Special Summer Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CompTIA > SecurityX > CAS-005

CAS-005 CompTIA SecurityX Certification Exam Question and Answers

Question # 4

Company A and Company D ate merging Company A's compliance reports indicate branch protections are not in place A security analyst needs to ensure that potential threats to the software development life cycle are addressed. Which of the following should me analyst cons

A.

If developers are unable to promote to production

B.

If DAST code is being stored to a single code repository

C.

If DAST scans are routinely scheduled

D.

If role-based training is deployed

Full Access
Question # 5

A systems administrator wants to introduce a newly released feature for an internal application. The administrate docs not want to test the feature in the production environment. Which of the following locations is the best place to test the new feature?

A.

Staging environment

B.

Testing environment

C.

CI/CO pipeline

D.

Development environment

Full Access
Question # 6

A threat hunter is identifying potentially malicious activity associated with an APT. When the threat hunter runs queries against the SIEM platform with a date range of 60 to 90 days ago, the involved account seems to be typically most active in the evenings. When the threat hunter reruns the same query with a date range of 5 to 30 days ago, the account appears to be most active in the early morning. Which of the following techniques is the threat hunter using to better understand the data?

A.

TTP-based inquiries

B.

User behavior analytics

C.

Adversary emulation

D.

OSINT analysis activities

Full Access
Question # 7

A security analyst is reviewing the following authentication logs:

Which of the following should the analyst do first?

A.

Disable User2's account

B.

Disable User12's account

C.

Disable User8's account

D.

Disable User1's account

Full Access
Question # 8

A user reports application access issues to the help desk. The help desk reviews the logs for the user:

Which of the following is most likely the reason for the issue?

A.

The user inadvertently tripped the geoblock rule in NGFW.

B.

A threat actor has compromised the user's account and attempted to log in.

C.

The user is not allowed to access the human resources system outside of business hours.

D.

The user did not attempt to connect from an approved subnet.

Full Access
Question # 9

A software development team requires valid data for internal tests. Company regulations, however do not allow the use of this data in cleartext. Which of the following solutions best meet these requirements?

A.

Configuring data hashing

B.

Deploying tokenization

C.

Replacing data with null record

D.

Implementing data obfuscation

Full Access
Question # 10

An organization has been using self-managed encryption keys rather than the free keys managed by the cloud provider. The Chief Information Security Officer (CISO) reviews the monthly bill and realizes the self-managed keys are more costly than anticipated. Which of the following should the CISO recommend to reduce costs while maintaining a strong security posture?

A.

Utilize an on-premises HSM to locally manage keys.

B.

Adjust the configuration for cloud provider keys on data that is classified as public.

C.

Begin using cloud-managed keys on all new resources deployed in the cloud.

D.

Extend the key rotation period to one year so that the cloud provider can use cached keys.

Full Access
Question # 11

A company must build and deploy security standards for all servers in its on-premises and cloud environments based on hardening guidelines. Which of the following solutions most likely meets the requirements?

A.

Develop a security baseline to integrate with the vulnerability scanning platform to alert about any server not aligned with the new security standards.

B.

Create baseline images for each OS in use, following security standards, and integrate the images into the patching and deployment solution.

C.

Build all new images from scratch, installing only needed applications and modules in accordance with the new security standards.

D.

Run a script during server deployment to remove all the unnecessary applications as part of provisioning.

Full Access
Question # 12

Users are experiencing a variety of issues when trying to access corporate resources examples include

• Connectivity issues between local computers and file servers within branch offices

• Inability to download corporate applications on mobile endpoints wtiilc working remotely

• Certificate errors when accessing internal web applications

Which of the following actions are the most relevant when troubleshooting the reported issues? (Select two).

A.

Review VPN throughput

B.

Check IPS rules

C.

Restore static content on lite CDN.

D.

Enable secure authentication using NAC

E.

Implement advanced WAF rules.

F.

Validate MDM asset compliance

Full Access
Question # 13

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select three).

A.

Temporal

B.

Availability

C.

Integrity

D.

Confidentiality

E.

Base

F.

Environmental

G.

Impact

Full Access
Question # 14

A security analyst is performing a review of a web application. During testing as a standard user, the following error log appears:

Error Message in Database Connection

Connection to host USA-WebApp-Database failed

Database "Prod-DB01" not found

Table "CustomerInfo" not found

Please retry your request later

Which of the following best describes the analyst’s findings and a potential mitigation technique?

A.

The findings indicate unsecure references. All potential user input needs to be properly sanitized.

B.

The findings indicate unsecure protocols. All cookies should be marked as HttpOnly.

C.

The findings indicate information disclosure. The displayed error message should be modified.

D.

The findings indicate a SQL injection. The database needs to be upgraded.

Full Access
Question # 15

Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

A.

Securing data transfer between hospitals

B.

Providing for non-repudiation data

C.

Reducing liability from identity theft

D.

Protecting privacy while supporting portability.

Full Access
Question # 16

After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation. Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?

A.

Apply code stylometry.

B.

Look for common IOCs.

C.

Use IOC extractions.

D.

Leverage malware detonation.

Full Access
Question # 17

Which of the following best describes the reason a network architect would enable forward secrecy on all VPN tunnels?

A.

This process is a requirement to enable hardware-accelerated cryptography.

B.

This process reduces the success of attackers performing cryptanalysis.

C.

The business requirements state that confidentiality is a critical success factor.

D.

Modern cryptographic protocols list this process as a prerequisite for use.

Full Access
Question # 18

An audit finding reveals that a legacy platform has not retained loos for more than 30 days The platform has been segmented due to its interoperability with newer technology. As a temporary solution, the IT department changed the log retention to 120 days. Which of the following should the security engineer do to ensure the logs are being properly retained?

A.

Configure a scheduled task nightly to save the logs

B.

Configure event-based triggers to export the logs at a threshold.

C.

Configure the SIEM to aggregate the logs

D.

Configure a Python script to move the logs into a SQL database.

Full Access
Question # 19

A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications. To prevent further compromises, the company has decided it will only allow authorized applications to run on its systems. Which of the following should the company implement?

A.

Signing

B.

Access control

C.

HIPS

D.

Permit listing

Full Access
Question # 20

A company hosts a platform-as-a-service solution with a web-based front end, through which customer interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks. Which of the following most directly supports the administrator's objective'

A.

improving security dashboard visualization on SIEM

B.

Rotating API access and authorization keys every two months

C.

Implementing application toad balancing and cross-region availability

D.

Creating WAF policies for relevant programming languages

Full Access
Question # 21

The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments resultsin privilege creep. Which of the following solutions are the best ways to mitigate this issue? (Select two).

Setting different access controls defined by business area

A.

Implementing a role-based access policy

B.

Designing a least-needed privilege policy

C.

Establishing a mandatory vacation policy

D.

Performing periodic access reviews

E.

Requiring periodic job rotation

Full Access
Question # 22

Which of the following supports the process of collecting a large pool of behavioral observations to inform decision-making?

A.

Linear regression

B.

Distributed consensus

C.

Big Data

D.

Machine learning

Full Access
Question # 23

An organization is required to

* Respond to internal and external inquiries in a timely manner

* Provide transparency.

* Comply with regulatory requirements

The organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?

A.

Outsourcing the handling of necessary regulatory filing to an external consultant

B.

Integrating automated response mechanisms into the data subject access request process

C.

Developing communication templates that have been vetted by internal and external counsel

D.

Conducting lessons-learned activities and integrating observations into the crisis management plan

Full Access
Question # 24

A developer needs to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module. Which of the following is the most appropriate technique?

A.

Key splitting

B.

Key escrow

C.

Key rotation

D.

Key encryption

E.

Key stretching

Full Access
Question # 25

A security analyst is reviewing the following log:

Which of the following possible events should the security analyst investigate further?

A.

A macro that was prevented from running

B.

A text file containing passwords that were leaked

C.

A malicious file that was run in this environment

D.

A PDF that exposed sensitive information improperly

Full Access
Question # 26

A network engineer must ensure that always-on VPN access is enabled Curt restricted to company assets Which of the following best describes what the engineer needs to do''

A.

Generate device certificates using the specific template settings needed

B.

Modify signing certificates in order to support IKE version 2

C.

Create a wildcard certificate for connections from public networks

D.

Add the VPN hostname as a SAN entry on the root certificate

Full Access
Question # 27

A security engineer must ensure that sensitive corporate information is not exposed if a company laptop is stolen. Which of the following actions best addresses this requirement?

A.

Utilizing desktop as a service for all company data and multifactor authentication

B.

Using explicit allow lists of specific IP addresses and deploying single sign-on

C.

Deploying mobile device management and requiring stronger passwords

D.

Updating security mobile reporting policies and monitoring data breaches

Full Access
Question # 28

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Full Access
Question # 29

A user reports application access issues to the help desk. The help desk reviews the logs for the user

Which of the following is most likely The reason for the issue?

A.

The user inadvertently tripped the impossible travel security rule in the SSO system.

B.

A threat actor has compromised the user's account and attempted to lop, m

C.

The user is not allowed to access the human resources system outside of business hours

D.

The user did not attempt to connect from an approved subnet

Full Access
Question # 30

A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors Which of the following is the most relevant to the DevSecOps team's task'

A.

Static application security testing

B.

Software composition analysis

C.

Runtime application self-protection

D.

Web application vulnerability scanning

Full Access
Question # 31

An external SaaS solution user reports a bug associated with the role-based access control module. This bug allows users to bypass system logic associated with client segmentation in the multitenant deployment model. When assessing the bug report, the developer finds that the same bug was previously identified and addressed in an earlier release. The developer then determines the bug was reintroduced when an existing software component was integrated from a prior version of the platform. Which of the following is the best way to prevent this scenario?

A.

Regression testing

B.

Code signing

C.

Automated test and retest

D.

User acceptance testing

E.

Software composition analysis

Full Access
Question # 32

An organization is developing a disaster recovery plan that requires data to be backed up and available ata moment's notice. Which of the following should the organization consider first to address this requirement?

A.

Implement a change management plan to ensure systems are using the appropriate versions.

B.

Hire additional on-call staff to be deployed if an event occurs.

C.

Design an appropriate warm site for business continuity.

D.

Identify critical business processes and determine associated software and hardware requirements.

Full Access
Question # 33

An engineering team determines the cost to mitigate certain risks is higher than the asset values The team must ensure the risks are prioritized appropriately. Which of the following is the best way to address the issue?

A.

Data labeling

B.

Branch protection

C.

Vulnerability assessments

D.

Purchasing insurance

Full Access
Question # 34

A building camera is remotely accessed and disabled from the remote console application during off-hours. A security analyst reviews the following logs:

Which of the following actions should the analyst take to best mitigate the threat?

A.

Implement WAF protection for the web application.

B.

Upgrade the firmware on the camera.

C.

Only allow connections from approved IPs.

D.

Block IP 104.18.16.29 on the firewall.

Full Access
Question # 35

Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

A.

Securing data transfer between hospitals

B.

Providing for non-repudiation of data

C.

Reducing liability from identity theft

D.

Protecting privacy while supporting portability

Full Access
Question # 36

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?

A.

Assess the residual risk.

B.

Update the organization's threat model.

C.

Move to the next risk in the register.

D.

Recalculate the magnitude of the impact.

Full Access
Question # 37

A security engineer is developing a solution to meet the following requirements?

• All endpoints should be able to establish telemetry with a SIEM.

• All endpoints should be able to be integrated into the XDR platform.

• SOC services should be able to monitor the XDR platform

Which of the following should the security engineer implement to meet the requirements?

A.

CDR and central logging

B.

HIDS and vTPM

C.

WAF and syslog

D.

HIPS and host-based firewall

Full Access
Question # 38

A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:

Which of the following is the most appropriate action for the analyst to take?

A.

Update the log configuration settings on the directory server that Is not being captured properly.

B.

Have the admin account owner change their password to avoid credential stuffing.

C.

Block employees from logging in to applications that are not part of their business area.

D.

implement automation to disable accounts that nave been associated with high-risk activity.

Full Access
Question # 39

The identity and access management team is sending logs to the SIEM for continuous monitoring. The deployed log collector is forwarding logs to

the SIEM. However, only false positive alerts are being generated. Which of the following is the most likely reason for the inaccurate alerts?

A.

The compute resources are insufficient to support the SIEM

B.

The SIEM indexes are 100 large

C.

The data is not being properly parsed

D.

The retention policy is not property configured

Full Access
Question # 40

A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?

A.

Deploying a VPN to prevent remote locations from accessing server VLANs

B.

Configuring a SASb solution to restrict users to server communication

C.

Implementing microsegmentation on the server VLANs

D.

installing a firewall and making it the network core

Full Access
Question # 41

An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability. Which of the following components provides the best foundation to achieve this goal?

A.

SASE

B.

CMDB

C.

SBoM

D.

SLM

Full Access
Question # 42

An organization wants to create a threat model to identity vulnerabilities in its infrastructure. Which of the following, should be prioritized first?

A.

External-facing Infrastructure with known exploited vulnerabilities

B.

Internal infrastructure with high-seventy and Known exploited vulnerabilities

C.

External facing Infrastructure with a low risk score and no known exploited vulnerabilities

D.

External-facing infrastructure with a high risk score that can only be exploited with local access to the resource

Full Access
Question # 43

A security analyst is reviewing the following vulnerability assessment report:

192.168.1.5, Host = Server1, CVSS 7.5, Web Server, Remotely Executable = Yes, Exploit = Yes

205.1.3.5, Host = Server2, CVSS 6.5, Bind Server, Remotely Executable = Yes, Exploit = POC

207.1.5.7, Host = Server3, CVSS 5.5, Email Server, Remotely Executable = Yes, Exploit = Yes

192.168.1.6, Host = Server4, CVSS 9.8, Domain Controller, Remotely Executable = Yes, Exploit = Yes

Which of the following should be patched first to minimize attacks against internet-facing hosts?

A.

Server1

B.

Server2

C.

Server3

D.

Server4

Full Access
Question # 44

A compliance officer is reviewing the data sovereignty laws in several countries where the organization has no presence Which of the following is the most likely reason for reviewing these laws?

A.

The organization is performing due diligence of potential tax issues.

B.

The organization has been subject to legal proceedings in countries where it has a presence.

C.

The organization is concerned with new regulatory enforcement in other countries

D.

The organization has suffered brand reputation damage from incorrect media coverage

Full Access
Question # 45

A security engineer is implementing a code signing requirement for all code developed by the organization. Currently, the PKI only generates website certificates. Which of the following steps should the engineer perform first?

A.

Add a new template on the internal CA with the correct attributes.

B.

Generate a wildcard certificate for the internal domain.

C.

Recalculate a public/private key pair for the root CA.

D.

Implement a SAN for all internal web applications.

Full Access
Question # 46

A company is having issues with its vulnerability management program New devices/lPs are added and dropped regularly, making the vulnerability report inconsistent Which of the following actions should the company lake to most likely improve the vulnerability management process'

A.

Request a weekly report with all new assets deployed and decommissioned

B.

Extend the DHCP lease lime to allow the devices to remain with the same address for a longer period.

C.

Implement a shadow IT detection process to avoid rogue devices on the network

D.

Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool

Full Access
Question # 47

Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation. The analyst generates the following output:

Which of the following would the analyst most likely recommend?

A.

Installing appropriate EDR tools to block pass-the-hash attempts

B.

Adding additional time to software development to perform fuzz testing

C.

Removing hard coded credentials from the source code

D.

Not allowing users to change their local passwords

Full Access
Question # 48

After a penetration test on the internal network, the following report was generated:

Attack Target Result

Compromised host ADMIN01S.CORP.LOCAL Successful

Hash collected KRBTGT.CORP.LOCAL Successful

Hash collected SQLSV.CORP.LOCAL Successful

Pass the hash SQLSV.CORP.LOCAL Failed

Domain control CORP.LOCAL Successful

Which of the following should be recommended to remediate the attack?

A.

Deleting SQLSV

B.

Reimaging ADMIN01S

C.

Rotating KRBTGT password

D.

Resetting the local domain

Full Access
Question # 49

A security engineer is assisting a DevOps team that has the following requirements for container images:

Ensure container images are hashed and use version controls.

Ensure container images are up to date and scanned for vulnerabilities.

Which of the following should the security engineer do to meet these requirements?

A.

Enable clusters on the container image and configure the mesh with ACLs.

B.

Enable new security and quality checks within a CI/CD pipeline.

C.

Enable audits on the container image and monitor for configuration changes.

D.

Enable pulling of the container image from the vendor repository and deploy directly to operations.

Full Access
Question # 50

A security operations engineer needs to prevent inadvertent data disclosure when encrypted SSDs are reused within an enterprise. Which of the following is the most secure way to achieve this goal?

A.

Executing a script that deletes and overwrites all data on the SSD three times

B.

Wiping the SSD through degaussing

C.

Securely deleting the encryption keys used by the SSD

D.

Writing non-zero, random data to all cells of the SSD

Full Access
Question # 51

During a recentsecurity event, access from thenon-production environment to the production environmentenabledunauthorized usersto:

    Installunapproved software

    Makeunplanned configuration changes

During theinvestigation, the following findings were identified:

    Several new users were added in bulkby theIAM team

    Additionalfirewalls and routerswere recently added

    Vulnerability assessmentshave been disabled formore than 30 days

    Theapplication allow listhas not been modified intwo weeks

    Logs were unavailablefor various types of traffic

    Endpoints have not been patchedinover ten days

Which of the following actions would most likely need to be taken toensure proper monitoring?(Select two)

A.

Disable bulk user creationsby the IAM team

B.

Extend log retention for all security and network devices to180 daysfor all traffic

C.

Review the application allow listdaily

D.

Routinely update allendpoints and network devicesas soon as new patches/hot fixes are available

E.

Ensure allnetwork and security devicesare sending relevant data to theSIEM

F.

Configure firewall rules toonly allow production-to-non-productiontraffic

Full Access
Question # 52

A company plans to implement a research facility with Intellectual property data that should be protected The following is the security diagram proposed by the security architect

Which of the following security architect models is illustrated by the diagram?

A.

Identity and access management model

B.

Agent based security model

C.

Perimeter protection security model

D.

Zero Trust security model

Full Access
Question # 53

A security officer received several complaints from users about excessive MPA push notifications at night The security team investigates and suspects malicious activities regardinguser account authentication Which of the following is the best way for the security officer to restrict MI~A notifications''

A.

Provisioning FID02 devices

B.

Deploying a text message based on MFA

C.

Enabling OTP via email

D.

Configuring prompt-driven MFA

Full Access
Question # 54

A security administrator needs to automate alerting. The server generates structured log files that need to be parsed to determine whether an alarm has been triggered Given the following code function:

Which of the following is most likely the log input that the code will parse?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 55

A company that uses containers to run its applications is required to identify vulnerabilities on every container image in a private repository The security team needs to be able to quickly evaluate whether to respond to a given vulnerability Which of the following, will allow the security team to achieve the objective with the last effort?

A.

SAST scan reports

B.

Centralized SBoM

C.

CIS benchmark compliance reports

D.

Credentialed vulnerability scan

Full Access
Question # 56

A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment. Which of the following is the best solution?

A.

Limiting the tool to a specific coding language and tuning the rule set

B.

Configuring branch protection rules and dependency checks

C.

Using an application vulnerability scanner to identify coding flaws in production

D.

Performing updates on code libraries before code development

Full Access