Curious about Actual CompTIA CASP (CAS-004) Exam Questions?

Here are sample CompTIA Advanced Security Practitioner (CASP+) (CAS-004) Exam questions from real exam. You can get more CompTIA CASP (CAS-004) Exam premium practice questions at TestInsights.

Page: 1 /
Total 445 questions

Want more questions? Get Premium Access.

Question 1

A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port The service cannot be turned off, as it would impact a critical application's ability to function. Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited?

Aservice ---status-ali I grep ftpd

Bchkconfig --list

Cneestat -tulpn

Dsysteactl list-unit-file ---type service ftpd

Eservice ftpd. status

Correct : C

The netstat -tulpn command is used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. The -tulpn options specifically show TCP and UDP connections with the process ID and the name that is listening on each port, which would provide the necessary information to identify if FTP is running and on which port without turning the service off. This information can then be used to create a precise firewall rule to prevent the FTP service from being exploited.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

Aservice ---status-ali I grep ftpd

Bchkconfig --list

Cneestat -tulpn

Dsysteactl list-unit-file ---type service ftpd

Eservice ftpd. status

0 / 1500

Question 2

A SOC analyst received an alert about a potential compromise and is reviewing the following SIEM logs:

Which of the following is the most appropriate action for the SOC analyst to recommend?

ADisabling account JDoe to prevent further lateral movement

BIsolating laptop314 from the network

CAlerting JDoe about the potential account compromise

DCreating HIPS and NIPS rules to prevent logins

Correct : B

The SIEM logs indicate suspicious behavior that could be a sign of a compromise, such as the launching of cmd.exe after Outlook.exe, which is atypical user behavior and could indicate that a machine has been compromised to perform lateral movement within the network. Isolating laptop314 from the network would contain the threat and prevent any potential spread to other systems while further investigation takes place.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ADisabling account JDoe to prevent further lateral movement

BIsolating laptop314 from the network

CAlerting JDoe about the potential account compromise

DCreating HIPS and NIPS rules to prevent logins

0 / 1500

Question 3

A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service. Which of the following AES modes should the security administrator recommend given these requirements?

ACTR

BECB

COF8

DGCM

Correct : D

Galois/Counter Mode (GCM) is an AES mode of operation that provides both confidentiality and data integrity. It is well-suited for processing streams of data, making it ideal for streaming video services. GCM is known for its strong cryptographic security and good performance, which aligns with the legacy cipher's characteristics and the streaming service's requirements.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ACTR

BECB

COF8

DGCM

0 / 1500

Question 4

Company A is merging with Company B Company A is a small, local company Company B has a large, global presence The two companies have a lot of duplication in their IT systems processes, and procedures On the new Chief Information Officer's (ClO's) first day a fire breaks out at Company B's mam data center Which of the following actions should the CIO take first?

ADetermine whether the incident response plan has been tested at both companies, and use it to respond

BReview the incident response plans, and engage the disaster recovery plan while relying on the IT leaders from both companies.

CEnsure hot. warm, and mobile disaster recovery sites are available, and give an update to the companies' leadership teams

DInitiate Company A's IT systems processes and procedures, assess the damage, and perform a BIA

Correct : B

In the event of a fire at the main data center, the immediate action should be to review and engage the disaster recovery plan. This is to ensure the continuity of business operations. The CIO should coordinate with IT leaders from both companies to ensure a unified response. Assessing the damage and planning for recovery are crucial, and leveraging the expertise from both companies can help streamline the process.

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

ADetermine whether the incident response plan has been tested at both companies, and use it to respond

BReview the incident response plans, and engage the disaster recovery plan while relying on the IT leaders from both companies.

CEnsure hot. warm, and mobile disaster recovery sites are available, and give an update to the companies' leadership teams

DInitiate Company A's IT systems processes and procedures, assess the damage, and perform a BIA

0 / 1500

Question 5

Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?

AInitiate a legal hold.

BRefer to the retention policy

CPerform e-discovery.

DReview the subpoena

Correct : A

A legal hold is a process by which an organization instructs its employees or other relevant parties to preserve specific data for potential litigation. A legal hold is triggered when litigation is reasonably anticipated, such as when law enforcement officials inform an organization that an investigation has begun. The first step the organization should take is to initiate a legal hold to ensure that relevant evidence is not deleted, destroyed, or altered. A legal hold also demonstrates the organization's good faith and compliance with its duty to preserve evidence. Verified Reference:

https://percipient.co/litigation-hold-triggers-and-the-duty-to-preserve-evidence/

Options Selected by Other Users:

Mark Question:

Start a Discussions

Submit Your Answer:

AInitiate a legal hold.

BRefer to the retention policy

CPerform e-discovery.

DReview the subpoena

0 / 1500

Page: 1 / 89
Total 445 questions

Unlock Full
CAS-004 Exam Features

In Just $49 You can Access

All Official Question Types
Interactive Web-Based Practice Test Software
No Installation or 3rd Party Software Required
Customize your practice sessions (Free Demo)
24/7 Customer Support

Get Full Access Now

Marked Questions
CAS-004 Exam

CAS-004 Exam Question 1
CAS-004 Exam Question 2
CAS-004 Exam Question 3
CAS-004 Exam Question 4
CAS-004 Exam Question 5

Download PDF File Demo

Try Web-Based Exam Practice Software Demo

Commenting

In order to participate in the comments you need to be logged-in.
You can sign-up or login