Free Access CompTIA.CAS-004.v2023-08-04.q126 Practice Test (Page 20)

Question 91

A company recently acquired a SaaS provider and needs to integrate its platform into the company's existing infrastructure without impact to the customer's experience. The SaaS provider does not have a mature security program A recent vulnerability scan of the SaaS provider's systems shows multiple critical vulnerabilities attributed to very old and outdated Oss. Which of the following solutions would prevent these vulnerabilities from being introduced into the company's existing infrastructure?

A.Install anti-malware. HIPS, and host-based firewalls on each of the systems

B.Migrate the services to new systems with a supported and patched OS.

C.Segment the systems to reduce the attack surface if an attack occurs

D.Patch the systems to the latest versions of the existing OSs

Question 92

Which of the following represents the MOST significant benefit of implementing a passwordless authentication solution?

A.Privacy risks are minimized.

B.The likelihood of account compromise is reduced.

C.Biometric authenticators are immutable.

D.Zero trust is achieved.

Question 93

A financial institution has several that currently employ the following controls:
* The severs follow a monthly patching cycle.
* All changes must go through a change management process.
* Developers and systems administrators must log into a jumpbox to access the servers hosting the data using two-factor authentication.
* The servers are on an isolated VLAN and cannot be directly accessed from the internal production network.
An outage recently occurred and lasted several days due to an upgrade that circumvented the approval process.
Once the security team discovered an unauthorized patch was installed, they were able to resume operations within an hour. Which of the following should the security administrator recommend to reduce the time to resolution if a similar incident occurs in the future?

A.Implement file integrity monitoring with automated alerts on the servers.

B.Require more than one approver for all change management requests.

C.Enhanced audit logging on the jump servers and ship the logs to the SIEM.

D.Disable automatic patch update capabilities on the servers

Question 94

A company launched a new service and created a landing page within its website network for users to access the service. Per company policy, all websites must utilize encryption for any authentication pages. A junior network administrator proceeded to use an outdated procedure to order new certificates. Afterward, customers are reporting the following error when accessing a new web page: NET:ERR_CERT_COMMON_NAME_INVALID. Which of the following BEST describes what the administrator should do NEXT?

A.Request a new certificate with the correct organizational unit for the company's website.

B.Request a new certificate with the same information but including the old certificate on the CRL.

C.Request a new certificate with the correct subject alternative name that includes the new websites.

D.Request a new certificate with a stronger encryption strength and the latest cipher suite.

Question 95

A security architect is reviewing the following proposed corporate firewall architecture and configuration:

Both firewalls are stateful and provide Layer 7 filtering and routing. The company has the following requirements:
Web servers must receive all updates via HTTP/S from the corporate network.
Web servers should not initiate communication with the Internet.
Web servers should only connect to preapproved corporate database servers.
Employees' computing devices should only connect to web services over ports 80 and 443.
Which of the following should the architect recommend to ensure all requirements are met in the MOST secure manner? (Choose two.)

A.Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP/UDP 0-65535

B.Add the following to Firewall_A: 15 PERMIT FROM 192.168.1.0/24 TO 0.0.0.0 TCP 80,443

C.Add the following to Firewall_B: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0 TCP/UDP 0-65535

D.Add the following to Firewall_B: 15 PERMIT FROM 192.168.1.0/24 TO 10.0.2.10/32 TCP 80,443

E.Add the following to Firewall_B: 15 PERMIT FROM 0.0.0.0/0 TO 10.0.0.0/16 TCP/UDP 0-65535

F.Add the following to Firewall_A: 15 PERMIT FROM 10.0.0.0/16 TO 0.0.0.0/0 TCP 80,443

Premium Bundle

Newest CAS-004 Exam PDF Dumps shared by BraindumpsPass.com for Helping Passing CAS-004 Exam! BraindumpsPass.com now offer the updated CAS-004 exam dumps, the BraindumpsPass.com CAS-004 exam questions have been updated and answers have been corrected get the latest BraindumpsPass.com CAS-004 pdf dumps with Exam Engine here:

Access CAS-004 Premium Version

(620 Q&As Dumps, 40%OFF Special Discount: Exam-Tests)

Other Version: 1956CompTIA.CAS-004.v2025-12-08.q667; 2314CompTIA.CAS-004.v2025-06-21.q202; 2128CompTIA.CAS-004.v2023-03-06.q93; 1702CompTIA.CAS-004.v2023-02-23.q88; 1427CompTIA.CAS-004.v2023-02-07.q68; 2489CompTIA.CAS-004.v2022-11-07.q113; 3037CompTIA.CAS-004.v2022-06-25.q79; 2007CompTIA.CAS-004.v2022-04-29.q42

Latest Upload: 200PaloAltoNetworks.NGFW-Engineer.v2026-05-01.q43; 292Nokia.4A0-113.v2026-05-01.q69; 250EC-COUNCIL.312-49v11.v2026-04-30.q214; 227Microsoft.MB-820.v2026-04-30.q101; 207Salesforce.MC-202.v2026-04-30.q57; 204BICSI.INSTC_V8.v2026-04-29.q53; 332NMLS.MLO.v2026-04-28.q82; 241NCARB.Project-Management.v2026-04-28.q27; 457EMC.D-AV-DY-23.v2026-04-27.q184; 1109ServiceNow.CSA.v2026-04-27.q483