CAS-004試験無料問題集「CompTIA Advanced Security Practitioner (CASP+) 認定」
In preparation for the holiday season, a company redesigned the system that manages retail sales and moved it to a cloud service provider. The new infrastructure did not meet the company's availability requirements. During a postmortem analysis, the following issues were highlighted:
1. International users reported latency when images on the web page were initially loading.
2. During times of report processing, users reported issues with inventory when attempting to place orders.
3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.
Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?
1. International users reported latency when images on the web page were initially loading.
2. During times of report processing, users reported issues with inventory when attempting to place orders.
3. Despite the fact that ten new API servers were added, the load across servers was heavy at peak times.
Which of the following infrastructure design changes would be BEST for the organization to implement to avoid these issues in the future?
正解:B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
A company's Chief Information Security Officer wants to prevent the company from being the target of ransomware. The company's IT assets need to be protected. Which of the following are the most secure options to address these concerns? (Select three).
正解:C,E,F
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
A security engineer is assessing a legacy server and needs to determine if FTP is running and on which port The service cannot be turned off, as it would impact a critical application's ability to function. Which of the following commands would provide the information necessary to create a firewall rule to prevent that service from being exploited?
正解:E
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
The findings from a recent penetration test report indicate a systematic issue related to cross-site scripting (XSS). A security engineer would like to prevent this type of issue for future reports. Which of the following mitigation strategies should the engineer use to best resolve the issue?
正解:C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
A software developer created an application for a large, multinational company. The company is concerned the program code could be reverse engineered by a foreign entity and intellectual property would be lost. Which of the following techniques should be used to prevent this situation?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
A bank hired a security architect to improve its security measures against the latest threats The solution must meet the following requirements
* Recognize and block fake websites
* Decrypt and scan encrypted traffic on standard and non-standard ports
* Use multiple engines for detection and prevention
* Have central reporting
Which of the following is the BEST solution the security architect can propose?
* Recognize and block fake websites
* Decrypt and scan encrypted traffic on standard and non-standard ports
* Use multiple engines for detection and prevention
* Have central reporting
Which of the following is the BEST solution the security architect can propose?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
An organization is deploying a new, online digital bank and needs to ensure availability and performance. The cloud-based architecture is deployed using PaaS and SaaS solutions, and it was designed with the following considerations:
- Protection from DoS attacks against its infrastructure and web applications is in place.
- Highly available and distributed DNS is implemented.
- Static content is cached in the CDN.
- A WAF is deployed inline and is in block mode.
- Multiple public clouds are utilized in an active-passive architecture.
With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?
- Protection from DoS attacks against its infrastructure and web applications is in place.
- Highly available and distributed DNS is implemented.
- Static content is cached in the CDN.
- A WAF is deployed inline and is in block mode.
- Multiple public clouds are utilized in an active-passive architecture.
With the above controls in place, the bank is experiencing a slowdown on the unauthenticated payments page. Which of the following is the MOST likely cause?
正解:D
解答を投票する
A company has decided to purchase a license for software that is used to operate a mission-critical process. The third-party developer is new to the industry but is delivering what the company needs at this time.
Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?
Which of the following BEST describes the reason why utilizing a source code escrow will reduce the operational risk to the company if the third party stops supporting the application?
正解:D
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
SIMULATION
You have received a report that some users are unable to use their personal devices to authenticate to a protected corporate website. The users have stated that no changes have been made on their personal devices since the last time they were able to authenticate successfully.
INSTRUCTIONS
Examine the device health policy for the MFA solution, the MFA usage logs, and the device telemetry. Using that information:
. Select the policy/policies that were violated.
. Select the telemetry log(s) that
explain(s) the policy violations.
You have received a report that some users are unable to use their personal devices to authenticate to a protected corporate website. The users have stated that no changes have been made on their personal devices since the last time they were able to authenticate successfully.
INSTRUCTIONS
Examine the device health policy for the MFA solution, the MFA usage logs, and the device telemetry. Using that information:
. Select the policy/policies that were violated.
. Select the telemetry log(s) that
explain(s) the policy violations.
正解:
See the solution below in explanation part
Explanation:
Step 1: Understand the Scenario
Issue:Userscannot authenticateusing personal devices.User claim:No changes have been made to their devices since they were last able to authenticate.
Step 2: Review the Policy Settings
From theGlobal settingstable:
✅Enabled Policies:
Anonymous networks:Blocks Tor (✅)
Operating systems:Blocks:
Android 8.1.0 and below
iOS 13.7 and below
Windows 7 and below
Chrome OS (all)
BlackBerry (all)
Authentication method:Push only (✅)
User location:Only allows regions:
NORTHAMERICA-REGION-7
NORTHAMERICA-REGION-10
NORTHAMERICA-REGION-11
NORTHAMERICA-REGION-12
Disabled Policies:
Browser restriction(Chrome, Firefox, Edge) isdisabled(i.e., any browser is allowed) New user policyisdisabled
📑Step 3: Examine the Authentication Results Table
From the access log table:
Subject
Result
Access object
Jacob
Deny - context
Sales_application
Bob
Time-out
IT_intelligence_svc
Jane
Deny - context
Accounting_database
Jenny
Time-out
Sales_application
These four failed. Let's match them with policies.
Step 4: Correlate With Telemetry Logs
Jacob:
OS:iOS 13.0 →Below 13.7→❌Violation ofOperating System policy
Location:REGION not specified fully, assume okay unless proven otherwise✅Policy violated:Operating system Bob:
OS:Android 10 →✅Allowed
Location:NORTHAMERICA-REGION-12 →✅Allowed
Behavior:Time-outThis could be aconnectivityorpush timeout, not policy violation.⛔️Not due to policy violation Jane:
OS:iOS 14.2 →✅Allowed
Location:NORTHAMERICA-REGION-6 →❌Not in allowed regions✅Policy violated:User location Jenny:
OS:Android 10 →✅Allowed
Location:NORTHAMERICA-REGION-6 →❌Not in allowed regions✅Policy violated:User location
✅Step 5: Final Answer
Violated Policies:
✅Operating Systems→ Violated byJacob
✅User Location→ Violated byJaneandJenny
Telemetry Logs that explain violations:
Log 3- Jacob (OS iOS 13.0 → blocked)
Log 6- Jane (Region 6 → blocked)
Log 7- Jenny (Region 6 → blocked)
✔️Final Answer Summary:
Policies Violated:
✅Operating systems
✅User location
Relevant Telemetry Logs:
Jacob → Log 3
Jane → Log 6
Jenny → Log 7
Explanation:
Step 1: Understand the Scenario
Issue:Userscannot authenticateusing personal devices.User claim:No changes have been made to their devices since they were last able to authenticate.
Step 2: Review the Policy Settings
From theGlobal settingstable:
✅Enabled Policies:
Anonymous networks:Blocks Tor (✅)
Operating systems:Blocks:
Android 8.1.0 and below
iOS 13.7 and below
Windows 7 and below
Chrome OS (all)
BlackBerry (all)
Authentication method:Push only (✅)
User location:Only allows regions:
NORTHAMERICA-REGION-7
NORTHAMERICA-REGION-10
NORTHAMERICA-REGION-11
NORTHAMERICA-REGION-12
Disabled Policies:
Browser restriction(Chrome, Firefox, Edge) isdisabled(i.e., any browser is allowed) New user policyisdisabled
📑Step 3: Examine the Authentication Results Table
From the access log table:
Subject
Result
Access object
Jacob
Deny - context
Sales_application
Bob
Time-out
IT_intelligence_svc
Jane
Deny - context
Accounting_database
Jenny
Time-out
Sales_application
These four failed. Let's match them with policies.
Step 4: Correlate With Telemetry Logs
Jacob:
OS:iOS 13.0 →Below 13.7→❌Violation ofOperating System policy
Location:REGION not specified fully, assume okay unless proven otherwise✅Policy violated:Operating system Bob:
OS:Android 10 →✅Allowed
Location:NORTHAMERICA-REGION-12 →✅Allowed
Behavior:Time-outThis could be aconnectivityorpush timeout, not policy violation.⛔️Not due to policy violation Jane:
OS:iOS 14.2 →✅Allowed
Location:NORTHAMERICA-REGION-6 →❌Not in allowed regions✅Policy violated:User location Jenny:
OS:Android 10 →✅Allowed
Location:NORTHAMERICA-REGION-6 →❌Not in allowed regions✅Policy violated:User location
✅Step 5: Final Answer
Violated Policies:
✅Operating Systems→ Violated byJacob
✅User Location→ Violated byJaneandJenny
Telemetry Logs that explain violations:
Log 3- Jacob (OS iOS 13.0 → blocked)
Log 6- Jane (Region 6 → blocked)
Log 7- Jenny (Region 6 → blocked)
✔️Final Answer Summary:
Policies Violated:
✅Operating systems
✅User location
Relevant Telemetry Logs:
Jacob → Log 3
Jane → Log 6
Jenny → Log 7
During a review of events, a security analyst notes that several log entries from the FIM system identify changes to firewall rule sets. While coordinating a response to the FIM entries, the analyst receives alerts from the DLP system that indicate an employee is sending sensitive data to an external email address. Which of the following would be the most relevant to review in order to gain a better understanding of whether these events are associated with an attack?
正解:C
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
A local government that is investigating a data exfiltration claim was asked to review the fingerprint of the malicious user's actions. An investigator took a forensic image of the VM an downloaded the image to a secured USB drive to share with the government. Which of the following should be taken into consideration during the process of releasing the drive to the government?
正解:C
解答を投票する
An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following data:
* Clients successfully establish TLS connections to web services provided by the server.
* After establishing the connections, most client connections are renegotiated
* The renegotiated sessions use cipher suite SHR.
Which of the following is the MOST likely root cause?
* Clients successfully establish TLS connections to web services provided by the server.
* After establishing the connections, most client connections are renegotiated
* The renegotiated sessions use cipher suite SHR.
Which of the following is the MOST likely root cause?
正解:A
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
A web service provider has just taken on a very large contract that comes with requirements that are currently not being implemented in order to meet contractual requirements, the company must achieve the following thresholds
* 99 99% uptime
* Load time in 3 seconds
* Response time = <1 0 seconds
Starting with the computing environment, which of the following should a security engineer recommend to BEST meet the requirements? (Select THREE)
* 99 99% uptime
* Load time in 3 seconds
* Response time = <1 0 seconds
Starting with the computing environment, which of the following should a security engineer recommend to BEST meet the requirements? (Select THREE)
正解:B,E,F
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
A PKI engineer is defining certificate templates for an organization's CA and would like to ensure at least two of the possible SAN certificate extension fields populate for documentation purposes. Which of the following are explicit options within this extension? (Select two).
正解:E,F
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)
Over the last 90 days, many storage services has been exposed in the cloud services environments, and the security team does not have the ability to see is creating these instance. Shadow IT is creating data services and instances faster than the small security team can keep up with them. The Chief information security Officer (CIASO) has asked the security officer (CISO) has asked the security lead architect to architect to recommend solutions to this problem.
Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?
Which of the following BEST addresses the problem best address the problem with the least amount of administrative effort?
正解:C
解答を投票する
A security engineer is concerned about the threat of side-channel attacks The company experienced a past attack that degraded parts of a SCADA system, causing a fluctuation to 20,000rpm from its normal operating range As a result, the part deteriorated more quickly than the mean time to failure A further investigation revealed the attacker was able to determine the acceptable rpm range, and the malware would then fluctuate the rpm until the pan failed Which of the following solutions would be best to prevent a side-channel attack in the future?
正解:B
解答を投票する
解説: (GoShiken メンバーにのみ表示されます)