CompTIA Updated CAS-004 Exam Questions and Answers by stephen

Field masking is a technique that hides or obscures part of the information in a data field, such as a password, credit card number, or social security number. Field masking can be used to protect sensitive or confidential data from unauthorized access or disclosure, while still allowing authorized users to view or verify the data.

Field masking should be implemented to authenticate employees who call in remotely by allowing the help desk staff to view partial information about employees, because field masking would:

• Enable the help desk staff to verify the identity of the employees by asking them to provide some characters or digits from their data fields, such as their employee ID or email address.
• Prevent the help desk staff from viewing the full information about employees, which may be considered sensitive and subject to privacy regulations or policies.
• Reduce the risk of data leakage, theft, or misuse by limiting the exposure of sensitive data to only those who need it.

The administrator should use SAN certificates to support multiple domain names while minimizing the amount of certificates needed. SAN stands for Subject Alternative Name, which is an extension of a certificate that allows it to include multiple fully-qualified domain names (FQDNs) within the same certificate. For example, a SAN certificate can secure www.example.com, www.example.net, and mail.example.org with one certificate. SAN certificates can reduce the cost and complexity of managing multiple certificates for different domains. SAN certificates can also support wildcard domains, such as *.example.com, which can cover any subdomain under that domain. Verified References:

• https://www.techtarget.com/searchsecurity/definition/Subject-Alternative-Name
• https://www.techtarget.com/searchsecurity/definition/wildcard-certificate
• https://www.nexcess.net/help/what-is-a-multi-domain-ssl-certificate/

A regular expression (regex) is a sequence of characters that defines a search pattern for matching text. A regex can be used to detect the presence of a malicious piece of software communicating with its command-and-control server by matching the indicators of compromise (IOC) in the network traffic.

In this case, the systems administrator should use the regex Host: [a-z]*.malicious.com to determine if any of the company hosts are compromised, while reducing false positives, because this regex would:

• Match the Host header in the HTTP request, which specifies the domain name of the command-and-control server.
• Allow any subdomain under the malicious.com domain, by using the character class [a-z]*, which matches zero or more lowercase letters.
• Escape the dot character in the domain name, by using the backslash , which prevents it from being interpreted as a wildcard that matches any character.
• Not match any other parts of the IOC that could change, such as the URL path, the User-Agent header, or the HTTP method.

Executing the files in the sandbox on the web proxy is the best solution to reduce the risk of employees downloading and opening malicious files from the internet. A sandbox is a secure and isolated environment that can run untrusted or potentially harmful code without affecting the rest of the system. By executing the files in the sandbox, the web proxy can analyze their behavior and detect any malicious activity before allowing them to reach the corporate workstations.

References: [CompTIA CASP+ Study Guide, Second Edition, page 273]