New Year Special Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: scxmas70

CAS-004 Exam Dumps - CompTIA Advanced Security Practitioner (CASP+) Exam

Go to page:
Question # 105

A company is experiencing a large number of attempted network-based attacks against its online store. To determine the best course of action, a security analyst reviews the following logs.

Which of the following should the company do next to mitigate the risk of a compromise from these attacks?

A.

Restrict HTTP methods.

B.

Perform parameterized queries.

C.

Implement input sanitization.

D.

Validate content types.

Full Access
Question # 106

A cyberanalyst has been tasked with recovering PDF files from a provided image file. Which of the following is the best file-carving tool for PDF recovery?

A.

objdump

B.

Strings

C.

dd

D.

Foremost

Full Access
Question # 107

A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be best to use as part of the process to support copyright protections of the document?

A.

Steganography

B.

E-signature

C.

Watermarking

D.

Cryptography

Full Access
Question # 108

A company purchased Burp Suite licenses this year for each application security engineer. The engineers have used Burp Suite to identify several issues with the company’s SaaS application. In the upcoming year, the Chief Information Security Officer would like to purchase additional tools to protect the SaaS product. Which of the following is the best option?

A.

DAST

B.

SAST

C.

IAST

D.

ZAP

Full Access
Question # 109

A security architect must mitigate the risks from what is suspected to be an exposed, private cryptographic key. Which of the following is the best step to take?

A.

Revoke the certificate.

B.

Inform all the users of the certificate.

C.

Contact the company's Chief Information Security Officer.

D.

Disable the website using the suspected certificate.

E.

Alert the root CA.

Full Access
Question # 110

An internal security audit determines that Telnet is currently being used within the environment to manage network switches. Which of the following tools should be utilized to identify credentials in plaintext that are used to log in to these devices?

A.

Fuzzer

B.

Network traffic analyzer

C.

HTTP interceptor

D.

Port scanner

E.

Password cracker

Full Access
Question # 111

A security analyst is designing a touch screen device so users can gain entry into a locked room by touching buttons numbered zero through nine in a specific numerical sequence. The analyst designs the keypad so that the numbers are randomly presented to the user each time the device is used. Which of the following best describes the design trade-offs? (Select two.)

A.

The risk of someone overseeing a pattern as a user enters the numbers is decreased.

B.

The routines to generate the random sequences are trivial to implement.

C.

This design makes entering numbers more difficult for users.

D.

The device needs to have additional power to compute the numbers.

E.

End users will have a more difficult time remembering the access numbers.

F.

Weak or easily guessed access numbers are more likely.

Full Access
Question # 112

A company with only U S -based customers wants to allow developers from another country to work on the company's website However, the company plans to block normal internet traffic from the other country Which of the following strategies should the company use to accomplish this objective? (Select two).

A.

Block foreign IP addresses from accessing the website

B.

Have the developers use the company's VPN

C.

Implement a WAP for the website

D.

Give the developers access to a jump box on the network

E.

Employ a reverse proxy for the developers

F.

Use NAT to enable access for the developers

Full Access
Go to page: