CompTIA CAS-004 問題集

質問 1：
A security researcher identified the following messages while testing a web application:
/file/admin/myprofile.php ERROR file does not exist.
/file/admin/userinfo.php ERROR file does not exist.
/file/admin/adminprofile.php ERROR file does not exist.
/file/admin/admininfo.php ERROR file does not exist.
/file/admin/universalprofile.php ERROR file does not exist.
/file/admin/universalinfo.php ERROR file does not exist.
/file/admin/restrictedprofile.php ACCESS is denied.
/file/admin/restrictedinfo.php ERROR file does not exist.
Which of the following should the researcher recommend to remediate the issue?
A. Software composition analysis
B. Elimination of the use of unsafe functions
C. Packet inspection
D. Proper error handling
正解：D
解説: (Topexam メンバーにのみ表示されます)

質問 2：
A security engineer wants to introduce key stretching techniques to the account database to make password guessing attacks more difficult.
Which of the following should be considered to achieve this? (Choose two)
A. P-384
B. SHA-256
C. Record-level encryption
D. PBKDF2
E. Perfect forward secrecy
F. bcrypt
G. Digital signature
正解：D,F

質問 3：
A bank hired a security architect to improve its security measures against the latest threats. The solution must meet the following requirements:
- Recognize and block fake websites.
- Decrypt and scan encrypted traffic on standard and non-standard
ports.
- Use multiple engines for detection and prevention.
- Have central reporting.
Which of the following is the BEST solution the security architect can propose?
A. EDR
B. NGFW
C. CASB
D. Web filtering
正解：B
解説: (Topexam メンバーにのみ表示されます)

質問 4：
A security analyst is performing a vulnerability assessment on behalf of a client. The analyst must define what constitutes a risk to the organization.
Which of the following should be the analyst's FIRST action?
A. Create a full inventory of information and data assets.
B. Determine which security compliance standards should be followed.
C. Ascertain the impact of an attack on the availability of crucial resources.
D. Perform a full system penetration test to determine the vulnerabilities.
正解：A
解説: (Topexam メンバーにのみ表示されます)

質問 5：
An organization handles sensitive information that must be displayed on call center technicians' screens to verify the identities of remote callers. The technicians use three randomly selected fields of information to complete the identity verification. Some of the fields contain PII that are unique identifiers for the remote callers. Which of the following should be implemented to identify remote callers while also reducing the risk that technicians could improperly use the identification information?
A. Scrubbing
B. Tokenization
C. Data masking
D. Encryption
正解：C
解説: (Topexam メンバーにのみ表示されます)

質問 6：
A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field and leaves the institution vulnerable.
Which of the following should the security team recommend FIRST?
A. Working with procurement and creating a requirements document to select a new IAM system/vendor
B. Investigating a potential threat identified in logs related to the identity management system
C. Beginning research on two-factor authentication to later introduce into the identity management system
D. Updating the identity management system to use discretionary access control
正解：A
解説: (Topexam メンバーにのみ表示されます)