Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-004

Free CompTIA CAS-004 Exam Questions (page: 26)

Page 26 of 159
PDF with 645 Questions

A recent data breach stemmed from unauthorized access to an employee's company account with a cloud-based productivity suite. The attacker exploited excessive permissions granted to a third-party OAuth application to collect sensitive information.
Which of the following BEST mitigates inappropriate access and permissions issues?

  1. SIEM
  2. CASB
  3. WAF
  4. SOAR

Answer(s): B



A security engineer is hardening a company's multihomed SFTP server. When scanning a public-facing network interface, the engineer finds the following ports are open:
-25
-110
-137
-138
-139
-445
Internal Windows clients are used to transferring files to the server to stage them for customer download as part of the company's distribution process.
Which of the following would be the BEST solution to harden the system?

  1. Close ports 110, 138, and 139. Bind ports 22, 25, and 137 to only the internal interface.
  2. Close ports 25 and 110. Bind ports 137, 138, 139, and 445 to only the internal interface.
  3. Close ports 22 and 139. Bind ports 137, 138, and 445 to only the internal interface.
  4. Close ports 22, 137, and 138. Bind ports 110 and 445 to only the internal interface.

Answer(s): B



A recent data breach revealed that a company has a number of files containing customer data across its storage environment. These files are individualized for each employee and are used in tracking various customer orders, inquiries, and issues. The files are not encrypted and can be accessed by anyone. The senior management team would like to address these issues without interrupting existing processes.
Which of the following should a security architect recommend?

  1. A DLP program to identify which files have customer data and delete them
  2. An ERP program to identify which processes need to be tracked
  3. A CMDB to report on systems that are not configured to security baselines
  4. A CRM application to consolidate the data and provision access based on the process and need

Answer(s): D


Reference:

https://searchdatacenter.techtarget.com/definition/configuration-management-database#:~:text=A%20configuration%20management%20database%
20(CMDB,the%20relationships%20between%20those%20components



A security analyst observes the following while looking through network traffic in a company's cloud log:
Which of the following steps should the security analyst take FIRST?

  1. Quarantine 10.0.5.52 and run a malware scan against the host.
  2. Access 10.0.5.52 via EDR and identify processes that have network connections.
  3. Isolate 10.0.50.6 via security groups.
  4. Investigate web logs on 10.0.50.6 to determine if this is normal traffic.

Answer(s): B



Viewing page 26 of 159



Post your Comments and Discuss CompTIA CAS-004 exam prep with other Community members:

CAS-004 Exam Discussions & Posts