CASP Mark B Mock 2 Flashcards
A company works with a cloud service provider (CSP) that provides bleeding-edge technology to perform data analytics and deep learning techniques on the company’s data. As the technology becomes more widespread, it appears that a rival CSP can offer the same solutions for a 50% cost saving. However, it seems that the database format and rule sets that have been created can’t be transferred to the rival CSP. What term would best describe this situation?
A. Vendor risk
B. Vendor lock-in
C. Third-party liability
D. Vendor management plan
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 828-829). Packt Publishing. Kindle Edition.
B. Vendor lock-in
Explanation:
This makes it difficult to switch providers as the technology is often proprietary
A major retailer works with a small, highly regarded, third-party development team. They intend to invest significant resources into a new customer-facing set of APIs. The retailer is concerned about the financial stability of the development company and worries that they may need to start the development project from scratch if the developers go bust. What could be used to allay the fears of the retailer?
A. Change management
B. Staff turnover
C. Peer code review
D. Source code escrow
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 829). Packt Publishing. Kindle Edition.
D. Source code escrow
Explanation:
External developers represent third party risk. This can be mitigated by storing the code with an escrow service. This protects the IP of the developers but also protects the customer
Andy is the CSO within a department of the United Kingdom’s HM Revenue and Customs (HMRC). All new systems that will require government funding must be assessed concerning cost savings by working with a CSP. Andy is overseeing a proposed new system that will reduce the workload of the Inland Revenue HMRC employees. What must a government agency consider when planning to store sensitive data with a global CSP?
A. Data sovereignty
B. Data ownership
C. Data classifications
D. Data retention
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 829). Packt Publishing. Kindle Edition.
A. Data sovereignty
Explanation:
The type of data that’s stored by a government department would typically have strict regulatory controls. A global CSP may store the data offshore.
A Privacy Impact Assessment is being conducted on behalf of a private healthcare provider. A consultant is assessing regulatory requirements for the hospital’s employee and patient data (within Europe). The data that is currently being held includes the following:
Patient’s address
Patient’s bank account details
Patient’s medical history
Patient’s X-ray records
Employee bank account details
What type of information will need to be protected and which regulations are the most important? (Choose two)
A. COPPA
B. Personally identifiable information (PII)
C. Financial records
D. Intellectual property
E. GDPR
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 830). Packt Publishing. Kindle Edition.
B. Personally identifiable information (PII)
E. GDPR
Explanation:
This type of data would be labeled as PII and GDPR regulatory controls would be important as the patients and employees may be EU citizens
A regional bank intends to work with a CSP to harness some of the benefits associated with cloud computing. The bank wants the assurance that data will not be accessible when their contract with a CSP expires. What technology would be most applicable?
A. Crypto erase
B. Pulping
C. Shredding
D. Degaussing
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 830-831). Packt Publishing. Kindle Edition.
A. Crypto erase
Explanation:
The customer will not have physical access to the data, so they will not be able to ensure other methods of destruction can be implemented. Erase will render the data unrecoverable.
A company manufactures medical devices, including instruments and scanners. The company intends to sell and market its devices to a global customer base. The company must ensure its products are compatible with its worldwide customer base. What regulations or standards will be the most important?
A. Export Control Regulations
B. General Data Protection Regulation (GDPR)
C. International Organization for Standardization (ISO)
D. National Institute of Standards and Technology (NIST)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 831). Packt Publishing. Kindle Edition.
C. International Organization for Standardization (ISO)
Explanation:
This will ensure that the products will be suitable across international boundaries and
A startup software development company is trying to win a US Federal Government contract to provision an Enterprise Resource Planning (ERP) application. They must assure the customer that they have a robust security framework for delivering software and services. What is the most relevant accreditation?
A. Open Web Application Security Project (OWASP)
B. Capability Maturity Model Integration (CMMI)
C. National Institute of Standards and Technology (NIST)
D. Cloud Security Alliance (CSA) Security Trust Assurance and Risk (STAR)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 831-832). Packt Publishing. Kindle Edition.
B. Capability Maturity Model Integration (CMMI)
Explanation:
This accreditation is required to tender for US government software contracts
A large US-based retailer is transitioning toward an online selling platform. While customer details and payment card details will be stored in-house, a CSP will be used to host the e-commerce site, including the online shop. What compliance will be most important to the retailer concerning storing cardholder data and electronic transactions?
A. Payment Card Industry Data Security Standard (PCI DSS)
B. General Data Protection Regulation (GDPR)
C. Interconnection security agreement (ISA)
D. Non-disclosure agreement (NDA)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 832). Packt Publishing. Kindle Edition.
A. Payment Card Industry Data Security Standard (PCI DSS)
Explanation:
Storage and processing of customer card details will be subject to PCI DSS compliance
Eva is the CISO for a global stocks and shares trading site. She is performing a risk assessment that focuses on customer data being stored and transmitted. Customers are mainly based in North America with a small percentage based globally, including Europe. When it comes to considering regulatory and legal requirements, which of the following will be the most important?
A. General Data Protection Regulation (GDPR)
B. Payment Card Industry Data Security Standard (PCI DSS)
C. International Organization for Standardization (ISO)
D. Federal Information Security Management Act (FISMA)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 832-833). Packt Publishing. Kindle Edition.
A. General Data Protection Regulation (GDPR)
Explanation:
As this is not government or payment card data then the focus will be on customers based in the EU
A US smartcard manufacturer needs to sell its products in a global market. They need to ensure that the technology is not sold to countries or governments that are hostile to the US. What guidance or regulations should they consult?
A. Due care
B. Export controls
C. Legal holds
D. E-discovery
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 833). Packt Publishing. Kindle Edition.
B. Export controls
Explanation:
This is important when you are exporting technology
A government department has data privacy requirements and they need to have employees and service providers sign this agreement. They should be made aware of the strict terms of this agreement and the penalties that may be forthcoming if these requirements/standards are not met. What type of agreement will be important?
A. Service-level agreement (SLA)
B. Master service agreement (MSA)
C. Non-disclosure agreement (NDA)
D. Memorandum of understanding (MOU)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 833). Packt Publishing. Kindle Edition.
C. Non-disclosure agreement (NDA)
Explanation:
This is legally enforceable and protect intellectual property
A large multinational company intends to purchase multiple products on a rolling contract from a CSP. They need to document, payment terms, dispute resolution, intellectual property ownership, and geographic operational locations within the scope of the contract. What type of contract would be the most suitable?
A. Service-level agreement (SLA)
B. Master service agreement (MSA)
C. Memorandum of understanding (MOU)
D. Operational-level agreement (OLA)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 833-834). Packt Publishing. Kindle Edition.
B. Master service agreement (MSA)
Explanation:
This is useful when it is necessary to set baseline terms for future services
A global pharmaceutical company would like to build resiliency into its network connections. They are working with an ISP, who proposes a highly available MPLS solution. To ensure the vendor can deliver the service at 99.999% uptime, what documentation will be important?
A. Service-level agreement (SLA)
B. Memorandum of understanding (MOU)
C. Interconnection security agreement (ISA)
D. Operational-level agreement (OLA)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 834). Packt Publishing. Kindle Edition.
A. Service-level agreement (SLA)
Explanation:
This will allow the customer and the service provider to agree upon delivered services and the metrics that will be used to measure performance
A software development company and a mobile phone manufacturer have entered a business partnership. The business partners need to share data during a series of upcoming projects. This agreement will stipulate a timeline for the information exchange to be supported, security requirements, data types that will be exchanged, and the actual sites that will be part of the data interchange. What documentation best details these requirements?
A. SLA
B. MSA
C. MOU
D. ISA
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 834-835). Packt Publishing. Kindle Edition.
D. ISA
Explanation:
Interconnection security agreement (ISA). This is important for documenting the details when a connection is made between two or more parties
A regional healthcare provider needs to address ever-escalating costs. They propose to host some of the information systems with a CSP. The healthcare provider needs assurances that any sensitive data will be protected by the service provider, and that agreed-upon steps are in place if data breaches or any adverse action were to occur. What document would address these requirements?
A. Non-disclosure agreement (NDA)
B. Memorandum of understanding (MOU)
C. Interconnection security agreement (ISA)
D. Operational-level agreement (OLA)
E. Privacy-level agreement (PLA)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 835). Packt Publishing. Kindle Edition.
E. Privacy-level agreement (PLA)
This is important when you are looking to assure customers who must adhere to strict regulatory compliance
+A government agency begins an investigation on an employee suspected of stealing company intellectual property (IP). What must be done first to ensure the data is not deleted?
A. Due care
B. Export controls
C. Legal holds
D. E-discovery
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 835). Packt Publishing. Kindle Edition.
C. Legal holds
Explanation:
This ensures that the data will be retained for any legal process
A company has several internal business units. The business units are semi-autonomous but need to support each other for the business to be efficient. To ensure the business units can work together, it is important to document responsibilities for each business unit. This document will not be written by lawyers and is intended to formalize previous verbal agreements. What documentation would best suit this requirement?
A. Service-level agreement (SLA)
B. Master service agreement (MSA)
C. Memorandum of understanding (MOU)
D. Interconnection security agreement (ISA)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 835-836). Packt Publishing. Kindle Edition.
C. Memorandum of understanding (MOU)
Explanation:
This is not a legal document but it can be very useful when there needs to be co-operation between two or more parties
An aerospace sub-contractor supplies parts to a major commercial aircraft manufacturer. The SLAs are very strict, with financial penalties for transgressions. Mission-critical processes must be identified within the subcontractor’s plant to avoid any lengthy production delays. What metric can be used by the company to ensure a critical service will be operational within the specified timeframe?
A. Recovery point objective
B. Recovery time objective
C. Recovery service level
D. Mission essential functions
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 836). Packt Publishing. Kindle Edition.
B. Recovery time objective
Explanation:
Recovery time objective is planning objective that is set by stakeholders within the business. It may be cost driven and requires careful consideration
A public transportation provider has recently completed a BIA and has determined that the Continuity of Operations Plan (COOP) will require an alternative site to be available in the event of a major incident at the main operational site. The planning team has identified a requirement for a site, housing equipment, and facilities ready for the business to use. Personnel and data will need to be moved to the site to become operational. What have they identified?
A. Cold site
B. Warm site
C. Hot site
D. Mobile site
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 836-837). Packt Publishing. Kindle Edition.
B. Warm site
Explanation:
A warm site will not be as costly as a host site but will not be operational until data is restored and staff are available to operate the site
A CISO for a cellular telephony provider is working with a Cloud Service Provider (CSP) to define expected day-to-day computing needs. The company wants to be able to choose a plan where spikes in demand result in additional compute resources being automatically provisioned. What technology would best meet this requirement?
A. Autoscaling
B. Caching
C. Bootstrapping
D. Clustering
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 837). Packt Publishing. Kindle Edition.
A. Autoscaling
Explanation:
This allows the company to access additional computing power using automation
A company wants to be more flexible concerning employee work/life balance. To allow for this cultural change, remote access and working from home will become widespread. Senior management has concerns about data security, as most of the company information systems are now cloud-based. The concerns that were discussed include the following: Data loss prevention Control over native features of cloud services, such as collaboration and sharing User and entity behavior analytics (UEBA) Configuration auditing Malware detection Data encryption and key management Context-based access control As employees will not be connected to the company network, various management concerns must be addressed. What solution would best address these concerns?
A. NGFW
B. CASB
C. DLP
D. SWG
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 837-838). Packt Publishing. Kindle Edition.
B. CASB
Explanation:
The company data must be protected in the cloud. Not all users will originate from a company network, so NGFW and SWG will not work. DLP does not address all the requirements
What form of testing uses stakeholder involvement to assess the effectiveness of the plan? Scenarios can be discussed and actions that need to be performed can be evaluated. This exercise ensures the Disaster Recovery Team (DRT) or Cyber Security Incident Response Team (CSIRT) do not need to perform exhaustive testing until the plans are fine-tuned.
A. Checklist
B. Walk-through
C. Tabletop exercises
D. Full interruption test
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 838). Packt Publishing. Kindle Edition.
C. Tabletop exercises
Explanation:
Stakeholders will discuss how they will act when dealing with a presented scenario
A cloud customer needs workloads to be rapidly deployed to support a large and diverse customer base. One important requirement is to allow virtualized infrastructure to be deployed, where configuration is applied to a compute node or cluster as it boots up from a standard image (such as Linux, Unix, or Windows). What technology would best suit this requirement?
A. Autoscaling
B. Distributed allocation
C. Bootstrapping
D. Replication
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 839). Packt Publishing. Kindle Edition.
C. Bootstrapping
Explanation:
This allows the automated deployment of customized workloads from a standard base image. PowerShell Desired State Configuration (DSC) is an example of this technology
A news delivery platform provider needs to deliver content in the form of web pages, media, and images to worldwide consumers. The requirement is for geographically dispersed servers using caching to ensure that data is available on the edge of the network, where users or customers will benefit from lower latency. What technology would best suit this requirement?
A. Autoscaling
B. Distributed network
C. Content delivery network
D. Replicated network
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 839). Packt Publishing. Kindle Edition.
C. Content delivery network
Explanation:
This allows the timely delivery of time sensitive services and reduces latency
A medical instrument manufacturer is currently experiencing problems in the production plant. The company is using a mix of Industrial Control Systems (ICS) on a common network backbone to operate the plant. Some of the manufacturing processes are time-critical and occasionally, bottlenecks occur at peak times during the day. To ensure that the time-critical processes are not impacted by bottlenecks, what technology would most likely mitigate these problems?
A. Safety Instrumented System (SIS)
B. Data Distribution Service (DDS)
C. Operational Technology (OT)
D. Controller Area Network (CAN)
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 839-840). Packt Publishing. Kindle Edition.
B. Data Distribution Service (DDS)
Explanation:
DDS has built in provisions for Quality of Service (QoS).
A utility company is following industry guidelines to harden its server systems. One of the first steps that the guidelines suggest is to identify all the available and unneeded services. What tool would best suit this requirement?
A. Binary analysis tools
B. Port scanner
C. HTTP interceptor
D. Protocol analyzer
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 840). Packt Publishing. Kindle Edition.
B. Port scanner
Explanation:
A well-known developer’s content sharing portal has been targeted by a DDoS attack. Although it’s the web application servers that are being targeted, the effect of all the traffic flooding the network has made all the services unavailable. Security experts are looking to implement protection methods and implement blackhole routing for the web application servers. What has this mitigation achieved?
A. Traffic is inspected for malicious payloads
B. Traffic intended for the systems is dropped
C. Traffic to the systems is inspected before it reaches the destination
D. Rules restrict the amount of traffic throughput
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 840-841). Packt Publishing. Kindle Edition.
B. Traffic intended for the systems is dropped
Explanation:
Traffic intended for systems is dropped. A good example of this technique is Remote Triggered Black Hole (RTBH) routing
Security analysts are responding to SIEM alerts that are showing a high number of IOC events. The analysts have a reason to suspect that there may be APT activity in the network. Which of the following threat management frameworks should the team implement to better understand the TTPs of the potential threat actor?
A. NIST SP 800-53
B. MITRE ATT&CK
C. The Cyber Kill Chain
D. The Diamond Model of Intrusion Analysis
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 841). Packt Publishing. Kindle Edition.
B. MITRE ATT&CK
Explanation:
MITRE receives government funding to carry out research and is well known for its published attack frameworks and tactics. The matrices are created to understand the tactics and techniques that attackers will use against operating systems, cloud network mobility and industrial control systems
National Dynamics, an aerospace company, is looking to strengthen its cybersecurity posture by focusing on its network defenses. The company is concerned about the availability of the company’s services to its B2B partners. Many manufacturing processes use JIT techniques to optimize production and false positives mustn’t drop legitimate traffic. Which of the following would satisfy this requirement?
A. NIDS
B. NIPS
C. WAF
D. Reverse proxy
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 841). Packt Publishing. Kindle Edition.
A. NIDS
Explanation:
Such systems protect an organization from inbound threats across the network. The technology is primarily passive, generating alerts that must be actions by SOC staff.
A small law firm is looking to reduce its operating costs. Currently, vendors are proposing solutions where the CSP will host and manage the company’s website and services. Due to legal and regulatory requirements, the company requires that all the available resources in the proposal must be dedicated. Due to cost constraints, the company does not want to fund a private cloud. Given the company requirements, which of the following is the best solution for this company?
A. Community cloud service model
B. Multi-tenancy SaaS
C. Single-tenancy SaaS
D. An on-premises cloud service model
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 842). Packt Publishing. Kindle Edition.
C. Single-tenancy SaaS
Explanation:
As the CSP will be hosting and managing the company services, then the service that the customer is paying for will be SaaS to isolate the workload
No
A sales team relies on a CRM application to generate leads and maintain customer engagement. The tool is considered a mission-essential function to the company. During a business impact assessment, the risk management team indicated that data, when restored, cannot be older than 2 hours before a system failure. What planning objective should be used when the restoration will also require data to be restored?
A. Recovery point objective
B. Recovery time objective
C. Recovery service level
D. Mission-essential functions
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 843-844). Packt Publishing. Kindle Edition.
A. Recovery point objective
Explanation:
When data must be available to service a mission critical service, then the recovery point objective metric must be used.
A large defense contractor has recently received a security advisory documenting the activities of highly skilled nation-state threat actors. The company’s hunt team believes they have identified activity consistent with the advisory. Which of the following techniques would be best for the hunt team to use to entice the adversary to generate malicious activity?
A. Perform audits on all firewall logs.
B. Implement a bug bounty program.
C. Increase security using isolation and segmentation schemes.
D. Deploy decoy files on the host’s systems on the same network segment.
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 844). Packt Publishing. Kindle Edition.
D. Deploy decoy files on the host’s systems on the same network segment.
Explanation:
Deploy decoy files on host systems on the same network segment. If an APT has access to the network, then a decoy file will be a good test to observe any malicious activity
A new online retailer must ensure that all the new web servers are secured in advance of a PCI DSS security audit. PCI DSS requirements are strict and define acceptable cipher suites. Deprecated cipher suites should not be used as they offer weak encryption and are vulnerable to on-path attacks. In preparation for the audit, a security professional should disable which of the following cipher suites?
A. TLS_RSA_WITH_AES_128_CCM_8_SHA256
B. TLS_RSA_WITH_RC4_128_SHA
C. TLS_RSA_WITH_AES_128_CBC_SHA256
D. TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 844-845). Packt Publishing. Kindle Edition.
B. TLS_RSA_WITH_RC4_128_SHA
Explanation:
RC4 is a weak encryption and will not be used in any regulated industries
A distribution company is attempting to harden its security posture regarding mobile devices. To secure the dedicated Android devices that are used in the warehouse, the company has developed SELinux policies. Security engineers have compiled and implemented the policy. Before deploying the Android devices to the warehouse staff, which mode should the devices be configured for?
A. Disabled
B. Permissive
C. Enforcing
D. Preventing
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 845). Packt Publishing. Kindle Edition.
C. Enforcing
Explanation:
To run an SELinux policy and make Mandatory Access Control (MAC) effective, the systems must be powered up in enforced mode
A software development company is concerned as it has discovered that company intellectual property is circulating on social media. The CISO wants to implement a solution that will allow the company to determine the source of these leaks. Which of the following should be implemented to identify the internal source for any future exposures?
A. Digital rights management
B. Hashing
C. Watermarking
D. Identity proofing
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 845-846). Packt Publishing. Kindle Edition.
C. Watermarking
Explanation:
If an organization wants to detect theft or exfiltration of sensitive data, then documents can be checked out from an information system, but an automatic watermark will be applied to the document using the identify of the user who checked out the document
A company has recently undertaken a project to move several services into the cloud. A cloud service provider now hosts the following services: Corporate intranet site Online storage application Email and collaboration suite The company must ensure that the data is protected from common threats, including malware infections, exfiltration of PII and healthcare data. To be more proactive, an additional requirement is that SOC staff must receive alerts when there are any large transfers of corporate data from the company’s hosted storage. Which of the following would best address the company’s cyber-security requirements?
A. NIDS
B. CASB
C. DLP agent
D. Containers
E. Vulnerability scanner
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 846). Packt Publishing. Kindle Edition.
B. CASB
Explanation:
A CASB is often referred to as a gatekeeper that protects the enterprise data from inbound threats into the cloud and outbound threats such as data exfiltration. Another benefit of CASB is to ensure regulatory compliance, by labeling and monitoring the use of the data, to ensure compliance.
A CISO is reviewing the current security of an electricity supply company. The company has many operational sites and must connect the sites securely to the company headquarters, which is where the company’s data center is located. The technology that’s supported within these sites includes industrial control systems and PLCs. The technology is legacy and uses the Modbus protocol across the networks. A VPN solution is being proposed to securely connect all the sites to the company’s data center. The CISO is concerned that a recent security advisory, concerning certain asymmetric algorithms, may impact the company’s operations. Which of the following will be most likely impacted by weak asymmetric encryption?
A. Modbus
B. VPN links
C. Industrial control systems
D. Datacenter equipment
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 846-847). Packt Publishing. Kindle Edition.
B. VPN links
Explanation:
A VPN allows traffic to be secured when it is passing through untrusted networks. If the external traffic uses weak encryption, then it could be accessed by an adversary
no
A systems administrator has deployed all updated patches for Windows-based machines. However, the users on the network are experiencing exploits from various threat actors, which the patches should have corrected. Which of the following is the most likely scenario here?
A. The machines were infected with malware.
B. The users did not reboot their computers after the patches were deployed.
C. The systems administrator used invalid credentials to deploy the patches.
D. The patches were deployed on non-Windows-based machines.
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 849). Packt Publishing. Kindle Edition.
B. The users did not reboot their computers after the patches were deployed.
Explanation:
The users did not reboot the computer after the patches were deployed. Certain patches may not be effective until the OS is rebooted
A penetration tester is trying to gain access to a remote system. The tester can see the secure login page and knows one user account and email address but has not discovered a password yet. Which of the following would be the easiest method of obtaining a password for the known account?
A. Man-in-the-middle
B. Reverse engineering
C. Social engineering
D. Hash cracking
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 849). Packt Publishing. Kindle Edition.
C. Social engineering
Explanation:
Once an attacker has access to credentials, the most likely exploit to reveal a password is social engineering
An external hacker has managed to exploit an unpatched vulnerability in a web application server. They were able to use the web application service account to download malicious software. The attacker tried (unsuccessfully) to gain root privileges to install the software and was subsequently discovered. The server admin team rebuilt and patched the server. Which of the following should the team perform to prevent a similar attack in the future?
A. Remove the application service account
B. Air gap the web application server
C. Configure SELinux and set it to enforcing mode
D. Schedule regular restarts of the service to terminate sessions
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 849-850). Packt Publishing. Kindle Edition.
C. Configure SELinux and set it to enforcing mode
Explanation:
Configure SELinux and set it to enforcing mode. SELinux enforces mandatory access control, allowing for strict enforceable policies to be deployed. This would further restrict a compromised account from accessing other resources on the system.
A manufacturing company is deploying loT locks, sensors, and cameras, which operate wirelessly. The devices will be used to allow physical access by locking and unlocking doors and other access points. Recent CVEs have been listed against the devices, for which the vendor has yet to provide firmware updates. Which of the following would best mitigate this risk?
A. Connect the loT devices directly to ethernet switches and create a segmented VLAN.
B. Require sensors to digitally sign all transmitted control messages.
C. Add all the IoT devices to an isolated wireless network and use WPA2 and EAP-TLS.
D. Implement a wireless intrusion detection system.
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 850). Packt Publishing. Kindle Edition.
C. Add all the IoT devices to an isolated wireless network and use WPA2 and EAP-TLS.
Explanation:
Add all the Io T devices to an isolated wireless network and use WPA2 and EAP-TLS. As all the devices connect wireless, they must be connected to a wireless segment. It is important to separate the network as there are vulnerable systems
A forensics investigator is following up on an incident where suspicious images have been stored on an employee’s computer. The computer is currently powered off in the employee’s workspace. Which of the following tools is best suited to retrieving full or partial image files from the storage device, which have been deleted so that the attacker evades detection?
A. memdump
B. foremost
C. dd
D. nc
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 850-851). Packt Publishing. Kindle Edition.
B. foremost
Explanation:
This is a forensic tool that can search for complete or partial files that have been deleted or hidden in some way
An aerospace company is adding promotional material to a public-facing web application server. The server will host a website containing many images, highlighting a production plant and test facilities. The CISO is concerned that the images may contain geographic coordinates in the metadata, and some of the physical locations need to remain secret. What tool can be used to ensure that the images will not contain sensitive data within the metadata?
A. grep
B. ExifTool
C. Tcpdump
D. Wireshark
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 851). Packt Publishing. Kindle Edition.
B. ExifTool
Explanation:
Using ExifTool allows an analyst to determine the location the image was taken from
A critical service on a production system keeps crashing at random times. The systems administrator suspects that the code has not been adequately tested and may contain a bug. When the service crashes, a memory dump is created in the /var/log directory. Which of the following tools can the systems administrator use to reproduce these symptoms?
A. DAST
B. Vulnerability scanner
C. Core dump analyzer
D. Hex dump
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 851-852). Packt Publishing. Kindle Edition.
A. DAST
Explanation:
DAST tools allow a tester to recreate the error
Ontario Outdoors Inc is expecting major disruptions due to a winter weather warning. The CISO has been reviewing company policies to ensure adequate provisions are in place to deal with these environmental impacts and finds that some are missing or incomplete. The CISO must ensure that a document is immediately drafted to move various personnel and equipment to other locations to avoid downtime in operations. What is this an example of?
A. A disaster recovery plan
B. An incident response plan
C. A business continuity plan
D. A risk avoidance plan
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 852). Packt Publishing. Kindle Edition.
C. A business continuity plan
Explanation:
A BCP allows the organization to identify potential problems and have alternative plans.
Acme corporation operates a nuclear power station and relies on a legacy ICS to perform equipment monitoring functions. Regulatory compliance requires that this monitoring is mandatory. Penalties for non-compliance could be costly. The ICS has known vulnerabilities but cannot be updated or replaced. The company has been refused cyber-liability insurance. Which of the following would be the best option to manage this risk in the company’s production environment?
A. Avoid the risk by removing the ICS from production
B. Transfer the risk associated with the ICS vulnerabilities
C. Mitigate the risk by restricting access to the ICS
D. Accept the risk and upgrade the ICS when possible
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (pp. 852-853). Packt Publishing. Kindle Edition.
C. Mitigate the risk by restricting access to the ICS
Explanation:
Mitigate the risk by restricting access to the ICS. The only available course of action is segment the network that contains the legacy equipment. This is a common approach when it comes to dealing with operational tech
Following a security incident, forensics has handed over a database server to the server admin team to begin the recovery phase. The team is looking to deploy an automated build by running a script. When accessing the Bash shell, they observe the following command as the most recent entry in the server’s shell history: dd if=dev/sda of=dev/sdb Which of the following most likely occurred?
A. Forensics have used binary analysis tools to search the metadata.
B. The drive was cloned for forensic analysis.
C. The hard drive was formatted after the incident.
D. There is evidence that the forensics team may have missed.
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 853). Packt Publishing. Kindle Edition.
B. The drive was cloned for forensic analysis.
Explanation:
The drive was cloned for forensic analysis
A software engineer is looking to implement secure code while the code is still in the development environment. The goal is to deploy code that meets stability and security assurance goals. Which of the following code analyzers will produce the desired results?
A. SAST
B. DAST
C. Fuzzer
D. Peer code review
Birch, Mark. CompTIA CASP+ CAS-004 Certification Guide: Develop CASP+ skills and learn all the key topics needed to prepare for the certification exam (p. 853). Packt Publishing. Kindle Edition.
A. SAST
Explanation:
The code is still in the development environment, so SAST will be the most appropriate option here
