[Feb 25, 2025] Fully Updated Dumps PDF - Latest CAS-005 Exam Questions and Answers
100% Free CAS-005 Exam Dumps to Pass Exam Easily from Pass4sures
CompTIA CAS-005 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION # 102
An organization with a remote workforce has a new client with the following requirements:
- Consultants need to travel to the client site.
- The company has proprietary information on its hard drives.
- The company prohibits BYOD.
Which of the following would be the most beneficial for the organization to implement?
- A. Measured boot
- B. Virtual hardware
- C. Host-based encryption
- D. Secure enclave
Answer: C
NEW QUESTION # 103
A global organization is reviewing potential vendors to outsource a critical payroll function. Each vendor's plan includes using local resources in multiple regions to ensure compliance with all regulations. The organization's Chief Information Security Officer is conducting a risk assessment on the potential outsourcing vendors' subprocessors. Which of the following best explains the need for this risk assessment?
- A. Due care must be exercised during all procurement activities.
- B. Specific regulatory requirements must be met in each jurisdiction.
- C. Risk mitigations must be more comprehensive than the existing payroll provider.
- D. The responsibility of protecting PII remains with the organization.
Answer: D
NEW QUESTION # 104
Incident responders determine that a company email server was the first compromised machine in an attack. The server was infected by malware. The following are abbreviated headers from three emails that the incident responders could not confidently determine to be safe:
Which of the following is the most likely reason the malware was delivered?
- A. An attachment scan could not be completed.
- B. Repeated emails were sent from the same address.
- C. The SPF check failed.
- D. The DMARC security check failed.
Answer: D
NEW QUESTION # 105
A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution Which of the following most likely explains the choice to use a proxy-based CASB?
- A. Privacy compliance obligations are bypassed when using a user-based deployment.
- B. Corporate devices cannot receive certificates when not connected to on-premises devices
- C. Protecting and regularly rotating API secret keys requires a significant time commitment
- D. The capability to block unapproved applications and services is possible
Answer: D
Explanation:
A proxy-based Cloud Access Security Broker (CASB) is chosen primarily for its ability to block unapproved applications and services. Here's why:
* Application and Service Control: Proxy-based CASBs can monitor and control the use of applications and services by inspecting traffic as it passes through the proxy. This allows the organization to enforce policies that block unapproved applications and services, ensuring compliance with security policies.
* Visibility and Monitoring: By routing traffic through the proxy, the CASB can provide detailed visibility into user activities and data flows, enabling better monitoring and threat detection.
* Real-Time Protection: Proxy-based CASBs can provide real-time protection against threats by analyzing and controlling traffic before it reaches the end user, thus preventing the use of risky applications and services.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-125: Guide to Security for Full Virtualization Technologies
* Gartner CASB Market Guide
NEW QUESTION # 106
The material findings from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep. Which of the following solutions are the best ways to mitigate this issue?
(Choose two.)
- A. Setting different access controls defined by business area
- B. Establishing a mandatory vacation policy
- C. Requiring periodic job rotation
- D. Performing periodic access reviews
- E. Implementing a role-based access policy
- F. Designing a least-needed privilege policy
Answer: A,B
Explanation:
To mitigate the issue of excessive permissions and privilege creep, the best solutions are:
Implementing a Role-Based Access Policy:
Role-Based Access Control (RBAC): This policy ensures that access permissions are granted based on the user's role within the organization, aligning with the principle of least privilege.
Users are only granted access necessary for their role, reducing the risk of excessive permissions.
NEW QUESTION # 107
An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability. Which of the following components provides the best foundation to achieve this goal?
- A. CMDB
- B. SBoM
- C. SLM
- D. SASE
Answer: A
Explanation:
A Configuration Management Database (CMDB) provides the best foundation for identifying which specific assets are affected by a given vulnerability. A CMDB maintains detailed information about the IT environment, including hardware, software, configurations, and relationships between assets. This comprehensive view allows organizations to quickly identify and address vulnerabilities affecting specific assets.
References:
* CompTIA SecurityX Study Guide: Discusses the role of CMDBs in asset management and vulnerability identification.
* ITIL (Information Technology Infrastructure Library) Framework: Recommends the use of CMDBs for effective configuration and asset management.
* "Configuration Management Best Practices" by Bob Aiello and Leslie Sachs: Covers the importance of
* CMDBs in managing IT assets and addressing vulnerabilities.
NEW QUESTION # 108
A systems administrator needs to identify new attacks that could be carried out against the environment. The administrator plans to proactively seek out and observe new attacks. Which of the following is the best way to accomplish this goal?
- A. Configuring an IPS
- B. Scanning for IoCs
- C. Deploying a honeypot
- D. Implementing sandboxing
Answer: C
NEW QUESTION # 109
A company updates its cloud-based services by saving infrastructure code in a remote repository.
The code is automatically deployed into the development environment every time the code is saved to the repository. The developers express concern that the deployment often fails, citing minor code issues and occasional security control check failures in the development environment.
Which of the following should a security engineer recommend to reduce the deployment failures?
(Choose two.)
- A. Code submit authorization workflow
- B. Pipeline compliance scanning
- C. Software composition analysis
- D. Pre-commit code linting
- E. Repository branch protection
- F. Automated regression testing
Answer: D,F
NEW QUESTION # 110
A security analyst received a report that an internal web page is down after a company-wide update to the web browser Given the following error message:
Which of the following is the best way to fix this issue?
- A. Disabling all deprecated ciphers
- B. Discontinuing the use of self-signed certificates
- C. Blocking all non-essential pons
- D. Rewriting any legacy web functions
Answer: B
Explanation:
The error message "NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM" indicates that the web browser is rejecting the certificate because it uses a weak signature algorithm. This commonly happens with self-signed certificates, which often use outdated or insecure algorithms.
Why Discontinue Self-Signed Certificates?
* Security Compliance: Modern browsers enforce strict security standards and may reject certificates that do not comply with these standards.
* Trusted Certificates: Using certificates from a trusted Certificate Authority (CA) ensures compliance with security standards and is less likely to be flagged as insecure.
* Weak Signature Algorithm: Self-signed certificates might use weak algorithms like MD5 or SHA-1, which are considered insecure.
Other options do not address the specific cause of the certificate error:
* A. Rewriting legacy web functions: Does not address the certificate issue.
* B. Disabling deprecated ciphers: Useful for improving security but not related to the certificate error.
* C. Blocking non-essential ports: This is unrelated to the issue of certificate validation.
References:
* CompTIA SecurityX Study Guide
* "Managing SSL/TLS Certificates," OWASP
* "Best Practices for Certificate Management," NIST Special Publication 800-57
NEW QUESTION # 111
A security architect is establishing requirements to design resilience in un enterprise system trial will be extended to other physical locations. The system must
* Be survivable to one environmental catastrophe
* Re recoverable within 24 hours of critical loss of availability
* Be resilient to active exploitation of one site-to-site VPN solution
- A. Load-balance connection attempts and data Ingress at internet gateways
- B. Use orchestration to procure, provision, and transfer application workloads lo cloud services
- C. Allocate fully redundant and geographically distributed standby sites.
- D. Lease space to establish cold sites throughout other countries
- E. Employ layering of routers from diverse vendors
- F. Implement full weekly backups to be stored off-site for each of the company's sites
Answer: C
Explanation:
To design resilience in an enterprise system that can survive environmental catastrophes, recover within 24 hours, and be resilient to active exploitation, the best strategy is to allocate fully redundant and geographically distributed standby sites. Here's why:
* Geographical Redundancy: Having geographically distributed standby sites ensures that if one site is affected by an environmental catastrophe, the other sites can take over, providing continuity of operations.
* Full Redundancy: Fully redundant sites mean that all critical systems and data are replicated, enabling quick recovery in the event of a critical loss of availability.
* Resilience to Exploitation: Distributing resources across multiple sites reduces the risk of a single point of failure and increases resilience against targeted attacks.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-34: Contingency Planning Guide for Federal Information Systems
* ISO/IEC 27031:2011 - Guidelines for Information and Communication Technology Readiness for Business Continuity
NEW QUESTION # 112
A systems administrator wants to use existing resources to automate reporting from disparate security appliances that do not currently communicate. Which of the following is the best way to meet this objective?
- A. Migrating application usage logs to on-premises storage
- B. Combining back-end application storage into a single, relational database
- C. Configuring an API Integration to aggregate the different data sets
- D. Purchasing and deploying commercial off the shelf aggregation software
Answer: C
Explanation:
The best way to automate reporting from disparate security appliances that do not currently communicate is to configure an API Integration to aggregate the different data sets. Here's why:
* Interoperability: APIs allow different systems to communicate and share data, even if they were not originally designed to work together. This enables the integration of various security appliances into a unified reporting system.
* Automation: API integrations can automate the process of data collection, aggregation, and reporting, reducing manual effort and increasing efficiency.
* Scalability: APIs provide a scalable solution that can easily be extended to include additional security appliances or data sources as needed.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-95: Guide to Secure Web Services
* OWASP API Security Top Ten
NEW QUESTION # 113
An organization mat performs real-time financial processing is implementing a new backup solution. Given the following business requirements:
- The backup solution must reduce the risk for potential backup
compromise
- The backup solution must be resilient to a ransomware attack.
- The time to restore from backups is less important than the backup
data integrity
- Multiple copies of production data must be maintained
Which of the following backup strategies best meets these requirement?
- A. Enabling remote journaling on the databases to ensure real-time transactions are mirrored
- B. Setting up antitempering on the databases to ensure data cannot be changed unintentionally
- C. Utilizing two connected storage arrays and ensuring the arrays constantly sync
- D. Creating a secondary, immutable storage array and updating it with live data on a continuous basis
Answer: D
Explanation:
Creating a secondary, immutable storage array and updating it with live data on a continuous basis: An immutable storage array ensures that data, once written, cannot be altered or deleted.
This greatly reduces the risk of backup compromise and provides resilience against ransomware attacks, as the ransomware cannot modify or delete the backup data. Maintaining multiple copies of production data with an immutable storage solution ensures data integrity and compliance with the requirement for multiple copies.
NEW QUESTION # 114
A company isolated its OT systems from other areas of the corporate network These systems are required to report usage information over the internet to the vendor Which oi the following b*st reduces the risk of compromise or sabotage' (Select two).
- A. Encrypting data at rest
- B. Monitoring network behavior
- C. Executing daily health checks
- D. Performing boot Integrity checks
- E. Implementing a site-to-site IPSec VPN
- F. Implementing allow lists
Answer: E,F
Explanation:
* A. Implementing allow lists: Allow lists (whitelisting) restrict network communication to only authorized devices and applications, significantly reducing the attack surface by ensuring that only pre-approved traffic is permitted.
* F. Implementing a site-to-site IPSec VPN: A site-to-site VPN provides a secure, encrypted tunnel for data transmission between the OT systems and the vendor, protecting the data from interception and tampering during transit.
Other options:
* B. Monitoring network behavior: While useful for detecting anomalies, it does not proactively reduce the risk of compromise or sabotage.
* C. Encrypting data at rest: Important for protecting data stored on devices, but does not address network communication risks.
* D. Performing boot integrity checks: Ensures the integrity of the system at startup but does not protect ongoing network communications.
* E. Executing daily health checks: Useful for maintaining system health but does not directly reduce the risk of network-based compromise or sabotage.
References:
* CompTIA Security+ Study Guide
* NIST SP 800-82, "Guide to Industrial Control Systems (ICS) Security"
* "Industrial Network Security" by Eric D. Knapp and Joel Thomas Langill
NEW QUESTION # 115
A cybersecurity architect is reviewing the detection and monitoring capabilities for a global company that recently made multiple acquisitions. The architect discovers that the acquired companies use different vendors for detection and monitoring. The architect's goal is to:
- Create a collection of use cases to help detect known threats
- Include those use cases in a centralized library for use across all
of the companies
Which of the following is the best way to achieve this goal?
- A. Sigma rules
- B. UBA rules and use cases
- C. Ariel Query Language
- D. TAXII/STIX library
Answer: A
Explanation:
To create a collection of use cases for detecting known threats and include them in a centralized library for use across multiple companies with different vendors, Sigma rules are the best option.
Vendor-Agnostic Format: Sigma rules are a generic and open standard for writing SIEM (Security Information and Event Management) rules. They can be translated to specific query languages of different SIEM systems, making them highly versatile and applicable across various platforms.
Centralized Rule Management: By using Sigma rules, the cybersecurity architect can create a centralized library of detection rules that can be easily shared and implemented across different detection and monitoring systems used by the acquired companies. This ensures consistency in threat detection capabilities.
Ease of Use and Flexibility: Sigma provides a structured and straightforward format for defining detection logic. It allows for the easy creation, modification, and sharing of rules, facilitating collaboration and standardization across the organization.
NEW QUESTION # 116
A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:
Which of the following is the most appropriate action for the analyst to take?
- A. Have the admin account owner change their password to avoid credential stuffing.
- B. Update the log configuration settings on the directory server that Is not being captured properly.
- C. Block employees from logging in to applications that are not part of their business area.
- D. implement automation to disable accounts that nave been associated with high-risk activity.
Answer: D
Explanation:
The log-in activity indicates a security threat, particularly involving the ADMIN account with a high-risk failure status. This suggests that the account may be targeted by malicious activities such as credential stuffing or brute force attacks.
* Updating log configuration settings (A) may help in better logging future activities but does not
* address the immediate threat.
* Changing the admin account password (B) is a good practice but may not fully mitigate the ongoing threat if the account has already been compromised.
* Blocking employees (C) from logging into non-business applications might help in reducing attack surfaces but doesn't directly address the compromised account issue.
Implementing automation to disable accounts associated with high-risk activities ensures an immediate response to the detected threat, preventing further unauthorized access and allowing time for thorough investigation and remediation.
References:
* CompTIA SecurityX guide on incident response and account management.
* Best practices for handling compromised accounts.
* Automation tools and techniques for security operations centers (SOCs).
NEW QUESTION # 117
A company receives several complaints from customers regarding its website. An engineer implements a parser for the web server logs that generates the following output:
which of the following should the company implement to best resolve the issue?
- A. NAC
- B. WAF
- C. CDN
- D. IDS
Answer: C
Explanation:
The table indicates varying load times for users accessing the website from different geographic locations.
Customers from Australia and India are experiencing significantly higher load times compared to those from the United States. This suggests that latency and geographical distance are affecting the website's performance.
* A. IDS (Intrusion Detection System): While an IDS is useful for detecting malicious activities, it does not address performance issues related to latency and geographical distribution of content.
* B. CDN (Content Delivery Network): A CDN stores copies of the website's content in multiple geographic locations. By serving content from the nearest server to the user, a CDN can significantly reduce load times and improve user experience globally.
* C. WAF (Web Application Firewall): A WAF protects web applications by filtering and monitoring HTTP traffic but does not improve performance related to geographical latency.
* D. NAC (Network Access Control): NAC solutions control access to network resources but are not designed to address web performance issues.
Implementing a CDN is the best solution to resolve the performance issues observed in the log output.
References:
* CompTIA Security+ Study Guide
* "CDN: Content Delivery Networks Explained" by Akamai Technologies
* NIST SP 800-44, "Guidelines on Securing Public Web Servers"
NEW QUESTION # 118
A hospital provides tablets to its medical staff to enable them to more quickly access and edit patients' charts. The hospital wants to ensure that if a tablet is Identified as lost or stolen and a remote command is issued, the risk of data loss can be mitigated within seconds. The tablets are configured as follows to meet hospital policy:
- Full disk encryption is enabled
- "Always On" corporate VPN is enabled
- ef-use-backed keystore is enabled'ready.
- Wi-Fi 6 is configured with SAE.
- Location services is disabled.
- Application allow list is configured
- A. Returning on the device's solid-state media to zero
- B. Configuring the application allow list to only per mil emergency calls
- C. Revoking the user certificates used for VPN and Wi-Fi access
- D. Performing cryptographic obfuscation
- E. Using geolocation to find the device
Answer: A
Explanation:
To mitigate the risk of data loss on a lost or stolen tablet quickly, the most effective strategy is to return the device's solid-state media to zero, which effectively erases all data on the device.
Immediate Data Erasure: Returning the solid-state media to zero ensures that all data is wiped instantly, mitigating the risk of data loss if the device is lost or stolen.
Full Disk Encryption: Even though the tablets are already encrypted, physically erasing the data ensures that no residual data can be accessed if someone attempts to bypass encryption.
Compliance and Security: This method adheres to best practices for data security and compliance, ensuring that sensitive patient data cannot be accessed by unauthorized parties.
NEW QUESTION # 119
A global manufacturing company has an internal application mat is critical to making products.
This application cannot be updated and must Be available in the production area. A security architect is implementing security for the application. Which of the following best describes the action the architect should take-?
- A. Create an acceptable use policy for the use of the application
- B. Deploy Intrusion detection capabilities using a network tap
- C. Create a separate network for users who need access to the application
- D. Disallow wireless access to the application.
Answer: C
Explanation:
Creating a separate network for users who need access to the application is the best action to secure an internal application that is critical to the production area and cannot be updated.
Why Separate Network?
Network Segmentation: Isolates the critical application from the rest of the network, reducing the risk of compromise and limiting the potential impact of any security incidents.
Controlled Access: Ensures that only authorized users have access to the application, enhancing security and reducing the attack surface.
Minimized Risk: Segmentation helps in protecting the application from vulnerabilities that could be exploited from other parts of the network.
NEW QUESTION # 120
A web application server that provides services to hybrid modern and legacy financial applications recently underwent a scheduled upgrade to update common libraries, including OpenSSL. Multiple users are now reporting failed connection attempts to the server. The technician performing initial triage identified the following:
- Client applications more than five years old appear to be the most
affected.
- Web server logs show initial connection attempts by affected hosts.
- For the failed connections, logs indicate "cipher unavailable."
Which of the following is most likely to safely remediate this situation?
- A. The client TLS configuration must be set to enforce electronic codebook modes of operation.
- B. The client applications need to be modified to support AES in Galois/Counter Mode or equivalent.
- C. The server-side digital signature algorithm needs to be modified to support elliptic curve cryptography.
- D. The server needs to be configured for backward compatibility to SSL 3.0 applications.
Answer: B
NEW QUESTION # 121
An organization wants to manage specialized endpoints and needs a solution that provides the ability to:
- Centrally manage configurations
- Push policies.
- Remotely wipe devices
- Maintain asset inventory
Which of the following should the organization do to best meet these requirements?
- A. Configure contextual policy management
- B. Implement a mobile device management solution.
- C. Use a configuration management database
- D. Deploy a software asset manager
Answer: B
Explanation:
To meet the requirements of centrally managing configurations, pushing policies, remotely wiping devices, and maintaining an asset inventory, the best solution is to implement a Mobile Device Management (MDM) solution.
MDM Capabilities:
Central Management: MDM allows administrators to manage the configurations of all devices from a central console.
Policy Enforcement: MDM solutions enable the push of security policies and updates to ensure compliance across all managed devices.
Remote Wipe: In case a device is lost or stolen, MDM provides the capability to remotely wipe the device to protect sensitive data.
Asset Inventory: MDM maintains an up-to-date inventory of all managed devices, including their configurations and installed applications.
Other options do not provide the same comprehensive capabilities required for managing specialized endpoints.
NEW QUESTION # 122
......
Free CAS-005 Exam Questions CAS-005 Actual Free Exam Questions: https://exams4sure.pass4sures.top/CompTIA-CASP/CAS-005-testking-braindumps.html