Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dealsixty

CAS-004 Exam Dumps - CompTIA CASP Questions and Answers

Question # 49

A company is developing a new service product offering that will involve the storage of personal health information. The Chief Information Security Officer (CISO) is researching the relevant compliance regulations. Which of the following best describes the CISO's action?

Options:

A.

Data retention

B.

Data classification

C.

Due diligence

D.

Reference framework

Buy Now
Question # 50

A company hired a third party to develop software as part of its strategy to be quicker to market. The company’s policy outlines the following requirements:

https://i.postimg.cc/8P9sB3zx/image.png

The credentials used to publish production software to the container registry should be stored in a secure location.

Access should be restricted to the pipeline service account, without the ability for the third-party developer to read the credentials directly.

Which of the following would be the BEST recommendation for storing and monitoring access to these shared credentials?

Options:

A.

TPM

B.

Local secure password file

C.

MFA

D.

Key vault

Buy Now
Question # 51

All staff at a company have started working remotely due to a global pandemic. To transition to remote work, the company has migrated to SaaS collaboration tools. The human resources department wants to use these tools to process sensitive information but is concerned the data could be:

Leaked to the media via printing of the documents

Sent to a personal email address

Accessed and viewed by systems administrators

Uploaded to a file storage site

Which of the following would mitigate the department’s concerns?

Options:

A.

Data loss detection, reverse proxy, EDR, and PGP

B.

VDI, proxy, CASB, and DRM

C.

Watermarking, forward proxy, DLP, and MFA

D.

Proxy, secure VPN, endpoint encryption, and AV

Buy Now
Question # 52

A company publishes several APIs for customers and is required to use keys to segregate customer data sets.

Which of the following would be BEST to use to store customer keys?

Options:

A.

A trusted platform module

B.

A hardware security module

C.

A localized key store

D.

A public key infrastructure

Buy Now
Question # 53

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:

1. The network supports core applications that have 99.99% uptime.

2. Configuration updates to the SD-WAN routers can only be initiated from the management service.

3. Documents downloaded from websites must be scanned for malware.

Which of the following solutions should the network architect implement to meet the requirements?

Options:

A.

Reverse proxy, stateful firewalls, and VPNs at the local sites

B.

IDSs, WAFs, and forward proxy IDS

C.

DoS protection at the hub site, mutual certificate authentication, and cloud proxy

D.

IPSs at the hub, Layer 4 firewalls, and DLP

Buy Now
Question # 54

A security engineer needs to recommend a solution that will meet the following requirements:

Identify sensitive data in the provider’s network

Maintain compliance with company and regulatory guidelines

Detect and respond to insider threats, privileged user threats, and compromised accounts

Enforce datacentric security, such as encryption, tokenization, and access control

Which of the following solutions should the security engineer recommend to address these requirements?

Options:

A.

WAF

B.

CASB

C.

SWG

D.

DLP

Buy Now
Question # 55

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not send traffic to those sites.

The technician will define this threat as:

Options:

A.

a decrypting RSA using obsolete and weakened encryption attack.

B.

a zero-day attack.

C.

an advanced persistent threat.

D.

an on-path attack.

Buy Now
Question # 56

An IT director is working on a solution to meet the challenge of remotely managing laptop devices and securely locking them down. The solution must meet the following requirements:

• Cut down on patch management.

• Make use of standard configurations.

• Allow for custom resource configurations.

• Provide access to the enterprise system from multiple types of devices.

Which of the following would meet these requirements?

Options:

A.

MDM

B.

Emulator

C.

Hosted hypervisor

D.

VDI

Buy Now
Question # 57

A managed security provider (MSP) is engaging with a customer who was working through a complete digital transformation Part of this transformation involves a move to cloud servers to ensure a scalable, high-performance, online user experience The current architecture includes:

• Directory servers

• Web servers

• Database servers

• Load balancers

• Cloud-native VPN concentrator

• Remote access server

The MSP must secure this environment similarly to the infrastructure on premises Which of the following should the MSP put in place to BEST meet this objective? (Select THREE)

Options:

A.

Content delivery network

B.

Virtual next-generation firewall

C.

Web application firewall

D.

Software-defined WAN

E.

External vulnerability scans

F.

Containers

G.

Microsegmentation

Buy Now
Question # 58

PKI can be used to support security requirements in the change management process. Which of the following capabilities does PKI provide for messages?

Options:

A.

Non-repudiation

B.

Confidentiality

C.

Delivery receipts

D.

Attestation

Buy Now
Question # 59

An administrator completed remediation for all the findings of a penetration test and notifies the management team that the systems are ready to be placed back into production. Which of the following steps should the management team require the analyst to perform immediately before placing the systems back into production?

Options:

A.

Rescan for corrections/changes.

B.

Conduct the entire penetration test again.

C.

Harden the targeted systems.

D.

Ensure a host-based IPS is in place.

Buy Now
Question # 60

A company wants to prevent a partner company from denying agreement to a transaction. Which of the following is the best solution for the company?

Options:

A.

Federation

B.

Key escrow

C.

Salting hashes

D.

Digital signatures

Buy Now
Question # 61

A security engineer receives reports through the organization's bug bounty program about remote code execution in a specific component in a custom application. Management wants to properly secure the component and proactively avoid similar issues. Which of the following is the best approach to uncover additional vulnerable paths in the application?

Options:

A.

Implement fuzz testing focused on the component and inputs uncovered by the bug bounty program.

B.

Leverage a software composition analysis tool to find all known vulnerabilities in dependencies.

C.

Use a vulnerability scanner to perform multiple types of network scans to look for vulnerabilities.

D.

Utilize a network traffic analyzer to find malicious packet combinations that lead to remote code execution.

E.

Run an exploit framework with all payloads against the application to see if it is able to gain access.

Buy Now
Question # 62

A compliance officer is responsible for selecting the right governance framework to protect individuals' data. Which of the following is the appropriate framework for the company to consult when collecting international user data for the purpose of processing credit cards?

Options:

A.

ISO 27001

B.

COPPA

C.

NIST 800-53

D.

PCI DSS

Buy Now
Question # 63

A security analyst discovered that the company's WAF was not properly configured. The main web server was breached, and the following payload was found in one of the malicious requests:

php-template

CopyEdit

&xxe;

]>

Which of the following wouldbestmitigate this vulnerability?

Options:

A.

CAPTCHA

B.

Input validation

C.

Data encoding

D.

Network intrusion prevention

Buy Now
Exam Code: CAS-004
Exam Name: CompTIA SecurityX Certification Exam
Last Update: Apr 25, 2025
Questions: 571
CAS-004 pdf

CAS-004 PDF

$34  $84.99
CAS-004 Engine

CAS-004 Testing Engine

$38  $94.99
CAS-004 PDF + Engine

CAS-004 PDF + Testing Engine

$54  $134.99