Online Access Free CompTIA.CAS-004.v2024-05-02.q315 Practice Test (Page 32)

CAS-004 Exam Question 151

A security analyst is evaluating the security of an online customer banking system. The analyst has a 12-character password for the test account. At the login screen, the analyst is asked to enter the third, eighth, and eleventh characters of the password. Which of the following describes why this request is a security concern? (Choose two.)

A.The request is evidence that the password is more open to being captured via a keylogger.

B.The request proves that salt has not been added to the password hash, thus making it vulnerable to rainbow tables.

C.The request proves the password is encoded rather than encrypted and thus less secure as it can be easily reversed.

D.The request proves a potential attacker only needs to be able to guess or brute force three characters rather than 12 characters of the password.

E.The request proves the password is stored in a reversible format, making it readable by anyone at the bank who is given access.

F.The request proves the password must be in cleartext during transit, making it open to on-path attacks.

CAS-004 Exam Question 152

A company requires a task to be carried by more than one person concurrently. This is an example of:

A.separation of d duties.

B.dual control

C.job rotation

D.least privilege

CAS-004 Exam Question 153

An organization requires a contractual document that includes
* An overview of what is covered
* Goals and objectives
* Performance metrics for each party
* A review of how the agreement is managed by all parties
Which of the following BEST describes this type of contractual document?

A.ISA

B.SLA

C.NDA

D.BAA

CAS-004 Exam Question 154

Device event logs sources from MDM software as follows:

Which of the following security concerns and response actions would BEST address the risks posed by the device in the logs?

A.Falsified status reporting; remotely wipe the device.

B.Impossible travel; disable the device's account and access while investigating.

C.Malicious installation of an application; change the MDM configuration to remove application ID 1220.

D.Resource leak; recover the device for analysis and clean up the local storage.

CAS-004 Exam Question 155

A developer is creating a new mobile application for a company. The application uses REST API and TLS 1.2 to communicate securely with the external back-end server. Due to this configuration, the company is concerned about HTTPS interception attacks.
Which of the following would be the BEST solution against this type of attack?

A.Certificate pinning

B.Wildcard certificates

C.HSTS

D.Cookies

Other Version: 2873CompTIA.CAS-004.v2025-04-16.q409; 1281CompTIA.CAS-004.v2024-02-08.q162; 1618CompTIA.CAS-004.v2023-10-26.q155; 2441CompTIA.CAS-004.v2023-09-11.q196; 1485CompTIA.CAS-004.v2023-07-04.q118; 1627CompTIA.CAS-004.v2023-04-04.q100; 1433CompTIA.CAS-004.v2023-03-18.q82; 1377CompTIA.CAS-004.v2023-03-08.q83; 1684CompTIA.CAS-004.v2023-02-06.q91; 1183CompTIA.CAS-004.v2023-01-23.q73; 1410CompTIA.CAS-004.v2023-01-21.q71; 1365CompTIA.CAS-004.v2023-01-09.q75; 1753CompTIA.CAS-004.v2022-05-27.q44; 1554CompTIA.CAS-004.v2022-05-18.q62; 74CompTIA.Actual4dumps.CAS-004.v2022-04-25.by.norma.44q.pdf

Latest Upload: 166IIA.IIA-CIA-Part3.v2026-06-17.q220; 124WGU.Introduction-to-IT.v2026-06-17.q67; 189CompTIA.220-1202.v2026-06-16.q110; 125TheInstitutes.CPCU-500.v2026-06-16.q25; 199ACAMS.CAMS7-CN.v2026-06-16.q170; 202CBIC.CIC.v2026-06-15.q123; 136Peoplecert.ITIL-4-Specialist-High-velocity-IT.v2026-06-15.q16; 236HashiCorp.Terraform-Associate-004.v2026-06-15.q126; 139Peoplecert.ITILFNDv5.v2026-06-15.q26; 138Workday.Workday-Pro-HCM-Reporting.v2026-06-15.q28

CAS-004 Exam Question 151

CAS-004 Exam Question 152

CAS-004 Exam Question 153

CAS-004 Exam Question 154

CAS-004 Exam Question 155

Download PDF File