trusted platform module

B. A hardware security module

C. A localized key store

D. A public key infrastructure

Correct Answer: C

QUESTION 8:

A security tester is performing a black-box assessment of an RFID access control system. The tester has a handful of RFID tags and is able to access the reader. However, the tester cannot disassemble the reader because it is in use by the company.

Which of the following shows the steps the tester should take to assess the RFID access control system in the correct order?

A.

1. Attempt to eavesdrop and replay RFID communications.
2. Determine the protocols being used between the tag and the reader.
3. Retrieve the RFID tag identifier and manufacturer details.
4. Take apart an RFID tag and analyze the chip.

B.

1. Determine the protocols being used between the tag and the reader.
2. Take apart an RFID tag and analyze the chip.
3. Retrieve the RFID tag identifier and manufacturer details.
4. Attempt to eavesdrop and replay RFID communications.

C.

1. Retrieve the RFID tag identifier and manufacturer details.

2. Determine the protocols being used between the tag and the reader.
3. Attempt to eavesdrop and replay RFID communications.

4. Take apart an RFID tag and analyze the chip.

D.

1. Take apart an RFID tag and analyze the chip.
2. Retrieve the RFID tag identifier and manufacturer details.
3. Determine the protocols being used between the tag and the reader.
4. Attempt to eavesdrop and replay RFID communications.

Correct Answer: B

QUESTION 9:

A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence. Which of the following techniques would BEST support this?

A. Configuring system services to run automatically at startup

B. Creating a backdoor

C. Exploiting an arbitrary code execution exploit

D. Moving laterally to a more authoritative server/service

Correct Answer: B

QUESTION 10:

A small company needs to reduce its operating costs. vendors have proposed solutions, which all focus on the management of the company\’s website and services. The Chief Information Security Officer (CISO) insists all available resources in the proposal must be dedicated, but managing a private cloud is not an option.

Which of the following is the BEST solution for this company?

A. Community cloud service model

B. Multinency SaaS

C. Single-tenancy SaaS

D. On-premises cloud service model

Correct Answer: A

QUESTION 11:

Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

A. Biometric authenticators are immutable.

B. The likelihood of account compromise is reduced.

C. Zero trust is achieved.

D. Privacy risks are minimized.

Correct Answer: B

Reference: https://cloudworks.no/en/5-benefits-of-passwordless-authentication/

QUESTION 12:

A shipping company that is trying to eliminate entire classes of threats is developing an SELinux policy to ensure its custom Android devices are used exclusively for package tracking. After compiling and implementing the policy, in which of the following modes must the company ensure the devices are configured to run?

A. Protecting

B. Permissive

C. Enforcing

D. Mandatory

Correct Answer: B

Reference: https://source.android.com/security/selinux/customize


PS. Download the latest CAS-004 exam practice questions above: https://drive.google.com/file/d/1IbvnTbTz7x2VbxDQ1GHCSEII5xMN55Pn/

Take this practice session to learn some of the latest CAS-004 exam facts! Improve your strength!
Now, use CAS-004 dumps with PDF and VCE: https://www.leads4pass.com/cas-004.html (297 Q&A), to help you pass the exam 100% successfully.