Download CASP+ Exam Prep: Practice Questions & Answers and more Exercises Network Theory in PDF only on Docsity!
2024 Latest leads4pass CAS-004 PDF and VCE dumps Download
CAS-
Q&As
CompTIA Advanced Security Practitioner (CASP+)
Pass CompTIA CAS-004 Exam with 100% Guarantee
Free Download Real Questions & Answers PDF and VCE file from:
https://www.leads4pass.com/cas-004.html
100% Passing Guarantee
100% Money Back Assurance
Following Questions and Answers are all new published by CompTIA
Official Exam Center
2024 Latest leads4pass CAS-004 PDF and VCE dumps Download
QUESTION 1
DRAG DROP
Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all. Select and Place:
Correct Answer:
2024 Latest leads4pass CAS-004 PDF and VCE dumps Download
QUESTION 3
Company A is merging with Company B Company A is a small, local company Company B has a large, global presence The two companies have a lot of duplication in their IT systems processes, and procedures On the new Chief Information Officer\'s (ClO\'s) first day a fire breaks out at Company B\'s mam data center Which of the following actions should the CIO take first? A. Determine whether the incident response plan has been tested at both companies, and use it to respond B. Review the incident response plans, and engage the disaster recovery plan while relying on the IT leaders from both companies. C. Ensure hot. warm, and mobile disaster recovery sites are available, and give an update to the companies\' leadership teams D. Initiate Company A\'s IT systems processes and procedures, assess the damage, and perform a BIA Correct Answer: B In the event of a fire at the main data center, the immediate action should be to review and engage the disaster recovery plan. This is to ensure the continuity of business operations. The CIO should coordinate with IT leaders from both companies to ensure a unified response. Assessing the damage and planning for recovery are crucial, and leveraging the expertise from both companies can help streamline the process.
QUESTION 4 A company\'s employees are not permitted to access company systems while traveling internationally. The company email system is configured to block logins based on geographic location, but some employees report their mobile phones continue to sync email while traveling. Which of the following is the MOST likely explanation? (Choose two.) A. Outdated geographic IP information B. Privilege escalation attack C. VPN on the mobile device D. Unrestricted email administrator accounts E. Client use of UDP protocols F. Disabled GPS on mobile devices Correct Answer: CF
QUESTION 5
2024 Latest leads4pass CAS-004 PDF and VCE dumps Download
A security engineer estimates the company\'s popular web application experiences 100 attempted breaches per day. In the past four years, the company\'s data has been breached two times. Which of the following should the engineer report as the ARO for successful breaches? A. 0. B. 8 C. 50 D. 36, Correct Answer: A Reference: https://blog.netwrix.com/2020/07/24/annual-loss-expectancy-and-quantitative- risk-analysis/
QUESTION 6 A financial institution has several that currently employ the following controls:
The severs follow a monthly patching cycle.
All changes must go through a change management process.
Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.
The servers are on an isolated VLAN and cannot be directly accessed from the internal production network. An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process. Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future? A. Require more than one approver for all change management requests. B. Implement file integrity monitoring with automated alerts on the servers. C. Disable automatic patch update capabilities on the servers D. Enhanced audit logging on the jump servers and ship the logs to the SIEM. Correct Answer: B
QUESTION 7
2024 Latest leads4pass CAS-004 PDF and VCE dumps Download
D. Align the attack vectors to the predetermined system categorization. Correct Answer: C The impact subscore measures how much damage an attacker could cause if they successfully exploited this vulnerability3. By aligning the impact subscore requirements to the predetermined system categorization, the security analyst can get a better picture of the risk while adhering to the organization\'s policy.
QUESTION 10 A company provides guest WiFi access to the Internet and physically separates the guest network from the company\'s internal WiFi. Due to a recent incident in which an attacker gained access to the company\'s internal WiFi, the company plans to configure WPA2 Enterprise in an EAP-TLS configuration. Which of the following must be installed on authorized hosts for this new configuration to work properly? A. Active Directory GPOs B. PKI certificates C. Host-based firewall D. NAC persistent agent Correct Answer: B
QUESTION 11
Which of the following communication protocols is used to create PANs with small, low-power digital radios and supports a large number of nodes? A. Zigbee B. Wi-Fi C. CAN D. Modbus E. DNP Correct Answer: A
QUESTION 12
A company requires a task to be carried by more than one person concurrently. This is an example of:
2024 Latest leads4pass CAS-004 PDF and VCE dumps Download
A. separation of d duties. B. dual control C. least privilege D. job rotation Correct Answer: B
QUESTION 13
A company\'s Chief Information Officer wants to implement IDS software onto the current system\'s architecture to provide an additional layer of security. The software must be able to monitor system activity, provide information on attempted attacks, and provide analysis of malicious activities to determine termine the processes or users involved. Which of the following would provide this information? A. HIPS B. UEBA C. HIDS D. NIDS Correct Answer: C Reference: https://www.sciencedirect.com/topics/computer-science/host-based-intrusion-detection-systems
CAS-004 PDF Dumps CAS-004 VCE Dumps CAS-004 Practice Test
Powered by TCPDF (www.tcpdf.org)
CAS-004 PDF Dumps | CAS-004 VCE Dumps | CAS-004 Practice Test 8 / 8
