Free Access CompTIA.CAS-004.v2022-11-07.q113 Practice Test (Page 17)

Question 76

A company is moving most of its customer-facing production systems to the cloud-facing production systems to the cloud. IaaS is the service model being used. The Chief Executive Officer is concerned about the type of encryption available and requires the solution must have the highest level of security.
Which of the following encryption methods should the cloud security engineer select during the implementation phase?

A.Instance-based

B.Array controller-based

C.Storage-based

D.Proxy-based

Question 77

A new web server must comply with new secure-by-design principles and PCI DSS. This includes mitigating the risk of an on-path attack. A security analyst is reviewing the following web server configuration:

Which of the following ciphers should the security analyst remove to support the business requirements?

A.TLS_AES_128_CCM_8_SHA256

B.TLS_CHACHA20_POLY1305_SHA256

C.TLS_DHE_DSS_WITH_RC4_128_SHA

D.TLS_AES_128_GCM_SHA256

Question 78

After a security incident, a network security engineer discovers that a portion of the company's sensitive external traffic has been redirected through a secondary ISP that is not normally used.
Which of the following would BEST secure the routes while allowing the network to function in the event of a single provider failure?

A.Disable BGP and implement a single static route for each internal network.

B.Implement a BGP route reflector.

C.Implement an inbound BGP prefix list.

D.Disable BGP and implement OSPF.

Question 79

An energy company is required to report the average pressure of natural gas used over the past quarter. A PLC sends data to a historian server that creates the required reports.
Which of the following historian server locations will allow the business to get the required reports in an OT and IT environment?

A.Use a screened subnet between the OT and IT environments.

B.In the IT environment, allow PLCs to send data from the OT environment to the IT environment.

C.In the OT environment, use a VPN from the IT environment into the OT environment.

D.In the OT environment, allow IT traffic into the OT environment.

Question 80

A network architect is designing a new SD-WAN architecture to connect all local sites to a central hub site. The hub is then responsible for redirecting traffic to public cloud and datacenter applications. The SD-WAN routers are managed through a SaaS, and the same security policy is applied to staff whether working in the office or at a remote location. The main requirements are the following:
1. The network supports core applications that have 99.99% uptime.
2. Configuration updates to the SD-WAN routers can only be initiated from the management service.
3. Documents downloaded from websites must be scanned for malware.
Which of the following solutions should the network architect implement to meet the requirements?

A.DoS protection at the hub site, mutual certificate authentication, and cloud proxy

B.IDSs, WAFs, and forward proxy IDS

C.IPSs at the hub, Layer 4 firewalls, and DLP

D.Reverse proxy, stateful firewalls, and VPNs at the local sites

Other Version: 1097CompTIA.CAS-004.v2025-06-21.q202; 1236CompTIA.CAS-004.v2023-08-04.q126; 1381CompTIA.CAS-004.v2023-03-06.q93; 1211CompTIA.CAS-004.v2023-02-23.q88; 1005CompTIA.CAS-004.v2023-02-07.q68; 2445CompTIA.CAS-004.v2022-06-25.q79; 1617CompTIA.CAS-004.v2022-04-29.q42

Latest Upload: 105OCEG.GRCP.v2025-09-11.q211; 104HP.HPE0-V27.v2025-09-11.q78; 118Oracle.1Z0-1057-23.v2025-09-10.q47; 150Google.Professional-Cloud-Network-Engineer.v2025-09-09.q179; 131SAP.C-S4EWM-2023.v2025-09-08.q83; 165TheSecOpsGroup.CNSP.v2025-09-08.q20; 223CFAInstitute.ESG-Investing.v2025-09-08.q173; 158PECB.ISO-IEC-27001-Lead-Implementer.v2025-09-06.q132; 150Salesforce.Data-Architect.v2025-09-05.q216; 144Adobe.AD0-E605.v2025-09-05.q50

Question 76

Question 77

Question 78

Question 79

Question 80

Download PDF File