Practice Free CAS-005 Exam Online Questions
A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not normally send traffic to those sites.
The technician will define this threat as:
- A . A decrypting RSA using an obsolete and weakened encryption attack.
- B . A zero-day attack.
- C . An advanced persistent threat.
- D . An on-path attack.
C
Explanation:
The scenario describes a prolonged, stealthy operation where files were exfiltrated over three months via secure channels (TLS-protected HTTP) from unexpected systems, then ceased. This aligns with an Advanced Persistent Threat (APT), characterized by long-term, targeted attacks aimed at data theft or surveillance, often using sophisticated methods to remain undetected.
Option A: Decrypting RSA with weak encryption implies a cryptographic attack, but TLS suggests modern encryption was used, and there’s no evidence of decryption here.
Option B: A zero-day attack exploits unknown vulnerabilities, but the duration and cessation suggest a planned operation, not a single exploit.
Option C: APT fits perfectly―slow, persistent exfiltration from unusual systems indicates a coordinated, stealthy threat actor.
Option D: An on-path (man-in-the-middle) attack intercepts traffic, but there’s no indication of interception; the focus is on unauthorized transfers.
Reference: CompTIA SecurityX CAS-005 Domain 1: Risk Management C Threat Identification and Analysis.
A web application server that provides services to hybrid modern and legacy financial applications recently underwent a scheduled upgrade to update common libraries, including OpenSSL. Multiple users are now reporting failed connection attempts to the server.
The technician performing initial triage identified the following:
• Client applications more than five years old appear to be the most affected.
• Web server logs show initial connection attempts by affected hosts.
• For the failed connections, logs indicate "cipher unavailable."
Which of the following is most likely to safely remediate this situation?
- A . The server needs to be configured for backward compatibility to SSL 3.0 applications.
- B . The client applications need to be modified to support AES in Galois/Counter Mode or equivalent.
- C . The client TLS configuration must be set to enforce electronic codebook modes of operation.
- D . The server-side digital signature algorithm needs to be modified to support elliptic curve cryptography.
B
Explanation:
The “cipher unavailable” message indicates that the client and server could not agree on a common cipher suite. After the OpenSSL update, the server likely dropped support for older, insecure ciphers (such as RC4 or 3DES) that legacy clients still use. The safest remediation is to update or configure the client applications to support modern, secure ciphers such as AES in Galois/Counter Mode (AES-GCM) or an equivalent strong cipher suite that is supported by the updated OpenSSL server.
Option A (SSL 3.0) is unsafe because SSL 3.0 is deprecated and vulnerable to multiple attacks (e.g., POODLE).
Option C (ECB mode) is insecure due to pattern leakage and should never be enforced.
Option D (ECC signatures) relates to key exchange and signatures, not to the “cipher unavailable” issue directly.
This approach aligns with SecurityX CAS-005 cryptographic interoperability guidance―modernize clients rather than reintroduce insecure protocols.
Emails that the marketing department is sending to customers are pomp to the customers’ spam folders. The security team is investigating the issue and discovers that the certificates used by the email server were reissued, but DNS records had not been updated.
Which of the following should the security team update in order to fix this issue? (Select three.)
- A . DMARC
- B . SPF
- C . DKIM
- D . DNSSEC
- E . SASC
- F . SAN
- G . SOA
- H . MX
A,B,C
Explanation:
To prevent emails from being marked as spam, several DNS records related to email authentication need to be properly configured and updated when there are changes to the email server’s certificates:
Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process.
Which of the following is the best strategy for the engineer to use?
- A . Disabling the BIOS and moving to UEFI
- B . Managing secrets on the vTPM hardware
- C . Employing shielding lo prevent LMI
- D . Managing key material on a HSM
D
Explanation:
The best strategy for securely managing cryptographic material is to use a Hardware Security Module (HSM).
Here’s why:
Security and Integrity: HSMs are specialized hardware devices designed to protect and manage digital keys. They provide high levels of physical and logical security, ensuring that cryptographic material is well protected against tampering and unauthorized access.
Centralized Key Management: Using HSMs allows for centralized management of cryptographic keys, reducing the risks associated with decentralized and potentially insecure key storage practices, such as on personal laptops.
Compliance and Best Practices: HSMs comply with various industry standards and regulations (such as FIPS 140-2) for secure key management. This ensures that the organization adheres to best practices and meets compliance requirements.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl NIST Special Publication 800-57: Recommendation for Key Management
ISO/IEC 19790:2012: Information Technology – Security Techniques – Security Requirements for Cryptographic Modules
Acompany must build and deploy security standards for all servers in its on-premises and cloud environments based on hardening guidelines.
Which of the following solutions most likely meets the requirements?
- A . Develop a security baseline to integrate with the vulnerability scanning platform to alert about any server not aligned with the new security standards.
- B . Create baseline images for each OS in use, following security standards, and integrate the images into the patching and deployment solution.
- C . Build all new images from scratch, installing only needed applications and modules in accordance with the new security standards.
- D . Run a script during server deployment to remove all the unnecessary applications as part of provisioning.
B
Explanation:
Creating secure baseline images ensures consistent, repeatable deployment aligned with hardening standards. These images can be used across on-premises and cloud environments, ensuring compliance and reducing misconfigurations.
Vulnerability alerts (A) are reactive, not preventive.
Building images from scratch (C) is time-consuming and unnecessary if baselines exist. Scripts for cleanup (D) are useful but do not prevent initial insecure configurations.
Reference: CompTIA SecurityX (CAS-005) Exam Objectives – Domain 3.0 (Security Engineering), Section on System Hardening & Configuration Management
An organization currently has IDS, firewall, and DLP systems in place. The systems administrator needs to integrate the tools in the environment to reduce response time.
Which of the following should the administrator use?
- A . SOAR
- B . CWPP
- C . XCCDF
- D . CMDB
A
Explanation:
Comprehensive and Detailed
Integrating IDS, firewall, and DLP to reduce response time requires orchestration and automation.
Let’s evaluate:
A security engineer is implementing a code signing requirement for all code developed by the organization. Currently, the PKI only generates website certificates.
Which of the following steps should the engineer perform first?
- A . Add a new template on the internal CA with the correct attributes.
- B . Generate a wildcard certificate for the internal domain.
- C . Recalculate a public/private key pair for the root CA.
- D . Implement a SAN for all internal web applications.
A
Explanation:
To enable code signing with an existing PKI, the first step is to configure the Certificate Authority (CA) to issue code signing certificates. Adding a new template with attributes specific to code signing (e.g., key usage for signing) allows the CA to support this requirement without disrupting existing operations.
Option A: Correct―templates define certificate types; this is the foundational step.
Option B: Wildcard certificates are for domains, not code signing.
Option C: Recalculating root CA keys is unnecessary and risky unless compromised.
Option D: SAN (Subject Alternative Name) is for multi-domain certificates, irrelevant here.
Reference: CompTIA SecurityX CAS-005 Domain 2: Security Architecture C PKI Implementation.
An organization has been using self-managed encryption keys rather than the free keys managed by the cloud provider. The Chief Information Security Officer (CISO) reviews the monthly bill and realizes the self-managed keys are more costly than anticipated.
Which of the following should the CISO recommend to reduce costs while maintaining a strong security posture?
- A . Utilize an on-premises HSM to locally manage keys.
- B . Adjust the configuration for cloud provider keys on data that is classified as public.
- C . Begin using cloud-managed keys on all new resources deployed in the cloud.
- D . Extend the key rotation period to one year so that the cloud provider can use cached keys.
B
Explanation:
Comprehensive and Detailed Step by Step
Understanding the Scenario: The question is about ensuring that an organization retains control over its encryption keys. It focuses on different key storage and management methods.
Analyzing the Answer Choices:
An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry.
Which of the following should the security analyst use to perform threat modeling?
- A . ATT&CK
- B . OWASP
- C . CAPEC
- D . STRIDE
A
Explanation:
The ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is the best tool for a security analyst to use for threat modeling when looking for gaps in detection capabilities based on Advanced Persistent Threats (APTs) that may target the industry.
Here’s why:
Comprehensive Framework: ATT&CK provides a detailed and structured repository of known adversary tactics and techniques based on real-world observations. It helps organizations understand how attackers operate and what techniques they might use.
Gap Analysis: By mapping existing security controls against the ATT&CK matrix, analysts can identify which tactics and techniques are not adequately covered by current detection and mitigation measures.
Industry Relevance: The ATT&CK framework is continuously updated with the latest threat intelligence, making it highly relevant for industries facing APT threats. It provides insights into specific APT groups and their preferred methods of attack.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl MITRE ATT&CK Framework Official Documentation
NIST Special Publication 800-150: Guide to Cyber Threat Information Sharing
A natural disaster may disrupt operations at Site A, which would then cause unreliable internet
connectivity at Site B due to route flapping.
INSTRUCTIONS
Match each relevant finding to the affected host by clicking on the host name and selecting the appropriate number.
For findings 1 and 2, select the items that should be replicated to Site B.
For finding 3, select the item requiring configuration changes, then select the appropriate corrective action from the drop-down menu.
Finding 1:
Affected Host: DNS
Reason: Users are unable to log into the domain from their workstations after relocating to Site B, which implies a failure in domain name services that are critical for user authentication and domain login.
Finding 2:
Affected Host: Pumps
Reason: The pump room at Site B becoming inoperable directly points to the critical infrastructure components associated with pumping operations.
Finding 3:
Affected Host: VPN Concentrator
Reason: Unreliable internet connectivity at Site B due to route flapping indicates issues with network routing, which is often managed by VPN concentrators that handle site-to-site connectivity.
Corrective Actions for Finding 3:
Finding 3 Corrective Action:
Action: Modify the BGP configuration
Reason: Route flapping is often related to issues with Border Gateway Protocol (BGP) configurations.
Adjusting BGP settings can stabilize routes and improve internet connectivity reliability.
Replication to Site B for Finding 1:
Affected Host: DNS
Domain Name System (DNS) services are essential for translating domain names into IP addresses, allowing users to log into the network. Replicating DNS services ensures that even if Site A is disrupted, users at Site B can still authenticate and access necessary resources. Replication to Site B for Finding 2:
Affected Host: Pumps
The operation of the pump room is crucial for maintaining various functions within the infrastructure. Replicating the control systems and configurations for the pumps at Site B ensures that operations can continue smoothly even if Site A is affected. Configuration Changes for Finding 3:
Affected Host: VPN Concentrator
Route flapping is a situation where routes become unstable, causing frequent changes in the best path for data to travel. This instability can be mitigated by modifying BGP configurations to ensure more stable routing. VPN concentrators, which manage connections between sites, are typically configured with BGP for optimal routing.
Reference: CompTIA Security+ Study Guide: This guide provides detailed information on disaster recovery and continuity of operations, emphasizing the importance of replicating critical services and making necessary configuration changes to ensure seamless operation during disruptions.
CompTIA Security+ Exam Objectives: These objectives highlight key areas in disaster recovery
planning, including the replication of critical services and network configuration adjustments. Disaster Recovery and Business Continuity Planning (DRBCP): This resource outlines best practices for ensuring that operations can continue at an alternate site during a disaster, including the replication of essential services and network stability measures.
By ensuring that critical services like DNS and control systems for pumps are replicated at the alternate site, and by addressing network routing issues through proper BGP configuration, the organization can maintain operational continuity and minimize the impact of natural disasters on their operations.