- Home
- CompTIA
- CompTIA Advanced Security Practitioner (CASP+) Exam
- CompTIA.CAS-004.v2025-08-18.q256
- Question 65
Valid CAS-004 Dumps shared by ExamDiscuss.com for Helping Passing CAS-004 Exam! ExamDiscuss.com now offer the newest CAS-004 exam dumps, the ExamDiscuss.com CAS-004 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-004 dumps with Test Engine here:
Access CAS-004 Dumps Premium Version
(620 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 65/256
A security analyst notices a number of SIEM events that show the following activity:
Which of the following response actions should the analyst take FIRST?
Which of the following response actions should the analyst take FIRST?
Correct Answer: C
The SIEM events show that powershell.exe was executed on multiple endpoints with an outbound connection to 40.90.23.154, which is an IP address associated with malicious activity. This could indicate a malware infection or a command-and-control channel. The best response action is to configure the forward proxy to block 40.90.23.154, which would prevent further communication with the malicious IP address. Disabling powershell.exe on all endpoints may not be feasible or effective, as it could affect legitimate operations and not remove the malware. Restarting Microsoft Windows Defender may not detect or stop the malware, as it could have bypassed or disabled it. Disabling local administrator privileges on the endpoints may not prevent the malware from running or communicating, as it could have escalated privileges or used other methods.
Verified References: https://www.comptia.org/blog/what-is-a-forward-proxy https://partners.comptia.org/docs
/default-source/resources/casp-content-guide
Verified References: https://www.comptia.org/blog/what-is-a-forward-proxy https://partners.comptia.org/docs
/default-source/resources/casp-content-guide
- Question List (256q)
- Question 1: Two companies that recently merged would like to unify appli...
- Question 2: An analyst is working to address a potential compromise of a...
- Question 3: A security researcher detonated some malware in a lab enviro...
- Question 4: An organization's hunt team thinks a persistent threats exis...
- Question 5: A company is migrating its data center to the cloud. Some ho...
- Question 6: Due to locality and budget constraints, an organization's sa...
- Question 7: A security architect examines a section of code and discover...
- Question 8: During a remodel, a company's computer equipment was moved t...
- Question 9: The Chief Executive Officer of an online retailer notices a ...
- Question 10: A security analyst is performing a vulnerability assessment ...
- Question 11: A web application server is running a legacy operating syste...
- Question 12: In comparison with traditional on-premises infrastructure co...
- Question 13: Application owners are reporting performance issues with tra...
- Question 14: A user in the finance department uses a laptop to store a sp...
- Question 15: Which of the following is the MOST important cloud-specific ...
- Question 16: A developer implement the following code snippet. (Exhibit) ...
- Question 17: A security analyst is reviewing network connectivity on a Li...
- Question 18: An internal security assessor identified large gaps in a com...
- Question 19: A security analyst is reading the results of a successful ex...
- Question 20: Which of the following is the MOST important security object...
- Question 21: Which of the following technologies is commonly used for Sin...
- Question 22: Which of the following is the most effective approach to ens...
- Question 23: A threat hunting team receives a report about possible APT a...
- Question 24: A pharmaceutical company uses a cloud provider to host thous...
- Question 25: Given the following information: * Firewall rules: Existing ...
- Question 26: A financial services company wants to migrate its email serv...
- Question 27: An organization has deployed a cloud-based application that ...
- Question 28: A security engineer estimates the company's popular web appl...
- Question 29: A hospital has fallen behind with patching known vulnerabili...
- Question 30: An organization is considering a BYOD standard to support re...
- Question 31: An IPSec solution is being deployed. The configuration files...
- Question 32: An organization is developing a disaster recovery plan that ...
- Question 33: The IT team suggests the company would save money by using s...
- Question 34: A review of the past year's attack patterns shows that attac...
- Question 35: A security analyst discovered that the company's WAF was not...
- Question 36: A company is migrating from company-owned phones to a BYOD s...
- Question 37: A security administrator configured the account policies per...
- Question 38: A security analyst identified a vulnerable and deprecated ru...
- Question 39: A security engineer is implementing DLP. Which of the follow...
- Question 40: A senior security analyst is helping the development team im...
- Question 41: A company would like to move its payment card data to a clou...
- Question 42: Company A is merging with Company B Company A is a small, lo...
- Question 43: An analyst execute a vulnerability scan against an internet-...
- Question 44: An attacker infiltrated the code base of a hardware manufact...
- Question 45: A security solution uses a sandbox environment to execute ze...
- Question 46: A user from the sales department opened a suspicious file at...
- Question 47: A security architect is tasked with scoping a penetration te...
- Question 48: A network administrator who manages a Linux web server notic...
- Question 49: A Chief Information Officer (CIO) wants to implement a cloud...
- Question 50: Clients are reporting slowness when attempting to access a s...
- Question 51: A company just released a new video card. Due to limited sup...
- Question 52: A technology company developed an in-house chat application ...
- Question 53: An IT administrator is reviewing all the servers in an organ...
- Question 54: An multinational organization was hacked, and the incident r...
- Question 55: After a server was compromised an incident responder looks a...
- Question 56: A penetration tester inputs the following command: (Exhibit)...
- Question 57: Company A acquired Company #. During an audit, a security en...
- Question 58: A security architect recommends replacing the company's mono...
- Question 59: An engineering team is developing and deploying a fleet of m...
- Question 60: A forensic investigator would use the foremost command for:...
- Question 61: A company undergoing digital transformation is reviewing the...
- Question 62: A major broadcasting company that requires continuous availa...
- Question 63: A company is experiencing a large number of attempted networ...
- Question 64: A security is assisting the marketing department with ensuri...
- Question 65: A security analyst notices a number of SIEM events that show...
- Question 66: A security architect is designing a solution for a new custo...
- Question 67: An organization's existing infrastructure includes site-to-s...
- Question 68: A software development company is building a new mobile appl...
- Question 69: A network administrator receives a ticket regarding an error...
- Question 70: Based on PCI DSS v3.4, One Particular database field can sto...
- Question 71: An organization is moving its intellectual property data fro...
- Question 72: A company has a website with a huge database. The company wa...
- Question 73: Which of the following tools uses machine learning and advan...
- Question 74: An organization is deploying a new, online digital bank and ...
- Question 75: A security analyst is participating in a risk assessment and...
- Question 76: A large organization is planning to migrate from on premises...
- Question 77: Which of the following security features do email signatures...
- Question 78: An organization is running its e-commerce site in the cloud....
- Question 79: A PKI engineer is defining certificate templates for an orga...
- Question 80: Which of the following processes involves searching and coll...
- Question 81: An organization's finance system was recently attacked. A fo...
- Question 82: A company is looking to fortify its cybersecurity defenses a...
- Question 83: A satellite communications ISP frequently experiences outage...
- Question 84: A security analyst has been tasked with assessing a new API ...
- Question 85: Ann, a CIRT member, is conducting incident response activiti...
- Question 86: A security analyst is assessing a new application written in...
- Question 87: A security engineer is assessing the security controls of lo...
- Question 88: A Chief information Security Officer (CISO) has launched to ...
- Question 89: An organization is preparing to migrate its production envir...
- Question 90: A web service provider has just taken on a very large contra...
- Question 91: A managed security provider (MSP) is engaging with a custome...
- Question 92: A company wants to quantify and communicate the effectivenes...
- Question 93: A company Invested a total of $10 million lor a new storage ...
- Question 94: A business wants to migrate its workloads from an exclusivel...
- Question 95: A bank hired a security architect to improve its security me...
- Question 96: An organization has an operational requirement with a specif...
- Question 97: A systems administrator is in the process of hardening the h...
- Question 98: PKI can be used to support security requirements in the chan...
- Question 99: A security engineer needs to implement a solution to increas...
- Question 100: A company's Chief Information Security Officer wants to prev...
- Question 101: An organization performed a risk assessment and discovered t...
- Question 102: A security engineer is concerned about the threat of side-ch...
- Question 103: A company's claims processed department has a mobile workfor...
- Question 104: A university issues badges through a homegrown identity mana...
- Question 105: An organization recently started processing, transmitting, a...
- Question 106: A security analyst wants to keep track of alt outbound web c...
- Question 107: A company has decided that only administrators are permitted...
- Question 108: A security engineer performed an assessment on a recently de...
- Question 109: A security analyst is concerned that a malicious piece of co...
- Question 110: A company provides guest WiFi access to the internet and phy...
- Question 111: The OS on several servers crashed around the same time for a...
- Question 112: A security analyst is reviewing SIEM events and is uncertain...
- Question 113: A company reviews the regulatory requirements associated wit...
- Question 114: A Chief Information Security Officer (CISO) is concerned tha...
- Question 115: Which of the following objectives BEST supports leveraging t...
- Question 116: Which of the following indicates when a company might not be...
- Question 117: An organization is rolling out a robust vulnerability manage...
- Question 118: An employee's device was missing for 96 hours before being r...
- Question 119: An ISP is receiving reports from a portion of its customers ...
- Question 120: Which of the following agreements includes no penalties and ...
- Question 121: In order to authenticate employees who, call in remotely, a ...
- Question 122: A company is in the process of refreshing its entire infrast...
- Question 123: A company has retained the services of a consultant to perfo...
- Question 124: A pharmaceutical company recently experienced a security bre...
- Question 125: Which of the following is a risk associated with SDN?...
- Question 126: A company launched a new service and created a landing page ...
- Question 127: An organization requires a contractual document that include...
- Question 128: The Chief Information Security Officer is concerned about th...
- Question 129: A security administrator has been provided with three separa...
- Question 130: A small business would like to provide guests who are using ...
- Question 131: A cybersecurity engineer analyst a system for vulnerabilitie...
- Question 132: Due to budget constraints, an organization created a policy ...
- Question 133: A security engineer is assessing a legacy server and needs t...
- Question 134: During a recent security incident investigation, a security ...
- Question 135: To bring digital evidence in a court of law the evidence mus...
- Question 136: A shipping company that is trying to eliminate entire classe...
- Question 137: After a cybersecurity incident, a judge found that a company...
- Question 138: An organization is referencing NIST best practices for BCP c...
- Question 139: A security architect is working with a new customer to find ...
- Question 140: A security architect discovers the following page while test...
- Question 141: The Chief Information Security Officer (CISO) asked a securi...
- Question 142: The Chief information Officer (CIO) wants to establish a non...
- Question 143: A compliance officer is responsible for selecting the right ...
- Question 144: A security analyst discovered that the company's WAF was not...
- Question 145: The management team at a company with a large, aging server ...
- Question 146: Which of the following techniques is used to obscure sensiti...
- Question 147: A security consultant has been asked to identify a simple, s...
- Question 148: A network administrator for a completely air-gapped and clos...
- Question 149: A security engineer is implementing a server-side TLS config...
- Question 150: A security administrator needs to implement a security solut...
- Question 151: A company hired a third party to develop software as part of...
- Question 152: A SIEM generated an alert after a third-party database admin...
- Question 153: A DNS forward lookup zone named complia.org must: * Ensure t...
- Question 154: A new web server must comply with new secure-by-design princ...
- Question 155: A security analyst observes the following while looking thro...
- Question 156: An application developer is including third-party background...
- Question 157: A security engineer is reviewing a record of events after a ...
- Question 158: A host on a company's network has been infected by a worm th...
- Question 159: A security engineer is working for a service provider and an...
- Question 160: A development team needs terminal access to preproduction se...
- Question 161: An organization is prioritizing efforts to remediate or miti...
- Question 162: A company has a BYOD policy and has configured remote-wiping...
- Question 163: Which of the following terms refers to the delivery of encry...
- Question 164: An organization developed a social media application that is...
- Question 165: A security architect is implementing a web application that ...
- Question 166: A customer requires secure communication of subscribed web s...
- Question 167: An organization is assessing the security posture of a new S...
- Question 168: The information security manager at a 24-hour manufacturing ...
- Question 169: An organization wants to implement an access control system ...
- Question 170: An organization decided to begin issuing corporate mobile de...
- Question 171: A security team received a regulatory notice asking for info...
- Question 172: An IT director is working on a solution to meet the challeng...
- Question 173: A small business requires a low-cost approach to theft detec...
- Question 174: After the latest risk assessment, the Chief Information Secu...
- Question 175: A company's product site recently had failed API calls, resu...
- Question 176: A security analyst is reviewing the following output from a ...
- Question 177: An ASIC manufacturer wishing to best reduce downstream suppl...
- Question 178: A company has been the target of LDAP injections, as well as...
- Question 179: Which of the following should an organization implement to p...
- Question 180: A security analyst is reviewing the following output from a ...
- Question 181: Which of the following is the most effective approach to pre...
- Question 182: A company publishes several APIs for customers and is requir...
- Question 183: A security manager is creating a standard configuration acro...
- Question 184: A significant weather event caused all systems to fail over ...
- Question 185: A company wants to refactor a monolithic application to take...
- Question 186: While investigating a security event, an analyst finds evide...
- Question 187: A security analyst is investigating a series of suspicious e...
- Question 188: A security administrator is setting up a virtualization solu...
- Question 189: An organization is researching the automation capabilities f...
- Question 190: A security analyst has been provided the following partial S...
- Question 191: An organization is looking to establish more robust security...
- Question 192: A security manager wants to transition the organization to a...
- Question 193: An organization recently recovered from an attack that featu...
- Question 194: An energy company is required to report the average pressure...
- Question 195: The Chief information Officer (CIO) of a large bank, which u...
- Question 196: A security analyst is reviewing the following output: (Exhib...
- Question 197: A global organization's Chief Information Security Officer (...
- Question 198: An investigator is attempting to determine if recent data br...
- Question 199: A company has a website with a huge database. The company wa...
- Question 200: A hospitality company experienced a data breach that include...
- Question 201: After installing an unapproved application on a personal dev...
- Question 202: A security engineer needs 10 implement a CASB to secure empl...
- Question 203: A system administrator at a medical imaging company discover...
- Question 204: A company with only U S -based customers wants to allow deve...
- Question 205: A high-severity vulnerability was found on a web application...
- Question 206: A software house is developing a new application. The applic...
- Question 207: In preparation for the holiday season, a company redesigned ...
- Question 208: A Chief Information Officer is considering migrating all com...
- Question 209: A user forwarded a suspicious email to a security analyst fo...
- Question 210: A security engineer investigates an incident and determines ...
- Question 211: Leveraging cryptographic solutions to protect data that is i...
- Question 212: During a vendor assessment, an analyst reviews a listing of ...
- Question 213: Which of the following is the most effective long-term solut...
- Question 214: A security engineer needs to implement a cost-effective auth...
- Question 215: A customer reports being unable to connect to a website at w...
- Question 216: A junior security researcher has identified a buffer overflo...
- Question 217: An organization is implementing a new identity and access ma...
- Question 218: Which of the following best describes what happens if chain ...
- Question 219: A security analyst is examining a former employee's laptop f...
- Question 220: When assessing the risk of integrating a third-party product...
- Question 221: A large number of emails have been reported, and a security ...
- Question 222: A health company has reached the physical and computing capa...
- Question 223: A business stores personal client data of individuals residi...
- Question 224: A company is preparing to deploy a global service. Which of ...
- Question 225: A security consultant is designing an infrastructure securit...
- Question 226: A small bank is evaluating different methods to address and ...
- Question 227: An e-commerce company is running a web server on premises, a...
- Question 228: Users are reporting intermittent access issues with a new cl...
- Question 229: A SOC analyst is reviewing malicious activity on an external...
- Question 230: An administrator at a software development company would lik...
- Question 231: Which of the following describes how a risk assessment is pe...
- Question 232: A company is on a deadline to roll out an entire CRM platfor...
- Question 233: A security engineer has been asked to close all non-secure c...
- Question 234: Which of the following is record-level encryption commonly u...
- Question 235: * Vault encryption using a variable block and key size * Res...
- Question 236: A company is repeatedly being breached by hackers who valid ...
- Question 237: An application security engineer is performing a vulnerabili...
- Question 238: A company security engineer arrives at work to face the foll...
- Question 239: A security analyst discovered that a database administrator'...
- Question 240: A vulnerability assessment endpoint generated a report of th...
- Question 241: A pharmaceutical company was recently compromised by ransomw...
- Question 242: The Chief Information Security Officer (CISO) is working wit...
- Question 243: An organization is designing a MAC scheme (or critical serve...
- Question 244: A security analyst runs a vulnerability scan on a network ad...
- Question 245: An organization developed a containerized application. The o...
- Question 246: Signed applications reduce risks by:...
- Question 247: An organization is establishing a new software assurance pro...
- Question 248: A common industrial protocol has the following characteristi...
- Question 249: An accounting team member received a voicemail message from ...
- Question 250: city government's IT director was notified by the City counc...
- Question 251: A systems administrator at a web-hosting provider has been t...
- Question 252: A mobile device hardware manufacturer receives the following...
- Question 253: Which of the following should be established when configurin...
- Question 254: Which of the following is the reason why security engineers ...
- Question 255: A forensic expert working on a fraud investigation for a US-...
- Question 256: A security architect is given the following requirements to ...
