Practice Free CAS-005 Exam Online Questions
Question #1
A network engineer must ensure that always-on VPN access is enabled Curt restricted to company
assets.
Which of the following best describes what the engineer needs to do”
- A . Generate device certificates using the specific template settings needed
- B . Modify signing certificates in order to support IKE version 2
- C . Create a wildcard certificate for connections from public networks
- D . Add the VPN hostname as a SAN entry on the root certificate
Correct Answer: A
A
Explanation:
To ensure always-on VPN access is enabled and restricted to company assets, the network engineer needs to generate device certificates using the specific template settings required for the company’s VPN solution. These certificates ensure that only authorized devices can establish a VPN connection.
Why Device Certificates are Necessary:
Authentication: Device certificates authenticate company assets, ensuring that only authorized devices can access the VPN.
Security: Certificates provide a higher level of security compared to username and password combinations, reducing the risk of unauthorized access.
Compliance: Certificates help in meeting security policies and compliance requirements by ensuring that only managed devices can connect to the corporate network.
Other options do not provide the same level of control and security for always-on VPN access: B. Modify signing certificates for IKE version 2: While important for VPN protocols, it does not address device-specific authentication.
C. Create a wildcard certificate: This is not suitable for device-specific authentication and could introduce security risks.
D. Add the VPN hostname as a SAN entry: This is more related to certificate management and does
not ensure device-specific authentication.
Reference: CompTIA SecurityX Study Guide
"Device Certificates for VPN Access, " Cisco Documentation NIST Special Publication 800-77, "Guide to IPsec VPNs"
A
Explanation:
To ensure always-on VPN access is enabled and restricted to company assets, the network engineer needs to generate device certificates using the specific template settings required for the company’s VPN solution. These certificates ensure that only authorized devices can establish a VPN connection.
Why Device Certificates are Necessary:
Authentication: Device certificates authenticate company assets, ensuring that only authorized devices can access the VPN.
Security: Certificates provide a higher level of security compared to username and password combinations, reducing the risk of unauthorized access.
Compliance: Certificates help in meeting security policies and compliance requirements by ensuring that only managed devices can connect to the corporate network.
Other options do not provide the same level of control and security for always-on VPN access: B. Modify signing certificates for IKE version 2: While important for VPN protocols, it does not address device-specific authentication.
C. Create a wildcard certificate: This is not suitable for device-specific authentication and could introduce security risks.
D. Add the VPN hostname as a SAN entry: This is more related to certificate management and does
not ensure device-specific authentication.
Reference: CompTIA SecurityX Study Guide
"Device Certificates for VPN Access, " Cisco Documentation NIST Special Publication 800-77, "Guide to IPsec VPNs"
Question #2
An organization is implementing advanced security controls associated with the execution of software applications on corporate endpoints. The organization must implement a deny-all, permit-by-exception approach to software authorization for all systems regardless of OS.
Which of the following should be implemented to meet these requirements?
- A . SELinux
- B . MDM
- C . XDR
- D . Block list
- E . Atomic execution
Correct Answer: D
D
Explanation:
Comprehensive and Detailed Step by Step
Understanding the Scenario: The organization wants a strict application control policy: deny all software execution by default and only allow specifically authorized applications. This must be enforced across all operating systems. It is implied that they mean an Allow list, but Block List is the only reasonable answer.
Analyzing the Answer Choices:
D
Explanation:
Comprehensive and Detailed Step by Step
Understanding the Scenario: The organization wants a strict application control policy: deny all software execution by default and only allow specifically authorized applications. This must be enforced across all operating systems. It is implied that they mean an Allow list, but Block List is the only reasonable answer.
Analyzing the Answer Choices:
Question #3
Which of the following is the main reason quantum computing advancements are leading companies and countries to deploy new encryption algorithms?
- A . Encryption systems based on large prime numbers will be vulnerable to exploitation
- B . Zero Trust security architectures will require homomorphic encryption.
- C . Perfect forward secrecy will prevent deployment of advanced firewall monitoring techniques
- D . Quantum computers willenable malicious actors to capture IP traffic in real time
Correct Answer: A
A
Explanation:
Advancements in quantum computing pose a significant threat to current encryption systems, especially those based on the difficulty of factoring large prime numbers, such as RSA. Quantum computers have the potential to solve these problems exponentially faster than classical computers, making current cryptographic systems vulnerable.
Why Large Prime Numbers are Vulnerable:
Shor’s Algorithm: Quantum computers can use Shor’s algorithm to factorize large integers efficiently, which undermines the security of RSA encryption.
Cryptographic Breakthrough: The ability to quickly factor large prime numbers means that encrypted data, which relies on the hardness of this mathematical problem, can be decrypted.
Other options, while relevant, do not capture the primary reason for the shift towards new encryption algorithms:
B. Zero Trust security architectures: While important, the shift to homomorphic encryption is not the main driver for new encryption algorithms.
C. Perfect forward secrecy: It enhances security but is not the main reason for new encryption algorithms.
D. Real-time IP traffic capture: Quantum computers pose a more significant threat to the underlying cryptographic algorithms than to the real-time capture of traffic.
Reference: CompTIA SecurityX Study Guide
NIST Special Publication 800-208, "Recommendation for Stateful Hash-Based Signature Schemes" "Quantum Computing and Cryptography, " MIT Technology Review
A
Explanation:
Advancements in quantum computing pose a significant threat to current encryption systems, especially those based on the difficulty of factoring large prime numbers, such as RSA. Quantum computers have the potential to solve these problems exponentially faster than classical computers, making current cryptographic systems vulnerable.
Why Large Prime Numbers are Vulnerable:
Shor’s Algorithm: Quantum computers can use Shor’s algorithm to factorize large integers efficiently, which undermines the security of RSA encryption.
Cryptographic Breakthrough: The ability to quickly factor large prime numbers means that encrypted data, which relies on the hardness of this mathematical problem, can be decrypted.
Other options, while relevant, do not capture the primary reason for the shift towards new encryption algorithms:
B. Zero Trust security architectures: While important, the shift to homomorphic encryption is not the main driver for new encryption algorithms.
C. Perfect forward secrecy: It enhances security but is not the main reason for new encryption algorithms.
D. Real-time IP traffic capture: Quantum computers pose a more significant threat to the underlying cryptographic algorithms than to the real-time capture of traffic.
Reference: CompTIA SecurityX Study Guide
NIST Special Publication 800-208, "Recommendation for Stateful Hash-Based Signature Schemes" "Quantum Computing and Cryptography, " MIT Technology Review
Question #4
A company receives reports about misconfigurations and vulnerabilities in a third-party hardware device that is part of its released products.
Which of the following solutions is the best way for the company to identify possible issues at an earlier stage?
- A . Performing vulnerability tests on each device delivered by the providers
- B . Performing regular red-team exercises on the vendor production line
- C . Implementing a monitoring process for the integration between the application and the vendor appliance
- D . Implementing a proper supply chain risk management program
Correct Answer: D
D
Explanation:
Addressing misconfigurations and vulnerabilities in third-party hardware requires a comprehensive approach to manage risks throughout the supply chain. Implementing a proper supply chain risk management (SCRM) program is the most effective solution as it encompasses the following: Holistic Approach: SCRM considers the entire lifecycle of the product, from initial design through to delivery and deployment. This ensures that risks are identified and managed at every stage. Vendor Management: It includes thorough vetting of suppliers and ongoing assessments of their security practices, which can identify and mitigate vulnerabilities early.
Regular Audits and Assessments: A robust SCRM program involves regular audits and assessments, both internally and with suppliers, to ensure compliance with security standards and best practices. Collaboration and Communication: Ensures that there is effective communication and collaboration between the company and its suppliers, leading to faster identification and resolution of issues. Other options, while beneficial, do not provide the same comprehensive risk management:
D
Explanation:
Addressing misconfigurations and vulnerabilities in third-party hardware requires a comprehensive approach to manage risks throughout the supply chain. Implementing a proper supply chain risk management (SCRM) program is the most effective solution as it encompasses the following: Holistic Approach: SCRM considers the entire lifecycle of the product, from initial design through to delivery and deployment. This ensures that risks are identified and managed at every stage. Vendor Management: It includes thorough vetting of suppliers and ongoing assessments of their security practices, which can identify and mitigate vulnerabilities early.
Regular Audits and Assessments: A robust SCRM program involves regular audits and assessments, both internally and with suppliers, to ensure compliance with security standards and best practices. Collaboration and Communication: Ensures that there is effective communication and collaboration between the company and its suppliers, leading to faster identification and resolution of issues. Other options, while beneficial, do not provide the same comprehensive risk management:
Question #5
A recent security audit identified multiple endpoints have the following vulnerabilities:
• Various unsecured open ports
• Active accounts for terminated personnel
• Endpoint protection software with legacy versions
• Overly permissive access rules
Which of the following would best mitigate these risks? (Select three).
- A . Local drive encryption
- B . Secure boot
- C . Address space layout randomization
- D . Unneeded services disabled
- E . Patching
- F . Logging
- G . Removal of unused accounts
- H . Enabling BIOS password
Correct Answer: D, E, G
D, E, G
Explanation:
Disabling unneeded services reduces the attack surface by closing open ports. Patchingensures that endpoint protection software and operating systems are up-to-date, reducing vulnerability exposure. Removing unused accounts eliminates access paths for malicious users exploiting dormant accounts. Secure boot, BIOS passwords, and drive encryption are important, but they address different layers of security than the vulnerabilities listed.
Reference: CompTIA SecurityX CAS-005, Domain 2.0: Apply system hardening techniques to endpoint security issues.
D, E, G
Explanation:
Disabling unneeded services reduces the attack surface by closing open ports. Patchingensures that endpoint protection software and operating systems are up-to-date, reducing vulnerability exposure. Removing unused accounts eliminates access paths for malicious users exploiting dormant accounts. Secure boot, BIOS passwords, and drive encryption are important, but they address different layers of security than the vulnerabilities listed.
Reference: CompTIA SecurityX CAS-005, Domain 2.0: Apply system hardening techniques to endpoint security issues.
Question #6
An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.
Which of the following would best secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?
- A . Implement a VPN for all APIs
- B . Sign the key with DSA
- C . Deploy MFA for the service accounts
- D . Utilize HMAC for the keys
Correct Answer: D
D
Explanation:
HMAC (Hash-based Message Authentication Code) ensures the integrity and authentication of API requests without exposing static or hard-coded private keys. It uses a secret key and a hash function, preventing replay attacks and tampering. VPNs secure the transport layer, MFA protects user accounts (not API-to-database communications), and DSA is a signature algorithm but does not address hard-coding risk directly.
Reference: CompTIA SecurityX CAS-005, Domain 3.0: Implement secure API practices including the
use of HMAC for key protection.
D
Explanation:
HMAC (Hash-based Message Authentication Code) ensures the integrity and authentication of API requests without exposing static or hard-coded private keys. It uses a secret key and a hash function, preventing replay attacks and tampering. VPNs secure the transport layer, MFA protects user accounts (not API-to-database communications), and DSA is a signature algorithm but does not address hard-coding risk directly.
Reference: CompTIA SecurityX CAS-005, Domain 3.0: Implement secure API practices including the
use of HMAC for key protection.
Question #7
An endpoint security engineer finds that a newly acquired company has a variety of non-standard applications running and no defined ownership for those applications. The engineer needs to find a solution that restricts malicious programs and software from running in that environment, while allowing the non-standard applications to function without interruption.
Which of the following application control configurations should the engineer apply?
- A . Deny list
- B . Allow list
- C . Audit mode
- D . MAC list
Correct Answer: C
C
Explanation:
Comprehensive and Detailed Step-by-Step
Option A: Deny list
Deny lists block specific applications or processes identified as malicious.
This approach is reactive and may inadvertently block the non-standard applications that are currently in use without proper ownership.
Option B: Allow list
Allow lists permit only pre-approved applications to run.
While secure, this approach requires defining all non-standard applications, which may disrupt operations in an environment where ownership is unclear.
Option C: Audit mode
Correct Answer.
Audit mode allows monitoring and logging of applications without enforcing restrictions.
This is ideal in environments with non-standard applications and undefined ownership because it enables the engineer to observe the environment and gradually implement control without interruption.
Audit mode provides critical visibility into the software landscape, ensuring that necessary applications remain functional.
Option D: MAC list
Mandatory Access Control (MAC) lists restrict access based on classification and clearance levels.
This does not align with application control objectives in this context.
Reference: CompTIA CASP+ Study Guide – Chapters on Endpoint Security and Application Control.
CASP+ Objective 2.4: Implement appropriate security controls for enterprise endpoints.
C
Explanation:
Comprehensive and Detailed Step-by-Step
Option A: Deny list
Deny lists block specific applications or processes identified as malicious.
This approach is reactive and may inadvertently block the non-standard applications that are currently in use without proper ownership.
Option B: Allow list
Allow lists permit only pre-approved applications to run.
While secure, this approach requires defining all non-standard applications, which may disrupt operations in an environment where ownership is unclear.
Option C: Audit mode
Correct Answer.
Audit mode allows monitoring and logging of applications without enforcing restrictions.
This is ideal in environments with non-standard applications and undefined ownership because it enables the engineer to observe the environment and gradually implement control without interruption.
Audit mode provides critical visibility into the software landscape, ensuring that necessary applications remain functional.
Option D: MAC list
Mandatory Access Control (MAC) lists restrict access based on classification and clearance levels.
This does not align with application control objectives in this context.
Reference: CompTIA CASP+ Study Guide – Chapters on Endpoint Security and Application Control.
CASP+ Objective 2.4: Implement appropriate security controls for enterprise endpoints.
Question #8
Which of the following best describes the challengesassociated with widespread adoption of homomorphic encryption techniques?
- A . Incomplete mathematical primitives
- B . No use cases to drive adoption
- C . Quantum computers not yet capable
- D . Insufficient coprocessor support
Correct Answer: D
D
Explanation:
Homomorphic encryption allows computations to be performed on encrypted data without decrypting it, preserving confidentiality. However, its adoption faces significant challenges due to performance overhead. According to the CompTIA SecurityX CAS-005 study materials (Domain 3: Cybersecurity Technology, 3.3), homomorphic encryption requires substantial computational resources, which standard processors struggle to provide efficiently. Specialized hardware, such as coprocessors (e.g., GPUs or TPUs), is oftenneeded to handle the complex mathematical operations involved. The lack of widespread, optimized coprocessor support in existing infrastructure is a primary barrier to adoption.
Option A (Incomplete mathematical primitives): While early homomorphic encryption schemes had limitations, modern schemes (e.g., CKKS, BFV) have mature mathematical foundations, making this less of a challenge today.
Option B (No use cases): Use cases exist, such as secure cloud computing and privacy-preserving data analytics, so this is not accurate.
Option C (Quantum computers): Homomorphic encryption is not dependent on quantum computing, and quantum computers are unrelated to its current challenges.
Option D (Insufficient coprocessor support): This is the most accurate, as performance bottlenecks require specialized hardware that is not yet widely available or integrated.
Reference: CompTIA SecurityX CAS-005 Official Study Guide, Domain 3: Cybersecurity Technology, Section 3.3: "Evaluate emerging cryptographic technologies, including homomorphic encryption challenges." CAS-005 Exam Objectives, 3.3: "Analyze barriers to adopting advanced encryption techniques."
D
Explanation:
Homomorphic encryption allows computations to be performed on encrypted data without decrypting it, preserving confidentiality. However, its adoption faces significant challenges due to performance overhead. According to the CompTIA SecurityX CAS-005 study materials (Domain 3: Cybersecurity Technology, 3.3), homomorphic encryption requires substantial computational resources, which standard processors struggle to provide efficiently. Specialized hardware, such as coprocessors (e.g., GPUs or TPUs), is oftenneeded to handle the complex mathematical operations involved. The lack of widespread, optimized coprocessor support in existing infrastructure is a primary barrier to adoption.
Option A (Incomplete mathematical primitives): While early homomorphic encryption schemes had limitations, modern schemes (e.g., CKKS, BFV) have mature mathematical foundations, making this less of a challenge today.
Option B (No use cases): Use cases exist, such as secure cloud computing and privacy-preserving data analytics, so this is not accurate.
Option C (Quantum computers): Homomorphic encryption is not dependent on quantum computing, and quantum computers are unrelated to its current challenges.
Option D (Insufficient coprocessor support): This is the most accurate, as performance bottlenecks require specialized hardware that is not yet widely available or integrated.
Reference: CompTIA SecurityX CAS-005 Official Study Guide, Domain 3: Cybersecurity Technology, Section 3.3: "Evaluate emerging cryptographic technologies, including homomorphic encryption challenges." CAS-005 Exam Objectives, 3.3: "Analyze barriers to adopting advanced encryption techniques."
Question #9
Which of the following best describes a common use case for homomorphic encryption?
- A . Processing data on a server after decrypting in order to prevent unauthorized access in transit
- B . Maintaining the confidentiality of data both at rest and in transit to and from a CSP for processing
- C . Transmitting confidential data to a CSP for processing on a large number of resources without revealing information
- D . Storing proprietary data across multiple nodes in a private cloud to prevent access by unauthenticated users
Correct Answer: C
C
Explanation:
Homomorphic encryption allows computations to be performed directly on encrypted data without decrypting it first. This technology is particularly useful for securely transmitting confidential data to a cloud service provider (CSP) and allowing the CSP to process the data without having any visibility into its content. This maintains data confidentiality even during processing. It is not about securing data at rest and in transit or simply storing data across nodes.
Reference: CompTIA SecurityX CAS-005, Domain 3.0: Implement secure protocols and encryption technologies including homomorphic encryption for cloud and external processing.
C
Explanation:
Homomorphic encryption allows computations to be performed directly on encrypted data without decrypting it first. This technology is particularly useful for securely transmitting confidential data to a cloud service provider (CSP) and allowing the CSP to process the data without having any visibility into its content. This maintains data confidentiality even during processing. It is not about securing data at rest and in transit or simply storing data across nodes.
Reference: CompTIA SecurityX CAS-005, Domain 3.0: Implement secure protocols and encryption technologies including homomorphic encryption for cloud and external processing.
Question #10
A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not normally send traffic to those sites. The technician will define this threat as:
- A . A decrypting RSA using an obsolete and weakened encryption attack.
- B . A zero-day attack.
- C . An advanced persistent threat.
- D . An on-path attack.
Correct Answer: C
C
Explanation:
The scenario describes a prolonged, stealthy operation where files were exfiltrated over three months via secure channels (TLS-protected HTTP) from unexpected systems, then ceased. This aligns with an Advanced Persistent Threat (APT), characterized by long-term, targeted attacks aimed at data theft or surveillance, often using sophisticated methods to remain undetected.
Option A: Decrypting RSA with weak encryption implies a cryptographic attack, but TLS suggests modern encryption was used, and there’s no evidence of decryption here.
Option B: A zero-day attack exploits unknown vulnerabilities, but the duration and cessation suggest a planned operation, not a single exploit.
Option C: APT fits perfectly―slow, persistent exfiltration from unusual systems indicates a coordinated, stealthy threat actor.
Option D: An on-path (man-in-the-middle) attack intercepts traffic, but there’s no indication of interception; the focus is on unauthorized transfers.
Reference: CompTIA SecurityX CAS-005 Domain 1: Risk Management C Threat Identification and Analysis.
C
Explanation:
The scenario describes a prolonged, stealthy operation where files were exfiltrated over three months via secure channels (TLS-protected HTTP) from unexpected systems, then ceased. This aligns with an Advanced Persistent Threat (APT), characterized by long-term, targeted attacks aimed at data theft or surveillance, often using sophisticated methods to remain undetected.
Option A: Decrypting RSA with weak encryption implies a cryptographic attack, but TLS suggests modern encryption was used, and there’s no evidence of decryption here.
Option B: A zero-day attack exploits unknown vulnerabilities, but the duration and cessation suggest a planned operation, not a single exploit.
Option C: APT fits perfectly―slow, persistent exfiltration from unusual systems indicates a coordinated, stealthy threat actor.
Option D: An on-path (man-in-the-middle) attack intercepts traffic, but there’s no indication of interception; the focus is on unauthorized transfers.
Reference: CompTIA SecurityX CAS-005 Domain 1: Risk Management C Threat Identification and Analysis.