CompTIA Updated CAS-004 Exam Questions and Answers by pixie

Remote access services deployed using vendor-diverse redundancy with event response driven by playbooks is the best solution to meet the requirements. Vendor-diverse redundancy means using different vendors or technologies to provide the same service or function, which can increase the availability and resilience of the service. For example, if one vendor’s VPN solution fails due to a zero-day vulnerability, another vendor’s VPN solution can take over without affecting the users. Event response driven by playbooks means using predefined workflows or scripts to automate the actions or decisions that need to be taken in response to certain events or triggers. For example, a playbook can define how to switch between different remote access solutions based on certain criteria or conditions, such as performance, availability, security, or manual input. Playbooks can also be integrated with SOAR platforms to leverage their capabilities for orchestration, automation, and response. Verified References:

https://cyware.com/security-guides/security-orchestration-automation-and-response/what-is-vendor-agnostic-security-orchestration-automation-and-response-soar-40e4

https://www.paloaltonetworks.com/cyberpedia/what-is-a-security-playbook

Order of volatility is a procedure that a computer forensics examiner must follow during evidence collection. It refers to the order in which digital evidence is collected, starting with the most volatile and moving to the least volatile. Volatile data is data that is not permanent and is easily lost, such as data in memory when you turn off a computer. The security analyst should have followed the order of volatility to preserve the most fragile evidence first, such as the malicious script running as a background process, before turning off the infected machine. Verified References:

https://www.computer-forensics-recruiter.com/order-of-volatility/

https://www.sans.org/blog/best-practices-in-digital-evidence-collection/

https://blogs.getcertifiedgetahead.com/order-of-volatility/

The three metric groups that are needed to calculate CVSS scores are Base, Temporal, and Environmental. The Base metrics represent the intrinsic characteristics of a vulnerability that are constant over time and across user environments. The Temporal metrics represent the characteristics of a vulnerability that may change over time but not across user environments. The Environmental metrics represent the characteristics of a vulnerability that are relevant and unique to a particular user’s environment. Verified References:

https://nvd.nist.gov/vuln-metrics/cvss

https://www.first.org/cvss/specification-document

Delivering an updated threat signature throughout the endpoint detection and response (EDR) system is the best way to take advantage of the security solution that uses a sandbox environment to execute zero-day software and collect indicators of compromise. An EDR system is a solution that monitors and analyzes the activities and behaviors of endpoints, such as computers, mobile devices, or servers, and detects and responds to potential threats. An EDR system can use threat signatures, which are patterns or characteristics of known malicious software or attacks, to identify and block malicious activities on endpoints. By delivering an updated threat signature based on the indicators ofcompromise collected from the sandbox environment, the organization can enhance its EDR system’s ability to detect and prevent zero-day attacks that exploit unknown vulnerabilities. Verified References:

https://www.cisco.com/c/en/us/products/security/what-is-endpoint-detection-response.html

https://www.crowdstrike.com/epp-101/what-is-a-sandbox/