Practice Free CAS-005 Exam Online Questions
Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process.
Which of the following is the best strategy for the engineer to use?
- A . Disabling the BIOS and moving to UEFI
- B . Managing secrets on the vTPM hardware
- C . Employing shielding lo prevent LMI
- D . Managing key material on a HSM
D
Explanation:
The beststrategy for securely managing cryptographic material is to use a Hardware Security Module (HSM).
Here’s why:
Security and Integrity: HSMs are specialized hardware devices designed to protect and manage digital keys. They provide high levels of physical and logical security, ensuring that cryptographic material is well protected against tampering and unauthorized access.
Centralized Key Management: Using HSMs allows for centralized management of cryptographic keys, reducing the risks associated with decentralized and potentially insecure key storage practices, such as on personal laptops.
Compliance and Best Practices: HSMs comply with various industry standards and regulations (such
as FIPS 140-2) for secure key management. This ensures that the organization adheres to best
practices and meets compliance requirements.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl NIST Special Publication 800-57: Recommendation for Key Management
ISO/IEC 19790: 2012: Information Technology – Security Techniques – Security Requirements for Cryptographic Modules
Which of the following best explains the importance of determining organization risk appetite when operating with a constrained budget?
- A . Risk appetite directly impacts acceptance of high-impact low-likelihood events.
- B . Organizational risk appetite varies from organization to organization
- C . Budgetary pressure drives risk mitigation planning in all companies
- D . Risk appetite directly influences which breaches are disclosed publicly
A
Explanation:
Risk appetite is the amount of risk an organization is willing to accept to achieve its objectives. When operating with a constrained budget, understanding the organization’s risk appetite is crucial because:
It helps prioritize security investments based on the level of risk the organization is willing to tolerate.
High-impact, low-likelihood events may be deemed acceptable if they fall within the organization’s risk appetite, allowing for budget allocation to other critical areas.
Properly understanding and defining risk appetite ensures that limited resources are used effectively to manage risks that align with the organization’s strategic goals.
Reference: CompTIA Security+ Study Guide
NIST Risk Management Framework (RMF) guidelines
ISO 31000, "Risk Management C Guidelines"
A security analyst is reviewing the following log:
Which of the following possible events should the security analyst investigate further?
- A . A macro that was prevented from running
- B . A text file containing passwords that were leaked
- C . A malicious file that was run in this environment
- D . A PDF that exposed sensitive information improperly
B
Explanation:
Based on the log provided, the most concerning event that should be investigated further is the presence of a text file containing passwords that were leaked.
Here’s why:
Sensitive Information Exposure: A text file containing passwords represents a significant security risk, as it indicates that sensitive credentials have been exposed in plain text, potentially leading to unauthorized access.
Immediate Threat: Password leaks can lead to immediate exploitation by attackers, compromising user accounts and sensitive data. This requires urgent investi
A healthcare system recently suffered from a ransomware incident. As a result, the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits, and had open RDP access to servers with personal health information.
As the consultant builds the remediation plan, which of the following solutions would best solve these challenges? (Select three).
- A . SD-WAN
- B . PAM
- C . Remote access VPN
- D . MFA
- E . Network segmentation
- F . BGP
- G . NAC
B, D, E
Explanation:
Privileged Access Management (PAM)restricts elevated permissions, reducing the risk of widespread ransomware attacks. Ulti-Factor Authentication (MFA)protects against credential theft and ensures that even if passwords are compromised, accounts are not easily accessible. Network segmentation breaks the flat network into secure zones, limiting lateral movement by attackers. SD-WAN and BGP relate to network routing and efficiency, not security architecture specifically. Remote access VPN secures external access but does not solve internal flat network issues. Network Access Control (NAC) is helpful but secondary compared to PAM, MFA, and segmentation in this context.
Reference: CompTIA SecurityX CAS-005, Domain 2.0: Implement identity and access controls, network segmentation, and authentication hardening to mitigate internal threats.
Audit findings indicate several user endpoints are not utilizing full disk encryption During me remediation process, a compliance analyst reviews the testing details for the endpoints and notes the endpoint device configuration does not support full disk encryption.
Which of the following is the most likely reason me device must be replaced’
- A . The HSM is outdated and no longer supported by the manufacturer
- B . The vTPM was not properly initialized and is corrupt.
- C . The HSM is vulnerable to common exploits and a firmware upgrade is needed
- D . The motherboard was not configured with a TPM from the OEM supplier.
- E . The HSM does not support sealing storage
D
Explanation:
The most likely reason the device must be replaced is that the motherboard was not configured with a TPM (Trusted Platform Module) from the OEM (Original Equipment Manufacturer) supplier.
Why TPM is Necessary for Full Disk Encryption:
Hardware-Based Security: TPM provides a hardware-based mechanism to store encryption keys securely, which is essential for full disk encryption.
Compatibility: Full disk encryption solutions, such as BitLocker, require TPM to ensure that the encryption keys are securely stored and managed.
Integrity Checks: TPM enables system integrity checks during boot, ensuring that the device has not been tampered with.
Other options do not directly address the requirement for TPM in supporting full disk encryption: A. The HSM is outdated: While HSM (Hardware Security Module) is important for security, it is not typically used for full disk encryption.
B. The vTPM was not properly initialized: vTPM (virtual TPM) is less common and not typically a reason for requiring hardware replacement.
C. The HSM is vulnerable to common exploits: This would require a firmware upgrade, not replacement of the device.
E. The HSM does not support sealing storage: Sealing storage is relevant but not the primary reason
for requiring TPM for full disk encryption.
Reference: CompTIA SecurityX Study Guide
"Trusted Platform Module (TPM) Overview, " Microsoft Documentation "BitLocker Deployment Guide, " Microsoft Documentation
A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:
Which of the following is the most appropriate action for the analyst to take?
- A . Update the log configuration settings on the directory server that Is not being captured properly.
- B . Have the admin account owner change their password to avoid credential stuffing.
- C . Block employees from logging in to applications that are not part of their business area.
- D . implement automation to disable accounts that nave been associated with high-risk activity.
D
Explanation:
The log-in activity indicates a security threat, particularly involving the ADMIN account with a high-risk failure status. This suggests that the account may be targeted by malicious activities such as credential stuffing or brute force attacks.
Updating log configuration settings (A) may help in better logging future activities but does not address the immediate threat.
Changing the admin account password (B) is a good practice but may not fully mitigate the ongoing threat if the account has already been compromised.
Blocking employees (C) from logging into non-business applications might help in reducing attack surfaces but doesn’t directly address the compromised account issue.
Implementing automation to disable accounts associated with high-risk activities ensures an immediate response to the detected threat, preventing further unauthorized access and allowing time for thorough investigation and remediation.
Reference: CompTIA SecurityX guide on incident response and account management.
Best practices for handling compromised accounts.
Automation tools and techniques for security operations centers (SOCs).
An organization recently implemented a purchasing freeze that has impacted endpoint life-cycle management efforts.
Which of the following should a security manager do to reduce risk without replacing the endpoints?
- A . Remove unneeded services
- B . Deploy EDR
- C . Dispose of end-of-support devices
- D . Reimage the system
A
Explanation:
Removing unnecessary services from existing endpoints reduces the attack surface by minimizing the number of potential vulnerabilities attackers could exploit. This is a cost-effective method to harden devices without requiring new purchases, aligning perfectly with a purchasing freeze. Deploying new EDR solutions or disposing of devices would likely conflict with the resource freeze, and reimaging systems does not address minimizing services proactively.
Reference: CompTIA SecurityX CAS-005, Domain 3.0: Implement endpoint security controls and hardening techniques.
During a security assessment using an CDR solution, a security engineer generates the following report about the assets in me system:
After five days, the EDR console reports an infection on the host 0WIN23 by a remote access Trojan.
Which of the following is the most probable cause of the infection?
- A . OW1N23 uses a legacy version of Windows that is not supported by the EDR
- B . LN002 was not supported by the EDR solution and propagates the RAT
- C . The EDR has an unknown vulnerability that was exploited by the attacker.
- D . 0W1N29 spreads the malware through other hosts in the network
A
Explanation:
OWIN23 is running Windows 7, which is a legacy operating system. Many EDR solutions no longer provide full support for outdated operating systems like Windows 7, which has reached its end of life and is no longer receiving security updates from Microsoft. This makes such systems more vulnerable to infections and attacks, including remote access Trojans (RATs).
An organization is implementing Zero Trust architecture A systems administrator must increase the effectiveness of the organization’s context-aware access system.
Which of the following is the best way to improve the effectiveness of the system?
- A . Secure zone architecture
- B . Always-on VPN
- C . Accurate asset inventory
- D . Microsegmentation
D
Explanation:
Microsegmentation is a critical strategy within Zero Trust architecture that enhances context-aware access systems by dividing the network into smaller, isolated segments. This reduces the attack surface and limits lateral movement of attackers within the network. It ensures that even if one segment is compromised, the attacker cannot easily access other segments. This granular approach to network security is essential for enforcing strict access controls and monitoring within Zero Trust environments.
Reference: CompTIA SecurityX Study Guide, Chapter on Zero Trust Security, Section on Microsegmentation and Network Segmentation.
A senior security engineer flags the following log file snippet as having likely facilitated an attacker’s lateral movement in a recent breach:
qry_source: 19.27.214.22 TCP/53
qry_dest: 199.105.22.13 TCP/53
qry_type: AXFR
| in comptia.org
———— directoryserver1 A 10.80.8.10
————directoryserver2 A 10.80.8.11
———— directoryserver3 A 10.80.8.12
———— internal-dns A 10.80.9.1
———– www-int A 10.80.9.3
———— fshare A 10.80.9.4
———— sip A 10.80.9.5
———— msn-crit-apcs A 10.81.22.33
Which of the following solutions, if implemented, would mitigate the risk of this issue reoccurring?
- A . Disabling DNS zone transfers
- B . Restricting DNS traffic to UDP/53
- C . Implementing DNS masking on internal servers
- D . Permitting only clients from internal networks to query DNS
A
Explanation:
Comprehensive and Detailed
The log shows an AXFR (zone transfer) query, which exposed internal DNS records, aiding lateral movement. Let’s evaluate: