Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dealsixty

CAS-004 Exam Dumps - CompTIA CASP Questions and Answers

Question # 64

A security consultant needs to set up wireless security for a small office that does not have Active Directory. Despite the lack of central account management, the office manager wants to ensure a high level of defense to prevent brute-force attacks against wireless authentication. Which of the following technologies wouldbestmeet this need?

Options:

A.

Faraday cage

B.

WPA2 PSK

C.

WPA3 SAE

D.

WEP 128 bit

Buy Now
Question # 65

A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written. Which of the following methods should the company use?

Options:

A.

SAST

B.

DAST

C.

Fuzz testing

D.

Intercepting proxy

Buy Now
Question # 66

A security analyst is participating in a risk assessment and is helping to calculate the exposure factor associated with various systems and processes within the organization. Which of the following resources would be most useful to calculate the exposure factor in this scenario?

Options:

A.

Gap analysis

B.

Business impact analysis

C.

Risk register

D.

Information security policy

E.

Lessons learned

Buy Now
Question # 67

The management team at a company with a large, aging server environment is conducting a server risk assessment in order to create a replacement strategy. The replacement strategy will be based upon the likelihood a server will fail, regardless of the criticality of the application running on a particular server. Which of the following should be used to prioritize the server replacements?

Options:

A.

SLE

B.

MTTR

C.

TCO

D.

MTBF

E.

MSA

Buy Now
Question # 68

A security administrator is assessing the risk associated with using a software tool built by a small start-up company to provide product pricing updates. Which of the following risks would most likely be a factor?

Options:

A.

Privacy concerns

B.

Vendor viability

C.

Regulatory compliance

D.

Geographic location

Buy Now
Question # 69

Due to adverse events, a medium-sized corporation suffered a major operational disruption that caused its servers to crash and experience a major power outage. Which of the following should be created to prevent this type of issue in the future?

Options:

A.

SLA

B.

BIA

C.

BCM

D.

BCP

E.

RTO

Buy Now
Question # 70

The goal of a Chief information Security Officer (CISO) providing up-to-date metrics to a bank’s risk committee is to ensure:

Options:

A.

Budgeting for cybersecurity increases year over year.

B.

The committee knows how much work is being done.

C.

Business units are responsible for their own mitigation.

D.

The bank is aware of the status of cybersecurity risks

Buy Now
Question # 71

A security architect for a large, multinational manufacturer needs to design and implement a security solution to monitor traffic.

When designing the solution, which of the following threats should the security architect focus on to prevent attacks against the ОТ network?

Options:

A.

Packets that are the wrong size or length

B.

Use of any non-DNP3 communication on a DNP3 port

C.

Multiple solicited responses over time

D.

Application of an unsupported encryption algorithm

Buy Now
Question # 72

A security architect is implementing a web application that uses a database back end. Prior to the production, the architect is concerned about the possibility of XSS attacks and wants to identify security controls that could be put in place to prevent these attacks.

Which of the following sources could the architect consult to address this security concern?

Options:

A.

SDLC

B.

OVAL

C.

IEEE

D.

OWASP

Buy Now
Question # 73

A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.

Which of the following would be BEST to proceed with the transformation?

Options:

A.

An on-premises solution as a backup

B.

A load balancer with a round-robin configuration

C.

A multicloud provider solution

D.

An active-active solution within the same tenant

Buy Now
Question # 74

Which of the following ensures that certain inbound traffic from third-party vendors is restricted from being sourced from high-risk countries?

Options:

A.

Microsegmentation

B.

Supply chain visibility

C.

Geocoded firewall rules

D.

Source code reviews

Buy Now
Question # 75

A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs.

Which of the following should the company do next to mitigate the risk of a compromise from these attacks?

Options:

A.

Restrict HTTP methods.

B.

Perform parameterized queries.

C.

Implement input sanitization.

D.

Validate content types.

Buy Now
Question # 76

A company that all mobile devices be encrypted, commensurate with the full disk encryption scheme of assets, such as workstation, servers, and laptops. Which of the following will MOST likely be a limiting factor when selecting mobile device managers for the company?

Options:

A.

Increased network latency

B.

Unavailable of key escrow

C.

Inability to selected AES-256 encryption

D.

Removal of user authentication requirements

Buy Now
Question # 77

A security engineer investigates an incident and determines that a rogue device is on the network. Further investigation finds that an employee's personal device has been set up to access company resources and does not comply with standard security controls. Which of the following should the security engineer recommend to reduce the risk of future reoccurrence?

Options:

A.

Require device certificates to access company resources.

B.

Enable MFA at the organization's SSO portal.

C.

Encrypt all workstation hard drives.

D.

Hide the company wireless SSID.

Buy Now
Question # 78

A business stores personal client data of individuals residing in the EU in order to process requests for mortgage loan approvals.

Which of the following does the business’s IT manager need to consider?

Options:

A.

The availability of personal data

B.

The right to personal data erasure

C.

The company’s annual revenue

D.

The language of the web application

Buy Now
Exam Code: CAS-004
Exam Name: CompTIA SecurityX Certification Exam
Last Update: Apr 25, 2025
Questions: 571
CAS-004 pdf

CAS-004 PDF

$34  $84.99
CAS-004 Engine

CAS-004 Testing Engine

$38  $94.99
CAS-004 PDF + Engine

CAS-004 PDF + Testing Engine

$54  $134.99