CompTIA CAS-004 Exam Practice Test Instant Access

Question 1

Which of the following is the best reason for obtaining file hashes from a confiscated laptop?

ATo prevent metadata tampering on each file

BTo later validate the integrity of each file

CTo generate unique identifiers for each file

DTo preserve the chain of custody of files

Answer : B

File hashing is used to create a digital fingerprint of files to detect unauthorized changes. By comparing the hash values before and after analysis, the integrity of the files can be validated. This aligns with CASP+ objective 5.2, which includes forensic evidence integrity and validation methods.

Question 2

A recent audit discovered that multiple employees had been using their badges to walk through the secured data center to get to the employee break room. Most of the employees were given access during a previous project, but the access was not removed in a timely manner when the project was complete. Which of the following would reduce the likelihood of this scenario occurring again?

ACreate an automated quarterly attestation process that requires management approval for data center access and removes unapproved access.

BRequire all employees to sign an AUP that prohibits accessing the data center without an active service ticket number.

CRemove all access to the data center badge readers and only re-add employees with a valid business purpose for entering the floor.

DImplement time-of-day restrictions on the data center badge readers and create automated alerts for unapproved swipe attempts.

Answer : A

Implementing an automated quarterly attestation process ensures that access is reviewed and approved regularly. This prevents unauthorized or unnecessary access from persisting over time, aligning with CASP+ objective 1.6, which emphasizes continuous access control monitoring.

Question 3

A pharmaceutical company uses a cloud provider to host thousands of independent resources in object storage. The company needs a practical and effective means of discovering data, monitoring changes, and identifying suspicious activity. Which of the following would best meet these requirements?

AA machine-learning-based data security service

BA file integrity monitoring service

CA cloud configuration assessment and compliance service

DAn automated data classification system

Answer : A

A machine-learning-based data security service provides dynamic discovery, anomaly detection, and behavioral analysis. It effectively identifies changes and suspicious activity across large-scale environments, such as object storage in the cloud. This aligns with CASP+ objective 4.3, emphasizing the use of advanced analytics and ML to improve data security.

Question 4

A security technician is trying to connect a remote site to the central office over a site-to-site VPN. The technician has verified the source and destination IP addresses are correct, but the technician is unable to get the remote site to connect. The following error message keeps repeating:

"An error has occurred during Phase 1 handshake. Deleting keys and retrying..."

Which of the following is most likely the reason the connection is failing?

AThe IKE hashing algorithm uses different key lengths on each VPN device.

BThe IPSec settings allow more than one cipher suite on both devices.

CThe Diffie-Hellman group on both sides matches but is a legacy group.

DThe remote VPN is attempting to connect with a protocol other than SSL/TLS.

Answer : C

The error indicates an issue during Phase 1 of the IKE handshake, which is used for establishing secure key exchange in IPSec VPNs. If the Diffie-Hellman group is legacy (e.g., Group 1 or 2), it might no longer be supported by modern systems, causing the connection to fail. Updating to a stronger Diffie-Hellman group (e.g., Group 14 or 19) resolves this issue. This aligns with CASP+ objectives related to secure communications and cryptographic protocols (3.2).

Question 5

An organization has a secure manufacturing facility that is approximately 10mi (16km) away from its corporate headquarters. The organization's management team is concerned about being able to track personnel who utilize the facility. Which of the following would best help to prevent staff from being tracked?

AEnsuring that all staff use covered parking so they cannot be seen from outside the perimeter.

BConfiguring geofencing to disable mobile devices and wearable devices near the secure facility.

CConstructing a tunnel between headquarters and the facility to allow more secure access.

DEnforcing physical security controls like access control vestibules and appropriate fencing.

Answer : B

Geofencing to disable mobile and wearable devices prevents the tracking of staff by disabling GPS and other location-based services. This measure aligns with CASP+ objective 3.2, which includes protecting sensitive facilities against surveillance and unauthorized tracking.

Question 6

A user logged in to a web application. Later, a SOC analyst noticed the user logged in to systems after normal business hours. The end user confirms the log-ins after hours were unauthorized. Following an investigation, the SOC analyst determined that the web server was running an outdated version of OpenSSL. No other suspicious user log-ins were found. Which of the following describes what happened and how to fix it?

AA downgrade attack occurred. Any use of old, outdated software should be disallowed.

BThe attacker obtained the systems' private keys. New key pairs must be generated.

CMalware is present on the client machine. A full OS needs to be reinstalled.

DThe user fell for a phishing attack. The end user must attend security training.

Answer : A

A downgrade attack likely exploited the outdated OpenSSL version, allowing the attacker to bypass secure encryption and impersonate the user. Upgrading to a secure version of OpenSSL and disabling older versions is critical. This aligns with CASP+ objective 1.5, emphasizing the importance of securing cryptographic implementations.

________________________________________

Question 7

A security analyst and a DevOps engineer are working together to address configuration drifts in highly scalable systems that are leading to increased vulnerability findings. Which of the following recommendations would be best to eliminate this issue?

AUsing a baseline configuration manager for deployment

BDeploying an immutable infrastructure through containers

CEliminating false positives from the vulnerability scans

DPerforming continuous audits of the patching status

Answer : B

Immutable infrastructure through containers ensures that the deployed systems remain consistent and resistant to drift. Any changes require rebuilding and redeploying containers, eliminating configuration inconsistencies. This aligns with CASP+ objective 2.2, which emphasizes implementing scalable, secure system configurations.

________________________________________

CompTIA CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam Practice Test