CompTIA CASP CAS-004 Updated Exam

Page: 4 / 37

Question 16

A significant weather event caused all systems to fail over to the disaster recovery site successfully. However, successful data replication has not occurred in the last six months, which has resulted in

the service being unavailable. V•Vh1ch of the following would BEST prevent this scenario from happening again?

Options:

Performing routine tabletop exercises

Implementing scheduled, full interruption tests

Backing up system log reviews

Performing department disaster recovery walk-throughs

Question 17

A security researcher detonated some malware in a lab environment and identified the following commands running from the EDR tool:

With which of the following MITRE ATT&CK TTPs is the command associated? (Select TWO).

Options:

Indirect command execution

OS credential dumping

Inhibit system recovery

External remote services

System information discovery

Network denial of service

Question 18

To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within Its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?

Options:

Include stable, long-term releases of third-party libraries instead of using newer versions.

Ensure the third-party library implements the TLS and disable weak ciphers.

Compile third-party libraries into the main code statically instead of using dynamic loading.

Implement an ongoing, third-party software and library review and regression testing.

Question 19

A company is on a deadline to roll out an entire CRM platform to all users at one time. However, the company is behind schedule due to reliance on third-party vendors. Which of the following development approaches will allow the company to begin releases but also continue testing and development for future releases?