Practice Free CAS-005 Exam Online Questions
An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry.
Which of the following should the security analyst use to perform threat modeling?
- A . ATT&CK
- B . OWASP
- C . CAPEC
- D . STRIDE
A
Explanation:
The ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is the best tool for a security analyst to use for threat modeling when looking for gaps in detection capabilities based on Advanced Persistent Threats (APTs) that may target the industry.
Here’s why:
Comprehensive Framework: ATT&CK provides a detailed and structured repository of known adversary tactics and techniques based on real-world observations. It helps organizations understand how attackers operate and what techniques they might use.
Gap Analysis: By mapping existing security controls against the ATT&CK matrix, analysts can identify which tactics and techniques are not adequately covered by current detection and mitigation measures.
Industry Relevance: The ATT&CK framework is continuously updated with the latest threat intelligence, making it highly relevant for industries facing APT threats. It provides insights into specific APT groups and their preferred methods of attack.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl MITRE ATT&CK Framework Official Documentation
NIST Special Publication 800-150: Guide to Cyber Threat Information Sharing
An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry.
Which of the following should the security analyst use to perform threat modeling?
- A . ATT&CK
- B . OWASP
- C . CAPEC
- D . STRIDE
A
Explanation:
The ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is the best tool for a security analyst to use for threat modeling when looking for gaps in detection capabilities based on Advanced Persistent Threats (APTs) that may target the industry.
Here’s why:
Comprehensive Framework: ATT&CK provides a detailed and structured repository of known adversary tactics and techniques based on real-world observations. It helps organizations understand how attackers operate and what techniques they might use.
Gap Analysis: By mapping existing security controls against the ATT&CK matrix, analysts can identify which tactics and techniques are not adequately covered by current detection and mitigation measures.
Industry Relevance: The ATT&CK framework is continuously updated with the latest threat intelligence, making it highly relevant for industries facing APT threats. It provides insights into specific APT groups and their preferred methods of attack.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl MITRE ATT&CK Framework Official Documentation
NIST Special Publication 800-150: Guide to Cyber Threat Information Sharing
Due to locality and budget constraints, an organization’s satellite office has a lower bandwidth allocation than other offices. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility.
Which of the following would be the best option to implement?
- A . Distributed connection allocation
- B . Local caching
- C . Content delivery network
- D . SD-WAN vertical heterogeneity
B
Explanation:
The goal is to optimize bandwidth, increase speed, and maintain threat visibility in a low-bandwidth satellite office. Local caching stores frequently accessed data locally, reducing bandwidth usage by minimizing repeated requests to external or internal resources. It speeds up access and doesn’t inherently reduce security visibility if paired with monitoring tools.
Option A: Distributed connection allocation might balance traffic but doesn’t directly reduce bandwidth usage or speed up access.
Option B: Local caching is ideal―reduces bandwidth, improves performance, and maintains visibility with proper security controls.
Option C: A CDN is great for external content delivery but less relevant for internal resources and doesn’t inherently address threat visibility.
Option D: SD-WAN improves WAN performance, but "vertical heterogeneity" is vague and not a standard term; it’s less tailored to this scenario than caching.
Reference: CompTIA SecurityX CAS-005 Domain 2: Security Architecture C Network Optimization and Security.
A cloud engineer needs to identify appropriate solutions to:
• Provide secure access to internal and external cloud resources.
• Eliminate split-tunnel traffic flows.
• Enable identity and access management capabilities.
Which of the following solutions arc the most appropriate? (Select two).
- A . Federation
- B . Micro segmentation
- C . CASB
- D . PAM
- E . SD-WAN
- F . SASE
C, F
Explanation:
To provide secure access to internal and external cloud resources, eliminate split-tunnel traffic flows, and enable identity and access management capabilities, the most appropriate solutions are CASB (Cloud Access Security Broker) and SASE (Secure Access Service Edge).
Why CASB and SASE?
CASB (Cloud Access Security Broker):
Secure Access: CASB solutions provide secure access to cloud resources by enforcing security policies and monitoring user activities.
Identity and Access Management: CASBs integrate with identity and access management (IAM)
systems to ensure that only authorized users can access cloud resources.
Visibility and Control: They offer visibility into cloud application usage and control over data sharing and access.
SASE (Secure Access Service Edge):
Eliminate Split-Tunnel Traffic: SASE integrates network security functions with WAN capabilities to ensure secure access without the need for split-tunnel configurations.
Comprehensive Security: SASE provides a holistic security approach, including secure web gateways, firewalls, and zero trust network access (ZTNA).
Identity-Based Access: SASE leverages IAM to enforce access controls based on user identity and context.
Other options, while useful, do not comprehensively address all the requirements:
A company reduced its staff 60 days ago, and applications are now starting to fail. The security analyst is investigating to determine if there is malicious intent for the application failures.
The security analyst reviews the following logs:
Mar 5 22: 09: 50 akj3 sshd
[21502]: Success login for userOl from 192.168.2.5
Mar 5 22: 10: 00 akj3 sshd
[21502]: Failed login for userID from 192.168.2.5
Which of the following is the most likely reason for the application failures?
- A . The user’s account was set as a service account.
- B . The user’s home directory was deleted.
- C . The user does not have sudo access.
- D . The root password has been changed.
B
Explanation:
Comprehensive and Detailed Step-by-Step
When an employee leaves a company, their home directory might be deleted along with their account, leading to application failures if the directory contained configuration files, dependencies, or system scripts.
A Chief Information Security Officer (CISO) is concerned that a company’s current data disposal procedures could result in data remanence. The company uses only SSDs.
Which of the following would be the most secure way to dispose of the SSDs given the CISO’s concern?
- A . Degaussing
- B . Overwriting
- C . Shredding
- D . Formatting
- E . Incinerating
E
Explanation:
For SSDs, incineration is considered the most secure method of physical destruction, ensuring no data remanence. SSDs store data differently compared to traditional spinning disks, making degaussing ineffective. Overwriting and formatting may not reliably erase all storage cells due to wear-leveling technologies. Shredding may work if the granularity is extremely fine, but incineration guarantees complete destruction beyond recovery.
Reference: CompTIA SecurityX CAS-005, Domain 2.0: Apply secure media sanitization methods appropriate for device types such as SSDs.
Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network
A network engineer observes the following:
• Users should be redirected to the captive portal.
• The Motive portal runs Tl. S 1 2
• Newer browser versions encounter security errors that cannot be bypassed
• Certain websites cause unexpected re directs
Which of the following mow likely explains this behavior?
- A . The TLS ciphers supported by the captive portal ate deprecated
- B . Employment of the HSTS setting is proliferating rapidly.
- C . Allowed traffic rules are causing the NIPS to drop legitimate traffic
- D . An attacker is redirecting supplicants to an evil twin WLAN.
A
Explanation:
The most likely explanation for the issues encountered with the captive portal is that the TLS ciphers supported by the captive portal are deprecated.
Here’s why:
TLS Cipher Suites: Modern browsers are continuously updated to support the latest security standards and often drop support for deprecated and insecure cipher suites. If the captive portal uses outdated TLS ciphers, newer browsers may refuse to connect, causing security errors.
HSTS and Browser Security: Browsers with HTTP Strict Transport Security (HSTS) enabled will not
allow connections to sites with weak security configurations. Deprecated TLS ciphers would cause
these browsers to block the connection.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-52: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
OWASP Transport LayerProtection Cheat Sheet
By updating the TLS ciphers to modern, supported ones, the security engineer can ensure compatibility with newer browser versions and resolve the connectivity issues reported by users.
An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability.
Which of the following components provides the best foundation to achieve this goal?
- A . SASE
- B . CMDB
- C . SBoM
- D . SLM
B
Explanation:
A Configuration Management Database (CMDB) provides the best foundation for identifying which specific assets are affected by a given vulnerability. A CMDB maintains detailed information about the IT environment, including hardware, software, configurations, and relationships between assets.
This comprehensive view allows organizations to quickly identify and address vulnerabilities affecting specific assets.
Reference: CompTIA SecurityX Study Guide: Discusses the role of CMDBs in asset management and vulnerability identification.
ITIL (Information Technology Infrastructure Library) Framework: Recommends the use of CMDBs for effective configuration and asset management.
"Configuration Management Best Practices" by Bob Aiello and Leslie Sachs: Covers the importance of CMDBs in managing IT assets and addressing vulnerabilities.
A security engineer wants to propose an MDM solution to mitigate certain risks.
The MDM solution should meet the following requirements:
• Mobile devices should be disabled if they leave the trusted zone.
• If the mobile device is lost, data is not accessible.
Which of the following options should the security engineer enable on the MDM solution? (Select two).
- A . Geofencing
- B . Patch management
- C . Containerization
- D . Full disk encryption
- E . Allow/blocklist
- F . Geotagging
A, D
Explanation:
Geofencing allows the device to be restricted based on its physical location ― disabling or locking devices when they move outside of trusted zones. Full disk encryption ensures that if a device is lost, the data remains inaccessible to unauthorized users. Containerization protects specific apps or data, but does not disable the entire device. Patch management, allow/blocklists, and geotagging serve other important functions but are not directly linked to the requirements in this scenario.
Reference: CompTIA SecurityX CAS-005, Domain 3.0: Implement mobile device security, including encryption and location-based access controls like geofencing.
A security analyst wants to use lessons learned from a poor incident response to reduce dwell lime in the future The analyst is using the following data points
Which of the following would the analyst most likely recommend?
- A . Adjusting the SIEM to alert on attempts to visit phishing sites
- B . Allowing TRACE method traffic to enable better log correlation
- C . Enabling alerting on all suspicious administrator behavior
- D . utilizing allow lists on the WAF for all users using GFT methods
C
Explanation:
In the context of improving incident response and reducing dwell time, the security analyst needs to focus on proactive measures that can quickly detect and alert on potential security breaches.
Here ’ s a detailed analysis of the options provided: