Practice Free CAS-005 Exam Online Questions
A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:
Which of the following is the most appropriate action for the analyst to take?
- A . Update the log configuration settings on the directory server that Is not being captured properly.
- B . Have the admin account owner change their password to avoid credential stuffing.
- C . Block employees from logging in to applications that are not part of their business area.
- D . implement automation to disable accounts that nave been associated with high-risk activity.
D
Explanation:
The log-in activity indicates a security threat, particularly involving the ADMIN account with a high-risk failure status. This suggests that the account may be targeted by malicious activities such as credential stuffing or brute force attacks.
Updating log configuration settings (A) may help in better logging future activities but does not address the immediate threat.
Changing the admin account password (B) is a good practice but may not fully mitigate the ongoing threat if the account has already been compromised.
Blocking employees (C) from logging into non-business applications might help in reducing attack surfaces but doesn’t directly address the compromised account issue.
Implementing automation to disable accounts associated with high-risk activities ensures an immediate response to the detected threat, preventing further unauthorized access and allowing time for thorough investigation and remediation.
Reference: CompTIA SecurityX guide on incident response and account management.
Best practices for handling compromised accounts.
Automation tools and techniques for security operations centers (SOCs).
The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep.
Which of the following solutions are the best ways to mitigate this issue? (Select two). Setting different access controls defined by business area
- A . Implementing a role-based access policy
- B . Designing a least-needed privilege policy
- C . Establishing a mandatory vacation policy
- D . Performing periodic access reviews
- E . Requiring periodic job rotation
A,D
Explanation:
To mitigate the issue of excessive permissions and privilege creep, the best solutions are:
Implementing a Role-Based Access Policy:
Role-Based Access Control (RBAC): This policy ensures that access permissions are granted based on the user’s role within the organization, aligning with the principle of least privilege. Users are only granted access necessary for their role, reducing the risk of excessive permissions.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations
Performing Periodic Access Reviews:
Regular Audits: Periodic access reviews help identify and rectify instances of privilege creep by ensuring that users’ access permissions are appropriate for their current roles. These reviews can highlight unnecessary or outdated permissions, allowing for timely adjustments.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl ISO/IEC 27001:2013 – Information Security Management
A company wants to protect against the most common attacks and rapidly integrate with different programming languages.
Which of the following technologies is most likely to meet this need?
- A . RASP
- B . Cloud-based IDE
- C . DAST
- D . NIPS
A
Explanation:
Comprehensive and Detailed Step-by-Step
Runtime Application Self-Protection (RASP) (A)monitors and protects applications in real time by detecting and blocking attacks as they occur. Unlike traditional security solutions, RASP is integrated into the application itself, meaning it works regardless of the programming language used. It effectively mitigates common vulnerabilities such as SQL injection, XSS, and buffer overflows. Dynamic Application Security Testing (DAST) (C) is a passive scanning approach that may not prevent attacks in real-time, while Network Intrusion PreventionSystems (NIPS) (D) focuses on network traffic, not application-layer security.
A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries.
Which of the following should the organization most likely leverage to facilitate this activity? (Select two).
- A . CWPP
- B . YAKA
- C . ATTACK
- D . STIX
- E . TAXII
- F . JTAG
D,E
Explanation:
D. STIX (Structured Threat Information eXpression): STIX is a standardized language for representing threat information in a structured and machine-readable format. It facilitates the sharing of threat intelligence by ensuring that data is consistent and can be easily understood by all parties involved.
E. TAXII (Trusted Automated eXchange of Indicator Information): TAXII is a transport mechanism that enables the sharing of cyber threat information over a secure and trusted network. It works in conjunction with STIX to automate the exchange of threat intelligence among organizations.
Other options:
A developer needs to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module.
Which of the following is the most appropriate technique?
- A . Key splitting
- B . Key escrow
- C . Key rotation
- D . Key encryption
- E . Key stretching
E
Explanation:
The most appropriate technique to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module is key stretching.
Here’s why:
Enhanced Security: Key stretching algorithms, such as PBKDF2, bcrypt, and scrypt, increase the computational effort required to derive the encryption key from the password, making brute-force attacks more difficult and time-consuming.
Compatibility: Key stretching can be implemented alongside existing cryptographic modules, enhancing their security without the need for a complete overhaul.
Industry Best Practices: Key stretching is a widely recommended practice for securely storing passwords, as it significantly improves resistance to password-cracking attacks.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle Management
OWASP Password Storage Cheat Sheet
A security administrator needs to automate alerting. The server generates structured log files that need to be parsed to determine whether an alarm has been triggered.
Given the following code function:
Which of the following is most likely the log input that the code will parse?
A)
B)
C)
D)
- A . Option A
- B . Option B
- C . Option C
- D . Option D
A
Explanation:
The code function provided in the question seems tobe designed to parse JSON formatted logs to check for an alarm state. Option A is a JSON format that matches the structure likely expected by the code. The presence of the "error_log" and "InAlarmState" keys suggests that this is the correct input format.
Reference: CompTIA SecurityX Study Guide, Chapter on Log Management and Automation, Section on Parsing Structured Logs.
A security engineer must resolve a vulnerability in a deprecated version of Python for a custom-developed flight simulation application that is monitored and controlled remotely. The source code is proprietary and built with Python functions running on the Ubuntu operating system. Version control is not enabled for the application in development or production. However, the application must remain online in the production environment using built-in features.
Which of the following solutions best reduces the attack surface of these issues and meets the outlined requirements?
- A . Configure code-signing within the CI/CD pipeline, update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.
- B . Enable branch protection in the GitHub repository. Update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.
- C . Use an NFS network share. Update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.
- D . Configure version designation within the Python interpreter. Update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.
A
Explanation:
Code-signing within the CI/CD pipeline ensures that only verified and signed code is deployed, mitigating the risk of supply chain attacks. Updating Python with aptitude and updating modules with pip ensures vulnerabilities are patched. Deploying the solution to production after testing maintains application availability while securing the development lifecycle.
Branch protection (B) applies only to version-controlled environments, which is not the case here.
NFS network share (C) does not address the deprecated Python vulnerability.
Version designation (D) does not eliminate security risks from outdated dependencies.
Reference: CompTIA SecurityX (CAS-005) Exam Objectives – Domain 3.0 (Security Engineering), Section on Software Assurance and Secure Development
A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.
Which of the following would be best to proceed with the transformation?
- A . An on-premises solution as a backup
- B . A load balancer with a round-robin configuration
- C . A multicloud provider solution
- D . An active-active solution within the same tenant
C
Explanation:
Multicloud provider solutions involve using services from more than one cloud provider to ensure resiliency and redundancy. In the event of a failure or SLA breach by one CSP, another provider can maintain service continuity. An on-premises backup could help, but does not address CSP-specific SLA concerns directly. Round-robin load balancing and active-active within the same tenant still depend on a single provider, thus posing risks if the CSP fails.
Reference: CompTIA SecurityX CAS-005, Domain 4.0: Implement redundancy and fault-tolerant strategies, including multicloud deployment for service resiliency.
A company lined an email service provider called my-email.com to deliver company emails. The company stalled having several issues during the migration.
A security engineer is troubleshooting and observes the following configuration snippet:
Which of the following should the security engineer modify to fix the issue? (Select two).
- A . The email CNAME record must be changed to a type A record pointing to 192.168.111
- B . The TXT record must be Changed to "v=dmarc ip4:192.168.1.10 include:my-email.com -all"
- C . The srvo1 A record must be changed to a type CNAME record pointing to the email server
- D . The email CNAMErecord must be changed to a type A record pointing to 192.168.1.10
- E . The TXT record must be changed to "v=dkim ip4:l92.168.1.11 include my-email.com -ell"
- F . The TXT record must be Changed to "v=dkim ip4:192.168.1.10 include:email-all"
- G . The srv01 A record must be changed to a type CNAME record pointing to the web01 server
B,D
Explanation:
The security engineer should modify the following to fix the email migration issues:
Email CNAME Record: The email CNAME record must be changed to a type A record pointing to 192.168.1.10. This is because CNAME records should not be used where an IP address (A record) is required. Changing it to an A record ensures direct pointing to the correct IP.
TXT Record for DMARC: The TXT record must be changed to "v=dmarc ip4:192.168.1.10 include com -all". This ensures proper configuration of DMARC (Domain-based Message Authentication, Reporting & Conformance) to include the correct IP address and the email service provider domain. DMARC: Ensuring the DMARC record is correctly set up helps in preventing email spoofing and phishing, aligning with email security best practices.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
RFC 7489: Domain-based Message Authentication, Reporting & Conformance (DMARC)
NIST Special Publication 800-45: Guidelines on Electronic Mail Security
After remote desktop capabilities were deployed in the environment, various vulnerabilities were noticed.
• Exfiltration of intellectual property
• Unencrypted files
• Weak user passwords
Which of the following is the best way to mitigate these vulnerabilities? (Select two).
- A . Implementing data loss prevention
- B . Deploying file integrity monitoring
- C . Restricting access to critical file services only
- D . Deploying directory-based group policies
- E . Enabling modem authentication that supports MFA
- F . Implementing a version control system
- G . Implementing a CMDB platform
A,E
Explanation:
To mitigate the identified vulnerabilities, the following solutions are most appropriate: