CAS-004 Free Practice Test

A penetration tester obtained root access on a Windows server and, according to the rules of engagement, is permitted to perform post-exploitation for persistence.
Which of the following techniques would BEST support this?

1. A. Configuring systemd services to run automatically at startup
2. B. Creating a backdoor
3. C. Exploiting an arbitrary code execution exploit
4. D. Moving laterally to a more authoritative server/service

Correct Answer: B

A financial services company wants to migrate its email services from on-premises servers to a cloud-based email solution. The Chief information Security Officer (CISO) must brief board of directors on the potential security concerns related to this migration. The board is concerned about the following.
* Transactions being required by unauthorized individual
* Complete discretion regarding client names, account numbers, and investment information.
* Malicious attacker using email to distribute malware and ransom ware.
* Exfiltration of sensitivity company information.
The cloud-based email solution will provide an6-malware, reputation-based scanning, signature-based scanning, and sandboxing. Which of the following is the BEST option to resolve the board’s concerns for this email migration?

1. A. Data loss prevention
2. B. Endpoint detection response
3. C. SSL VPN
4. D. Application whitelisting

Correct Answer: A

A company Invested a total of $10 million lor a new storage solution Installed across live on-site datacenters. Fitly percent of the cost of this Investment was for solid-state storage. Due to the high rate of wear on this storage, the company Is estimating that 5% will need to be replaced per year. Which of the following is the ALE due to storage replacement?

1. A. $50,000
2. B. $125,000
3. C. $250,000
4. D. $500.000
5. E. $51,000,000

Correct Answer: C

A high-severity vulnerability was found on a web application and introduced to the enterprise. The vulnerability could allow an unauthorized user to utilize an open-source library to view privileged user information. The enterprise is unwilling to accept the risk, but the developers cannot fix the issue right away.
Which of the following should be implemented to reduce the risk to an acceptable level until the issue can be fixed?

1. A. Scan the code with a static code analyzer, change privileged user passwords, and provide security training.
2. B. Change privileged usernames, review the OS logs, and deploy hardware tokens.
3. C. Implement MFA, review the application logs, and deploy a WAF.
4. D. Deploy a VPN, configure an official open-source library repository, and perform a full application review for vulnerabilities.

Correct Answer: C

A security analyst receives an alert from the SIEM regarding unusual activity on an authorized public SSH jump server. To further investigate, the analyst pulls the event logs directly from /var/log/auth.log: graphic.ssh_auth_log.
Which of the following actions would BEST address the potential risks by the activity in the logs?

1. A. Alerting the misconfigured service account password
2. B. Modifying the AllowUsers configuration directive
3. C. Restricting external port 22 access
4. D. Implementing host-key preferences

Correct Answer: B