CAS-004無料問題集「CompTIA Advanced Security Practitioner (CASP+)」

質問 1

Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?

（A）Review the subpoena

（B）Refer to the retention policy

（C）Perform e-discovery.

（D）Initiate a legal hold.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 2

A developer needs to implement PKI in an autonomous vehicle's software in the most efficient and labor- effective way possible. Which of the following will the developer MOST likely implement?

（A）Certificate chain

（B）Root CA

（C）Certificate pinning

（D）OCSP

（E）CRL

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 3

While performing mandatory monthly patch updates on a production application server, the security analyst reports an instance of buffer overflow for a new application that was migrated to the cloud and is also publicly exposed. Security policy requires that only internal users have access to the application. Which of the following should the analyst implement to mitigate the issues reported? (Select two).

（A）Set up a DLP policy to alert for exfiltration on all application servers.

（B）Enable nightly vulnerability scans

（C）Enable automatic updates to be installed on all servers.

（D）Configure the security group to enable external traffic.

（E）Enable input validation for all fields.

（F）Configure firewall rules to block all external traffic.

正解：E、F 解答を投票する

質問 4

Which of the following is the reason why security engineers often cannot upgrade the security of embedded facility automation systems?

（A）They lack X86-64 processors.

（B）They are not logic-bearing devices.

（C）They lack EEPROM.

（D）They are constrained by available compute.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 5

A Chief information Security Officer (CISO) is developing corrective-action plans based on the following from a vulnerability scan of internal hosts:

Which of the following MOST appropriate corrective action to document for this finding?

（A）The application developer should use a static code analysis tool to ensure any application code is not vulnerable to buffer overflows.

（B）The system administrator should evaluate dependencies and perform upgrade as necessary.

（C）The product owner should perform a business impact assessment regarding the ability to implement a WAF.

（D）The security operations center should develop a custom IDS rule to prevent attacks buffer overflows against this server.

正解：C 解答を投票する

質問 6

An application security engineer is performing a vulnerability assessment against a new web application that uses SAML. The engineer wants to identify potential authentication issues within the application. Which of the following methods would be most appropriate for the engineer to perform?

（A）Dynamic analysis

（B）Fuzz testing

（C）Static analysis

（D）Side-channel analysis

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 7

A recent security assessment generated a recommendation to transition Wi-Fi to WPA2/WPA3 Enterprise requiring EAP-TLS. Which of the following conditions must be met for the organization's mobile devices to be able to successfully join the corporate wireless network?

（A）A hardware TOTP token has been issued to mobile users.

（B）Supplicants are configured to provide a 64-bit authenticator.

（C）The device's IPSec configuration matches the VPN concentrator.

（D）Client computer X.509 certificates have been installed.

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 8

A security architect updated the security policy to require a proper way to verify that packets received between two parties have not been tampered with and the connection remains private. Which of the following cryptographic techniques can be used to ensure the security policy is being enforced properly?

（A）HMAC SHA256

（B）MD5-based envelope method

（C）PBKDF2

（D）PGP

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 9

A systems administrator is preparing to run avulnerability scanon a set of information systems in the organization. The systems administrator wants to ensure that the targeted systems produceaccurate information, especially regardingconfiguration settings. Which of the following scan types will provide the systems administrator with themost accurate information?

（A）A passive, credentialed scan

（B）An active, credentialed scan

（C）An active, non-credentialed scan

（D）A passive, non-credentialed scan

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 10

A company's BIA indicates that any loss of more than one hour of data would be catastrophic to the business.
Which of the following must be in place to meet this requirement?

（A）SLA

（B）DRP

（C）RPO

（D）RTO

（E）BCP

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 11

An organization handles sensitive information that must be displayed on call center technicians' screens to verify the identities of remote callers. The technicians use three randomly selected fields of information to complete the identity verification. Some of the fields contain PII that are unique identifiers for the remote callers. Which of the following should be implemented to identify remote callers while also reducing the risk that technicians could improperly use the identification information?

（A）Tokenization

（B）Scrubbing

（C）Encryption

（D）Data masking

正解：D 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 12

The Chief Executive Officer of an online retailer notices a sudden drop in sales A security analyst at the retailer detects a redirection of unsecure web traffic to a competitor's site Which of the following would best prevent this type of attack?

（A）Enabling HSTS

（B）Configuring certificate pinning

（C）Enforcing DNSSEC

（D）Deploying certificate stapling

正解：A 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 13

During a recent breach, an attacker was able to get a user's login credentials by cracking a password that was retrieved via a stolen laptop. The attacker accessed the hashed passwords from the hard drive when it was connected to another device. Which of the following security measures could have helped prevent this account from being compromised?

（A）Host-based Intrusion Detection System

（B）Full Disk Encryption

（C）Host-based Firewall

（D）Endpoint Detection and Response

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 14

The IT team suggests the company would save money by using self-signed certificates, but the security team indicates the company must use digitally signed third-party certificates. Which of the following is a valid reason to pursue the security team's recommendation?

（A）PKCS #10 is still preferred over PKCS #12.

（B）Private-key CSR signage prevents on-path interception.

（C）There is minimal benefit in using a certificate revocation list.

（D）There is more control in using a local certificate over a third-party certificate.

正解：B 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

質問 15

A security engineer is creating a single CSR for the following web server hostnames:
* wwwint internal
* www company com
* home.internal
* www internal
Which of the following would meet the requirement?

（A）Issuer

（B）CN

（C）SAN

（D）CA

（E）CRL

正解：C 解答を投票する

解説: (JPNTest メンバーにのみ表示されます)

CAS-004 無料問題集「CompTIA Advanced Security Practitioner (CASP+)」

弊社を連絡する

関連リンク

トップ試験