Practice Free CAS-005 Exam Online Questions
A security architect is mitigating a vulnerability that previously led to a web application data breach.
An analysis into the root cause of the issue finds the following:
An administrator’s account was hijacked and used on several Autonomous System Numbers within 30 minutes.
All administrators use named accounts that require multifactor authentication.
Single sign-on is used for all company applications.
Which of the following should the security architect do to mitigate the issue?
- A . Configure token theft detection on the single sign-on system with automatic account lockouts.
- B . Enable context-based authentication when network locations change on administrator login attempts.
- C . Decentralize administrator accounts and force unique passwords for each application.
- D . Enforce biometric authentication requirements for the administrator’s named accounts.
B
Explanation:
Comprehensive and Detailed
The hijacked administrator account was used across multiple ASNs (indicating different network locations) in a short time, despite MFA and SSO. This suggests a stolen session or token misuse. Let’s analyze:
An organization recently acquired another company that is running a different EDR solution. A SOC analyst wants to automate the isolation of endpoints that are found to be compromised.
Which of the following workflows best mitigates the risk of false positives and reduces the spread of malicious code?
- A . Using a SOAR solution to look up entities via a TIP platform and isolate endpoints via APIs
- B . Setting a policy on each EDR management console to isolate all endpoints that trigger any alerts
- C . Reviewing all alerts manually in the various portals and taking action to isolate them
- D . Automating the suppression of all alerts that are not critical and sending an email asking SOC analysts to review these alerts
A
Explanation:
Comprehensive and Detailed
SecurityX CAS-005 emphasizes automation with validation in security operations. Security Orchestration, Automation, and Response (SOAR) platforms can integrate with Threat Intelligence Platforms (TIPs) to verify threat indicators before triggering automated endpoint isolation through EDR APIs. This approach reduces the spread of malware while minimizing the chance of isolating clean systems due to false positives.
Isolating endpoints on any alert (B) is high-risk and can disrupt business operations.
Manual review (C) is too slow for fast-moving threats.
Suppressing alerts (D) risks missing critical events entirely.
During DAST scanning, applications are consistently reporting code defects in open-source libraries that were used to build web applications. Most of the code defects are from using libraries with known vulnerabilities. The code defects are causing product deployment delays.
Which of the following is the best way to uncover these issues earlier in the life cycle?
- A . Directing application logs to the SIEM for continuous monitoring
- B . Modifying the WAF policies to block against known vulnerabilities
- C . Completing an IAST scan against the web application
- D . Using a software dependency management solution
D
Explanation:
Comprehensive and Detailed
SecurityX CAS-005 exam content emphasizes integrating security into the SDLC and using automated tools to identify vulnerabilities early.
Software dependency management solutions track and analyze libraries and components for known vulnerabilities before deployment, using vulnerability databases such as NVD or OSS Index. IAST scanning still requires the application to be running and may detect issues later.
WAF policies help block attacks in production but do not prevent vulnerable code from being deployed.
SIEM monitoring is reactive and identifies issues after they occur.
By detecting vulnerable dependencies early, software dependency management solutions prevent late-stage deployment delays and reduce security risk.
A systems administrator wants to reduce the number of failed patch deployments in an organization.
The administrator discovers that system owners modify systems or applications in an ad hoc manner.
Which of the following is the best way to reduce the number of failed patch deployments?
- A . Compliance tracking
- B . Situational awareness
- C . Change management
- D . Quality assurance
C
Explanation:
To reduce the number of failed patch deployments, the systems administrator should implement a
robust change management process. Change management ensures that all modifications to systems
or applications are planned, tested, and approved before deployment. This systematic approach
reduces the risk of unplanned changes that can cause patch failures and ensures that patches are
deployed in a controlled and predictable manner.
Reference: CompTIA SecurityX Study Guide: Emphasizes the importance of change management in maintaining system integrity and ensuring successful patch deployments.
ITIL (Information Technology Infrastructure Library) Framework: Provides best practices for change management in IT services.
"The Phoenix Project" by Gene Kim, Kevin Behr, and George Spafford: Discusses the critical role of change management in IT operations and its impact on system stability and reliability.
A news organization wants to implement workflows that allow users to request that untruthful data be retraced and scrubbed from online publications to comply with the right to be forgotten.
Which of the following regulations is the organization most likely trying to address?
- A . GDPR
- B . COPPA
- C . CCPA
- D . DORA
A
Explanation:
The General Data Protection Regulation (GDPR) is the regulation most likely being addressed by the news organization. GDPR includes provisions for the "right to be forgotten," which allows individuals to request the deletion of personal data that is no longer necessary for the purposes for which it was collected. This regulation aims to protect the privacy and personal data of individuals within the European Union.
Reference: CompTIA SecurityX Study Guide: Covers GDPR and its requirements, including the right to be forgotten.
GDPR official documentation: Details the rights of individuals, including data erasure and the right to beforgotten.
"GDPR: A Practical Guide to the General Data Protection Regulation" by IT Governance Privacy Team: Provides a comprehensive overview of GDPR compliance, including workflows for data deletion requests.
An attacker infiltrated the code base of a hardware manufacturer and inserted malware before the code was compiled. The malicious code is now running at the hardware level across a number of industries and sectors.
Which of the following categories best describes this type of vendor risk?
- A . SDLC attack
- B . Side-load attack
- C . Remote code signing
- D . Supply chain attack
D
Explanation:
This scenario clearly describes a supply chain attack, where the compromise occurs at the vendor or manufacturing stage before the product reaches the customer. The attack impacts many downstream organizations and sectors. SDLC attacks are focused on software development life cycles, side-loading involves unauthorized app installations, and remote code signing focuses on authenticating remote software, none of which fully encapsulate the situation described.
Reference: CompTIA SecurityX CAS-005, Domain 2.0: Assess vendor risks, including supply chain
compromises and mitigation strategies.
During a recent audit, a company’s systems were assessed- Given the following information:
Which of the following is the best way to reduce the attack surface?
- A . Deploying an EDR solution to all impacted machines in manufacturing
- B . Segmenting the manufacturing network with a firewall and placing the rules in monitor mode
- C . Setting up an IDS inline to monitor and detect any threats to the software
- D . Implementing an application-aware firewall and writing strict rules for the application access
D
Explanation:
SecurityX CAS-005 network architecture objectives emphasize limiting exposure of vulnerable systems by using application-aware firewalls with strict rule sets.
This approach directly reduces the attack surface by allowing only approved application traffic to and from the vulnerable systems, mitigating risk until systems are patched or replaced. EDR (A) enhances detection but doesn’t inherently reduce the exposed services.
Network segmentation in monitor mode (B) doesn’t block threats.
IDS (C) detects activity but does not block it.
A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response.
Which of the following should the team do to best accomplish this goal?
- A . Integrate a file-monitoring tool with the SIEM.
- B . Change the log solution and integrate it with the existing SIEM.
- C . Implement a central logging server, allowing only log ingestion.
- D . Rotate and back up logs every 24 hours, encrypting the backups.
C
Explanation:
A central logging server ensures logs are collected in a tamper-proof manner and only ingested (not modified). This prevents attackers from altering logs locally. Key concepts:
Logs should be centrally stored to prevent tampering.
Enabling log forwarding to a secure SIEM improves integrity.
Other options:
A (File monitoring tool) helps detect file changes but doesn’t prevent log tampering.
B (Changing log solutions) does not inherently improve security.
D (Log rotation and encryption) is best practice but does not prevent modification before transmission.
Reference: CASP+ CAS-005 Official Study Guide CSecurity Operations and Logging
An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform.
Which of the following should the company do to secure the Al environment?
- A . Limn the platform’s abilities to only non-sensitive functions
- B . Enhance the training model’s effectiveness.
- C . Grant the system the ability to self-govern
- D . Require end-user acknowledgement of organizational policies.
A
Explanation:
Limiting the platform’s abilities to only non-sensitive functions helps to mitigate risks associated with AI operations. By ensuring that the AI-enabled digital worker is only allowed to perform tasks that do not involve sensitive or critical data, the organization reduces the potential impact of any security breaches or misuse.
Enhancing the training model’s effectiveness (Option B) is important but does not directly address security guardrails. Granting the system the ability to self-govern (Option C) could increase risk as it may act beyond the organization’s control. Requiring end-user acknowledgement of organizational policies (Option D) is a good practice but does not implement technical guardrails to secure the AI environment.
Reference: CompTIA Security+ Study Guide
NIST SP 800-53 Rev. 5, "Security and Privacy Controls for Information Systems and Organizations"
ISO/IEC 27001, "Information Security Management"
Which of the following best describes the reason PQC preparation is important?
- A . To protect data against decryption due to increases in computational resource availability
- B . To have larger key lengths available through key stretching
- C . To improve encryption performance and speed using lightweight cryptography
- D . To leverage asymmetric encryption for large amounts of data
A
Explanation:
Post-Quantum Cryptography (PQC) preparation is critical to protect data against future quantum computing attacks that could break current cryptographic algorithms (e.g., RSA, ECC). According to the CompTIA SecurityX CAS-005 study guide (Domain 3: Cybersecurity Technology, 3.3), quantum computers with sufficient computational power could perform calculations (e.g., Shor’s algorithm) to decrypt data protected by traditional algorithms. PQC focuses on developing algorithms resistant to such increases in computational resources, ensuring long-term data security.
Option B: Key stretching is a technique to strengthen passwords, not related to PQC.
Option C: PQC algorithms often have higher computational costs, not improved performance.
Option D: Asymmetric encryption is not ideal for large data sets, and PQC is not specifically about this use case.
Option A: This accurately describes PQC’s purpose to safeguard data against quantum-driven decryption.
Reference: CompTIA SecurityX CAS-005 Official Study Guide, Domain 3: Cybersecurity Technology, Section 3.3:
"Prepare for post-quantum cryptography challenges." CAS-005 Exam Objectives, 3.3: "Evaluate the need for PQC in response to quantum computing advancements."