CompTIA CAS-004 Exam Practice Test Instant Access

Question 1

Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?

AInitiate a legal hold.

BRefer to the retention policy

CPerform e-discovery.

DReview the subpoena

Answer : A

A legal hold is a process by which an organization instructs its employees or other relevant parties to preserve specific data for potential litigation. A legal hold is triggered when litigation is reasonably anticipated, such as when law enforcement officials inform an organization that an investigation has begun. The first step the organization should take is to initiate a legal hold to ensure that relevant evidence is not deleted, destroyed, or altered. A legal hold also demonstrates the organization's good faith and compliance with its duty to preserve evidence. Verified Reference:

https://percipient.co/litigation-hold-triggers-and-the-duty-to-preserve-evidence/

https://www.everlaw.com/blog/ediscovery-best-practices/guide-to-legal-holds/

Question 2

A company with multiple locations has taken a cloud-only approach to its infrastructure The company does not have standard vendors or systems resulting in a mix of various solutions put in place by each location The Chief Information Security Officer wants to ensure that the internal security team has visibility into all platforms Which of the following best meets this objective?

ASecurity information and event management

BCloud security posture management

CSNMFV2 monitoring and log aggregation

DManaged detection and response services from a third party

Answer : A

Security Information and Event Management (SIEM) systems provide real-time analysis of security alerts generated by applications and network hardware. SIEMs are beneficial in environments where there is a mix of various solutions, as they can collect and aggregate logs from multiple sources, providing the internal security team with a centralized view and visibility into all platforms. This would best meet the objective of ensuring visibility into all platforms, regardless of the differing solutions across the company's locations.

Question 3

An loT device implements an encryption module built within its SoC where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware Which of the following should the loT manufacture do if the private key is compromised?

AUse over-the-air updates to replace the private key

BManufacture a new loT device with a redesigned SoC

CReplace the public portion of the loT key on its servers

DRelease a patch for the SoC software

Answer : B

If the asymmetric private key defined in the write-once read-many (WORM) portion of the System on Chip (SoC) is compromised, the IoT device manufacturer cannot simply replace or update the key through software changes due to the nature of WORM memory. The compromised key would necessitate the production of a new IoT device with a redesigned SoC that includes a new, secure private key. This is because the integrity of the encryption module is fundamental to the device's security, and a compromised key cannot be allowed to persist in the hardware.

Question 4

Company A is merging with Company B Company A is a small, local company Company B has a large, global presence The two companies have a lot of duplication in their IT systems processes, and procedures On the new Chief Information Officer's (ClO's) first day a fire breaks out at Company B's mam data center Which of the following actions should the CIO take first?

ADetermine whether the incident response plan has been tested at both companies, and use it to respond

BReview the incident response plans, and engage the disaster recovery plan while relying on the IT leaders from both companies.

CEnsure hot. warm, and mobile disaster recovery sites are available, and give an update to the companies' leadership teams

DInitiate Company A's IT systems processes and procedures, assess the damage, and perform a BIA

Answer : B

In the event of a fire at the main data center, the immediate action should be to review and engage the disaster recovery plan. This is to ensure the continuity of business operations. The CIO should coordinate with IT leaders from both companies to ensure a unified response. Assessing the damage and planning for recovery are crucial, and leveraging the expertise from both companies can help streamline the process.

Question 5

A security administrator needs to recommend an encryption protocol after a legacy stream cipher was deprecated when a security flaw was discovered. The legacy cipher excelled at maintaining strong cryptographic security and provided great performance for a streaming video service. Which of the following AES modes should the security administrator recommend given these requirements?

ACTR

BECB

COF8

DGCM

Answer : D

Galois/Counter Mode (GCM) is an AES mode of operation that provides both confidentiality and data integrity. It is well-suited for processing streams of data, making it ideal for streaming video services. GCM is known for its strong cryptographic security and good performance, which aligns with the legacy cipher's characteristics and the streaming service's requirements.

Question 6

An employee's device was missing for 96 hours before being reported. The employee called the help desk to ask for another device Which of the following phases of the incident response cycle needs improvement?

AContainment

BPreparation

CResolution

DInvestigation

Answer : B

The incident response cycle's preparation phase includes establishing policies and procedures for reporting lost or stolen devices promptly. If an employee's device was missing for 96 hours before being reported, this indicates a lack of awareness or clear procedures on the employee's part, pointing to inadequacies in the preparation phase of the incident response.

Question 7

When implementing serverless computing an organization must still account for:

Athe underlying computing network infrastructure

Bhardware compatibility

Cthe security of its data

Dpatching the service

Answer : C

While serverless computing abstracts the infrastructure layer from developers, organizations must still ensure the security of their data in the serverless environment. This includes protecting the data from unauthorized access and ensuring data privacy and integrity. Serverless architectures can be complex, and understanding the security model and shared responsibility is essential for safeguarding applications and services.

CompTIA CAS-004 CompTIA Advanced Security Practitioner (CASP+) Exam Practice Test