PassLeader released the NEWEST CompTIA CAS-004 exam dumps recently! Both CAS-004 VCE dumps and CAS-004 PDF dumps are available on PassLeader, either CAS-004 VCE dumps or CAS-004 PDF dumps have the NEWEST CAS-004 exam questions in it, they will help you passing CompTIA CAS-004 exam easily! You can download the valid CAS-004 dumps VCE and PDF from PassLeader here:Â https://www.passleader.com/cas-004.html (555 Q&As Dumps –> 572 Q&As Dumps –> 608 Q&As Dumps –> 770 Q&As Dumps ~ Lab Simulations Available)
Also, previewing the NEWEST PassLeader CAS-004 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1xDW57juM57tDgYf7o5sx957VEN2Bv3jc
NEW QUESTION 501
A security analyst has been tasked with providing key information in the risk register. Which of the following outputs or results would be used to BEST provide the information needed to determine the security posture for a risk decision? (Choose two.)
A.   Password cracker.
B.   SCAP scanner.
C.   Network traffic analyzer.
D.   Vulnerability scanner.
E.   Port scanner.
F.   Protocol analyzer.
Answer: CD
NEW QUESTION 502
An organization is in frequent litigation and has a large number of legal holds. Which of the following types of functionality should the organization’s new email system provide?
A.   DLP.
B.   Encryption.
C.   E-discovery.
D.   Privacy-level agreements.
Answer: C
NEW QUESTION 503
A security engineer based in Iceland works in an environment requiring an on-premises and cloud-based storage solution. The solution should take into consideration the following:
1. The company has sensitive data.
2. The company has proprietary data.
3. The company has its headquarters in Iceland, and the data must always reside in that country.
Which cloud deployment model should be used?
A.   Hybrid cloud.
B.   Community cloud.
C.   Public cloud.
D.   Private cloud.
Answer: A
NEW QUESTION 504
When managing and mitigating SaaS cloud vendor risk, which of the following responsibilities belongs to the client?
A.   Data.
B.   Storage.
C.   Physical security.
D.   Network.
Answer: A
NEW QUESTION 505
Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Choose two.)
A.   Proxy.
B.   Tunneling.
C.   VDI.
D.   MDM.
E.   RDP.
F.   MAC address randomization.
Answer: BF
NEW QUESTION 506
An organization does not have visibility into when company-owned assets are off network or not connected via a VPN. The lack of visibility prevents the organization from meeting security and operational objectives. Which of the following cloud-hosted solutions should the organization implement to help mitigate the risk?
A.   Antivirus
B.   UEBA
C.   EDR
D.   HIDS
Answer: C
NEW QUESTION 507
A company has retained the services of a consultant to perform a security assessment. As part of the assessment, the consultant recommends engaging with others in the industry to collaborate in regards to emerging attacks. Which of the following would BEST enable this activity?
A.   ISAC.
B.   OSINT.
C.   CVSS.
D.   Threat modeling.
Answer: A
NEW QUESTION 508
A law firm experienced a breach in which access was gained to a secure server. During an investigation to determine how the breach occurred, an employee admitted to clicking on a spear-phishing link. A security analyst reviewed the event logs and found the following:
– PAM had not been bypassed.
– DLP did not trigger any alerts.
– The antivirus was updated to the most current signatures.
Which of the following MOST likely occurred?
A.   Exploitation.
B.   Exfiltration.
C.   Privilege escalation.
D.   Lateral movement.
Answer: A
NEW QUESTION 509
A company processes sensitive cardholder information that is stored in an internal production database and accessed by internet-facing web servers. The company’s Chief Information Security Officer (CISO) is concerned with the risks related to sensitive data exposure and wants to implement tokenization of sensitive information at the record level. The company implements a one-to-many mapping of primary credit card numbers to temporary credit card numbers. Which of the following should the CISO consider in a tokenization system?
A.   Data field watermarking.
B.   Field tagging.
C.   Single-use translation.
D.   Salted hashing.
Answer: C
NEW QUESTION 510
A network administrator receives a ticket regarding an error from a remote worker who is trying to reboot a laptop. The laptop has not yet loaded the operating system, and the user is unable to continue the boot process. The administrator is able to provide the user with a recovery PIN, and the user is able to reboot the system and access the device as needed. Which of the following is the MOST likely cause of the error?
A.   Lockout of privileged access account.
B.   Duration of the BitLocker lockout period.
C.   Failure of the Kerberos time drift sync.
D.   Failure of TPM authentication.
Answer: D
NEW QUESTION 511
A security engineer is concerned about the threat of side-channel attacks. The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from its normal operating range. As a result, the part deteriorated more quickly than the mean time to failure. A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the part failed. Which of the following solutions would be BEST to prevent a side-channel attack in the future?
A.   Installing online hardware sensors.
B.   Air gapping important ICS and machines.
C.   Implementing a HIDS.
D.   Installing a SIEM agent on the endpoint.
Answer: B
NEW QUESTION 512
Which of the following is the primary reason that a risk practitioner determines the security boundary prior to conducting a risk assessment?
A.   To determine the scope of the risk assessment.
B.   To determine the business owner(s) of the system.
C.   To decide between conducting a quantitative or qualitative analysis.
D.   To determine which laws and regulations apply.
Answer: A
NEW QUESTION 513
A security architect must mitigate the risks from what is suspected to be an exposed, private cryptographic key. Which of the following is the BEST step to take?
A.   Revoke the certificate.
B.   Inform all the users of the certificate.
C.   Contact the company’s Chief Information Security Officer.
D.   Disable the website using the suspected certificate.
E.   Alert the root CA.
Answer: A
NEW QUESTION 514
An employee’s device was missing for 96 hours before being reported. The employee called the help desk to ask for another device. Which of the following phases of the incident response cycle needs improvement?
A.   Containment
B.   Preparation
C.   Resolution
D.   Investigation
Answer: B
NEW QUESTION 515
A security consultant has been asked to recommend a secure network design that would:
– Permit an existing OPC server to communicate with a new Modbus server that is controlling electrical relays.
– Limit operational disruptions.
Due to the limitations within the Modbus protocol, which of the following configurations should the security engineer recommend as part of the solution?
A.   Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 135.
B.   Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 102.
C.   Restrict outbound traffic so that only the OPC server is permitted to reach the Modbus server on port 5000.
D.   Restrict inbound traffic so that only the OPC server is permitted to reach the Modbus server on port 502.
Answer: D
NEW QUESTION 516
A forensic investigator started the process of gathering evidence on a laptop in response to an incident. The investigator took a snapshot of the hard drive, copied relevant log files, and then performed a memory dump. Which of the following steps in the process should have occurred FIRST?
A.   Preserve secure storage.
B.   Clone the disk.
C.   Collect the most volatile data.
D.   Copy the relevant log files.
Answer: C
NEW QUESTION 517
A company is designing a new system that must have high security. This new system has the following requirements:
– Permissions must be assigned based on role.
– Fraud from a single person must be prevented.
– A single entity must not have full access control.
Which of the following can the company use to meet these requirements?
A.   Dual responsibility.
B.   Separation of duties.
C.   Need to know.
D.   Least privilege.
Answer: B
NEW QUESTION 518
A Chief Security Officer (CSO) is concerned about the number of successful ransomware attacks that have hit the company. The data indicates most of the attacks came through a fake email. The company has added training, and the CSO now wants to evaluate whether the training has been successful. Which of the following should the CSO implement?
A.   Simulating a spam campaign.
B.   Conducting a sanctioned vishing attack.
C.   Performing a risk assessment.
D.   Executing a penetration test.
Answer: A
NEW QUESTION 519
A company hosts a large amount of data in blob storage for its customers. The company recently had a number of issues with this data being prematurely deleted before the scheduled backup processes could be completed. The management team has asked the security architect for a recommendation that allows blobs to be deleted occasionally, but only after a successful backup. Which of the following solutions will BEST meet this requirement?
A.   Mirror the blobs at a local data center.
B.   Enable fast recovery on the storage account.
C.   Implement soft delete for blobs.
D.   Make the blob immutable.
Answer: C
NEW QUESTION 520
To save time, a company that is developing a new VPN solution has decided to use the OpenSSL library within its proprietary software. Which of the following should the company consider to maximize risk reduction from vulnerabilities introduced by OpenSSL?
A.   Include stable, long-term releases of third-party libraries instead of using newer versions.
B.   Ensure the third-party library implements the TLS and disable weak ciphers.
C.   Compile third-party libraries into the main code statically instead of using dynamic loading.
D.   Implement an ongoing, third-party software and library review and regression testing.
Answer: D
NEW QUESTION 521
After the latest risk assessment, the Chief Information Security Officer (CISO) decides to meet with the development and security teams to find a way to reduce the security task workload. The CISO would like to:
– Have a solution that uses API to communicate with other security tools.
– Use the latest technology possible.
– Have the highest controls possible on the solution.
Which of following is the BEST option to meet these requirements?
A.   EDR
B.   CSP
C.   SOAR
D.   CASB
Answer: C
NEW QUESTION 522
A security engineer is working for a service provider and analyzing logs and reports from a new EDR solution, which is installed on a small group of workstations. Later that day, another security engineer receives an email from two developers reporting the software being used for development activities is now blocked. The developers have not made any changes to the software being used. Which of the following is the EDR reporting?
A.   True positive.
B.   False negative.
C.   False positive.
D.   True negative.
Answer: C
NEW QUESTION 523
An organization has just been breached, and the attacker is exfiltrating data from workstations. The security analyst validates this information with the firewall logs and must stop the activity immediately. Which of the following steps should the security analyst perform NEXT?
A.   Determine what data is being stolen and change the folder permissions to read only.
B.   Determine which users may have clicked on a malicious email link and suspend their accounts.
C.   Determine where the data is being transmitted and create a block rule.
D.   Determine if a user inadvertently installed malware from a USB drive and update antivirus definitions.
E.   Determine if users have been notified to save their work and turn off their workstations.
Answer: C
NEW QUESTION 524
A security architect is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techniques should have been implemented to prevent these types of risks?
A.   Code reviews.
B.   Supply chain visibility.
C.   Software audits.
D.   Source code escrows.
Answer: D
NEW QUESTION 525
A company has decided that only administrators are permitted to use PowerShell on their Windows computers. Which of the following is the BEST way for an administrator to implement this decision?
A.   Monitor the Application and Services Logs group within Windows Event Log.
B.   Uninstall PowerShell from all workstations.
C.   Configure user settings In Group Policy.
D.   Provide user education and training.
E.   Block PowerShell via HIDS.
Answer: C
NEW QUESTION 526
A recent security audit identified multiple endpoints have the following vulnerabilities:
– Various unsecured open ports.
– Active accounts for terminated personnel.
– Endpoint protection software with legacy versions.
– Overly permissive access rules.
Which of the following would BEST mitigate these risks? (Choose three.)
A.   Local drive encryption.
B.   Secure boot.
C.   Address space layout randomization.
D.   Unneeded services disabled.
E.   Patching.
F.   Logging.
G.   Removal of unused accounts.
H.   Enabling BIOS password.
Answer: DEG
NEW QUESTION 527
A client is adding scope to a project. Which of the following processes should be used when requesting updates or corrections to the client’s systems?
A.   The implementation engineer requests direct approval from the systems engineer and the Chief Information Security Officer.
B.   The change control board must review and approve a submission.
C.   The information system security officer provides the systems engineer with the system updates.
D.   The security engineer asks the project manager to review the updates for the client’s system.
Answer: B
NEW QUESTION 528
A small company recently developed prototype technology for a military program. The company’s security engineer is concerned about potential theft of the newly developed, proprietary information. Which of the following should the security engineer do to BEST manage the threats proactively?
A.   Join an information-sharing community that is relevant to the company.
B.   Leverage the MITRE ATT&CK framework to map the TTP.
C.   Use OSINT techniques to evaluate and analyze the threats.
D.   Implement a network-based intrusion detection system.
Answer: B
NEW QUESTION 529
A company is looking at sending historical backups containing customer PII to a cloud service provider to save on storage costs. Which of the following is the MOST important consideration before making this decision?
A.   Availability.
B.   Data sovereignty.
C.   Geography.
D.   Vendor lock-in.
Answer: B
NEW QUESTION 530
A cybersecurity analyst discovered a private key that could have been exposed. Which of the following is the BEST way for the analyst to determine if the key has been compromised?
A.   HSTS
B.   PKI
C.   CSRs
D.   OCSP
Answer: D
NEW QUESTION 531
A security architect recommends replacing the company’s monolithic software application with a containerized solution. Historically, secrets have been stored in the application’s configuration files. Which of the following changes should the security architect make in the new system?
A.   Use a secrets management tool.
B.   Save secrets in key escrow.
C.   Store the secrets inside the Dockerfiles.
D.   Run all Dockerfiles in a randomized namespace.
Answer: A
NEW QUESTION 532
Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?
A.   Initiate a legal hold.
B.   Refer to the retention policy.
C.   Perform e-discovery.
D.   Review the subpoena.
Answer: A
NEW QUESTION 533
……
Welcome to choose PassLeader CAS-004 dumps for 100% passing CompTIA CAS-004 exam:Â https://www.passleader.com/cas-004.html (555 Q&As VCE Dumps and PDF Dumps –> 572 Q&As VCE Dumps and PDF Dumps –> 608 Q&As VCE Dumps and PDF Dumps –> 770 Q&As VCE Dumps and PDF Dumps ~ Lab Simulations Available)
Also, previewing the NEWEST PassLeader CAS-004 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1xDW57juM57tDgYf7o5sx957VEN2Bv3jc