Practice Free CAS-005 Exam Online Questions
Which of the following supports the process of collecting a large pool of behavioral observations to inform decision-making?
- A . Linear regression
- B . Distributed consensus
- C . Big Data
- D . Machine learning
C
Explanation:
Collecting a large pool of behavioral observations requires handling vast datasets, which is the domain of Big Data. Big Data technologies enable the storage, processing, and analysis of large-scale data (e.g., user behavior logs) to inform decisions, a key capability in security analytics.
Option A: Linear regression is a statistical method for modeling relationships, not collecting data.
Option B: Distributed consensus relates to agreement in distributed systems (e.g., blockchain), not data collection.
Option C: Big Data directly supports collecting and analyzing large datasets for insights, fitting the question perfectly.
Option D: Machine learning uses data to train models but relies on data being collected first, often via Big Data.
Reference: CompTIA SecurityX CAS-005 Domain 3: Research, Development, and Collaboration C Data Analytics for Security.
After remote desktop capabilities were deployed in the environment, various vulnerabilities were noticed.
• Exfiltration of intellectual property
• Unencrypted files
• Weak user passwords
Which of the following is the best way to mitigate these vulnerabilities? (Select two).
- A . Implementing data loss prevention
- B . Deploying file integrity monitoring
- C . Restricting access to critical file services only
- D . Deploying directory-based group policies
- E . Enabling modem authentication that supports MFA
- F . Implementing a version control system
- G . Implementing a CMDB platform
A,E
Explanation:
To mitigate the identified vulnerabilities, the following solutions are most appropriate:
After a company discovered a zero-day vulnerability in its VPN solution, the company plans to deploy
cloud-hosted resources to replace its current on-premises systems. An engineer must find an appropriate solution to facilitate trusted connectivity.
Which of the following capabilities is the most relevant?
- A . Container orchestration
- B . Microsegmentation
- C . Conditional access
- D . Secure access service edge
D
Explanation:
The scenario involves replacing an on-premises VPN solution, which has a zero-day vulnerability, with cloud-hosted resources while ensuring trusted connectivity. Trusted connectivity in a cloud environment implies secure, scalable, and modern access control that goes beyond traditional VPNs.
Let’s analyze the options:
A company is having issues with its vulnerability management program New devices/lPs are added and dropped regularly, making the vulnerability report inconsistent.
Which of the following actions should the company lake to most likely improve the vulnerability management process’
- A . Request a weekly report with all new assets deployed and decommissioned
- B . Extend the DHCP lease lime to allow the devices to remain with the same address for a longer period.
- C . Implement a shadow IT detection process to avoid rogue devices on the network
- D . Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool
D
Explanation:
To improve the vulnerability management process in an environment where new devices/IPs are added and dropped regularly, the company should perform regular discovery scanning throughout the IT landscape using the vulnerability management tool.
Here ’ s why:
Accurate Asset Inventory: Regular discovery scans help maintain an up-to-date inventory of all assets, ensuring that the vulnerability management process includes all relevant devices and IPs.
Consistency in Reporting: By continuously discovering and scanning new and existing assets, the company can generate consistent and comprehensive vulnerability reports that reflect the current state of the network.
Proactive Management: Regular scans enable the organization to proactively identify and address vulnerabilities on new and existing assets, reducing the window of exposure to potential threats.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-40: Guide to Enterprise Patch Management Technologies
CIS Controls: Control 1 – Inventory and Control ofHardware Assets
A company reduced its staff 60 days ago, and applications are now starting to fail. The security analyst is investigating to determine if there is malicious intent for the application failures.
The security analyst reviews the following logs:
22:03:50 sshd[21502]: Success login for user01 from 192.168.2.5
22:10:00 sshd[21502]: Failed login for user10 from 192.168.2.5
22:11:40 sshd[21502]: Success login for user07 from 192.168.2.58
22:12:00 sshd[21502]: Failed login for user10 from 192.168.2.5
22:13:00 sshd[21502]: Failed login for user10 from 192.168.2.5
22:13:00 sshd[21502]: Success login for user03 from 192.168.2.27
22:13:00 sshd[21502]: Failed login for user10 from 192.168.2.5
Which of the following is the most likely reason for the application failures?
- A . The user’s account was set as a service account.
- B . The user’s home directory was deleted.
- C . The user does not have sudo access.
- D . The root password has been changed.
B
Explanation:
The logs indicate multiple failed login attempts for user10, who may have been part of the staff reduction 60 days prior. If user10’s account was removed, and their home directory deleted, any applications or services relying on files or configurations within that directory would fail. This scenario is common when service accounts are not properly identified and preserved during staff reductions.
Ensuring that service accounts are documented and maintained separately from user accounts is essential to prevent unintended disruptions to applications and services.
Reference: CompTIA SecurityX CAS-005 Exam Objectives, Domain 3.1: "Given a scenario, troubleshoot common issues with identity and access management (IAM) components in an enterprise environment."
During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server Given the following portion of the code:
Which of the following best describes this incident?
- A . XSRF attack
- B . Command injection
- C . Stored XSS
- D . SQL injection
C
Explanation:
The provided code snippet shows a script that captures the user’s cookies and sends them to a remote server. This type of attack is characteristic of Cross-Site Scripting (XSS), specifically stored XSS, where the malicious script is stored on the target server (e.g., in a database) and executed in the context of users who visit the infected web page.
While performing threat-hunting functions, an analyst is using the Diamond Model of Intrusion Analysis. The analyst identifies the likely adversary, the infrastructure involved, and the target.
Which of the following must the threat hunter document to use the model effectively?
- A . Knowledge
- B . Capabilities
- C . Phase
- D . Methodologies
An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted.
Which of the following attack vectors does this registry address?
- A . Supply chain attack
- B . Cipher substitution attack
- C . Side-channel analysis
- D . On-path attack
- E . Pass-the-hash attack
A
Explanation:
Step by Step
Understanding the Scenario: The question describes a proactive security measure where an organization maintains a registry of software dependencies and their corresponding hashes. This registry is used to verify the integrity of software packages.
Analyzing the Answer Choices:
An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability.
Which of the following components provides the best foundation to achieve this goal?
- A . SASE
- B . CMDB
- C . SBoM
- D . SLM
B
Explanation:
A Configuration Management Database (CMDB) provides the best foundation for identifying which specific assets are affected by a given vulnerability. A CMDB maintains detailed information about the IT environment, including hardware, software, configurations, and relationships between assets. This comprehensive view allows organizations to quickly identify and address vulnerabilities affecting specific assets.
Reference: CompTIA SecurityX Study Guide: Discusses the role of CMDBs in asset management and vulnerability identification.
ITIL (Information Technology Infrastructure Library) Framework: Recommends the use of CMDBs for effective configuration and asset management.
"Configuration Management Best Practices" by Bob Aiello and Leslie Sachs: Covers the importance of CMDBs in managing IT assets and addressing vulnerabilities.
Source code snippets for two separate malware samples are shown below:
Sample 1:
knockEmDown(String e) {
if(target.isAccessed()) {
target.toShell(e);
System.out.printIn(e.toString());
c2.sendTelemetry(target.hostname.toString + " is " + e.toString());
} else { target.close();
}
}
Sample 2:
targetSys(address a) {
if(address.islpv4()) {
address.connect(1337);
address.keepAlive("paranoid");
String status = knockEmDown(address.current);
remote.sendC2(address.current + " is " + status);
} else {
throw Exception e;
}
}
Which of the following describes the most important observation about the two samples?
- A . Telemetry is first buffered and then transmitted in paranoid mode.
- B . The samples were probably written by the same developer.
- C . Both samples use IP connectivity for command and control.
- D . Sample 1 is the target agent while Sample 2 is the C2 server.
B
Explanation:
Step-by-Step
Both samples share similar function names, variable naming styles, and logic flow, indicating that they were likely written by the same developer. This is a key observation in malware attribution, as cyber threat analysts often look for unique coding styles to link malware to specific threat actors.
The presence of C2 (Command and Control) communication in both samples supports this theory, as attackers often reuse parts of their own malware code across different attacks.