Practice Free CAS-005 Exam Online Questions
A company recently experienced a ransomware attack. Although the company performs systems and data backup on a schedule that aligns with its RPO (Recovery Point Objective) requirements, the backup administrator could not recover critical systems and data from its offline backups to meet the RPO. Eventually, the systems and data were restored with information that was six months outside of RPO requirements.
Which of the following actions should the company take to reduce the risk of a similar attack?
- A . Encrypt and label the backup tapes with the appropriate retention schedule before they are sent to the off-site location.
- B . Implement a business continuity process that includes reverting manual business processes.
- C . Perform regular disaster recovery testing of IT and non-IT systems and processes.
- D . Carry out a tabletop exercise to update and verify the RACI matrix with IT and critical business functions.
C
Explanation:
Comprehensive and Detailed
Understanding the Ransomware Issue:
The key issue here is that backups were not recoverable within the required RPO timeframe.
This means the organization did not properly test its backup and disaster recovery (DR) processes.
To prevent this from happening again, regular disaster recovery testing is essential.
Why Option C is Correct:
Disaster recovery testing ensures that backups are functional and can meet business continuity needs.
Frequent DR testing allows organizations to identify and fix gaps in recovery strategies.
Regular testing ensures that recovery meets the RPO & RTO (Recovery Time Objective) requirements.
Why Other Options Are Incorrect:
A (Encrypt & label backup tapes): While encryption is important, it does not address the failure to meet RPO requirements.
B (Reverting to manual business processes): While a manual continuity plan is good for resilience, it does not resolve the backup and recovery failure.
D (Tabletop exercise & RACI matrix): A tabletop exercise is a planning activity, but it does not involve
actual recovery testing.
Reference: CompTIA SecurityX CAS-005 Official Study Guide: Disaster Recovery & Business Continuity Planning
NIST SP 800-34: Contingency Planning Guide for Information Systems
ISO 22301: Business Continuity Management Standards
Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole.
Which of the following is the best way to achieve this goal? (Select two).
Implementing DLP controls preventing sensitive data from leaving Company B’s network
- A . Documenting third-party connections used by Company B
- B . Reviewing the privacy policies currently adopted by Company B
- C . Requiring data sensitivity labeling tor all files shared with Company B
- D . Forcing a password reset requiring more stringent passwords for users on Company B’s network
- E . Performing an architectural review of Company B’s network
A, B
Explanation:
To determine how the acquisition of Company B will impact the attack surface, the following steps are crucial:
An external threat actor attacks public infrastructure providers. In response to the attack and during follow-up activities, various providers share information obtained during response efforts.
After the attack, energy sector companies share their status and response data:
Company SIEM UEBA DLP ISAC Member TIP Integration Time to Detect Time to Respond
1 Yes No Yes Yes Yes 10 minutes 20 minutes
2 Yes Yes Yes Yes No 20 minutes 40 minutes
3 Yes Yes No No Yes 12 minutes 24 minutes
Which of the following is the most important issue to address to defend against future attacks?
- A . Failure to implement a UEBA system
- B . Failure to implement a DLP system
- C . Failure to join the industry ISAC
- D . Failure to integrate with the TIP
C
Explanation:
The data provided shows that all companies have SIEM systems, but they differ in their implementation of UEBA, DLP, ISAC membership, and TIP integration. The key metric to evaluate is the effectiveness in detecting and responding to attacks, as shown by the "Time to Detect" and "Time to Respond" columns. Company 1, which is an ISAC member, has the fastest detection (10 minutes) and response (20 minutes) times. Company 3, which is not an ISAC member, has slower detection (12 minutes) and response (24 minutes) times, despite having UEBA and TIP integration. Company 2, which lacks TIP integration but is an ISAC member, has the slowest times (20 minutes to detect, 40 minutes to respond). This suggests that ISAC membership correlates with faster detection and response, likely due to access to shared threat intelligence.
According to the CompTIA SecurityX CAS-005 objectives (Domain 2: Security Operations, 2.2), Information Sharing and Analysis Centers (ISACs) are critical for enabling organizations to share real-timethreat intelligence within their industry. ISACs provide access to actionable intelligence, best practices, and coordinated response strategies, which are essential for defending against sophisticated attacks targeting critical infrastructure like the energy sector. The lack of ISAC membership (Company 3) limits access to this intelligence, hindering proactive defense and response capabilities. While UEBA, DLP, and TIP integration are valuable, they are more focused on internal monitoring, data protection, and individual threat intelligence feeds, respectively, and do not provide the same industry-wide collaboration as an ISAC.
Reference: CompTIA SecurityX CAS-005 Official Study Guide, Domain 2: Security Operations, Section 2.2: "Explain the importance of threat intelligence sharing and collaboration, including ISACs." CAS-005 Exam Objectives, 2.2: "Analyze the impact of information sharing on incident response efficiency."
An external threat actor attacks public infrastructure providers. In response to the attack and during follow-up activities, various providers share information obtained during response efforts.
After the attack, energy sector companies share their status and response data:
Company SIEM UEBA DLP ISAC Member TIP Integration Time to Detect Time to Respond
1 Yes No Yes Yes Yes 10 minutes 20 minutes
2 Yes Yes Yes Yes No 20 minutes 40 minutes
3 Yes Yes No No Yes 12 minutes 24 minutes
Which of the following is the most important issue to address to defend against future attacks?
- A . Failure to implement a UEBA system
- B . Failure to implement a DLP system
- C . Failure to join the industry ISAC
- D . Failure to integrate with the TIP
C
Explanation:
The data provided shows that all companies have SIEM systems, but they differ in their implementation of UEBA, DLP, ISAC membership, and TIP integration. The key metric to evaluate is the effectiveness in detecting and responding to attacks, as shown by the "Time to Detect" and "Time to Respond" columns. Company 1, which is an ISAC member, has the fastest detection (10 minutes) and response (20 minutes) times. Company 3, which is not an ISAC member, has slower detection (12 minutes) and response (24 minutes) times, despite having UEBA and TIP integration. Company 2, which lacks TIP integration but is an ISAC member, has the slowest times (20 minutes to detect, 40 minutes to respond). This suggests that ISAC membership correlates with faster detection and response, likely due to access to shared threat intelligence.
According to the CompTIA SecurityX CAS-005 objectives (Domain 2: Security Operations, 2.2), Information Sharing and Analysis Centers (ISACs) are critical for enabling organizations to share real-timethreat intelligence within their industry. ISACs provide access to actionable intelligence, best practices, and coordinated response strategies, which are essential for defending against sophisticated attacks targeting critical infrastructure like the energy sector. The lack of ISAC membership (Company 3) limits access to this intelligence, hindering proactive defense and response capabilities. While UEBA, DLP, and TIP integration are valuable, they are more focused on internal monitoring, data protection, and individual threat intelligence feeds, respectively, and do not provide the same industry-wide collaboration as an ISAC.
Reference: CompTIA SecurityX CAS-005 Official Study Guide, Domain 2: Security Operations, Section 2.2: "Explain the importance of threat intelligence sharing and collaboration, including ISACs." CAS-005 Exam Objectives, 2.2: "Analyze the impact of information sharing on incident response efficiency."
An external threat actor attacks public infrastructure providers. In response to the attack and during follow-up activities, various providers share information obtained during response efforts.
After the attack, energy sector companies share their status and response data:
Company SIEM UEBA DLP ISAC Member TIP Integration Time to Detect Time to Respond
1 Yes No Yes Yes Yes 10 minutes 20 minutes
2 Yes Yes Yes Yes No 20 minutes 40 minutes
3 Yes Yes No No Yes 12 minutes 24 minutes
Which of the following is the most important issue to address to defend against future attacks?
- A . Failure to implement a UEBA system
- B . Failure to implement a DLP system
- C . Failure to join the industry ISAC
- D . Failure to integrate with the TIP
C
Explanation:
The data provided shows that all companies have SIEM systems, but they differ in their implementation of UEBA, DLP, ISAC membership, and TIP integration. The key metric to evaluate is the effectiveness in detecting and responding to attacks, as shown by the "Time to Detect" and "Time to Respond" columns. Company 1, which is an ISAC member, has the fastest detection (10 minutes) and response (20 minutes) times. Company 3, which is not an ISAC member, has slower detection (12 minutes) and response (24 minutes) times, despite having UEBA and TIP integration. Company 2, which lacks TIP integration but is an ISAC member, has the slowest times (20 minutes to detect, 40 minutes to respond). This suggests that ISAC membership correlates with faster detection and response, likely due to access to shared threat intelligence.
According to the CompTIA SecurityX CAS-005 objectives (Domain 2: Security Operations, 2.2), Information Sharing and Analysis Centers (ISACs) are critical for enabling organizations to share real-timethreat intelligence within their industry. ISACs provide access to actionable intelligence, best practices, and coordinated response strategies, which are essential for defending against sophisticated attacks targeting critical infrastructure like the energy sector. The lack of ISAC membership (Company 3) limits access to this intelligence, hindering proactive defense and response capabilities. While UEBA, DLP, and TIP integration are valuable, they are more focused on internal monitoring, data protection, and individual threat intelligence feeds, respectively, and do not provide the same industry-wide collaboration as an ISAC.
Reference: CompTIA SecurityX CAS-005 Official Study Guide, Domain 2: Security Operations, Section 2.2: "Explain the importance of threat intelligence sharing and collaboration, including ISACs." CAS-005 Exam Objectives, 2.2: "Analyze the impact of information sharing on incident response efficiency."
Previously intercepted communications must remain secure even if a current encryption key is compromised in the future.
Which of the following best supports this requirement?
- A . Tokenization
- B . Key stretching
- C . Forward secrecy
- D . Simultaneous authentication of equals
C
Explanation:
Forward secrecy (FS) ensures that past encrypted data remains secure even if encryption keys are compromised in the future. It generates ephemeral session keys that are not reused.
Other options:
A (Tokenization) replaces sensitive data with tokens but does not prevent key compromise.
B (Key stretching) makes brute-force attacks harder but does not ensure secrecy after compromise.
D (Simultaneous Authentication of Equals C SAE) is used in WPA3 but is not related to past communication security.
Reference: CASP+ CAS-005 C Cryptographic Concepts and Key Management
Embedded malware has been discovered in a popular PDF reader application and is currently being exploited in the wild. Because the supply chain was compromised, this malware is present in versions 10.0 through 10.3 of the software’s official versions. The malware is not present in version 10.4.
Since the details around this malware are still emerging, the Chief Information Security Officer has asked the senior security analyst to collaborate with the IT asset inventory manager to find instances of the installed software in order to begin response activities. The asset inventory manager has asked an analyst to provide a regular expression that will identify the affected versions.
The software installation entries are formatted as follows:
Reader 10.0
Reader 10.1
Reader 10.2
Reader 10.3
Reader 10.4
Which of the following regular expression entries will accuratelyidentify all the affected versions?
- A . Reader(*)[1][0].[0-4:
- B . Reader[11[01X.f0-3′
- C . Reader( )[1][0].[0-3:
- D . Reader( )[1][0] X.[1-3:
C
Explanation:
Comprehensive and Detailed Step-by-Step
Understand the Question Requirements:
The goal is to use a regular expression (regex) to match software versions 10.0 through 10.3, but exclude version 10.4.
Review Regex Syntax:
[ ] indicates a character set (matches any one character in the set).
[0-3] matches any digit between 0 and 3.
. escapes the period (.) so it matches a literal period instead of acting as a wildcard. ( ) groups parts of the regex together.
Analyze Each Option:
Option A: Reader(*)[1][0].[0-4:
Incorrect. The use of (*) is not valid syntax in this context and [0-4 is incomplete or misformatted.
Option B: Reader[11[01X.f0-3′
Incorrect. This is an invalid regex syntax, mixing character sets and mismatched brackets.
Option C: Reader( )[1][0].[0-3:
Correct. This regex is valid and matches "Reader 10.0", "Reader 10.1", "Reader 10.2", and "Reader 10.3" while excluding "Reader 10.4".
Breakdown:
Reader: Matches the text "Reader".
[1][0]: Matches "10" as a combination of two characters.
.: Matches the literal period.
[0-3]: Matches any single digit between 0 and 3.
Option D: Reader( )[1][0] X.[1-3:
Incorrect. The syntax X.[1-3 is invalid, and this does not match the required versions. Conclusion:
The regex in Option C correctly identifies all affected versions (10.0, 10.1, 10.2, 10.3) while excluding the unaffected version (10.4).
Reference: CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter on Vulnerability Management.
CompTIA CASP+ Exam Objectives: "Analyze risks associated with new vulnerabilities." Regular Expressions Documentation from CASP+ Official Reference Materials.
Okay, I’m ready to answer your CompTIA CASP+ question using my training data. Here’s the question and answer in the requested format:
A financial services organization is using Al lo fully automate the process of deciding client loan rates.
Which of the following should the organization be most concerned about from a privacy perspective?
- A . Model explainability
- B . Credential Theft
- C . Possible prompt Injections
- D . Exposure to social engineering
A
Explanation:
When using AI to fully automate the process of deciding client loan rates, the primary concern from a privacy perspective is model explainability.
Why Model Explainability is Critical:
Transparency: It ensures that the decision-making process of the AI model can be understood and explained to stakeholders, including clients.
Accountability: Helps in identifying biases and errors in the model, ensuring that the AI is making fair and unbiased decisions.
Regulatory Compliance: Various regulations require that decisions, especially those affecting individuals’ financial status, can be explained and justified.
Trust: Builds trust among users and stakeholders by demonstrating that the AI decisions are transparent and justifiable.
Other options, such as credential theft, prompt injections, and social engineering, are significant concerns but do not directly address the privacy and fairness implications of automated decision-making.
Reference: CompTIA SecurityX Study Guide
"The Importance of Explainability in AI, " IEEE Xplore
GDPR Article 22, "Automated Individual Decision-Making, Including Profiling"
A company wants to improve and automate the compliance of its cloud environments to meet industry standards.
Which of the following resources should the company use to best achieve this goal?
- A . Jenkins
- B . Python
- C . Ansible
- D . PowerShell
C
Explanation:
Comprehensive and Detailed
Automating compliance in cloud environments requires a tool that can enforce configurations, manage infrastructure as code, and align with industry standards (e.g., NIST, ISO).
Let’s evaluate:
A security architect must make sure that the least number of services as possible is exposed in order to limit an adversary’s ability to access the systems.
Which of the following should the architect do first?
- A . Enforce Secure Boot.
- B . Perform attack surface reduction.
- C . Disable third-party integrations.
- D . Limit access to the systems.
B
Explanation:
Attack surface reduction focuses on minimizing unnecessary services, open ports, and vulnerabilities, reducing the exposure to potential adversaries. This aligns with zero trust and least privilege principles.
Secure Boot (A) helps ensure system integrity but does not minimize exposed services.
Disabling third-party integrations (C) may help, but broader attack surface reduction is the best first step.
Limiting access (D) is important but does not directly reduce exposed services.
Reference: CompTIA SecurityX (CAS-005) Exam Objectives – Domain 2.0 (Security Architecture), Section on Attack Surface Management and Reduction