Practice Free CAS-005 Exam Online Questions
Question #21
A recent security audit identified multiple endpoints have the following vulnerabilities:
• Various unsecured open ports
• Active accounts for terminated personnel
• Endpoint protection software with legacy versions
• Overly permissive access rules
Which of the following would best mitigate these risks? (Select three).
- A . Local drive encryption
- B . Secure boot
- C . Address space layout randomization
- D . Unneeded services disabled
- E . Patching
- F . Logging
- G . Removal of unused accounts
- H . Enabling BIOS password
Correct Answer: D,E,G
D,E,G
Explanation:
Disabling unneeded services reduces the attack surface by closing open ports. Patchingensures that endpoint protection software and operating systems are up-to-date, reducing vulnerability exposure. Removing unused accounts eliminates access paths for malicious users exploiting dormant accounts. Secure boot, BIOS passwords, and drive encryption are important, but they address different layers of security than the vulnerabilities listed.
Reference: CompTIA SecurityX CAS-005, Domain 2.0: Apply system hardening techniques to endpoint security issues.
D,E,G
Explanation:
Disabling unneeded services reduces the attack surface by closing open ports. Patchingensures that endpoint protection software and operating systems are up-to-date, reducing vulnerability exposure. Removing unused accounts eliminates access paths for malicious users exploiting dormant accounts. Secure boot, BIOS passwords, and drive encryption are important, but they address different layers of security than the vulnerabilities listed.
Reference: CompTIA SecurityX CAS-005, Domain 2.0: Apply system hardening techniques to endpoint security issues.
Question #22
A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin.
Which of the following best describes the cyberthreat to the bank?
- A . Ability to obtain components during wartime
- B . Fragility and other availability attacks
- C . Physical Implants and tampering
- D . Non-conformance to accepted manufacturing standards
Correct Answer: C
C
Explanation:
The best description of the cyber threat to a central bank implementing strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin, is the risk of physical implants and tampering.
Here’s why:
Supply Chain Security: The supply chain is a critical vector for hardware tampering and physical implants, which can compromise the integrity and security of hardware components before they reach the organization.
Targeted Attacks: Banks and financial institutions are high-value targets, making them susceptible to sophisticated attacks, including those involving physical implants that can be introduced during manufacturing or shipping processes.
Strict Mitigations: Implementing an allow list for specific countries aims to mitigate the risk of supply chain attacks by limiting the sources of hardware. However, the primary concern remains the introduction of malicious components through tampering.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-161: Supply Chain Risk Management Practices for Federal Information Systems and Organizations
ISO/IEC 20243:2018 – Information Technology – Open Trusted Technology Provider Standard
C
Explanation:
The best description of the cyber threat to a central bank implementing strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin, is the risk of physical implants and tampering.
Here’s why:
Supply Chain Security: The supply chain is a critical vector for hardware tampering and physical implants, which can compromise the integrity and security of hardware components before they reach the organization.
Targeted Attacks: Banks and financial institutions are high-value targets, making them susceptible to sophisticated attacks, including those involving physical implants that can be introduced during manufacturing or shipping processes.
Strict Mitigations: Implementing an allow list for specific countries aims to mitigate the risk of supply chain attacks by limiting the sources of hardware. However, the primary concern remains the introduction of malicious components through tampering.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-161: Supply Chain Risk Management Practices for Federal Information Systems and Organizations
ISO/IEC 20243:2018 – Information Technology – Open Trusted Technology Provider Standard
Question #22
A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin.
Which of the following best describes the cyberthreat to the bank?
- A . Ability to obtain components during wartime
- B . Fragility and other availability attacks
- C . Physical Implants and tampering
- D . Non-conformance to accepted manufacturing standards
Correct Answer: C
C
Explanation:
The best description of the cyber threat to a central bank implementing strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin, is the risk of physical implants and tampering.
Here’s why:
Supply Chain Security: The supply chain is a critical vector for hardware tampering and physical implants, which can compromise the integrity and security of hardware components before they reach the organization.
Targeted Attacks: Banks and financial institutions are high-value targets, making them susceptible to sophisticated attacks, including those involving physical implants that can be introduced during manufacturing or shipping processes.
Strict Mitigations: Implementing an allow list for specific countries aims to mitigate the risk of supply chain attacks by limiting the sources of hardware. However, the primary concern remains the introduction of malicious components through tampering.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-161: Supply Chain Risk Management Practices for Federal Information Systems and Organizations
ISO/IEC 20243:2018 – Information Technology – Open Trusted Technology Provider Standard
C
Explanation:
The best description of the cyber threat to a central bank implementing strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin, is the risk of physical implants and tampering.
Here’s why:
Supply Chain Security: The supply chain is a critical vector for hardware tampering and physical implants, which can compromise the integrity and security of hardware components before they reach the organization.
Targeted Attacks: Banks and financial institutions are high-value targets, making them susceptible to sophisticated attacks, including those involving physical implants that can be introduced during manufacturing or shipping processes.
Strict Mitigations: Implementing an allow list for specific countries aims to mitigate the risk of supply chain attacks by limiting the sources of hardware. However, the primary concern remains the introduction of malicious components through tampering.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-161: Supply Chain Risk Management Practices for Federal Information Systems and Organizations
ISO/IEC 20243:2018 – Information Technology – Open Trusted Technology Provider Standard
Question #24
A vulnerability can on a web server identified the following:
Which of the following actions would most likely eliminate on path decryption attacks? (Select two).
- A . Disallowing cipher suites that use ephemeral modes of operation for key agreement
- B . Removing support for CBC-based key exchange and signing algorithms
- C . Adding TLS_ECDHE_ECDSA_WITH_AE3_256_GCMS_HA256
- D . Implementing HIPS rules to identify and block BEAST attack attempts
- E . Restricting cipher suites to only allow TLS_RSA_WITH_AES_128_CBC_SHA
- F . Increasing the key length to 256 for TLS_RSA_WITH_AES_128_CBC_SHA
Correct Answer: B,C
B,C
Explanation:
On-path decryption attacks, such as BEAST (Browser Exploit Against SSL/TLS) and other related vulnerabilities, often exploit weaknesses in the implementation of CBC (Cipher Block Chaining) mode.
To mitigate these attacks, the following actions are recommended:
B. Removing support for CBC-based key exchange and signing algorithms: CBC mode is vulnerable to certain attacks like BEAST. By removing support for CBC-based ciphers, you can eliminate one of the primary vectors for these attacks. Instead, use modern cipher modes like GCM (Galois/Counter Mode) which offer better security properties.
C. Adding TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256: This cipher suite uses Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) for key exchange, which provides perfect forward secrecy. It also uses AES in GCM mode, which is not susceptible to the same attacks as CBC. SHA-256 is a strong hash function that ensures data integrity.
Reference: CompTIA Security+ Study Guide
NIST SP 800-52 Rev. 2, "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations"
OWASP (Open Web Application Security Project) guidelines on cryptography and secure communication
B,C
Explanation:
On-path decryption attacks, such as BEAST (Browser Exploit Against SSL/TLS) and other related vulnerabilities, often exploit weaknesses in the implementation of CBC (Cipher Block Chaining) mode.
To mitigate these attacks, the following actions are recommended:
B. Removing support for CBC-based key exchange and signing algorithms: CBC mode is vulnerable to certain attacks like BEAST. By removing support for CBC-based ciphers, you can eliminate one of the primary vectors for these attacks. Instead, use modern cipher modes like GCM (Galois/Counter Mode) which offer better security properties.
C. Adding TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256: This cipher suite uses Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) for key exchange, which provides perfect forward secrecy. It also uses AES in GCM mode, which is not susceptible to the same attacks as CBC. SHA-256 is a strong hash function that ensures data integrity.
Reference: CompTIA Security+ Study Guide
NIST SP 800-52 Rev. 2, "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations"
OWASP (Open Web Application Security Project) guidelines on cryptography and secure communication
Question #24
A vulnerability can on a web server identified the following:
Which of the following actions would most likely eliminate on path decryption attacks? (Select two).
- A . Disallowing cipher suites that use ephemeral modes of operation for key agreement
- B . Removing support for CBC-based key exchange and signing algorithms
- C . Adding TLS_ECDHE_ECDSA_WITH_AE3_256_GCMS_HA256
- D . Implementing HIPS rules to identify and block BEAST attack attempts
- E . Restricting cipher suites to only allow TLS_RSA_WITH_AES_128_CBC_SHA
- F . Increasing the key length to 256 for TLS_RSA_WITH_AES_128_CBC_SHA
Correct Answer: B,C
B,C
Explanation:
On-path decryption attacks, such as BEAST (Browser Exploit Against SSL/TLS) and other related vulnerabilities, often exploit weaknesses in the implementation of CBC (Cipher Block Chaining) mode.
To mitigate these attacks, the following actions are recommended:
B. Removing support for CBC-based key exchange and signing algorithms: CBC mode is vulnerable to certain attacks like BEAST. By removing support for CBC-based ciphers, you can eliminate one of the primary vectors for these attacks. Instead, use modern cipher modes like GCM (Galois/Counter Mode) which offer better security properties.
C. Adding TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256: This cipher suite uses Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) for key exchange, which provides perfect forward secrecy. It also uses AES in GCM mode, which is not susceptible to the same attacks as CBC. SHA-256 is a strong hash function that ensures data integrity.
Reference: CompTIA Security+ Study Guide
NIST SP 800-52 Rev. 2, "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations"
OWASP (Open Web Application Security Project) guidelines on cryptography and secure communication
B,C
Explanation:
On-path decryption attacks, such as BEAST (Browser Exploit Against SSL/TLS) and other related vulnerabilities, often exploit weaknesses in the implementation of CBC (Cipher Block Chaining) mode.
To mitigate these attacks, the following actions are recommended:
B. Removing support for CBC-based key exchange and signing algorithms: CBC mode is vulnerable to certain attacks like BEAST. By removing support for CBC-based ciphers, you can eliminate one of the primary vectors for these attacks. Instead, use modern cipher modes like GCM (Galois/Counter Mode) which offer better security properties.
C. Adding TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256: This cipher suite uses Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) for key exchange, which provides perfect forward secrecy. It also uses AES in GCM mode, which is not susceptible to the same attacks as CBC. SHA-256 is a strong hash function that ensures data integrity.
Reference: CompTIA Security+ Study Guide
NIST SP 800-52 Rev. 2, "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations"
OWASP (Open Web Application Security Project) guidelines on cryptography and secure communication
Question #26
An audit finding reveals that a legacy platform has not retained loos for more than 30 days The platform has been segmented due to its interoperability with newer technology. As a temporary solution, the IT department changed the log retention to 120 days.
Which of the following should the security engineer do to ensure the logs are being properly retained?
- A . Configure a scheduled task nightly to save the logs
- B . Configure event-based triggers to export the logs at a threshold.
- C . Configure the SIEM to aggregate the logs
- D . Configure a Python script to move the logs into a SQL database.
Correct Answer: C
C
Explanation:
To ensure that logs from a legacy platform are properly retained beyond the default retention period, configuring the SIEM to aggregate the logs is the best approach. SIEM solutions are designed to collect, aggregate, and store logs from various sources, providing centralized log management and retention. This setup ensures that logs are retained according to policy and can be easily accessed for analysis and compliance purposes.
Reference: CompTIA SecurityX Study Guide: Discusses the role of SIEM in log management and retention. NIST Special Publication 800-92, "Guide to Computer Security Log Management": Recommends the use of centralized log management solutions, such as SIEM, for effective log retention and analysis. "Security Information and Event Management (SIEM) Implementation" by David Miller: Covers best practices for configuring SIEM systems to aggregate and retain logs from various sources.
C
Explanation:
To ensure that logs from a legacy platform are properly retained beyond the default retention period, configuring the SIEM to aggregate the logs is the best approach. SIEM solutions are designed to collect, aggregate, and store logs from various sources, providing centralized log management and retention. This setup ensures that logs are retained according to policy and can be easily accessed for analysis and compliance purposes.
Reference: CompTIA SecurityX Study Guide: Discusses the role of SIEM in log management and retention. NIST Special Publication 800-92, "Guide to Computer Security Log Management": Recommends the use of centralized log management solutions, such as SIEM, for effective log retention and analysis. "Security Information and Event Management (SIEM) Implementation" by David Miller: Covers best practices for configuring SIEM systems to aggregate and retain logs from various sources.
Question #27
All organization is concerned about insider threats from employees who have individual access to encrypted material.
Which of the following techniques best addresses this issue?
- A . SSO with MFA
- B . Sating and hashing
- C . Account federation with hardware tokens
- D . SAE
- E . Key splitting
Correct Answer: E
E
Explanation:
The technique that best addresses the issue of insider threats from employees who have individual access to encrypted material is key splitting.
Here’s why:
Key Splitting: Key splitting involves dividing a cryptographic key into multiple parts and distributing these parts among different individuals or systems. This ensures that no single individual has complete access to the key, thereby mitigating the risk of insider threats.
Increased Security: By requiring multiple parties to combine their key parts to access encrypted material, key splitting provides an additional layer of security. This approach is particularly useful in environments where sensitive data needs to be protected from unauthorized access by insiders. Compliance and Best Practices: Key splitting aligns with best practices and regulatory requirements for handling sensitive information, ensuring that access is tightly controlled and monitored.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl NIST Special Publication 800-57: Recommendation for Key Management
ISO/IEC 27002:2013: Information Technology – Security Techniques – Code of Practice for Information Security Controls
By employing key splitting, organizations can effectively reduce the risk of insider threats and enhance the overall security of encrypted material.
E
Explanation:
The technique that best addresses the issue of insider threats from employees who have individual access to encrypted material is key splitting.
Here’s why:
Key Splitting: Key splitting involves dividing a cryptographic key into multiple parts and distributing these parts among different individuals or systems. This ensures that no single individual has complete access to the key, thereby mitigating the risk of insider threats.
Increased Security: By requiring multiple parties to combine their key parts to access encrypted material, key splitting provides an additional layer of security. This approach is particularly useful in environments where sensitive data needs to be protected from unauthorized access by insiders. Compliance and Best Practices: Key splitting aligns with best practices and regulatory requirements for handling sensitive information, ensuring that access is tightly controlled and monitored.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl NIST Special Publication 800-57: Recommendation for Key Management
ISO/IEC 27002:2013: Information Technology – Security Techniques – Code of Practice for Information Security Controls
By employing key splitting, organizations can effectively reduce the risk of insider threats and enhance the overall security of encrypted material.
Question #28
168.1.6, Host = Server4, CVSS 9.8, Domain Controller, Remotely Executable = Yes, Exploit = Yes.
Which of the following should be patched first to minimize attacks against internet-facing hosts?
- A . Server1
- B . Server2
- C . Server3
- D . Server4
Correct Answer: B
B
Explanation:
The question focuses on internet-facing hosts, implying external exposure. CVSS scores, remote executability, and exploit availability guide prioritization. Server2 (205.1.3.5, CVSS 6.5, Bind Server) has a public IP, suggesting it’s internet-facing, unlike Server1 and Server4 (192.168.x.x, private IPs). Server3 (207.1.5.7, CVSS 5.5) is also public but has a lower score and risk compared to Server2’s proof-of-concept (POC) exploit. Server2’s Bind Server (DNS) role is critical and commonly targeted, making it the priority.
Option A: Server1 (CVSS 7.5) is private, not internet-facing.
Option B: Server2 (CVSS 6.5) is internet-facing with an exploit POC, warranting immediate patching.
Option C: Server3 (CVSS 5.5) is internet-facing but less severe.
Option D: Server4 (CVSS 9.8) is critical but private, not internet-facing.
Reference: CompTIA SecurityX CAS-005 Domain 1: Risk Management C Vulnerability Prioritization.
B
Explanation:
The question focuses on internet-facing hosts, implying external exposure. CVSS scores, remote executability, and exploit availability guide prioritization. Server2 (205.1.3.5, CVSS 6.5, Bind Server) has a public IP, suggesting it’s internet-facing, unlike Server1 and Server4 (192.168.x.x, private IPs). Server3 (207.1.5.7, CVSS 5.5) is also public but has a lower score and risk compared to Server2’s proof-of-concept (POC) exploit. Server2’s Bind Server (DNS) role is critical and commonly targeted, making it the priority.
Option A: Server1 (CVSS 7.5) is private, not internet-facing.
Option B: Server2 (CVSS 6.5) is internet-facing with an exploit POC, warranting immediate patching.
Option C: Server3 (CVSS 5.5) is internet-facing but less severe.
Option D: Server4 (CVSS 9.8) is critical but private, not internet-facing.
Reference: CompTIA SecurityX CAS-005 Domain 1: Risk Management C Vulnerability Prioritization.
Question #29
Users are experiencing a variety of issues when trying to access corporate resources examples include
• Connectivity issues between local computers and file servers within branch offices
• Inability to download corporate applications on mobile endpoints wtiilc working remotely
• Certificate errors when accessing internal web applications
Which of the following actions are the most relevant when troubleshooting the reported issues? (Select two).
- A . Review VPN throughput
- B . Check IPS rules
- C . Restore static content on lite CDN.
- D . Enable secure authentication using NAC
- E . Implement advanced WAF rules.
- F . Validate MDM asset compliance
Correct Answer: A,F
A,F
Explanation:
The reported issues suggest problems related to network connectivity, remote access, and certificate management:
A,F
Explanation:
The reported issues suggest problems related to network connectivity, remote access, and certificate management:
Question #30
A malware researcher has discovered a credential stealer is looking at a specific memory register to harvest passwords that will be used later for lateral movement in corporate networks. The malware is using TCP 4444 to communicate with other workstations.
The lateral movement would be best mitigated by:
- A . Configuring the CPU’s NX bit
- B . Enabling a host firewall
- C . Enabling an edge firewall
- D . Enforcing all systems to use UEFI
- E . Enabling ASLR on the Active Directory server
Correct Answer: B
B
Explanation:
The malware uses TCP 4444 to move laterally between systems. A host-based firewall can block unauthorized communication ports (like TCP 4444) on each workstation, preventing malware from establishing connections and spreading. Configuring the CPU’s NX bit and enabling ASLR primarily help in mitigating memory-based exploits, not in stopping lateral movement. Enabling UEFI ensures boot integrity but does not mitigate active lateral communication. An edge firewall would protect the network perimeter, not internal workstation-to-workstation communication.
Reference: CompTIA SecurityX CAS-005, Domain 2.0: Implement host-based security solutions, including host-based firewalls to mitigate threats.
B
Explanation:
The malware uses TCP 4444 to move laterally between systems. A host-based firewall can block unauthorized communication ports (like TCP 4444) on each workstation, preventing malware from establishing connections and spreading. Configuring the CPU’s NX bit and enabling ASLR primarily help in mitigating memory-based exploits, not in stopping lateral movement. Enabling UEFI ensures boot integrity but does not mitigate active lateral communication. An edge firewall would protect the network perimeter, not internal workstation-to-workstation communication.
Reference: CompTIA SecurityX CAS-005, Domain 2.0: Implement host-based security solutions, including host-based firewalls to mitigate threats.