- Home
- CompTIA
- CompTIA Advanced Security Practitioner (CASP+) Exam
- CompTIA.CAS-004.v2025-08-18.q256
- Question 241
Valid CAS-004 Dumps shared by ExamDiscuss.com for Helping Passing CAS-004 Exam! ExamDiscuss.com now offer the newest CAS-004 exam dumps, the ExamDiscuss.com CAS-004 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-004 dumps with Test Engine here:
Access CAS-004 Dumps Premium Version
(620 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 241/256
A pharmaceutical company was recently compromised by ransomware. Given the following EDR output from the process investigation:
On which of the following devices and processes did the ransomware originate?
On which of the following devices and processes did the ransomware originate?
Correct Answer: D
The EDR output shows the process tree of the ransomware infection. The root node is NO-AV.exe, which is a malicious executable that disables antivirus software and downloads the DearCry ransomware. The NO-AV.
exe process was launched on cpt-ws026 by a user named John. The DearCry.exe process was then launched on cpt-ws026 by NO-AV.exe and propagated to other devices via SMB. Therefore, the ransomware originated from cpt-ws026 and NO-AV.exe. Verified References:
* https://www.microsoft.com/security/blog/2021/03/12/analyzing-dearcry-ransomware-the-first-attack-to- exploit-exchange-server-vulnerabilities/
* https://www.crowdstrike.com/blog/dearcry-ransomware-analysis/
exe process was launched on cpt-ws026 by a user named John. The DearCry.exe process was then launched on cpt-ws026 by NO-AV.exe and propagated to other devices via SMB. Therefore, the ransomware originated from cpt-ws026 and NO-AV.exe. Verified References:
* https://www.microsoft.com/security/blog/2021/03/12/analyzing-dearcry-ransomware-the-first-attack-to- exploit-exchange-server-vulnerabilities/
* https://www.crowdstrike.com/blog/dearcry-ransomware-analysis/
- Question List (256q)
- Question 1: Two companies that recently merged would like to unify appli...
- Question 2: An analyst is working to address a potential compromise of a...
- Question 3: A security researcher detonated some malware in a lab enviro...
- Question 4: An organization's hunt team thinks a persistent threats exis...
- Question 5: A company is migrating its data center to the cloud. Some ho...
- Question 6: Due to locality and budget constraints, an organization's sa...
- Question 7: A security architect examines a section of code and discover...
- Question 8: During a remodel, a company's computer equipment was moved t...
- Question 9: The Chief Executive Officer of an online retailer notices a ...
- Question 10: A security analyst is performing a vulnerability assessment ...
- Question 11: A web application server is running a legacy operating syste...
- Question 12: In comparison with traditional on-premises infrastructure co...
- Question 13: Application owners are reporting performance issues with tra...
- Question 14: A user in the finance department uses a laptop to store a sp...
- Question 15: Which of the following is the MOST important cloud-specific ...
- Question 16: A developer implement the following code snippet. (Exhibit) ...
- Question 17: A security analyst is reviewing network connectivity on a Li...
- Question 18: An internal security assessor identified large gaps in a com...
- Question 19: A security analyst is reading the results of a successful ex...
- Question 20: Which of the following is the MOST important security object...
- Question 21: Which of the following technologies is commonly used for Sin...
- Question 22: Which of the following is the most effective approach to ens...
- Question 23: A threat hunting team receives a report about possible APT a...
- Question 24: A pharmaceutical company uses a cloud provider to host thous...
- Question 25: Given the following information: * Firewall rules: Existing ...
- Question 26: A financial services company wants to migrate its email serv...
- Question 27: An organization has deployed a cloud-based application that ...
- Question 28: A security engineer estimates the company's popular web appl...
- Question 29: A hospital has fallen behind with patching known vulnerabili...
- Question 30: An organization is considering a BYOD standard to support re...
- Question 31: An IPSec solution is being deployed. The configuration files...
- Question 32: An organization is developing a disaster recovery plan that ...
- Question 33: The IT team suggests the company would save money by using s...
- Question 34: A review of the past year's attack patterns shows that attac...
- Question 35: A security analyst discovered that the company's WAF was not...
- Question 36: A company is migrating from company-owned phones to a BYOD s...
- Question 37: A security administrator configured the account policies per...
- Question 38: A security analyst identified a vulnerable and deprecated ru...
- Question 39: A security engineer is implementing DLP. Which of the follow...
- Question 40: A senior security analyst is helping the development team im...
- Question 41: A company would like to move its payment card data to a clou...
- Question 42: Company A is merging with Company B Company A is a small, lo...
- Question 43: An analyst execute a vulnerability scan against an internet-...
- Question 44: An attacker infiltrated the code base of a hardware manufact...
- Question 45: A security solution uses a sandbox environment to execute ze...
- Question 46: A user from the sales department opened a suspicious file at...
- Question 47: A security architect is tasked with scoping a penetration te...
- Question 48: A network administrator who manages a Linux web server notic...
- Question 49: A Chief Information Officer (CIO) wants to implement a cloud...
- Question 50: Clients are reporting slowness when attempting to access a s...
- Question 51: A company just released a new video card. Due to limited sup...
- Question 52: A technology company developed an in-house chat application ...
- Question 53: An IT administrator is reviewing all the servers in an organ...
- Question 54: An multinational organization was hacked, and the incident r...
- Question 55: After a server was compromised an incident responder looks a...
- Question 56: A penetration tester inputs the following command: (Exhibit)...
- Question 57: Company A acquired Company #. During an audit, a security en...
- Question 58: A security architect recommends replacing the company's mono...
- Question 59: An engineering team is developing and deploying a fleet of m...
- Question 60: A forensic investigator would use the foremost command for:...
- Question 61: A company undergoing digital transformation is reviewing the...
- Question 62: A major broadcasting company that requires continuous availa...
- Question 63: A company is experiencing a large number of attempted networ...
- Question 64: A security is assisting the marketing department with ensuri...
- Question 65: A security analyst notices a number of SIEM events that show...
- Question 66: A security architect is designing a solution for a new custo...
- Question 67: An organization's existing infrastructure includes site-to-s...
- Question 68: A software development company is building a new mobile appl...
- Question 69: A network administrator receives a ticket regarding an error...
- Question 70: Based on PCI DSS v3.4, One Particular database field can sto...
- Question 71: An organization is moving its intellectual property data fro...
- Question 72: A company has a website with a huge database. The company wa...
- Question 73: Which of the following tools uses machine learning and advan...
- Question 74: An organization is deploying a new, online digital bank and ...
- Question 75: A security analyst is participating in a risk assessment and...
- Question 76: A large organization is planning to migrate from on premises...
- Question 77: Which of the following security features do email signatures...
- Question 78: An organization is running its e-commerce site in the cloud....
- Question 79: A PKI engineer is defining certificate templates for an orga...
- Question 80: Which of the following processes involves searching and coll...
- Question 81: An organization's finance system was recently attacked. A fo...
- Question 82: A company is looking to fortify its cybersecurity defenses a...
- Question 83: A satellite communications ISP frequently experiences outage...
- Question 84: A security analyst has been tasked with assessing a new API ...
- Question 85: Ann, a CIRT member, is conducting incident response activiti...
- Question 86: A security analyst is assessing a new application written in...
- Question 87: A security engineer is assessing the security controls of lo...
- Question 88: A Chief information Security Officer (CISO) has launched to ...
- Question 89: An organization is preparing to migrate its production envir...
- Question 90: A web service provider has just taken on a very large contra...
- Question 91: A managed security provider (MSP) is engaging with a custome...
- Question 92: A company wants to quantify and communicate the effectivenes...
- Question 93: A company Invested a total of $10 million lor a new storage ...
- Question 94: A business wants to migrate its workloads from an exclusivel...
- Question 95: A bank hired a security architect to improve its security me...
- Question 96: An organization has an operational requirement with a specif...
- Question 97: A systems administrator is in the process of hardening the h...
- Question 98: PKI can be used to support security requirements in the chan...
- Question 99: A security engineer needs to implement a solution to increas...
- Question 100: A company's Chief Information Security Officer wants to prev...
- Question 101: An organization performed a risk assessment and discovered t...
- Question 102: A security engineer is concerned about the threat of side-ch...
- Question 103: A company's claims processed department has a mobile workfor...
- Question 104: A university issues badges through a homegrown identity mana...
- Question 105: An organization recently started processing, transmitting, a...
- Question 106: A security analyst wants to keep track of alt outbound web c...
- Question 107: A company has decided that only administrators are permitted...
- Question 108: A security engineer performed an assessment on a recently de...
- Question 109: A security analyst is concerned that a malicious piece of co...
- Question 110: A company provides guest WiFi access to the internet and phy...
- Question 111: The OS on several servers crashed around the same time for a...
- Question 112: A security analyst is reviewing SIEM events and is uncertain...
- Question 113: A company reviews the regulatory requirements associated wit...
- Question 114: A Chief Information Security Officer (CISO) is concerned tha...
- Question 115: Which of the following objectives BEST supports leveraging t...
- Question 116: Which of the following indicates when a company might not be...
- Question 117: An organization is rolling out a robust vulnerability manage...
- Question 118: An employee's device was missing for 96 hours before being r...
- Question 119: An ISP is receiving reports from a portion of its customers ...
- Question 120: Which of the following agreements includes no penalties and ...
- Question 121: In order to authenticate employees who, call in remotely, a ...
- Question 122: A company is in the process of refreshing its entire infrast...
- Question 123: A company has retained the services of a consultant to perfo...
- Question 124: A pharmaceutical company recently experienced a security bre...
- Question 125: Which of the following is a risk associated with SDN?...
- Question 126: A company launched a new service and created a landing page ...
- Question 127: An organization requires a contractual document that include...
- Question 128: The Chief Information Security Officer is concerned about th...
- Question 129: A security administrator has been provided with three separa...
- Question 130: A small business would like to provide guests who are using ...
- Question 131: A cybersecurity engineer analyst a system for vulnerabilitie...
- Question 132: Due to budget constraints, an organization created a policy ...
- Question 133: A security engineer is assessing a legacy server and needs t...
- Question 134: During a recent security incident investigation, a security ...
- Question 135: To bring digital evidence in a court of law the evidence mus...
- Question 136: A shipping company that is trying to eliminate entire classe...
- Question 137: After a cybersecurity incident, a judge found that a company...
- Question 138: An organization is referencing NIST best practices for BCP c...
- Question 139: A security architect is working with a new customer to find ...
- Question 140: A security architect discovers the following page while test...
- Question 141: The Chief Information Security Officer (CISO) asked a securi...
- Question 142: The Chief information Officer (CIO) wants to establish a non...
- Question 143: A compliance officer is responsible for selecting the right ...
- Question 144: A security analyst discovered that the company's WAF was not...
- Question 145: The management team at a company with a large, aging server ...
- Question 146: Which of the following techniques is used to obscure sensiti...
- Question 147: A security consultant has been asked to identify a simple, s...
- Question 148: A network administrator for a completely air-gapped and clos...
- Question 149: A security engineer is implementing a server-side TLS config...
- Question 150: A security administrator needs to implement a security solut...
- Question 151: A company hired a third party to develop software as part of...
- Question 152: A SIEM generated an alert after a third-party database admin...
- Question 153: A DNS forward lookup zone named complia.org must: * Ensure t...
- Question 154: A new web server must comply with new secure-by-design princ...
- Question 155: A security analyst observes the following while looking thro...
- Question 156: An application developer is including third-party background...
- Question 157: A security engineer is reviewing a record of events after a ...
- Question 158: A host on a company's network has been infected by a worm th...
- Question 159: A security engineer is working for a service provider and an...
- Question 160: A development team needs terminal access to preproduction se...
- Question 161: An organization is prioritizing efforts to remediate or miti...
- Question 162: A company has a BYOD policy and has configured remote-wiping...
- Question 163: Which of the following terms refers to the delivery of encry...
- Question 164: An organization developed a social media application that is...
- Question 165: A security architect is implementing a web application that ...
- Question 166: A customer requires secure communication of subscribed web s...
- Question 167: An organization is assessing the security posture of a new S...
- Question 168: The information security manager at a 24-hour manufacturing ...
- Question 169: An organization wants to implement an access control system ...
- Question 170: An organization decided to begin issuing corporate mobile de...
- Question 171: A security team received a regulatory notice asking for info...
- Question 172: An IT director is working on a solution to meet the challeng...
- Question 173: A small business requires a low-cost approach to theft detec...
- Question 174: After the latest risk assessment, the Chief Information Secu...
- Question 175: A company's product site recently had failed API calls, resu...
- Question 176: A security analyst is reviewing the following output from a ...
- Question 177: An ASIC manufacturer wishing to best reduce downstream suppl...
- Question 178: A company has been the target of LDAP injections, as well as...
- Question 179: Which of the following should an organization implement to p...
- Question 180: A security analyst is reviewing the following output from a ...
- Question 181: Which of the following is the most effective approach to pre...
- Question 182: A company publishes several APIs for customers and is requir...
- Question 183: A security manager is creating a standard configuration acro...
- Question 184: A significant weather event caused all systems to fail over ...
- Question 185: A company wants to refactor a monolithic application to take...
- Question 186: While investigating a security event, an analyst finds evide...
- Question 187: A security analyst is investigating a series of suspicious e...
- Question 188: A security administrator is setting up a virtualization solu...
- Question 189: An organization is researching the automation capabilities f...
- Question 190: A security analyst has been provided the following partial S...
- Question 191: An organization is looking to establish more robust security...
- Question 192: A security manager wants to transition the organization to a...
- Question 193: An organization recently recovered from an attack that featu...
- Question 194: An energy company is required to report the average pressure...
- Question 195: The Chief information Officer (CIO) of a large bank, which u...
- Question 196: A security analyst is reviewing the following output: (Exhib...
- Question 197: A global organization's Chief Information Security Officer (...
- Question 198: An investigator is attempting to determine if recent data br...
- Question 199: A company has a website with a huge database. The company wa...
- Question 200: A hospitality company experienced a data breach that include...
- Question 201: After installing an unapproved application on a personal dev...
- Question 202: A security engineer needs 10 implement a CASB to secure empl...
- Question 203: A system administrator at a medical imaging company discover...
- Question 204: A company with only U S -based customers wants to allow deve...
- Question 205: A high-severity vulnerability was found on a web application...
- Question 206: A software house is developing a new application. The applic...
- Question 207: In preparation for the holiday season, a company redesigned ...
- Question 208: A Chief Information Officer is considering migrating all com...
- Question 209: A user forwarded a suspicious email to a security analyst fo...
- Question 210: A security engineer investigates an incident and determines ...
- Question 211: Leveraging cryptographic solutions to protect data that is i...
- Question 212: During a vendor assessment, an analyst reviews a listing of ...
- Question 213: Which of the following is the most effective long-term solut...
- Question 214: A security engineer needs to implement a cost-effective auth...
- Question 215: A customer reports being unable to connect to a website at w...
- Question 216: A junior security researcher has identified a buffer overflo...
- Question 217: An organization is implementing a new identity and access ma...
- Question 218: Which of the following best describes what happens if chain ...
- Question 219: A security analyst is examining a former employee's laptop f...
- Question 220: When assessing the risk of integrating a third-party product...
- Question 221: A large number of emails have been reported, and a security ...
- Question 222: A health company has reached the physical and computing capa...
- Question 223: A business stores personal client data of individuals residi...
- Question 224: A company is preparing to deploy a global service. Which of ...
- Question 225: A security consultant is designing an infrastructure securit...
- Question 226: A small bank is evaluating different methods to address and ...
- Question 227: An e-commerce company is running a web server on premises, a...
- Question 228: Users are reporting intermittent access issues with a new cl...
- Question 229: A SOC analyst is reviewing malicious activity on an external...
- Question 230: An administrator at a software development company would lik...
- Question 231: Which of the following describes how a risk assessment is pe...
- Question 232: A company is on a deadline to roll out an entire CRM platfor...
- Question 233: A security engineer has been asked to close all non-secure c...
- Question 234: Which of the following is record-level encryption commonly u...
- Question 235: * Vault encryption using a variable block and key size * Res...
- Question 236: A company is repeatedly being breached by hackers who valid ...
- Question 237: An application security engineer is performing a vulnerabili...
- Question 238: A company security engineer arrives at work to face the foll...
- Question 239: A security analyst discovered that a database administrator'...
- Question 240: A vulnerability assessment endpoint generated a report of th...
- Question 241: A pharmaceutical company was recently compromised by ransomw...
- Question 242: The Chief Information Security Officer (CISO) is working wit...
- Question 243: An organization is designing a MAC scheme (or critical serve...
- Question 244: A security analyst runs a vulnerability scan on a network ad...
- Question 245: An organization developed a containerized application. The o...
- Question 246: Signed applications reduce risks by:...
- Question 247: An organization is establishing a new software assurance pro...
- Question 248: A common industrial protocol has the following characteristi...
- Question 249: An accounting team member received a voicemail message from ...
- Question 250: city government's IT director was notified by the City counc...
- Question 251: A systems administrator at a web-hosting provider has been t...
- Question 252: A mobile device hardware manufacturer receives the following...
- Question 253: Which of the following should be established when configurin...
- Question 254: Which of the following is the reason why security engineers ...
- Question 255: A forensic expert working on a fraud investigation for a US-...
- Question 256: A security architect is given the following requirements to ...
