CAS-004 CompTIA Exam Questions and Free Practice Test

Question 7

A security engineer was auditing an organization’s current software development practice and discovered that multiple opensource libraries were Integrated into the organization’s software. The organization currently performs SAST and DAST on the software it develops.
Which of the following should the organization incorporate into the SDLC to ensure the security of the open-source libraries?

A. Perform additional SAST/DAST on the open-source libraries.

B. Implement the SDLC security guidelines.

C. Track the library versions and monitor the CVE website for related vulnerabilities.

D. Perform unit testing of the open-source libraries.

Correct Answer:B
Reference: https://www.whitesourcesoftware.com/resources/blog/application-security-best-practices/

Question 8

A company publishes several APIs for customers and is required to use keys to segregate customer data sets. Which of the following would be BEST to use to store customer keys?

A. A trusted platform module

B. A hardware security module

C. A localized key store

D. A public key infrastructure

Correct Answer:C
Reference: https://developer.android.com/studio/publish/app-signing
CAS-004 dumps exhibit

Question 9

A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back- end server. Due to this configuration, the company is concerned about HTTPS interception attacks.
Which of the following would be the BEST solution against this type of attack?

A. Cookies

B. Wildcard certificates

C. HSTS

D. Certificate pinning

Correct Answer:C
Reference: https://cloud.google.com/security/encryption-in-transit
CAS-004 dumps exhibit

Question 10

A systems administrator is in the process of hardening the host systems before connecting to the network. The administrator wants to add protection to the boot loader to ensure the hosts are secure before the OS fully boots.
Which of the following would provide the BEST boot loader protection?

A. TPM

B. HSM

C. PKI

D. UEFI/BIOS

Correct Answer:D
Reference: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-898217D4-689D-4EB5-866C-888353FE241C.html
CAS-004 dumps exhibit

Question 11

A security analyst is investigating a possible buffer overflow attack. The following output was found on a user’s workstation: graphic.linux_randomization.prg Which of the following technologies would mitigate the manipulation of memory segments?

A. NX bit

B. ASLR

C. DEP

D. HSM

Correct Answer:B
Reference: http://webpages.eng.wayne.edu/~fy8421/19sp-csc5290/labs/lab2-instruction.pdf (3)

Question 12

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization. Which of the following should be the analyst’s FIRST action?

A. Create a full inventory of information and data assets.

B. Ascertain the impact of an attack on the availability of crucial resources.

C. Determine which security compliance standards should be followed.

D. Perform a full system penetration test to determine the vulnerabilities.

Correct Answer:C

START CAS-004 EXAM