CAS-004 Free Practice Test

An architectural firm is working with its security team to ensure that any draft images that are leaked to the public can be traced back to a specific external party. Which of the following would BEST accomplish this goal?

1. A. Properly configure a secure file transfer system to ensure file integrity.
2. B. Have the external parties sign non-disclosure agreements before sending any images.
3. C. Only share images with external parties that have worked with the firm previously.
4. D. Utilize watermarks in the images that are specific to each external party.

Correct Answer: D
Utilizing watermarks in the images that are specific to each external party would best accomplish the goal of tracing back any leaked draft images. Watermarks are visible or invisible marks that can be embedded in digital images to indicate ownership, authenticity, or origin. Watermarks can also be used to identify the recipient of the image and deter unauthorized copying or distribution. If a draft image is leaked to the public, the watermark can reveal which external party was responsible for the breach.

A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.
Which of the following should be the analyst’s FIRST action?

1. A. Create a full inventory of information and data assets.
2. B. Ascertain the impact of an attack on the availability of crucial resources.
3. C. Determine which security compliance standards should be followed.
4. D. Perform a full system penetration test to determine the vulnerabilities.

Correct Answer: A
This is because a risk assessment requires identifying the assets that are valuable to the organization and could be targeted by attackers. A full inventory of information and data assets can help the analyst prioritize the most critical assets and determine their potential exposure to threats. Without knowing what assets are at stake, the analyst cannot effectively assess the risk level or the impact of an attack. Creating an inventory of assets is also a prerequisite for performing other actions, such as following compliance standards, measuring availability, or conducting penetration tests.

A business wants to migrate its workloads from an exclusively on-premises IT infrastructure to the cloud but cannot implement all the required controls. Which of the following BEST describes the risk associated with this implementation?

1. A. Loss of governance
2. B. Vendor lockout
3. C. Compliance risk
4. D. Vendor lock-in

Correct Answer: C

Which of the following describes the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely?

1. A. Key escrow
2. B. TPM
3. C. Trust models
4. D. Code signing

Correct Answer: A
Key escrow is the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely. Key escrow is an arrangement in which the keys needed to decrypt encrypted data are held in escrow by a trusted third party that can release them under certain conditions. Key escrow can be useful for backup or recovery purposes, or for complying with legal or regulatory requirements that may demand access to encrypted data.
* B. TPM is not the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely. TPM stands for Trusted Platform Module, which is a hardware device that provides secure storage and generation of cryptographic keys on a computer. TPM does not involve any third party or escrow service.
* C. Trust models are not the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely. Trust models are frameworks that define how entities can establish and maintain trust relationships in a network or system. Trust models do not necessarily involve any third party or escrow service.
* D. Code signing is not the system responsible for storing private encryption/decryption files with a third party to ensure these files are stored safely. Code signing is a process of using digital signatures to verify the authenticity and integrity of software code. Code signing does not involve any third party or escrow service.

A security researcher detonated some malware in a lab environment and identified the following commands running from the EDR tool:

With which of the following MITRE ATT&CK TTPs is the command associated? (Select TWO).

1. A. Indirect command execution
2. B. OS credential dumping
3. C. Inhibit system recovery
4. D. External remote services
5. E. System information discovery
6. F. Network denial of service

Correct Answer: BE
OS credential dumping is the process of obtaining account login and password information, normally in the form of a hash or a clear text password, from the operating system and software. System information discovery is the process of gathering information about the system, such as hostname, IP address, OS version, running processes, etc. Both of these techniques are commonly used by adversaries to gain access to sensitive data and resources on the target system. The command shown in the image is using Mimikatz, a tool that can dump credentials from memory, and also querying the system information using WMIC. Verified References:
https://attack.mitre.org/techniques/T1003/
https://attack.mitre.org/techniques/T1082/
https://github.com/gentilkiwi/mimikatz
https://docs.microsoft.com/en-us/windows/win32/wmisdk/wmic