Weekend Special Sale - Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: mxmas70

Home > CompTIA > SecurityX > CAS-005

CAS-005 CompTIA SecurityX Certification Exam Question and Answers

Question # 4

The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep. Which of the following solutions are the best ways to mitigate this issue? (Select two).

Setting different access controls defined by business area

A.

Implementing a role-based access policy

B.

Designing a least-needed privilege policy

C.

Establishing a mandatory vacation policy

D.

Performing periodic access reviews

E.

Requiring periodic job rotation

Full Access
Question # 5

A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment. Which of the following is the best solution?

A.

Limiting the tool to a specific coding language and tuning the rule set

B.

Configuring branch protection rules and dependency checks

C.

Using an application vulnerability scanner to identify coding flaws in production

D.

Performing updates on code libraries before code development

Full Access
Question # 6

A security analyst is reviewing the following authentication logs:

Which of the following should the analyst do first?

A.

Disable User2's account

B.

Disable User12's account

C.

Disable User8's account

D.

Disable User1's account

Full Access
Question # 7

An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted. Which of the following attack vectors does this registry address?

A.

Supply chain attack B. Cipher substitution attack C. Side-channel analysis D. On-path attack E. Pass-the-hash attack

Full Access
Question # 8

The identity and access management team is sending logs to the SIEM for continuous monitoring. The deployed log collector is forwarding logs to

the SIEM. However, only false positive alerts are being generated. Which of the following is the most likely reason for the inaccurate alerts?

A.

The compute resources are insufficient to support the SIEM

B.

The SIEM indexes are 100 large

C.

The data is not being properly parsed

D.

The retention policy is not property configured

Full Access
Question # 9

A cloud engineer needs to identify appropriate solutions to:

• Provide secure access to internal and external cloud resources.

• Eliminate split-tunnel traffic flows.

• Enable identity and access management capabilities.

Which of the following solutions arc the most appropriate? (Select two).

A.

Federation

B.

Microsegmentation

C.

CASB

D.

PAM

E.

SD-WAN

F.

SASE

Full Access
Question # 10

Which of the following is the security engineer most likely doing?

A.

Assessing log in activities using geolocation to tune impossible Travel rate alerts

B.

Reporting on remote log-in activities to track team metrics

C.

Threat hunting for suspicious activity from an insider threat

D.

Baselining user behavior to support advanced analytics

Full Access
Question # 11

An incident response team is analyzing malware and observes the following:

• Does not execute in a sandbox

• No network loCs

• No publicly known hash match

• No process injection method detected

Which of the following should the team do next to proceed with further analysis?

A.

Use an online vims analysis tool to analyze the sample

B.

Check for an anti-virtualization code in the sample

C.

Utilize a new deployed machine to run the sample.

D.

Search oilier internal sources for a new sample.

Full Access
Question # 12

A company’s internal network is experiencing a security breach, and the threat actor is still active. Due to business requirements, users in this environment are allowed to utilize multiple machines at the same time. Given the following log snippet:

Which of the following accounts should a security analyst disable to best contain the incident without impacting valid users?

A.

user-a

B.

user-b

C.

user-c

D.

user-d

Full Access
Question # 13

After a company discovered a zero-day vulnerability in its VPN solution, the company plans to deploy cloud-hosted resources to replace its current on-premises systems. An engineer must find an appropriate solution to facilitate trusted connectivity. Which of the following capabilities is the most relevant?

A.

Container orchestration

B.

Microsegmentation

C.

Conditional access

D.

Secure access service edge (SASE)

Full Access
Question # 14

An organization wants to manage specialized endpoints and needs a solution that provides the ability to

* Centrally manage configurations

* Push policies.

• Remotely wipe devices

• Maintain asset inventory

Which of the following should the organization do to best meet these requirements?

A.

Use a configuration management database

B.

Implement a mobile device management solution.

C.

Configure contextual policy management

D.

Deploy a software asset manager

Full Access
Question # 15

After remote desktop capabilities were deployed in the environment, various vulnerabilities were noticed.

• Exfiltration of intellectual property

• Unencrypted files

• Weak user passwords

Which of the following is the best way to mitigate these vulnerabilities? (Select two).

A.

Implementing data loss prevention

B.

Deploying file integrity monitoring

C.

Restricting access to critical file services only

D.

Deploying directory-based group policies

E.

Enabling modem authentication that supports MFA

F.

Implementing a version control system

G.

Implementing a CMDB platform

Full Access
Question # 16

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Full Access
Question # 17

A company wants to protect against the most common attacks and rapidly integrate with different programming languages. Which of the following technologies is most likely to meet this need?

A.

RASP

B.

Cloud-based IDE

C.

DAST

D.

NIPS

Full Access
Question # 18

A security operations engineer needs to prevent inadvertent data disclosure when encrypted SSDs are reused within an enterprise. Which of the following is the most secure way to achieve this goal?

A.

Executing a script that deletes and overwrites all data on the SSD three times

B.

Wiping the SSD through degaussing

C.

Securely deleting the encryption keys used by the SSD

D.

Writing non-zero, random data to all cells of the SSD

Full Access
Question # 19

Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

A.

Securing data transfer between hospitals

B.

Providing for non-repudiation data

C.

Reducing liability from identity theft

D.

Protecting privacy while supporting portability.

Full Access
Question # 20

A compliance officer is reviewing the data sovereignty laws in several countries where the organization has no presence Which of the following is the most likely reason for reviewing these laws?

A.

The organization is performing due diligence of potential tax issues.

B.

The organization has been subject to legal proceedings in countries where it has a presence.

C.

The organization is concerned with new regulatory enforcement in other countries

D.

The organization has suffered brand reputation damage from incorrect media coverage

Full Access
Question # 21

A systems administrator wants to reduce the number of failed patch deployments in an organization. The administrator discovers that system owners modify systems or applications in an ad hoc manner. Which of the following is the best way to reduce the number of failed patch deployments?

A.

Compliance tracking

B.

Situational awareness

C.

Change management

D.

Quality assurance

Full Access
Question # 22

A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin. Which of the following best describes the cyberthreat to the bank?

A.

Ability to obtain components during wartime

B.

Fragility and other availability attacks

C.

Physical Implants and tampering

D.

Non-conformance to accepted manufacturing standards

Full Access
Question # 23

A systems administrator works with engineers to process and address vulnerabilities as a result of continuous scanning activities. The primary challenge faced by the administrator is differentiating between valid and invalid findings. Which of the following would the systems administrator most likely verify is properly configured?

A.

Report retention time

B.

Scanning credentials

C.

Exploit definitions

D.

Testing cadence

Full Access
Question # 24

Third parties notified a company's security team about vulnerabilities in the company's application. The security team determined these vulnerabilities were previously disclosed in third-party libraries. Which of the following solutions best addresses the reported vulnerabilities?

A.

Using laC to include the newest dependencies

B.

Creating a bug bounty program

C.

Implementing a continuous security assessment program

D.

Integrating a SASI tool as part of the pipeline

Full Access
Question # 25

A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP Which of the following is me b»« way to reduce the risk oi reoccurrence?

A.

Enforcing allow lists for authorized network pons and protocols

B.

Measuring and attesting to the entire boot chum

C.

Rolling the cryptographic keys used for hardware security modules

D.

Using code signing to verify the source of OS updates

Full Access
Question # 26

An organization wants to create a threat model to identity vulnerabilities in its infrastructure. Which of the following, should be prioritized first?

A.

External-facing Infrastructure with known exploited vulnerabilities

B.

Internal infrastructure with high-seventy and Known exploited vulnerabilities

C.

External facing Infrastructure with a low risk score and no known exploited vulnerabilities

D.

External-facing infrastructure with a high risk score that can only be exploited with local access to the resource

Full Access
Question # 27

A user reports application access issues to the help desk. The help desk reviews the logs for the user

Which of the following is most likely The reason for the issue?

A.

The user inadvertently tripped the impossible travel security rule in the SSO system.

B.

A threat actor has compromised the user's account and attempted to lop, m

C.

The user is not allowed to access the human resources system outside of business hours

D.

The user did not attempt to connect from an approved subnet

Full Access
Question # 28

A company's security policy states that any publicly available server must be patched within 12 hours after a patch is released A recent llS zero-day vulnerability was discovered that affects all versions of the Windows Server OS:

Which of the following hosts should a security analyst patch first once a patch is available?

A.

1

B.

2

C.

3

D.

4

E.

5

F.

6

Full Access
Question # 29

During a gap assessment, an organization notes that OYOD usage is a significant risk. The organization implemented administrative policies prohibiting BYOD usage However, the organization has not implemented technical controls to prevent the unauthorized use of BYOD assets when accessing the organization's resources. Which of the following solutions should the organization implement to b»« reduce the risk of OYOD devices? (Select two).

A.

Cloud 1AM to enforce the use of token based MFA

B.

Conditional access, to enforce user-to-device binding

C.

NAC, to enforce device configuration requirements

D.

PAM. to enforce local password policies

E.

SD-WAN. to enforce web content filtering through external proxies

F.

DLP, to enforce data protection capabilities

Full Access
Question # 30

A security administrator needs to automate alerting. The server generates structured log files that need to be parsed to determine whether an alarm has been triggered Given the following code function:

Which of the following is most likely the log input that the code will parse?

A)

B)

C)

D)

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Full Access
Question # 31

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Full Access
Question # 32

An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform. Which of the following should the company do to secure the Al environment?

A.

Limn the platform's abilities to only non-sensitive functions

B.

Enhance the training model's effectiveness.

C.

Grant the system the ability to self-govern

D.

Require end-user acknowledgement of organizational policies.

Full Access
Question # 33

During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.

INSTRUCTIONS

Review each of the events and select the appropriate analysis and remediation options for each IoC.

Full Access
Question # 34

A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password Which of the following models should the company implement to b«st solve this issue?

A.

Rule based

B.

Time-based

C.

Role based

D.

Context-based

Full Access
Question # 35

Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment. Which of the following actions should be taken to address this requirement?

A.

Isolating the historian server for connections only from The SCADA environment

B.

Publishing the C$ share from SCADA to the enterprise

C.

Deploying a screened subnet between 11 and SCADA

D.

Adding the business workstations to the SCADA domain

Full Access
Question # 36

A global manufacturing company has an internal application mat is critical to making products This application cannot be updated and must Be available in the production area A security architect is implementing security for the application. Which of the following best describes the action the architect should take-?

A.

Disallow wireless access to the application.

B.

Deploy Intrusion detection capabilities using a network tap

C.

Create an acceptable use policy for the use of the application

D.

Create a separate network for users who need access to the application

Full Access
Question # 37

After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation. Which of the following would the company most likely do to decrease this type of risk?

A.

Improve firewall rules to avoid access to those platforms.

B.

Implement a cloud-access security broker

C.

Create SIEM rules to raise alerts for access to those platforms

D.

Deploy an internet proxy that filters certain domains

Full Access
Question # 38

A vulnerability can on a web server identified the following:

Which of the following actions would most likely eliminate on path decryption attacks? (Select two).

A.

Disallowing cipher suites that use ephemeral modes of operation for key agreement

B.

Removing support for CBC-based key exchange and signing algorithms

C.

Adding TLS_ECDHE_ECDSA_WITH_AE3_256_GCMS_HA256

D.

Implementing HIPS rules to identify and block BEAST attack attempts

E.

Restricting cipher suites to only allow TLS_RSA_WITH_AES_128_CBC_SHA

F.

Increasing the key length to 256 for TLS_RSA_WITH_AES_128_CBC_SHA

Full Access
Question # 39

A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries Which of the following should the organization most likely leverage to facilitate this activity? (Select two).

A.

CWPP

B.

YAKA

C.

ATTACK

D.

STIX

E.

TAXII

F.

JTAG

Full Access
Question # 40

During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server Given the following portion of the code:

Which of the following best describes this incident?

A.

XSRF attack

B.

Command injection

C.

Stored XSS

D.

SQL injection

Full Access
Question # 41

A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic. Which of the following should the analyst use to determine whether the requests are malicious?

A.

User-agent string

B.

Byte length of the request

C.

Web application headers

D.

HTML encoding field

Full Access
Question # 42

Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation. The analyst generates the following output:

Which of the following would the analyst most likely recommend?

A.

Installing appropriate EDR tools to block pass-the-hash attempts

B.

Adding additional time to software development to perform fuzz testing

C.

Removing hard coded credentials from the source code

D.

Not allowing users to change their local passwords

Full Access
Question # 43

A company plans to implement a research facility with Intellectual property data that should be protected The following is the security diagram proposed by the security architect

Which of the following security architect models is illustrated by the diagram?

A.

Identity and access management model

B.

Agent based security model

C.

Perimeter protection security model

D.

Zero Trust security model

Full Access
Question # 44

A financial services organization is using Al lo fully automate the process of deciding client loan rates Which of the following should the organization be most concerned about from a privacy perspective?

A.

Model explainability

B.

Credential Theft

C.

Possible prompt Injections

D.

Exposure to social engineering

Full Access