CAS-004 Exam Questions

Total 196 Questions

Last Updated Exam : 16-Dec-2024

A company in the financial sector receives a substantial number of customer transaction
requests via email. While doing a root-cause analysis conceding a security breach, the
CIRT correlates an unusual spike in port 80 traffic from the IP address of a desktop used
by a customer relations employee who has access to several of the compromised
accounts. Subsequent antivirus scans of the device do not return an findings, but the CIRT
finds undocumented services running on the device. Which of the following controls would reduce the discovery time for similar in the future.


A.

Implementing application blacklisting


B.

Configuring the mall to quarantine incoming attachment automatically


C.

Deploying host-based firewalls and shipping the logs to the SIEM


D.

Increasing the cadence for antivirus DAT updates to twice daily





C.
  

Deploying host-based firewalls and shipping the logs to the SIEM



A cybersecurity analyst created the following tables to help determine the maximum budget amount the business can justify spending on an improved email filtering system:

Which of the following meets the budget needs of the business?


A.

Filter ABC


B.

Filter XYZ


C.

Filter GHI


D.

Filter TUV





C.
  

Filter GHI



A security analyst is reviewing network connectivity on a Linux workstation and examining the active TCP connections using the command line.Which of the following commands would be the BEST to run to view only active Internet
connections?


A.

sudo netstat -antu | grep “LISTEN” | awk ‘{print$5}’


B.

sudo netstat -nlt -p | grep “ESTABLISHED”


C.

sudo netstat -plntu | grep -v “Foreign Address”


D.

sudo netstat -pnut -w | column -t -s $’\w’


E.

sudo netstat -pnut | grep -P ^tcp





B.
  

sudo netstat -nlt -p | grep “ESTABLISHED”



Reference: https://www.codegrepper.com/code-examples/shell/netstat+find+port

A security analyst is reviewing the following output:

Which of the following would BEST mitigate this type of attack?


A.

Installing a network firewall


B.

Placing a WAF inline


C.

Implementing an IDS


D.

Deploying a honeypot





A.
  

Installing a network firewall



An organization recently started processing, transmitting, and storing its customers’ credit
card information. Within a week of doing so, the organization suffered a massive breach
that resulted in the exposure of the customers’ information.
Which of the following provides the BEST guidance for protecting such information while it is at rest and in transit?


A.

NIST


B.

GDPR


C.

PCI DSS


D.

ISO





C.
  

PCI DSS



Reference: https://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard

A Chief Information Officer is considering migrating all company data to the cloud to save
money on expensive SAN storage.
Which of the following is a security concern that will MOST likely need to be addressed
during migration?


A.

Latency


B.

Data exposure


C.

Data loss


D.

Data dispersion





A.
  

Latency



A security engineer at a company is designing a system to mitigate recent setbacks caused
competitors that are beating the company to market with the new products. Several of the
products incorporate propriety enhancements developed by the engineer’s company. The
network already includes a SEIM and a NIPS and requires 2FA for all user access. Which
of the following system should the engineer consider NEXT to mitigate the associated
risks?


A.

DLP


B.

Mail gateway


C.

Data flow enforcement


D.

UTM





A.
  

DLP



A company’s claims processed department has a mobile workforce that receives a large
number of email submissions from personal email addresses. An employees recently
received an email that approved to be claim form, but it installed malicious software on the
employee’s laptop when was opened.


A.

Impalement application whitelisting and add only the email client to the whitelist for
laptop in the claims processing department.


B.

Required all laptops to connect to the VPN before accessing email.


C.

Implement cloud-based content filtering with sandboxing capabilities.


D.

Install a mail gateway to scan incoming messages and strip attachments before they
reach the mailbox.





C.
  

Implement cloud-based content filtering with sandboxing capabilities.



A company’s Chief Information Security Officer is concerned that the company’s proposed
move to the cloud could lead to a lack of visibility into network traffic flow logs within the
VPC.
Which of the following compensating controls would be BEST to implement in this
situation?


A.

EDR


B.

SIEM


C.

HIDS


D.

UEBA





B.
  

SIEM



Reference: https://runpanther.io/cyber-explained/cloud-based-siem-explained/

A company’s employees are not permitted to access company systems while traveling
internationally. The company email system is configured to block logins based on
geographic location, but some employees report their mobile phones continue to sync
email traveling . Which of the following is the MOST likely explanation? (Select TWO.)


A.

Outdated escalation attack


B.

Privilege escalation attack


C.

VPN on the mobile device


D.

Unrestricted email administrator accounts


E.

Chief use of UDP protocols


F.

Disabled GPS on mobile devices





C.
  

VPN on the mobile device



F.
  

Disabled GPS on mobile devices




Page 5 out of 20 Pages
Previous