[Jan 29, 2024] CompTIA CAS-004 Exam Dumps Files, Q1/202: An investigator is attempting to determine if recent data breaches may be due to issues with a company's

Join the discussion

Question 1/202

An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following data:
* Clients successfully establish TLS connections to web services provided by the server.
* After establishing the connections, most client connections are renegotiated
* The renegotiated sessions use cipher suite SHR.
Which of the following is the MOST likely root cause?

A. The clients disallow the use of modern cipher suites

B. The web server is misconfigured to support HTTP/1.1.

C. A ransomware payload dropper has been installed

D. An entity is performing downgrade attacks on path

Add Comments

Other Question (202q): Q1. An investigator is attempting to determine if recent data breaches may be due to issues wi...; Q2. A security analyst is investigating a series of suspicious emails by employees to the secu...; Q3. A company's SOC has received threat intelligence about an active campaign utilizing a spec...; Q4. A penetration tester is given an assignment lo gain physical access to a secure facility w...; Q5. An administrator at a software development company would like to protect the integrity Of ...; Q6. A financial institution would like to store its customer data in a cloud but still allow t...; Q7. A company is moving most of its customer-facing production systems to the cloud-facing pro...; Q8. Users are claiming that a web server is not accessible. A security engineer logs for the s...; Q9. A security architect was asked to modify an existing internal network design to accommodat...; Q10. A developer is creating a new mobile application for a company. The application uses REST ...; Q11. An electric car company hires an IT consulting company to improve the cybersecurity of us ...; Q12. An engineer wants to assess the OS security configurations on a company's servers. The eng...; Q13. An organization is planning for disaster recovery and continuity of operations. INSTRUCTIO...; Q14. An IPSec solution is being deployed. The configuration files for both the VPN concentrator...; Q15. A security architect needs to implement a CASB solution for an organization with a highly ...; Q16. An energy company is required to report the average pressure of natural gas used over the ...; Q17. A security consultant is conducting a penetration test against a customer enterprise local...; Q18. Which of the following is a benefit of using steganalysis techniques in forensic response?...; Q19. A security analyst is researching containerization concepts for an organization. The analy...; Q20. A security analyst needs to recommend a remediation to the following threat: (Exhibit) Whi...; Q21. A satellite communications ISP frequently experiences outages and degraded modes of operat...; Q22. Which of the following is a risk associated with SDN?...; Q23. A security manager is determining the best DLP solution for an enterprise. A list of requi...; Q24. A security analyst is using data provided from a recent penetration test to calculate CVSS...; Q25. Which of the following is a benefit of using steganalysis techniques in forensic response?...; Q26. A company is deploying multiple VPNs to support supplier connections into its extranet app...; Q27. A security engineer notices the company website allows users following example: hitps://my...; Q28. A security analyst observes the following while looking through network traffic in a compa...; Q29. A security analyst is reviewing the following output: (Exhibit) Which of the following wou...; Q30. Which of the following is the BEST disaster recovery solution when resources are running i...; Q31. city government's IT director was notified by the City council that the following cybersec...; Q32. A company Invested a total of $10 million lor a new storage solution Installed across live...; Q33. An organization is implementing a new identity and access management architecture with the...; Q34. An organization is designing a network architecture that must meet the following requireme...; Q35. Which of the following is MOST commonly found in a network SLA contract?...; Q36. An organization had been leveraging RC4 to protect the confidentiality of a continuous, hi...; Q37. An organization is deploying a new, online digital bank and needs to ensure availability a...; Q38. A company that uses AD is migrating services from LDAP to secure LDAP. During the pilot ph...; Q39. A company is looking for a solution to hide data stored in databases. The solution must me...; Q40. Device event logs sources from MDM software as follows: (Exhibit) Which of the following s...; Q41. An administrator at a software development company would like to protect the integrity Of ...; Q42. A security analyst discovered that the company's WAF was not properly configured. The main...; Q43. A company is looking to fortify its cybersecurity defenses and is focusing on its network ...; Q44. A security architect is tasked with scoping a penetration test that will start next month....; Q45. A developer wants to maintain integrity to each module of a program and ensure the code ca...; Q46. A company is outsourcing to an MSSP that performs managed detection and response services....; Q47. The Chief Information Security Officer of a startup company has asked a security engineer ...; Q48. An attacker infiltrated an electricity-generation site and disabled the safety instrumente...; Q49. A security architect was asked to modify an existing internal network design to accommodat...; Q50. A global organization's Chief Information Security Officer (CISO) has been asked to analyz...; Q51. An organization is preparing to migrate its production environment systems from an on-prem...; Q52. An organization recently recovered from an attack that featured an adversary injecting mal...; Q53. A security architect was asked to modify an existing internal network design to accommodat...; Q54. A company publishes several APIs for customers and is required to use keys to segregate cu...; Q55. Due to budget constraints, an organization created a policy that only permits vulnerabilit...; Q56. Given the following log snippet from a web server: (Exhibit) Which of the following BEST d...; Q57. A company suspects a web server may have been infiltrated by a rival corporation. The secu...; Q58. A networking team was asked to provide secure remote access to all company employees. The ...; Q59. A security administrator sees several hundred entries in a web server security log that ar...; Q60. A review of the past year's attack patterns shows that attackers stopped reconnaissance af...; Q61. Given the following log snippet from a web server: (Exhibit) Which of the following BEST d...; Q62. A customer reports being unable to connect to a website at www.test.com to consume service...; Q63. A company has hired a security architect to address several service outages on the endpoin...; Q64. A security engineer thinks the development team has been hard-coding sensitive environment...; Q65. A health company has reached the physical and computing capabilities in its datacenter, bu...; Q66. A security analyst is trying to identify the source of a recent data loss incident. The an...; Q67. A third-party organization has implemented a system that allows it to analyze customers' d...; Q68. An organization developed a social media application that is used by customers in multiple...; Q69. A disaster recovery team learned of several mistakes that were made during the last disast...; Q70. An organization recently experienced a ransomware attack. The security team leader is conc...; Q71. Which of the following protocols is a low power, low data rate that allows for the creatio...; Q72. A security engineer needs to implement a solution to increase the security posture of user...; Q73. A company wants to implement a cloud-based security solution that will sinkhole malicious ...; Q74. During an incident, an employee's web traffic was redirected to a malicious domain. The wo...; Q75. An architect is designing security scheme for an organization that is concerned about APTs...; Q76. An attacker exploited an unpatched vulnerability in a web framework, and then used an appl...; Q77. A pharmaceutical company recently experienced a security breach within its customer-facing...; Q78. As part of its risk strategy, a company is considering buying insurance for cybersecurity ...; Q79. A company created an external application for its customers. A security researcher now rep...; Q80. Which of the following technologies allows CSPs to add encryption across multiple data sto...; Q81. A review of the past year's attack patterns shows that attackers stopped reconnaissance af...; Q82. A security analyst is investigating a series of suspicious emails by employees to the secu...; Q83. SIMULATION You are a security analyst tasked with interpreting an Nmap scan output from co...; Q84. A government contracting company issues smartphones to employees to enable access to corpo...; Q85. A security analyst receives an alert from the SIEM regarding unusual activity on an author...; Q86. An analyst execute a vulnerability scan against an internet-facing DNS server and receives...; Q87. A security analyst observes the following while looking through network traffic in a compa...; Q88. An organization recently started processing, transmitting, and storing its customers' cred...; Q89. A systems administrator is in the process of hardening the host systems before connecting ...; Q90. A company security engineer arrives at work to face the following scenario: 1) Website def...; Q91. A security analyst is evaluating the security of an online customer banking system. The an...; Q92. A company is implementing SSL inspection. During the next six months, multiple web applica...; Q93. A network architect is designing a new SD-WAN architecture to connect all local sites to a...; Q94. A company plans to build an entirely remote workforce that utilizes a cloud-based infrastr...; Q95. Prior to a risk assessment inspection, the Chief Information Officer tasked the systems ad...; Q96. An organization is looking to establish more robust security measures by implementing PKI....; Q97. A company wants to refactor a monolithic application to take advantage of cloud native ser...; Q98. A software developer is working on a piece of code required by a new software package. The...; Q99. A health company has reached the physical and computing capabilities in its datacenter, bu...; Q100. Which of the following allows computation and analysis of data within a ciphertext without...; Q101. A security architect is reviewing the following proposed corporate firewall architecture a...; Q102. An organization's finance system was recently attacked. A forensic analyst is reviewing th...; Q103. A cybersecurity analyst created the following tables to help determine the maximum budget ...; Q104. An organization wants to perform a scan of all its systems against best practice security ...; Q105. An organization's existing infrastructure includes site-to-site VPNs between datacenters. ...; Q106. An organization is establishing a new software assurance program to vet applications befor...; Q107. A company hired a third party to develop software as part of its strategy to be quicker to...; Q108. A developer wants to maintain integrity to each module of a program and ensure controls ar...; Q109. A university issues badges through a homegrown identity management system to all staff and...; Q110. A penetration tester obtained root access on a Windows server and, according to the rules ...; Q111. All staff at a company have started working remotely due to a global pandemic. To transiti...; Q112. A pharmaceutical company recently experienced a security breach within its customer-facing...; Q113. Device event logs sources from MDM software as follows: (Exhibit) Which of the following s...; Q114. A company has decided to purchase a license for software that is used to operate a mission...; Q115. A security analyst is reviewing network connectivity on a Linux workstation and examining ...; Q116. During a recent security incident investigation, a security analyst mistakenly turned off ...; Q117. An engineering team is developing and deploying a fleet of mobile devices to be used for s...; Q118. An organization is implementing a new identity and access management architecture with the...; Q119. Clients are reporting slowness when attempting to access a series of load-balanced APIs th...; Q120. Due to locality and budget constraints, an organization's satellite office has a lower ban...; Q121. A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. R...; Q122. A security analyst is investigating a possible buffer overflow attack. The following outpu...; Q123. A security team received a regulatory notice asking for information regarding collusion an...; Q124. A company is implementing SSL inspection. During the next six months, multiple web applica...; Q125. An organization wants to perform a scan of all its systems against best practice security ...; Q126. Ransomware encrypted the entire human resources fileshare for a large financial institutio...; Q127. A financial services company wants to migrate its email services from on-premises servers ...; Q128. A small company needs to reduce its operating costs. vendors have proposed solutions, whic...; Q129. A company has moved its sensitive workloads lo the cloud and needs to ensure high availabi...; Q130. A bank is working with a security architect to find the BEST solution to detect database m...; Q131. A systems administrator is in the process of hardening the host systems before connecting ...; Q132. A security consultant was hired to audit a company's password are account policy. The comp...; Q133. An organization developed a social media application that is used by customers in multiple...; Q134. Which of the following are the MOST likely vectors for the unauthorized or unintentional i...; Q135. A company wants to use a process to embed a sign of ownership covertly inside a proprietar...; Q136. (Exhibit); Q137. A financial services company has proprietary trading algorithms, which were created and ar...; Q138. A vulnerability analyst identified a zero-day vulnerability in a company's internally deve...; Q139. In comparison with traditional on-premises infrastructure configurations, defining ACLs in...; Q140. A customer reports being unable to connect to a website at www.test.com to consume service...; Q141. A security analyst is investigating a possible buffer overflow attack. The following outpu...; Q142. A threat analyst notices the following URL while going through the HTTP logs. (Exhibit) Wh...; Q143. A company wants to quantify and communicate the effectiveness of its security controls but...; Q144. An organization is planning for disaster recovery and continuity of operations. INSTRUCTIO...; Q145. Users are reporting intermittent access issues with a new cloud application that was recen...; Q146. A security analyst has noticed a steady increase in the number of failed login attempts to...; Q147. A hospitality company experienced a data breach that included customer PII. The hacker use...; Q148. A remote user reports the inability to authenticate to the VPN concentrator. During troubl...; Q149. A satellite communications ISP frequently experiences outages and degraded modes of operat...; Q150. A company has completed the implementation of technical and management controls as require...; Q151. Device event logs sources from MDM software as follows: (Exhibit) Which of the following s...; Q152. An organization's threat team is creating a model based on a number of incidents in which ...; Q153. A company is on a deadline to roll out an entire CRM platform to all users at one time. Ho...; Q154. A hospitality company experienced a data breach that included customer Pll. The hacker use...; Q155. A high-severity vulnerability was found on a web application and introduced to the enterpr...; Q156. An organization mat provides a SaaS solution recently experienced an incident involving cu...; Q157. An organization is moving its intellectual property data from on premises to a CSP and wan...; Q158. Joe an application security engineer is performing an audit of an environmental control ap...; Q159. A developer implement the following code snippet. (Exhibit) Which of the following vulnera...; Q160. An organization that provides a SaaS solution recently experienced an incident involving c...; Q161. During a remodel, a company's computer equipment was moved to a secure storage room with c...; Q162. A recent data breach revealed that a company has a number of files containing customer dat...; Q163. A product manager is concerned about the unintentional sharing of the company's intellectu...; Q164. A company created an external, PHP-based web application for its customers. A security res...; Q165. All staff at a company have started working remotely due to a global pandemic. To transiti...; Q166. A company wants to implement a new website that will be accessible via browsers with no mo...; Q167. Several recent ransomware outbreaks at a company have cost a significant amount of lost re...; Q168. An enterprise is undergoing an audit to review change management activities when promoting...; Q169. All staff at a company have started working remotely due to a global pandemic. To transiti...; Q170. A Chief Information Security Officer (CISO) needs to create a policy set that meets intern...; Q171. A security analyst notices a number of SIEM events that show the following activity: (Exhi...; Q172. A junior developer is informed about the impact of new malware on an Advanced RISC Machine...; Q173. A disaster recovery team learned of several mistakes that were made during the last disast...; Q174. Technicians have determined that the current server hardware is outdated, so they have dec...; Q175. A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS so...; Q176. A junior developer is informed about the impact of new malware on an Advanced RISC Machine...; Q177. A PaaS provider deployed a new product using a DevOps methodology. Because DevOps is used ...; Q178. A business wants to migrate its workloads from an exclusively on-premises IT infrastructur...; Q179. A recent data breach revealed that a company has a number of files containing customer dat...; Q180. A customer reports being unable to connect to a website at www.test.com to consume service...; Q181. A company has moved its sensitive workloads lo the cloud and needs to ensure high availabi...; Q182. The CI/CD pipeline requires code to have close to zero defects and zero vulnerabilities. T...; Q183. A security engineer needs to recommend a solution that will meet the following requirement...; Q184. A company Invested a total of $10 million lor a new storage solution Installed across live...; Q185. Which of the following allows computation and analysis of data within a ciphertext without...; Q186. Which of the following terms refers to the delivery of encryption keys to a CASB or a thir...; Q187. A development team created a mobile application that contacts a company's back-end APIs ho...; Q188. A company requires a task to be carried by more than one person concurrently. This is an e...; Q189. A company created an external application for its customers. A security researcher now rep...; Q190. A home automation company just purchased and installed tools for its SOC to enable inciden...; Q191. A security is assisting the marketing department with ensuring the security of the organiz...; Q192. A company uses an application in its warehouse that works with several commercially availa...; Q193. A network administrator receives a ticket regarding an error from a remote worker who is t...; Q194. A security analyst for a managed service provider wants to implement the most up-to-date a...; Q195. A company's employees are not permitted to access company systems while traveling internat...; Q196. Law enforcement officials informed an organization that an investigation has begun. Which ...; Q197. Due to adverse events, a medium-sized corporation suffered a major operational disruption ...; Q198. In preparation for the holiday season, a company redesigned the system that manages retail...; Q199. A developer wants to develop a secure external-facing web application. The developer is lo...; Q200. A new, online file hosting service is being offered. The service has the following securit...; Q201. Which of the following are risks associated with vendor lock-in? (Choose two.)...; Q202. Which of the following processes involves searching and collecting evidence during an inve...

Join the discussion

Question 1/202

Add Comments

Download PDF File