Practice Free CAS-005 Exam Online Questions
Company A acquired Company B. During an audit, a security engineer found Company B’s environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B’s infrastructure could be integrated into Company A’s security program.
Which of the following risk-handling techniques was used?
- A . Accept
- B . Avoid
- C . Transfer
- D . Mitigate
D
Explanation:
Risk mitigation involves taking actions to reduce either the likelihood or impact of a threat. By implementing a firewall between the two environments, Company A is minimizing the risk of threats from Company B impacting its own systems. Accepting the risk would involve taking no action, avoiding it would mean terminating activities with Company B, and transferring would involve outsourcing the risk, none of which occurred here.
Reference: CompTIA SecurityX CAS-005, Domain 1.0: Apply appropriate risk response techniques to identified risks.
Which of the following security risks should be considered as an organization reduces cost and increases availability of services by adopting serverless computing?
- A . Level of control and influence governments have over cloud service providers
- B . Type of virtualization or emulation technology used in the provisioning of services
- C . Vertical scalability of the infrastructure underpinning the serverless offerings
- D . Use of third-party monitoring of service provisioning and configurations
A
Explanation:
In serverless computing, organizations rely heavily on CSPs to manage the infrastructure, runtime, and scaling. A key risk is the level of control and influence governments have over CSPs, potentially affecting availability, access, or confidentiality of hosted services due to legal orders or government actions. Concerns about virtualization technologies, scalability, or third-party monitoring are valid but less critical compared to the overarching legal and control risks tied to CSP reliance.
Reference: CompTIA SecurityX CAS-005, Domain 4.0: Understand the legal and regulatory impacts and risks of adopting third-party serverless solutions.
A security analyst reviews the following report:
Which of the following assessments is the analyst performing?
- A . System
- B . Supply chain
- C . Quantitative
- D . Organizational
B
Explanation:
The table shows detailed information about products, including location, chassis manufacturer, OS, application developer, and vendor. This type of information is typically assessed in a supply chain assessment to evaluate the security and reliability of components and services from different suppliers.
Why Supply Chain Assessment?
Component Evaluation: Assessing the origin and security of each component used in the products, including hardware, software, and third-party services.
Vendor Reliability: Evaluating the security practices and reliability of vendors involved in providing components or services.
Risk Management: Identifying potential risks associated with the supply chain, such as vulnerabilities in third-party components or insecure development practices.
Other types of assessments do not align with the detailed supplier and component information provided:
A large organization deployed a generative AI platform for its global user population to use. Based on feedback received during beta testing, engineers have identified issues with user interface latency and page-loading performance for international users. The infrastructure is currently maintained within two separate data centers, which are connected using high-availability networking and load balancers.
Which of the following is the best way to address the performance issues?
- A . Configuring the application to use a CDN
- B . Implementing RASP to enable large language models queuing
- C . Remote journaling within a third data center
- D . Traffic shaping through the use of a SASE
A
Explanation:
Comprehensive and Detailed
A Content Delivery Network (CDN) caches and distributes static and dynamic web content across multiple geographically distributed edge servers, reducing latency for global users. This directly addresses page-loading delays caused by distance from the primary data centers. RASP is for runtime application security, not latency.
Remote journaling is for data replication, not performance optimization.
SASE can improve security and WAN routing, but a CDN is purpose-built for content delivery performance.
A security professional is investigating a trend in vulnerability findings for newly deployed cloud systems Given the following output:
Which of the following actions would address the root cause of this issue?
- A . Automating the patching system to update base Images
- B . Recompiling the affected programs with the most current patches
- C . Disabling unused/unneeded ports on all servers
- D . Deploying a WAF with virtual patching upstream of the affected systems
A
Explanation:
The output shows that multiple systems have outdated or vulnerable software versions (OpenSSL 1.01 and Java 11 runtime). This suggests that the systems are not being patched regularly or effectively.
Operational technology often relies upon aging command, control, and telemetry subsystems that were created with the design assumption of:
- A . operating in an isolated/disconnected system.
- B . communicating over distributed environments
- C . untrustworthy users and systems being present.
- D . an available EtherneVIP network stack for flexibility.
- E . anticipated eavesdropping from malicious actors.
A
Explanation:
Comprehensive and Detailed Step by Step
Understanding the Scenario: The question focuses on the historical design assumptions behind older operational technology (OT) systems, particularly in the context of command, control, and telemetry. Analyzing the Answer Choices:
During a security assessment using an CDR solution, a security engineer generates the following report about the assets in me system:
After five days, the EDR console reports an infection on the host 0WIN23 by a remote access Trojan.
Which of the following is the most probable cause of the infection?
- A . OW1N23 uses a legacy version of Windows that is not supported by the EDR
- B . LN002 was not supported by the EDR solution and propagates the RAT
- C . The EDR has an unknown vulnerability that was exploited by the attacker.
- D . 0W1N29 spreads the malware through other hosts in the network
A
Explanation:
OWIN23 is running Windows 7, which is a legacy operating system. Many EDR solutions no longer provide full support for outdated operating systems like Windows 7, which has reached its end of life and is no longer receiving security updates from Microsoft. This makes such systems more vulnerable to infections and attacks, including remote access Trojans (RATs).
A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack.
Which of the following is the next step of the incident response plan?
- A . Remediation
- B . Containment
- C . Response
- D . Recovery
B
Explanation:
Incident response follows a standard process (e.g., NIST 800-61): Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned. After identifying the attack (file and origin), the next step is Containment―limiting the spread or impact (e.g., isolating systems) before remediation or recovery.
Option A: Remediation (fixing the root cause) follows containment.
Option B: Correct―containment prevents further damage post-identification.
Option C: “Response” is too vague; it encompasses all steps.
Option D: Recovery (restoring systems) comes after containment and eradication.
Reference: CompTIA SecurityX CAS-005 Domain 4: Cybersecurity Operations C Incident Response Lifecycle.
After a penetration test on the internal network, the following report was generated:
Attack Target Result
Compromised host ADMIN01S.CORP.LOCAL Successful
Hash collected KRBTGT.CORP.LOCAL Successful
Hash collected SQLSV.CORP.LOCAL Successful
Pass the hash SQLSV.CORP.LOCAL Failed
Domain control CORP.LOCAL Successful
Which of the following should be recommended to remediate the attack?
- A . Deleting SQLSV
- B . Reimaging ADMIN01S
- C . Rotating KRBTGT password
- D . Resetting the local domain
C
Explanation:
Comprehensive and Detailed
The attacker gained domain control by collecting the KRBTGT hash (used for Kerberos tickets). Let’s evaluate:
After a company discovered a zero-day vulnerability in its VPN solution, the company plans to deploy cloud-hosted resources to replace its current on-premises systems. An engineer must find an appropriate solution to facilitate trusted connectivity.
Which of the following capabilities is the most relevant?
- A . Container orchestration
- B . Micro segmentation
- C . Conditional access
- D . Secure access service edge
D
Explanation:
Comprehensive and Detailed
The scenario involves replacing an on-premises VPN solution, which has a zero-day vulnerability, with cloud-hosted resources while ensuring trusted connectivity. Trusted connectivity in a cloud environment implies secure, scalable, and modern access control that goes beyond traditional VPNs. Let’s analyze the options: