Practice Free CAS-005 Exam Online Questions
A security architect is investigating instances of employees who had their phones stolen in public places through seemingly targeted attacks. Devices are able to access company resources such as email and internal documentation, some of which can persist in application storage.
Which of the following would best protect the company from information exposure? (Select two).
- A . Implement a remote wipe procedure if the phone does not check in for a period of time
- B . Enforce biometric access control with configured timeouts
- C . Set up geofencing for corporate applications where the phone must be near an office
- D . Use application control to restrict the applications that can be installed
- E . Leverage an MDM solution to prevent the side loading of mobile applications
- F . Enable device certificates that will be used for access to company resources
A, B
Explanation:
To protect company information on stolen mobile devices, implementing remote wipe procedures ensures data can be erased if a device is suspected lost or stolen. Biometric access control with enforced timeouts further secures the device, requiring biometric authentication periodically, thus limiting unauthorized access even if the device is stolen. Geofencing and certificates provide additional security layers but are less immediate protections against information exposure after theft. Application control and side-loading prevention are important for malware threats but less so for stolen device scenarios.
Reference: CompTIA SecurityX CAS-005, Domain 3.0: Apply mobile device security strategies including remote wipe, biometrics, and device access controls.
A security architect is investigating instances of employees who had their phones stolen in public places through seemingly targeted attacks. Devices are able to access company resources such as email and internal documentation, some of which can persist in application storage.
Which of the following would best protect the company from information exposure? (Select two).
- A . Implement a remote wipe procedure if the phone does not check in for a period of time
- B . Enforce biometric access control with configured timeouts
- C . Set up geofencing for corporate applications where the phone must be near an office
- D . Use application control to restrict the applications that can be installed
- E . Leverage an MDM solution to prevent the side loading of mobile applications
- F . Enable device certificates that will be used for access to company resources
A, B
Explanation:
To protect company information on stolen mobile devices, implementing remote wipe procedures ensures data can be erased if a device is suspected lost or stolen. Biometric access control with enforced timeouts further secures the device, requiring biometric authentication periodically, thus limiting unauthorized access even if the device is stolen. Geofencing and certificates provide additional security layers but are less immediate protections against information exposure after theft. Application control and side-loading prevention are important for malware threats but less so for stolen device scenarios.
Reference: CompTIA SecurityX CAS-005, Domain 3.0: Apply mobile device security strategies including remote wipe, biometrics, and device access controls.
The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep.
Which of the following solutions are the best ways to mitigate this issue? (Select two). Setting different access controls defined by business area
- A . Implementing a role-based access policy
- B . Designing a least-needed privilege policy
- C . Establishing a mandatory vacation policy
- D . Performing periodic access reviews
- E . Requiring periodic job rotation
A, D
Explanation:
To mitigate the issue of excessive permissions and privilege creep, the best solutions are:
Implementing a Role-Based Access Policy:
Role-Based Access Control (RBAC): This policy ensures that access permissions are granted based on the user’s role within the organization, aligning with the principle of least privilege. Users are only granted access necessary for their role, reducing the risk of excessive permissions.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl NIST Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations Performing Periodic Access Reviews:
Regular Audits: Periodic access reviews help identify and rectify instances of privilege creep by ensuring that users’ access permissions are appropriate for their current roles. These reviews can highlight unnecessary or outdated permissions, allowing for timely adjustments.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl ISO/IEC 27001: 2013 – Information Security Management
A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications. To prevent further compromises, the company has decided it will only allow authorized applications to run on its systems.
Which of the following should the company implement?
- A . Signing
- B . Access control
- C . HIPS
- D . Permit listing
D
Explanation:
To prevent unauthorized applications from running, the company needs a mechanism to explicitly define and enforce which applications are allowed to execute. "Permit listing" (often referred to as "whitelisting" in security contexts) is the most effective solution here. It involves creating a list of approved applications, and only those on the list are permitted to run, blocking all others by default. This directly addresses the root cause―users installing unapproved software―by restricting execution to only authorized programs.
Option A (Signing): Code signing ensures the authenticity and integrity of software by verifying it comes from a trusted source and hasn’t been tampered with. While useful, it doesn’t inherently prevent unauthorized applications from running unless combined with a policy like whitelisting.
Option B (Access control): Access control governs who can access systems or resources but doesn’t specifically restrict which applications can execute. It’s too broad for this scenario.
Option C (HIPS): A Host-based Intrusion Prevention System (HIPS) can detect and block malicious behavior, but it’s reactive and relies on signatures or heuristics, not a proactive allow-only approach.
Option D (Permit listing): This is the best fit, as it proactively enforces a policy where only explicitly authorized applications can run, preventing malware introduced by unauthorized software.
Reference: CompTIA SecurityX CAS-005 Domain 2: Security Architecture C Application Security Controls.
A security configures is building a solution to disable weak CBC configuration for remote access connections lo Linux systems.
Which of the following should the security engineer modify?
- A . The /etc/openssl.conf file, updating the virtual site parameter
- B . The /etc/nsswith.conf file, updating the name server
- C . The /etc/hosts file, updating the IP parameter
- D . The /etc/etc/sshd, configure file updating the ciphers
D
Explanation:
The sshd_config file is the main configuration file for the OpenSSH server. To disable weak CBC (Cipher Block Chaining) ciphers for SSH connections, the security engineer should modify the sshd_config file to update the list of allowed ciphers. This file typically contains settings for the SSH daemon, including which encryption algorithms are allowed.
By editing the /etc/ssh/sshd_config file and updating the Ciphers directive, weak ciphers can be removed, and only strong ciphers can be allowed. This change ensures that the SSH server does not use insecure encryption methods.
Reference: CompTIA Security+ Study Guide
OpenSSH manual pages (man sshd_config)
CIS Benchmarks for Linux
A security configures is building a solution to disable weak CBC configuration for remote access connections lo Linux systems.
Which of the following should the security engineer modify?
- A . The /etc/openssl.conf file, updating the virtual site parameter
- B . The /etc/nsswith.conf file, updating the name server
- C . The /etc/hosts file, updating the IP parameter
- D . The /etc/etc/sshd, configure file updating the ciphers
D
Explanation:
The sshd_config file is the main configuration file for the OpenSSH server. To disable weak CBC (Cipher Block Chaining) ciphers for SSH connections, the security engineer should modify the sshd_config file to update the list of allowed ciphers. This file typically contains settings for the SSH daemon, including which encryption algorithms are allowed.
By editing the /etc/ssh/sshd_config file and updating the Ciphers directive, weak ciphers can be removed, and only strong ciphers can be allowed. This change ensures that the SSH server does not use insecure encryption methods.
Reference: CompTIA Security+ Study Guide
OpenSSH manual pages (man sshd_config)
CIS Benchmarks for Linux
After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation.
Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?
- A . Apply code stylometry.
- B . Look for common IOCs.
- C . Use IOC extractions.
- D . Leverage malware detonation.
A
Explanation:
Comprehensive and Detailed
Determining if attacks are from the same actor requires unique attribution. Let’s analyze:
After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation.
Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?
- A . Apply code stylometry.
- B . Look for common IOCs.
- C . Use IOC extractions.
- D . Leverage malware detonation.
A
Explanation:
Comprehensive and Detailed
Determining if attacks are from the same actor requires unique attribution. Let’s analyze:
Which of the following security risks should be considered as an organization reduces cost and increases availability of services by adopting serverless computing?
- A . Level of control and influence governments have over cloud service providers
- B . Type of virtualization or emulation technology used in the provisioning of services
- C . Vertical scalability of the infrastructure underpinning the serverless offerings
- D . Use of third-party monitoring of service provisioning and configurations
A
Explanation:
In serverless computing, organizations rely heavily on CSPs to manage the infrastructure, runtime, and scaling. A key risk is the level of control and influence governments have over CSPs, potentially affecting availability, access, or confidentiality of hosted services due to legal orders or government actions. Concerns about virtualization technologies, scalability, or third-party monitoring are valid but less critical compared to the overarching legal and control risks tied to CSP reliance.
Reference: CompTIA SecurityX CAS-005, Domain 4.0: Understand the legal and regulatory impacts and risks of adopting third-party serverless solutions.
A company’s SIEM is designed to associate the company’s asset inventory with user events. Given the following report:
Which of the following should a security engineer investigate first as part of a log audit?
- A . An endpoint that is not submitting any logs
- B . Potential activity indicating an attacker moving laterally in the network
- C . A misconfigured syslog server creating false negatives
- D . Unauthorized usage attempts of the administrator account
D
Explanation:
Comprehensive and Detailed
Understanding the Security Event:
Administrator accounts are highly privileged and require strict monitoring.
Server 4 shows failed login attempts for the administrator account. This could indicate a brute-force attack or unauthorized access attempt.
The fact that none of the admin login attempts were successful suggests someone was trying to
guess the credentials.
Why Option D is Correct:
Failed logins for administrator accounts are a critical security concern.
If an attacker gains access, they could escalate privileges and compromise the network. Investigating unauthorized admin login attempts should be the top priority in a log audit.
Why Other Options Are Incorrect:
A (Endpoint not submitting logs): While this is concerning, it does not indicate an active attack.
B (Lateral movement): There’s no evidence of a compromised account moving between servers yet.
C (Misconfigured syslog server): False negatives are a possibility, but the failed admin logins are real.
Reference: CompTIA SecurityX CAS-005 Official Study Guide: SIEM & Incident Analysis MITRE ATT&CK (T1078.002): Valid Accounts – Administrator Compromise