Free Access CompTIA.CAS-004.v2022-04-29.q42 Practice Test (Page 9)

Question 36

A cybersecurity engineer analyst a system for vulnerabilities. The tool created an OVAL. Results document as output. Which of the following would enable the engineer to interpret the results in a human readable form? (Select TWO.)

A.Text editor

B.XML style sheet

C.Event Viewer

D.Debugging utility

E.SCAP tool

F.OOXML editor

Question 37

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.
Which of the following should the security team recommend FIRST?

A.Investigating a potential threat identified in logs related to the identity management system

B.Updating the identity management system to use discretionary access control

C.Working with procurement and creating a requirements document to select a new IAM system/vendor

D.Beginning research on two-factor authentication to later introduce into the identity management system

Question 38

After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used.
Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

A.Disable BGP and implement OSPF.

B.Implement a BGP route reflector.

C.Implement an inbound BGP prefix list.

D.Disable BGP and implement a single static route for each internal network.

Question 39

A company suspects a web server may have been infiltrated by a rival corporation. The security engineer reviews the web server logs and finds the following:

The security engineer looks at the code with a developer, and they determine the log entry is created when the following line is run:

Which of the following is an appropriate security control the company should implement?

A.Parameterize a query in the path variable to prevent SQL injection.

B.Separate the items in the system call to prevent command injection.

C.Restrict directory permission to read-only access.

D.Use server-side processing to avoid XSS vulnerabilities in path input.

Question 40

Which of the following is the MOST important security objective when applying cryptography to control messages that tell an ICS how much electrical power to output?

A.Enforcing protocol conformance for messages

B.Ensuring non-repudiation of messages

C.Assuring the integrity of messages

D.Importing the availability of messages

Premium Bundle

Newest CAS-004 Exam PDF Dumps shared by BraindumpsPass.com for Helping Passing CAS-004 Exam! BraindumpsPass.com now offer the updated CAS-004 exam dumps, the BraindumpsPass.com CAS-004 exam questions have been updated and answers have been corrected get the latest BraindumpsPass.com CAS-004 pdf dumps with Exam Engine here:

Access CAS-004 Premium Version

(620 Q&As Dumps, 40%OFF Special Discount: Exam-Tests)

Other Version: 1097CompTIA.CAS-004.v2025-06-21.q202; 1236CompTIA.CAS-004.v2023-08-04.q126; 1380CompTIA.CAS-004.v2023-03-06.q93; 1206CompTIA.CAS-004.v2023-02-23.q88; 1004CompTIA.CAS-004.v2023-02-07.q68; 1873CompTIA.CAS-004.v2022-11-07.q113; 2436CompTIA.CAS-004.v2022-06-25.q79

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 164TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 148Salesforce.Data-Architect.v2025-09-05.q216; 143Adobe.AD0-E605.v2025-09-05.q50