- Home
- CompTIA
- CompTIA Advanced Security Practitioner (CASP+) Exam
- CompTIA.CAS-004.v2025-08-05.q378
- Question 235
Valid CAS-004 Dumps shared by ExamDiscuss.com for Helping Passing CAS-004 Exam! ExamDiscuss.com now offer the newest CAS-004 exam dumps, the ExamDiscuss.com CAS-004 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-004 dumps with Test Engine here:
Access CAS-004 Dumps Premium Version
(620 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 235/378
A security assessor identified an internet-facing web service API provider that was deemed vulnerable. Execution of testssl provided the following insight:
Which of the following configuration changes would BEST mitigate chosen ciphertext attacks?
Which of the following configuration changes would BEST mitigate chosen ciphertext attacks?
Correct Answer: D
AEAD (Authenticated Encryption with Associated Data) ciphers provide both encryption and authentication in a single step. This makes them more resistant to chosen ciphertext attacks than other types of ciphers. AEAD ciphers, like AES-GCM and ChaCha20-Poly1305, provide strong encryption and authentication.
- Question List (378q)
- Question 1: A major broadcasting company that requires continuous availa...
- Question 2: A security analyst received a report that a suspicious flash...
- Question 3: A partner organization is requesting that a security adminis...
- Question 4: A company is migrating its data center to the cloud. Some ho...
- Question 5: Which of the following communication protocols is used to cr...
- Question 6: An organization's threat team is creating a model based on a...
- Question 7: A security engineer is working to secure an organization's V...
- Question 8: A company wants to implement a cloud-based security solution...
- Question 9: A security architect for a large, multinational manufacturer...
- Question 10: The Chief Information Security Officer (CISO) is working wit...
- Question 11: A control systems analyst is reviewing the defensive posture...
- Question 12: A small company recently developed prototype technology for ...
- Question 13: A server in a manufacturing environment is running an end-of...
- Question 14: A software developer has been tasked with creating a unique ...
- Question 15: Which of the following risks does expanding business into a ...
- Question 16: Some end users of an e-commerce website are reporting a dela...
- Question 17: A user forwarded a suspicious email to a security analyst fo...
- Question 18: A security analyst discovered that the company's WAF was not...
- Question 19: During a software assurance assessment, an engineer notices ...
- Question 20: A security engineer is troubleshooting an issue in which an ...
- Question 21: A cloud security engineer is setting up a cloud-hosted WAF. ...
- Question 22: Which of the following industrial protocols is most likely t...
- Question 23: Which of the following is record-level encryption commonly u...
- Question 24: A global financial firm wants to onboard a new vendor that s...
- Question 25: A cybersecurity engineer analyst a system for vulnerabilitie...
- Question 26: A financial institution has several that currently employ th...
- Question 27: A security manager wants to transition the organization to a...
- Question 28: The Chief information Officer (CIO) of a large bank, which u...
- Question 29: Ransomware encrypted the entire human resources fileshare fo...
- Question 30: A forensics investigator is analyzing an executable file ext...
- Question 31: When implementing serverless computing, an organization must...
- Question 32: An investigator is attempting to determine if recent data br...
- Question 33: The information security manager of an e-commerce company re...
- Question 34: A company is looking at sending historical backups containin...
- Question 35: A security engineer estimates the company's popular web appl...
- Question 36: During a review of events, a security analyst notes that sev...
- Question 37: A security analyst and a DevOps engineer are working togethe...
- Question 38: An application engineer is using the Swagger framework to le...
- Question 39: Ann, a CIRT member, is conducting incident response activiti...
- Question 40: A security engineer is trying to identify instances of a vul...
- Question 41: A security analyst has noticed a steady increase in the numb...
- Question 42: A user from the sales department opened a suspicious file at...
- Question 43: A development team created a mobile application that contact...
- Question 44: A company purchased Burp Suite licenses this year for each a...
- Question 45: A security architect works for a manufacturing organization ...
- Question 46: A PaaS provider deployed a new product using a DevOps method...
- Question 47: A security architect discovers the following page while test...
- Question 48: A security analyst is concerned that a malicious piece of co...
- Question 49: Application owners are reporting performance issues with tra...
- Question 50: A corporation discovered its internet connection is saturate...
- Question 51: During a recent security incident investigation, a security ...
- Question 52: A Chief Information Security Officer (CISO) is running a tes...
- Question 53: The CI/CD pipeline requires code to have close to zero defec...
- Question 54: A local government that is investigating a data exfiltration...
- Question 55: A security architect is implementing a SOAR solution in an o...
- Question 56: A security analyst is using data provided from a recent pene...
- Question 57: A company's software developers have indicated that the secu...
- Question 58: An IoT device implements an encryption module built within i...
- Question 59: A DNS forward lookup zone named comptia.org must: - Ensure t...
- Question 60: A vulnerability analyst identified a zero-day vulnerability ...
- Question 61: An organization wants to perform a scan of all its systems a...
- Question 62: A SIEM generated an alert after a third-party database admin...
- Question 63: A company is implementing a new secure identity application,...
- Question 64: As part of the asset management life cycle, a company engage...
- Question 65: A security administrator has been provided with three separa...
- Question 66: A company based in the United States holds insurance details...
- Question 67: A financial services company has proprietary trading algorit...
- Question 68: An organization collects personal data from its global custo...
- Question 69: A security engineer is concerned about the threat of side-ch...
- Question 70: A security analyst has been tasked with assessing a new API....
- Question 71: A small business requires a low-cost approach to theft detec...
- Question 72: In a shared responsibility model for PaaS, which of the foll...
- Question 73: A new corporate policy requires that all employees have acce...
- Question 74: Company A is establishing a contractual with Company B. The ...
- Question 75: A business wants to migrate its workloads from an exclusivel...
- Question 76: A company has a BYOD policy and has configured remote-wiping...
- Question 77: An executive has decided to move a company's customer-facing...
- Question 78: SIMULATION During the course of normal SOC operations, three...
- Question 79: A company wants to prevent a partner company from denying ag...
- Question 80: Which of the following represents the MOST significant benef...
- Question 81: A security administrator needs to recommend an encryption pr...
- Question 82: A recent batch of bug bounty findings indicates a systematic...
- Question 83: An organization's existing infrastructure includes site-to-s...
- Question 84: A security architect needs to implement a CASB solution for ...
- Question 85: An analyst is evaluating the security of a web application t...
- Question 86: A company publishes several APIs for customers and is requir...
- Question 87: A large telecommunications equipment manufacturer needs to e...
- Question 88: A DevOps team has deployed databases, event-driven services,...
- Question 89: A security engineer needs to ensure production containers ar...
- Question 90: A security analyst is investigating a possible buffer overfl...
- Question 91: A security administrator is opening connectivity on a firewa...
- Question 92: The general counsel at an organization has received written ...
- Question 93: A technology company developed an in-house chat application ...
- Question 94: A Chief information Security Officer (CISO) is developing co...
- Question 95: An enterprise is deploying APIs that utilize a private key a...
- Question 96: A Chief Information Officer is considering migrating all com...
- Question 97: A regulated company is in the process of refreshing its enti...
- Question 98: A smart switch has the ability to monitor electrical levels ...
- Question 99: A social media company wants to change encryption ciphers af...
- Question 100: A development team releases updates to an application regula...
- Question 101: A company wants to implement a new website that will be acce...
- Question 102: A security administrator at a global organization wants to u...
- Question 103: An IT department is currently working to implement an enterp...
- Question 104: A Chief Information Officer (CIO) wants to implement a cloud...
- Question 105: A software house is developing a new application. The applic...
- Question 106: A network security engineer is designing a three-tier web ar...
- Question 107: After an employee was terminated, the company discovered the...
- Question 108: A software development company makes Its software version av...
- Question 109: A company is rewriting a vulnerable application and adding t...
- Question 110: A mobile device hardware manufacturer receives the following...
- Question 111: A company would like to move its payment card data to a clou...
- Question 112: Company A acquired Company B. During an audit, a security en...
- Question 113: A security engineer is reviewing metrics for a series of bug...
- Question 114: To bring digital evidence in a court of law, the evidence mu...
- Question 115: A software assurance analyst reviews an SSH daemon's source ...
- Question 116: A Chief Information Security Officer (CISO) reviewed data fr...
- Question 117: A small company recently developed prototype technology for ...
- Question 118: A firewall administrator needs to ensure all traffic across ...
- Question 119: A client is adding scope to a project. Which of the followin...
- Question 120: A new, online file hosting service is being offered. The ser...
- Question 121: A security architect is reviewing the following organization...
- Question 122: A health company has reached the physical and computing capa...
- Question 123: A company is migrating from company-owned phones to a BYOD s...
- Question 124: The Chief Information Security Officer (CISO) has outlined a...
- Question 125: A system administrator at a medical imaging company discover...
- Question 126: An analyst has prepared several possible solutions to a succ...
- Question 127: Given the following log snippet from a web server: (Exhibit)...
- Question 128: An employee decides to log into an authorized system. The sy...
- Question 129: A security consultant needs to set up wireless security for ...
- Question 130: A junior security researcher has identified a buffer overflo...
- Question 131: A company is developing a new service product offering that ...
- Question 132: A security review of the architecture for an application mig...
- Question 133: A penetration tester is conducting an assessment on Comptia....
- Question 134: A technician uses an old SSL server due to budget constraint...
- Question 135: An administrator at a software development company would lik...
- Question 136: A company underwent an audit in which the following issues w...
- Question 137: A new web server must comply with new secure-by-design princ...
- Question 138: A development team needs terminal access to preproduction se...
- Question 139: An organization is implementing a new identity and access ma...
- Question 140: An analyst reviews the following output collected during the...
- Question 141: A security engineer is reviewing Apache web server logs and ...
- Question 142: The Chief information Officer (CIO) wants to establish a non...
- Question 143: Which of the following is the best reason for obtaining file...
- Question 144: A company's user community is being adversely affected by va...
- Question 145: An organization offers SaaS services through a public email ...
- Question 146: The principal security analyst for a global manufacturer is ...
- Question 147: A software development firm wants to validate the use of sta...
- Question 148: A security architect is designing a solution for a new custo...
- Question 149: After installing an unapproved application on a personal dev...
- Question 150: The Chief Executive Officer (CEO) of a small wholesaler with...
- Question 151: A company implements the following access control methodolog...
- Question 152: A MSSP has taken on a large client that has government compl...
- Question 153: Which of the following should an organization implement to p...
- Question 154: An ASIC manufacturer wishing to best reduce downstream suppl...
- Question 155: A bank has multiple subsidiaries that have independent infra...
- Question 156: A security analyst is investigating unapproved cloud service...
- Question 157: An organization's hunt team thinks a persistent threats exis...
- Question 158: An engineer wants to assess the OS security configurations o...
- Question 159: A security engineer is performing a threat modeling procedur...
- Question 160: A cyberanalyst has been tasked with recovering PDF files fro...
- Question 161: The management team at a company with a large, aging server ...
- Question 162: A city government's IT director was notified by the city cou...
- Question 163: An organization recently started processing, transmitting, a...
- Question 164: A software development company wants to ensure that users ca...
- Question 165: An organization is concerned that its hosted web servers are...
- Question 166: A small bank is evaluating different methods to address and ...
- Question 167: A security analyst is researching containerization concepts ...
- Question 168: The audit team was only provided the physical and logical ad...
- Question 169: A company's Chief Information Officer wants to implement IDS...
- Question 170: Due to locality and budget constraints, an organization's sa...
- Question 171: A security analyst is assessing a new application written in...
- Question 172: A security analyst is reviewing the following vulnerability ...
- Question 173: Which of the following is required for an organization to me...
- Question 174: During a recent breach, an attacker was able to get a user's...
- Question 175: A security analyst has been assigned incident response dutie...
- Question 176: A security engineer investigates an incident and determines ...
- Question 177: A security architect updated the security policy to require ...
- Question 178: A company is outsourcing to an MSSP that performs managed de...
- Question 179: An internal security audit determines that Telnet is current...
- Question 180: Which of the following are the MOST likely vectors for the u...
- Question 181: A security officer is requiring all personnel working on a s...
- Question 182: A security administrator is setting up a virtualization solu...
- Question 183: A company has integrated source code from a subcontractor in...
- Question 184: A video-game developer has received reports of players who a...
- Question 185: A company has data it would like to aggregate from its PLCs ...
- Question 186: An attacker exploited an unpatched vulnerability in a web fr...
- Question 187: A company requires a task to be carried by more than one per...
- Question 188: A company recently deployed new servers to create an additio...
- Question 189: A security analyst is trying to identify the source of a rec...
- Question 190: An organization's finance system was recently attacked. A fo...
- Question 191: A security engineer is implementing a server-side TLS config...
- Question 192: PKI can be used to support security requirements in the chan...
- Question 193: Following a complete outage of the electronic medical record...
- Question 194: A security engineer wants to introduce key stretching techni...
- Question 195: A software developer needs to add an authentication method t...
- Question 196: A company makes consumer health devices and needs to maintai...
- Question 197: A domestic, publicly traded, online retailer that sells make...
- Question 198: A company is experiencing a large number of attempted networ...
- Question 199: Which of the following technologies would benefit the most f...
- Question 200: During a recent incident, sensitive data was disclosed and s...
- Question 201: A security compliance requirement states that specific envir...
- Question 202: A software developer must choose encryption algorithms to se...
- Question 203: A common industrial protocol has the following characteristi...
- Question 204: An engineer is evaluating the control profile to assign to a...
- Question 205: Which of the following should be established when configurin...
- Question 206: An attacker has been compromising banking institution target...
- Question 207: A security manager has written an incident response play boo...
- Question 208: A developer implement the following code snippet. catch (Exc...
- Question 209: A security auditor needs to review the manner in which an en...
- Question 210: A cybersecurity analyst discovered a private key that could ...
- Question 211: A security architect was asked to modify an existing interna...
- Question 212: A security consultant has been asked to identify a simple, s...
- Question 213: A security engineer needs to implement a CASB to secure empl...
- Question 214: A systems administrator at a web-hosting provider has been t...
- Question 215: A security engineer was auditing an organization's current s...
- Question 216: Law enforcement officials informed an organization that an i...
- Question 217: Which of the following security features do email signatures...
- Question 218: A company created an external application for its customers....
- Question 219: A recent security assessment generated a recommendation to t...
- Question 220: A security analyst notices a number of SIEM events that show...
- Question 221: A digital forensics expert has obtained an ARM binary suspec...
- Question 222: A company's human resources department recently had its own ...
- Question 223: A security analyst discovers a new device on the company's d...
- Question 224: A security architect is working with a new customer to find ...
- Question 225: A security engineer performed an assessment on a recently de...
- Question 226: All staff at a company have started working remotely due to ...
- Question 227: A company is concerned about disgruntled employees transferr...
- Question 228: A company's BIA indicates that any loss of more than one hou...
- Question 229: A company hosts a large amount of data in blob storage for i...
- Question 230: A security manager is determining the best DLP solution for ...
- Question 231: A company has moved its sensitive workloads to the cloud and...
- Question 232: Based on PCI DSS v3.4, One Particular database field can sto...
- Question 233: After a security incident, a network security engineer disco...
- Question 234: A company would like to obfuscate PII data accessed by an ap...
- Question 235: A security assessor identified an internet-facing web servic...
- Question 236: The OS on several servers crashed around the same time for a...
- Question 237: Which of the following allows computation and analysis of da...
- Question 238: An electric car company hires an IT consulting company to im...
- Question 239: A company has instituted a new policy in which all outbound ...
- Question 240: Joe an application security engineer is performing an audit ...
- Question 241: A security administrator needs to implement an X.509 solutio...
- Question 242: A security engineer needs to select the architecture for a c...
- Question 243: A remote user reports the inability to authenticate to the V...
- Question 244: A security analyst is evaluating all third-party software an...
- Question 245: A security administrator needs to implement a security solut...
- Question 246: A company has been the target of LDAP injections, as well as...
- Question 247: Which of the following terms refers to the delivery of encry...
- Question 248: Following a Log4j outbreak, several network appliances were ...
- Question 249: A company wants to use a process to embed a sign of ownershi...
- Question 250: A company wants to improve Its active protection capabilitie...
- Question 251: Legal authorities notify a company that its network has been...
- Question 252: A security architect is advising the application team to imp...
- Question 253: A forensic expert working on a fraud investigation for a US-...
- Question 254: An online video shows a company's Chief Executive Officer (C...
- Question 255: An engineering team has deployed a new VPN service that requ...
- Question 256: A security architect has designated that a server segment of...
- Question 257: A security architect is tasked with scoping a penetration te...
- Question 258: An enterprise is configuring an SSL client-based VPN for cer...
- Question 259: Users are reporting intermittent access issues with a new cl...
- Question 260: Ann, a security manager, is reviewing a threat feed that pro...
- Question 261: In comparison to other types of alternative processing sites...
- Question 262: A small business would like to provide guests who are using ...
- Question 263: A security analyst runs a vulnerability scan on a network ad...
- Question 264: An accounting team member received a voicemail message from ...
- Question 265: Leveraging cryptographic solutions to protect data that is i...
- Question 266: A security analyst is examining a former employee's laptop f...
- Question 267: A company wants to quantify and communicate the effectivenes...
- Question 268: A security engineer has implemented an internal user access ...
- Question 269: A software developer created an application for a large, mul...
- Question 270: A networking team asked a security administrator to enable F...
- Question 271: A company's SOC has received threat intelligence about an ac...
- Question 272: In support of disaster recovery objectives, a third party ag...
- Question 273: A customer requires secure communication of subscribed web s...
- Question 274: An engineer has had scaling issues with a web application ho...
- Question 275: A new requirement for legislators has forced a government se...
- Question 276: A company with multiple locations has taken a cloud-only app...
- Question 277: A penetration tester is given an assignment lo gain physical...
- Question 278: A company uses an enterprise desktop imaging solution to man...
- Question 279: An enterprise's Chief Technology Officer (CTO) and Chief Inf...
- Question 280: A security analyst has been tasked with providing key inform...
- Question 281: An organization is assessing the security posture of a new S...
- Question 282: A hospitality company experienced a data breach that include...
- Question 283: A security analyst at a global financial firm was reviewing ...
- Question 284: A threat hunting team receives a report about possible APT a...
- Question 285: The Chief information Security Officer (CISO) of a small loc...
- Question 286: A company has retained the services of a consultant to perfo...
- Question 287: A security analyst for a bank received an anonymous tip on t...
- Question 288: An organization had been leveraging RC4 to protect the confi...
- Question 289: A security administrator wants to allow external organizatio...
- Question 290: A security analyst discovered that a database administrator'...
- Question 291: An organization wants to implement an access control system ...
- Question 292: Which of the following is the MOST important security object...
- Question 293: A manufacturing company's security engineer is concerned a r...
- Question 294: An employee's device was missing for 96 hours before being r...
- Question 295: A Chief Information Security Officer (CISO) needs to create ...
- Question 296: Users have reported that an internally developed web applica...
- Question 297: A security engineer is implementing DLP. Which of the follow...
- Question 298: A forensic investigator started the process of gathering evi...
- Question 299: A penetration tester obtained root access on a Windows serve...
- Question 300: An organization developed a containerized application. The o...
- Question 301: Ann, a retiring employee, cleaned out her desk. The next day...
- Question 302: A company wants to protect its intellectual property from th...
- Question 303: A security architect recommends replacing the company's mono...
- Question 304: company management elects to cancel production. Which of the...
- Question 305: A company wants to improve the security of its web applicati...
- Question 306: A company has identified a number of vulnerable, end-of-supp...
- Question 307: A recent data breach revealed that a company has a number of...
- Question 308: The Chief information Officer (CIO) asks the system administ...
- Question 309: A cybersecurity analyst discovered a private key that could ...
- Question 310: Drag and Drop Question An organization is planning for disas...
- Question 311: A security analyst detected a malicious PowerShell attack on...
- Question 312: Which of the following attacks can be mitigated by proper da...
- Question 313: A pharmaceutical company uses a cloud provider to host thous...
- Question 314: A network administrator for a completely air-gapped and clos...
- Question 315: A company recently implemented a CI/CD pipeline and is now c...
- Question 316: An organization must implement controls that are aligned wit...
- Question 317: The Chief Executive Officer )CEO) of a small company decides...
- Question 318: A product manager is concerned about the unintentional shari...
- Question 319: A risk assessment determined that company data was leaked to...
- Question 320: A security solution uses a sandbox environment to execute ze...
- Question 321: A law firm experienced a breach in which access was gained t...
- Question 322: A company is looking for a solution to hide data stored in d...
- Question 323: A company is moving all of its web applications to an SSO co...
- Question 324: An administrator completed remediation for all the findings ...
- Question 325: A security engineer needs to implement a cost-effective auth...
- Question 326: A security analyst has concerns about malware on an endpoint...
- Question 327: A software development company is implementing a SaaS-based ...
- Question 328: An organization is running its e-commerce site in the cloud....
- Question 329: A company undergoing digital transformation is reviewing the...
- Question 330: A systems administrator was given the following IOC to detec...
- Question 331: Which of the following is the BEST disaster recovery solutio...
- Question 332: A security engineer has learned that terminated employees' a...
- Question 333: A security analyst has been provided the following partial S...
- Question 334: A web application server is running a legacy operating syste...
- Question 335: An organization that provides a SaaS solution recently exper...
- Question 336: Which of the following is a security concern for DNP3?...
- Question 337: A host on a company's network has been infected by a worm th...
- Question 338: A developer wants to develop a secure external-facing web ap...
- Question 339: A company wants to securely manage the APIs that were develo...
- Question 340: Which of the following may indicate a configuration item has...
- Question 341: When implementing a penetration testing program, the Chief I...
- Question 342: A cybersecurity analyst receives a ticket that indicates a p...
- Question 343: A security analyst is evaluating the security of an online c...
- Question 344: A security administrator adding a NAC requirement for all VP...
- Question 345: A startup software company recently updated its development ...
- Question 346: In order to authenticate employees who, call in remotely, a ...
- Question 347: A security analyst is monitoring an organization's IDS and D...
- Question 348: SIMULATION You are a security analyst tasked with interpreti...
- Question 349: Immediately following the report of a potential breach, a se...
- Question 350: A company has hired a security architect to address several ...
- Question 351: A company is deploying multiple VPNs to support supplier con...
- Question 352: A company recently experienced a security incident in which ...
- Question 353: During a network defense engagement, a red team is able to e...
- Question 354: A company has a website with a huge database. The company wa...
- Question 355: A company recently migrated all its workloads to the cloud a...
- Question 356: An e-commerce company that provides payment gateways is conc...
- Question 357: A web service provider has just taken on a very large contra...
- Question 358: A security researcher detonated some malware in a lab enviro...
- Question 359: The Chief information Officer (CIO) wants to implement enter...
- Question 360: During an incident, an employee's web traffic was redirected...
- Question 361: A penetration tester is testing a company's login form for a...
- Question 362: Company A is merging with Company B. Company A is a small, l...
- Question 363: An HVAC contractor requested network connectivity permission...
- Question 364: A security analyst needs to recommend a remediation to the f...
- Question 365: The following messages are displayed when a VPN client is at...
- Question 366: Over the last 90 days, many storage services has been expose...
- Question 367: An auditor Is reviewing the logs from a web application to d...
- Question 368: Which of the following is MOST commonly found in a network S...
- Question 369: Which of the following BEST sets expectation between the sec...
- Question 370: A company is deploying a DIP solution and scanning workstati...
- Question 371: A security technician is trying to connect a remote site to ...
- Question 372: A software developer was just informed by the security team ...
- Question 373: A security analyst is reviewing the following output from a ...
- Question 374: A security architect is analyzing an old application that is...
- Question 375: A company processes sensitive cardholder information that is...
- Question 376: An organization is prioritizing efforts to remediate or miti...
- Question 377: A security engineer has recently become aware of a Java appl...
- Question 378: The Chief Executive Officer (CEO) of a fast-growing company ...
