CompTIA CASP CAS-004 Question # 208 Topic 21 Discussion

CAS-004 Exam Topic 21 Question 208 Discussion:

Question #: 208

Topic #: 21

An investigator is attempting to determine if recent data breaches may be due to issues with a company's web server that offers news subscription services. The investigator has gathered the following
data:
• Clients successfully establish TLS connections to web services provided by the server.
• After establishing the connections, most client connections are renegotiated
• The renegotiated sessions use cipher suite SHR.
Which of the following is the MOST likely root cause?

The clients disallow the use of modern cipher suites

The web server is misconfigured to support HTTP/1.1.

A ransomware payload dropper has been installed

An entity is performing downgrade attacks on path

Get Premium CAS-004 Questions

Explanation

A downgrade attack is a type of man-in-the-middle attack that forces two hosts to use an older or weaker version of the TLS protocol or its parameters. The attacker does this by replacing or deleting the STARTTLS command or exploiting the compatibility features of the protocol. The purpose of the attack is to create a pathway for enabling a cryptographic attack that would not be possible in case of a connection that is encrypted over the latest version of TLS protocol. The IOC shows that most client connections are renegotiated after establishing the connections, which could indicate that an entity is performing downgrade attacks on path by interfering with the initial handshake and making the client and server agree on a lower version of TLS or a weaker cipher suite. Verified References:

https://en.wikipedia.org/wiki/Downgrade_attack

https://crypto.stackexchange.com/questions/10493/why-is-tls-susceptible-to-protocol-downgrade-attacks

https://venafi.com/blog/preventing-downgrade-attacks/

Law enforcement officials informed an organization that an investigation has begun. Which of the following is the FIRST step the organization should take?

Initiate a legal hold.

Refer to the retention policy

Perform e-discovery.

Review the subpoena

Answer: A

A legal hold is a process by which an organization instructs its employees or other relevant parties to preserve specific data for potential litigation. A legal hold is triggered when litigation is reasonablyanticipated, such as when law enforcement officials inform an organization that an investigation has begun. The first step the organization should take is to initiate a legal hold to ensure that relevant evidence is not deleted, destroyed, or altered. A legal hold also demonstrates the organization’s good faith and compliance with its duty to preserve evidence. Verified References:

https://percipient.co/litigation-hold-triggers-and-the-duty-to-preserve-evidence/

https://www.everlaw.com/blog/ediscovery-best-practices/guide-to-legal-holds/

Actual exam question for CompTIA CAS-004 exam by Milo45841 at Oct 26, 2025, 12:00:37 AM

Contribute your Thoughts:

Chosen Answer: A B C D
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Exam CAS-004 All Questions

CompTIA CASP CAS-004 Question # 208 Topic 21 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

New Year Special Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: validbest

Exam CAS-004 All Questions

CompTIA CASP CAS-004 Question # 208 Topic 21 Discussion

Correct Answer:

Options Selected by Other Users:

Contribute your Thoughts:

Awaiting moderator approval