PassLeader released the NEWEST CompTIA CAS-004 exam dumps recently! Both CAS-004 VCE dumps and CAS-004 PDF dumps are available on PassLeader, either CAS-004 VCE dumps or CAS-004 PDF dumps have the NEWEST CAS-004 exam questions in it, they will help you passing CompTIA CAS-004 exam easily! You can download the valid CAS-004 dumps VCE and PDF from PassLeader here:Â https://www.passleader.com/cas-004.html (770 Q&As Dumps ~ Lab Simulations Available)
Also, previewing the NEWEST PassLeader CAS-004 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1xDW57juM57tDgYf7o5sx957VEN2Bv3jc
NEW QUESTION 641
A security analyst received a report that a suspicious flash drive was picked up in the office’s waiting area, located beyond the secured door. The analyst investigated the drive and found malware designed to harvest and transmit credentials. Security cameras in the area where the flash drive was discovered showed a vendor representative dropping the drive. Which of the following should the analyst recommend as an additional way to identify anyone who enters the building, in the event the camera system fails?
A.   Employee badge logs.
B.   Phone call logs.
C.   Vehicle registration logs.
D.   Visitor logs.
Answer: D
NEW QUESTION 642
An IT director is working on a solution to meet the challenge of remotely managing laptop devices and securely locking them down. The solution must meet the following requirements:
– Cut down on patch management.
– Make use of standard configurations.
– Allow for custom resource configurations.
– Provide access to the enterprise system from multiple types of devices.
Which of the following would meet these requirements?
A.   MDM.
B.   Emulator.
C.   Hosted hypervisor.
D.   VDI.
Answer: D
NEW QUESTION 643
A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process. Which of the following presents the most risk to the development life cycle and to the ability to deliver the security tool on time?
A.   Deep learning language barriers.
B.   Big Data processing required for maturity.
C.   Secure, multiparty computation requirements.
D.   Computing capabilities available to the developer.
Answer: B
NEW QUESTION 644
Which of the following should be established when configuring a mobile device to protect user internet privacy, to ensure the connection is encrypted, and to keep user activity hidden? (Choose two.)
A.   Proxy
B.   Tunneling
C.   VDI
D.   MDM
E.   RDP
F.   Containerization
Answer: AB
NEW QUESTION 645
A security team is concerned with attacks that are taking advantage of return-oriented programming against the company’s public-facing applications. Which of the following should the company implement on the public-facing servers?
A.   IDS
B.   ASLR
C.   TPM
D.   HSM
Answer: B
NEW QUESTION 646
A financial institution generates a list of newly created accounts and sensitive information on a daily basis. The financial institution then sends out a file containing thousands of lines of data. Which of the following would be the best way to reduce the risk of a malicious insider making changes to the file that could go undetected?
A.   Write a SIEM rule that generates a critical alert when files are created on the application server.
B.   Implement a FIM that automatically generates alerts when the file is accessed by IP addresses that are not associated with the application.
C.   Create a script that compares the size of the file on an hourly basis and generates alerts when changes are identified.
D.   Tune the rules on the host-based IDS for the application server to trigger automated alerts when the application server is accessed from the internet.
Answer: B
NEW QUESTION 647
A security architect examines a section of code and discovers the following:
char username[20]
char password[20]
gets(username)
checkUserExists(username)
Which of the following changes should the security architect require before approving the code for release?
A.   Allow only alphanumeric characters for the username.
B.   Make the password variable longer to support more secure passwords.
C.   Prevent more than 20 characters from being entered.
D.   Add a password parameter to the checkUserExists function.
Answer: C
NEW QUESTION 648
A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written. Which of the following methods should the company use?
A.   SAST.
B.   DAST.
C.   Fuzz testing.
D.   Intercepting proxy.
Answer: A
NEW QUESTION 649
The IT team suggests the company would save money by using self-signed certificates, but the security team indicates the company must use digitally signed third-party certificates. Which of the following is a valid reason to pursue the security team’s recommendation?
A.   PKCS #10 is still preferred over PKCS #12.
B.   Private-key CSR signage prevents on-path interception.
C.   There is more control in using a local certificate over a third-party certificate.
D.   There is minimal benefit in using a certificate revocation list.
Answer: B
NEW QUESTION 650
Which of the following is a security concern for DNP3?
A.   Free-form messages require support.
B.   Available function codes are not standardized.
C.   Authentication is not allocated.
D.   It is an open source protocol.
Answer: C
NEW QUESTION 651
A security team is creating tickets to track the progress of remediation. Which of the following is used to specify the due dates for high- and critical-priority findings?
A.   MSA
B.   SLA
C.   ISA
D.   MOU
Answer: B
NEW QUESTION 652
Before launching a new web application, an organization would like to perform security testing. Which of the following resources should the organization use to determine the objectives for the test?
A.   CASB
B.   SOAR
C.   OWASP
D.   ISAC
Answer: C
NEW QUESTION 653
A Chief Information Security Officer (CISO) received a call from the Chief Executive Officer (CEO) about a data breach from the SOC lead around 9:00 a.m. At 10:00 a.m. The CEO informs the CISO that a breach of the firm is being reported on national news. Upon investigation, it is determined that a network administrator has reached out to a vendor prior to the breach for information on a security patch that failed to be installed. Which of the following should the CISO do to prevent this from happening again?
A.   Properly triage events based on brand imaging and ensure the CEO is on the call roster.
B.   Create an effective communication plan and socialize it with all employees.
C.   Send out a press release denying the breach until more information can be obtained.
D.   Implement a more robust vulnerability identification process.
Answer: D
NEW QUESTION 654
An internal security audit determines that Telnet is currently being used within the environment to manage network switches. Which of the following tools should be utilized to identify credentials in plaintext that are used to log in to these devices?
A.   Fuzzer.
B.   Network traffic analyzer.
C.   HTTP interceptor.
D.   Port scanner.
E.   Password cracker.
Answer: B
NEW QUESTION 655
Which of the following provides the best solution for organizations that want to securely back up the MFA seeds for its employees in a central, offline location with minimal management overhead?
A.   Key escrow service.
B.   Secrets management.
C.   Encrypted database.
D.   Hardware security module.
Answer: D
NEW QUESTION 656
A senior security analyst is helping the development team improve the security of an application that is being developed. The developers use third-party libraries and applications. The software in development used old, third-party packages that were not replaced before market distribution. Which of the following should be implemented into the SDLC to resolve the issue?
A.   Software composition analysis.
B.   A SCAP scanner.
C.   A SAST.
D.   A DAST.
Answer: A
NEW QUESTION 657
A company with only U.S.-based customers wants to allow developers from another country to work on the company’s website. However, the company plans to block normal internet traffic from the other country. Which of the following strategies should the company use to accomplish this objective? (Choose two.)
A.   Block foreign IP addresses from accessing the website.
B.   Have the developers use the company’s VPN.
C.   Implement a WAF for the website.
D.   Give the developers access to a jump box on the network.
E.   Employ a reverse proxy for the developers.
F.   Use NAT to enable access for the developers.
Answer: BD
NEW QUESTION 658
A security engineer is re-architecting a network environment that provides regional electric distribution services. During a pretransition baseline assessment, the engineer identified the following security-relevant characteristics of the environment:
– Enterprise IT servers and supervisory industrial systems share the same subnet.
– Supervisory controllers use the 750MHz band to direct a portion of fielded PLCs.
– Command and telemetry messages from industrial control systems are unencrypted and unauthenticated.
Which of the following re-architecture approaches would be best to reduce the company’s risk?
A.   Implement a one-way guard between enterprise IT services and mission-critical systems, obfuscate legitimate RF signals by broadcasting noise, and implement modern protocols to authenticate ICS messages.
B.   Characterize safety-critical versus non-safety-critical systems, isolate safety-critical systems from other systems, and increase the directionality of RF links in the field.
C.   Create a new network segment for enterprise IT servers, configure NGFW to enforce a well-defined segmentation policy, and implement a WIDS to monitor the spectrum.
D.   Segment supervisory controllers from field PLCs, disconnect the entire network from the internet, and use only the 750MHz link for controlling energy distribution services.
Answer: C
NEW QUESTION 659
A security architect is reviewing the following organizational specifications for a new application:
– Be sessionless and API-based.
– Accept uploaded documents with PII, so all storage must be ephemeral.
– Be able to scale on-demand across multiple nodes.
– Restrict all network access except for the TLS port.
Which of the following ways should the architect recommend the application be deployed in order to meet security and organizational infrastructure requirements?
A.   Utilizing the cloud container service.
B.   On server instances with autoscaling groups.
C.   Using scripted delivery.
D.   With a content delivery network.
Answer: A
NEW QUESTION 660
A security analyst is participating in a risk assessment and is helping to calculate the exposure factor associated with various systems and processes within the organization. Which of the following resources would be most useful to calculate the exposure factor in this scenario?
A.   Gap analysis.
B.   Business impact analysis.
C.   Risk register.
D.   Information security policy.
E.   Lessons learned.
Answer: B
NEW QUESTION 661
Two companies that recently merged would like to unify application access between the companies, without initially merging internal authentication stores. Which of the following technical strategies would best meet this objective?
A.   Federation
B.   RADIUS
C.   TACACS+
D.   MFA
E.   ABAC
Answer: A
NEW QUESTION 662
A company has been the target of LDAP injections, as well as brute-force, whaling, and spear-phishing attacks. The company is concerned about ensuring continued system access. The company has already implemented a SSO system with strong passwords. Which of the following additional controls should the company deploy?
A.   Two-factor authentication.
B.   Identity proofing.
C.   Challenge questions.
D.   Live identity verification.
Answer: A
NEW QUESTION 663
A company recently deployed new servers to create an additional cluster to support a new application. The corporate security policy states that all new servers must be resilient. The new cluster has a high-availability configuration for a smooth failover. The failover was successful following a recent power outage, but both clusters lost critical data, which impacted recovery time. Which of the following needs to be configured to help ensure minimal delays when power outages occur in the future?
A.   Replication.
B.   Caching.
C.   Containerization.
D.   Redundancy.
E.   High availability.
Answer: A
NEW QUESTION 664
A company with customers in the United States and Europe wants to ensure its content is delivered to end users with low latency. Content includes both sensitive and public information. The company’s data centers are located on the West Coast of the United States. Users on the East Coast of the United States and users in Europe are experiencing slow application response. Which of the following would allow the company to improve application response quickly?
A.   Installing reverse caching proxies in both data centers and implementing proxy autoscaling.
B.   Using HTTPS to serve sensitive content and HTTP for public content.
C.   Using colocation services in regions where the application response is slow.
D.   Implementing a CDN and forcing all traffic through the CDN.
Answer: D
NEW QUESTION 665
A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer’s software. The security researcher asks for the manager’s advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher?
A.   Collect proof that the exploit works in order to expedite the process.
B.   Publish proof-of-concept exploit code on a personal blog.
C.   Recommend legal consultation about the process.
D.   Visit a bug bounty website for the latest information.
Answer: C
NEW QUESTION 666
A company has identified a number of vulnerable, end-of-support systems with limited defensive capabilities. Which of the following would be the first step in reducing the attack surface in this environment?
A.   Utilizing hardening recommendations.
B.   Deploying IPS/IDS throughout the environment.
C.   Installing and updating antivirus.
D.   Installing all available patches.
Answer: A
NEW QUESTION 667
A security administrator is setting up a virtualization solution that needs to run services from a single host. Each service should be the only one running in its environment. Each environment needs to have its own operating system as a base but share the kernel version and properties of the running host. Which of the following technologies would best meet these requirements?
A.   Containers.
B.   Type 1 hypervisor.
C.   Type 2 hypervisor.
D.   Virtual desktop infrastructure.
E.   Emulation.
Answer: B
NEW QUESTION 668
The primary advantage of an organization creating and maintaining a vendor risk registry is to ____.
A.   define the risk assessment methodology
B.   study a variety of risks and review the threat landscape
C.   ensure that inventory of potential risk is maintained
D.   ensure that all assets have low residual risk
Answer: C
NEW QUESTION 669
A cloud security architect has been tasked with finding a solution for hardening VMs. The solution must meet the following requirements:
– Data needs to be stored outside of the VMs.
– No unauthorized modifications to the VMs are allowed.
– If a change needs to be done, a new VM needs to be deployed.
Which of the following is the best solution?
A.   Immutable system.
B.   Data loss prevention.
C.   Storage area network.
D.   Baseline template.
Answer: A
NEW QUESTION 670
Which of the following security features do email signatures provide?
A.   Non-repudiation.
B.   Body encryption.
C.   Code signing.
D.   Sender authentication.
E.   Chain of custody.
Answer: AD
NEW QUESTION 671
The company management elects to cancel production. Which of the following risk strategies is the company using in this scenario?
A.   Avoidance
B.   Mitigation
C.   Rejection
D.   Acceptance
Answer: A
NEW QUESTION 672
An organization has deployed a cloud-based application that provides virtual event services globally to clients. During a typical event, thousands of users access various entry pages within a short period of time. The entry pages include sponsor-related content that is relatively static and is pulled from a database. When the first major event occurs, users report poor response time on the entry pages. Which of the following features is the most appropriate for the company to implement?
A.   Horizontal scalability.
B.   Vertical scalability.
C.   Containerization.
D.   Static code analysis.
E.   Caching.
Answer: E
NEW QUESTION 673
A company has a website with a huge database. The company wants to ensure that a DR site could be brought online quickly in the event of a failover, and end users would miss no more than 30 minutes of data. Which of the following should the company do to meet these objectives?
A.   Build a content caching system at the DR site.
B.   Store the nightly full backups at the DR site.
C.   Increase the network bandwidth to the DR site.
D.   Implement real-time replication for the DR site.
Answer: D
NEW QUESTION 674
A senior cybersecurity engineer is solving a digital certificate issue in which the CA denied certificate issuance due to failed subject identity validation. At which of the following steps within the PKI enrollment process would the denial have occurred?
A.   RA
B.   OCSP
C.   CA
D.   IdP
Answer: C
NEW QUESTION 675
An organization needs to classify its systems and data in accordance with external requirements. Which of the following roles is best qualified to perform this task?
A.   Systems administrator.
B.   Data owner.
C.   Data processor.
D.   Data custodian.
E.   Data steward.
Answer: B
NEW QUESTION 676
……
Welcome to choose PassLeader CAS-004 dumps for 100% passing CompTIA CAS-004 exam:Â https://www.passleader.com/cas-004.html (770 Q&As VCE Dumps and PDF Dumps ~ Lab Simulations Available)
Also, previewing the NEWEST PassLeader CAS-004 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1xDW57juM57tDgYf7o5sx957VEN2Bv3jc