Practice Free CAS-005 Exam Online Questions
A Chief Information Security Officer requests an action plan to remediate vulnerabilities. A security analyst reviews the output from a recent vulnerability scan and notices hundreds of unique vulnerabilities. The output includes the CVSS score, IP address, hostname, and the list of vulnerabilities. The analyst determines more information is needed in order to decide which vulnerabilities should be fixed immediately.
Which of the following is the best source for this information?
- A . Third-party risk review
- B . Business impact analysis
- C . Incident response playbook
- D . Crisis management plan
B
Explanation:
The correct source is the Business Impact Analysis (BIA). A BIA provides context about which systems and applications are most critical to business operations, regulatory compliance, and customer obligations. While CVSS scores indicate severity in technical terms, they do not reflect the business impact of exploitation. For example, a medium-severity vulnerability on a critical payment system may pose more business risk than a high-severity vulnerability on a test server.
Option A (third-party risk review) focuses on vendor security posture, not internal remediation priorities.
Option C (incident response playbook) guides response during active incidents, not vulnerability prioritization.
Option D (crisis management plan) addresses executive-level communications during crises, not technical risk assessment.
By combining vulnerability scan data with BIA context, security teams can prioritize remediation efforts based on business-critical systems, ensuring the highest-risk vulnerabilities are remediated first. This aligns with CAS-005’s guidance on risk-based prioritization of remediation efforts.
Users are willing passwords on paper because of the number of passwords needed in an environment.
Which of the following solutions is the best way to manage this situation and decrease risks?
- A . Increasing password complexity to require 31 least 16 characters
- B . implementing an SSO solution and integrating with applications
- C . Requiring users to use an open-source password manager
- D . Implementing an MFA solution to avoid reliance only on passwords
B
Explanation:
Implementing a Single Sign-On (SSO) solution and integrating it with applications is the best way to manage the situation and decrease risks.
Here ’ s why:
Reduced Password Fatigue: SSO allows users to log in once and gain access to multiple applications and systems without needing to remember and manage multiple passwords. This reduces the likelihood of users writing down passwords.
Improved Security: By reducing the number of passwords users need to manage, SSO decreases the attack surface and potential for password-related security breaches. It also allows for the implementation of stronger authentication methods.
User Convenience: SSO improves the user experience by simplifying the login process, which can lead to higher productivity and satisfaction.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle Management
OWASP Authentication Cheat Sheet
A company’s SICM Is continuously reporting false positives and false negatives The security operations team has Implemented configuration changes to troubleshoot possible reporting errors.
Which of the following sources of information best supports the required analysts process? (Select two).
- A . Third-party reports and logs
- B . Trends
- C . Dashboards
- D . Alert failures
- E . Network traffic summaries
- F . Manual review processes
A,B
Explanation:
When dealing with false positives and false negatives reported by a Security Information and Event Management (SIEM) system, the goal is to enhance the accuracy of the alerts and ensure that actual threats are identified correctly. The following sources of information best support the analysis process:
An organization recently migrated data to a new file management system. The architect decides to use a discretionary authorization model on the new system.
Which of the following best explains the architect’s choice?
- A . The responsibility of migrating data to the new file management system was outsourced to the vendor providing the platform.
- B . The permissions were not able to be migrated to the new system, and several stakeholders were made responsible for granting appropriate access.
- C . The legacy file management system did not support modern authentication techniques despite the business requirements.
- D . The data custodians were selected by business stakeholders to ensure backups of the file management system are maintained off site.
B
Explanation:
In a Discretionary Access Control (DAC) model, the data owner or an assigned stakeholder has the authority to determine who can access resources. SecurityX CAS-005 IAM objectives describe DAC as user- or owner-controlled, where permissions can be granted or revoked at the owner’s discretion.
In this scenario, because permissions from the legacy system could not be migrated, multiple stakeholders were made responsible for assigning and managing access―matching the DAC model’s characteristics.
Option A relates to outsourcing, which does not define an access control model.
Option C is about authentication limitations, unrelated to the choice of DAC.
Option D describes backup responsibilities, which are operational tasks, not access control.
While reviewing recent modem reports, a security officer discovers that several employees were contacted by the same individual who impersonated a recruiter.
Which of the following best describes this type of correlation?
- A . Spear-phishing campaign
- B . Threat modeling
- C . Red team assessment
- D . Attack pattern analysis
A
Explanation:
The situation where several employees were contacted by the same individual impersonating a recruiter best describes aspear-phishing campaign.
Here ’ s why:
Targeted Approach: Spear-phishing involves targeting specific individuals within an organization with personalized and convincing messages to trick them into divulging sensitive information or performing actions that compromise security.
Impersonation: The use of impersonation, in this case, a recruiter, is a common tactic in spear-phishing to gain the trust of the targeted individuals and increase the likelihood of a successful attack.
Correlated Contacts: The fact that several employees were contacted by the same individual suggests a coordinated effort to breach the organization’s security by targeting multiple points of entry through social engineering.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl NIST Special Publication 800-61: Computer Security Incident Handling Guide
OWASP Phishing Cheat Sheet
An administrator brings the company’s fleet of mobile devices into its PKI in order to align device WLAN NAC configurations with existing workstations and laptops. Thousands of devices need to be reconfigured in a cost-effective, time-efficient, and secure manner.
Which of the following actions best achieve this goal? (Select two)
- A . Using the existing MDM solution to integrate with directory services for authentication and
enrollment - B . Deploying netAuth extended key usage certificate templates
- C . Deploying serverAuth extended key usage certificate templates
- D . Deploying clientAuth extended key usage certificate templates
- E . Configuring SCEP on the CA with an OTP for bulk device enrollment
- F . Submitting a CSR to the CA to obtain a single certificate that can be used across all devices
A,E
Explanation:
For bulk PKI enrollment:
MDM integration with directory services streamlines certificate request and deployment per device, leveraging existing authentication methods.
Simple Certificate Enrollment Protocol (SCEP) with one-time passwords allows automated, secure, large-scale certificate issuance without manual CSR handling.
client Auth templates are used for device authentication, but selecting it alone is insufficient without automated enrollment mechanisms.
A single certificate for all devices violates PKI security principles and compromises individual device accountability.
A company detects suspicious activity associated with external connections Security detection tools are unable to categorize this activity.
Which of the following is the best solution to help the company overcome this challenge?
- A . Implement an Interactive honeypot
- B . Map network traffic to known loCs.
- C . Monitor the dark web
- D . implement UEBA
D
Explanation:
User and Entity Behavior Analytics (UEBA) is the best solution to help the company overcome challenges associated with suspicious activity that cannot be categorized by traditional detection tools. UEBA uses advanced analytics to establish baselines of normal behavior for users and entities within the network. It then identifies deviations from these baselines, which may indicate malicious activity. This approach is particularly effective for detecting unknown threats and sophisticated attacks that do not match known indicators of compromise (IoCs).
Reference: CompTIA SecurityX Study Guide, Chapter on Advanced Threat Detection and Mitigation, Section on User and Entity Behavior Analytics (UEBA).
Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?
- A . Incomplete mathematical primitives
- B . No use cases to drive adoption
- C . Quantum computers not yet capable
- D . Insufficient coprocessor support
D
Explanation:
Homomorphic encryption allows computations to be performed on encrypted data without decrypting it, preserving confidentiality. However, its adoption faces significant challenges due to performance overhead. According to the CompTIA SecurityX CAS-005 study materials (Domain 3: Cybersecurity Technology, 3.3), homomorphic encryption requires substantial computational resources, which standard processors struggle to provide efficiently. Specialized hardware, such as coprocessors (e.g., GPUs or TPUs), is oftenneeded to handle the complex mathematical operations involved. The lack of widespread, optimized coprocessor support in existing infrastructure is a primary barrier to adoption.
Option A (Incomplete mathematical primitives): While early homomorphic encryption schemes had limitations, modern schemes (e.g., CKKS, BFV) have mature mathematical foundations, making this less of a challenge today.
Option B (No use cases): Use cases exist, such as secure cloud computing and privacy-preserving data analytics, so this is not accurate.
Option C (Quantum computers): Homomorphic encryption is not dependent on quantum computing, and quantum computers are unrelated to its current challenges.
Option D (Insufficient coprocessor support): This is the most accurate, as performance bottlenecks require specialized hardware that is not yet widely available or integrated.
Reference: CompTIA SecurityX CAS-005 Official Study Guide, Domain 3: Cybersecurity Technology, Section 3.3: "Evaluate emerging cryptographic technologies, including homomorphic encryption challenges." CAS-005 Exam Objectives, 3.3: "Analyze barriers to adopting advanced encryption techniques."
A security engineer wants to improve the security of an application as part of the development pipeline. The engineer reviews the following component of an internally developed web application that allows employees to manipulate documents from a number of internal servers:
response = requests.get(url)
Users can specify the document to be parsed by passing the document URL to the application as a parameter.
Which of the following is the best solution?
- A . Indexing
- B . Output encoding
- C . Code scanner
- D . Penetration testing
C
Explanation:
The application allows users to input URLs, which the application then fetches using requests.get(url). This functionality can be exploited if not properly validated, leading to potential security vulnerabilities such as Server-Side Request Forgery (SSRF).
Implementing a code scanner as part of the development pipeline can help identify insecure coding practices, such as unsanitized user inputs and improper handling of external requests. Code scanners analyze the source code for known vulnerabilities and coding errors, enabling developers to remediate issues before deployment.
Reference: CompTIA SecurityX CAS-005 Exam Objectives, Domain 2.2: "Given a scenario, implement security in the early stages of the systems life cycle and throughout subsequent stages."
An organization is implementing Zero Trust architecture A systems administrator must increase the effectiveness of the organization’s context-aware access system.
Which of the following is the best way to improve the effectiveness of the system?
- A . Secure zone architecture
- B . Always-on VPN
- C . Accurate asset inventory
- D . Microsegmentation
D
Explanation:
Microsegmentation is a critical strategy within Zero Trust architecture that enhances context-aware access systems by dividing the network into smaller, isolated segments. This reduces the attack surface and limits lateral movement of attackers within the network. It ensures that even if one segment is compromised, the attacker cannot easily access other segments. This granular approach to network security is essential for enforcing strict access controls and monitoring within Zero Trust environments.
Reference: CompTIA SecurityX Study Guide, Chapter on Zero Trust Security, Section on Microsegmentation and Network Segmentation.