Practice Free CAS-005 Exam Online Questions
Question #71
Which of the following tests explains why AI output could be inaccurate?
- A . Model poisoning
- B . Social engineering
- C . Output handling
- D . Prompt injections
Correct Answer: A
A
Explanation:
Comprehensive and Detailed
Model poisoning occurs when an attacker manipulates the training data or the training process of an AI model so that its predictions are deliberately inaccurate or biased. In the SecurityX CAS-005 objectives, this is part of understanding emerging technology threats, specifically AI/ML vulnerabilities.
This differs from:
Social engineering, which manipulates humans rather than AI models.
Output handling, which deals with how outputs are processed but doesn’t cause inaccuracy at the model level.
Prompt injections, which manipulate the model at query time, not during training.
Because model poisoning directly corrupts the AI model itself, it is the clearest reason AI outputs could be inaccurate.
A
Explanation:
Comprehensive and Detailed
Model poisoning occurs when an attacker manipulates the training data or the training process of an AI model so that its predictions are deliberately inaccurate or biased. In the SecurityX CAS-005 objectives, this is part of understanding emerging technology threats, specifically AI/ML vulnerabilities.
This differs from:
Social engineering, which manipulates humans rather than AI models.
Output handling, which deals with how outputs are processed but doesn’t cause inaccuracy at the model level.
Prompt injections, which manipulate the model at query time, not during training.
Because model poisoning directly corrupts the AI model itself, it is the clearest reason AI outputs could be inaccurate.
Question #72
A security engineer wants to propose an MDM solution to mitigate certain risks.
The MDM solution should meet the following requirements:
• Mobile devices should be disabled if they leave the trusted zone.
• If the mobile device is lost, data is not accessible.
Which of the following options should the security engineer enable on the MDM solution? (Select two).
- A . Geofencing
- B . Patch management
- C . Containerization
- D . Full disk encryption
- E . Allow/blocklist
- F . Geotagging
Correct Answer: A,D
A,D
Explanation:
Geofencing allows the device to be restricted based on its physical location ― disabling or locking devices when they move outside of trusted zones. Full disk encryption ensures that if a device is lost, the data remains inaccessible to unauthorized users. Containerization protects specific apps or data, but does not disable the entire device. Patch management, allow/blocklists, and geotagging serve other important functions but are not directly linked to the requirements in this scenario.
Reference: CompTIA SecurityX CAS-005, Domain 3.0: Implement mobile device security, including encryption and location-based access controls like geofencing.
A,D
Explanation:
Geofencing allows the device to be restricted based on its physical location ― disabling or locking devices when they move outside of trusted zones. Full disk encryption ensures that if a device is lost, the data remains inaccessible to unauthorized users. Containerization protects specific apps or data, but does not disable the entire device. Patch management, allow/blocklists, and geotagging serve other important functions but are not directly linked to the requirements in this scenario.
Reference: CompTIA SecurityX CAS-005, Domain 3.0: Implement mobile device security, including encryption and location-based access controls like geofencing.
Question #73
A security analyst wants to use lessons learned from a poor incident response to reduce dwell lime in the future The analyst is using the following data points
Which of the following would the analyst most likely recommend?
- A . Adjusting the SIEM to alert on attempts to visit phishing sites
- B . Allowing TRACE method traffic to enable better log correlation
- C . Enabling alerting on all suspicious administrator behavior
- D . utilizing allow lists on the WAF for all users using GFT methods
Correct Answer: C
C
Explanation:
In the context of improving incident response and reducing dwell time, the security analyst needs to focus on proactive measures that can quickly detect and alert on potential security breaches.
Here’s a detailed analysis of the options provided:
C
Explanation:
In the context of improving incident response and reducing dwell time, the security analyst needs to focus on proactive measures that can quickly detect and alert on potential security breaches.
Here’s a detailed analysis of the options provided:
Question #74
Which of the following best describes the reason a network architect would enable forward secrecy on all VPN tunnels?
- A . This process is a requirement to enable hardware-accelerated cryptography.
- B . This process reduces the success of attackers performing cryptanalysis.
- C . The business requirements state that confidentiality is a critical success factor.
- D . Modern cryptographic protocols list this process as a prerequisite for use.
Correct Answer: B
B
Explanation:
Forward secrecy (also known as perfect forward secrecy, PFS) ensures that session keys used in a VPN tunnel are ephemeral, meaning that even if an attacker compromises a long-term private key, past sessions cannot be decrypted. According to the CompTIA SecurityX CAS-005 study guide (Domain 3: Cybersecurity Technology, 3.1), enabling forward secrecy on VPN tunnels reduces the risk of cryptanalysis by ensuring that each session’s encryption key is unique and not derived from a single compromised key. This directly mitigates the impact of attacks like key theft or future decryption attempts.
Option A: Forward secrecy is not required for hardware-accelerated cryptography, which depends on processor capabilities, not key management.
Option C: While confidentiality is important, this is too vague and does not specifically explain why forward secrecy is chosen.
Option D: Modern protocols (e.g., TLS 1.3, IPsec with ECDHE) support forward secrecy but do not mandate it as a prerequisite for use.
Option B: This is the most precise, as forward secrecy directly reduces the success of cryptanalysis by limiting the scope of key compromise.
Reference: CompTIA SecurityX CAS-005 Official Study Guide, Domain 3: Cybersecurity Technology, Section 3.1:
"Explain cryptographic techniques, including perfect forward secrecy."
CAS-005 Exam Objectives, 3.1: "Evaluate the impact of cryptographic configurations on security."
B
Explanation:
Forward secrecy (also known as perfect forward secrecy, PFS) ensures that session keys used in a VPN tunnel are ephemeral, meaning that even if an attacker compromises a long-term private key, past sessions cannot be decrypted. According to the CompTIA SecurityX CAS-005 study guide (Domain 3: Cybersecurity Technology, 3.1), enabling forward secrecy on VPN tunnels reduces the risk of cryptanalysis by ensuring that each session’s encryption key is unique and not derived from a single compromised key. This directly mitigates the impact of attacks like key theft or future decryption attempts.
Option A: Forward secrecy is not required for hardware-accelerated cryptography, which depends on processor capabilities, not key management.
Option C: While confidentiality is important, this is too vague and does not specifically explain why forward secrecy is chosen.
Option D: Modern protocols (e.g., TLS 1.3, IPsec with ECDHE) support forward secrecy but do not mandate it as a prerequisite for use.
Option B: This is the most precise, as forward secrecy directly reduces the success of cryptanalysis by limiting the scope of key compromise.
Reference: CompTIA SecurityX CAS-005 Official Study Guide, Domain 3: Cybersecurity Technology, Section 3.1:
"Explain cryptographic techniques, including perfect forward secrecy."
CAS-005 Exam Objectives, 3.1: "Evaluate the impact of cryptographic configurations on security."
Question #75
A company wants to invest in research capabilities with the goal to operationalize the research output.
Which of the following is the best option for a security architect to recommend?
- A . Dark web monitoring
- B . Threat intelligence platform
- C . Honeypots
- D . Continuous adversary emulation
Correct Answer: B
B
Explanation:
Investing in a threat intelligence platform is the best option for a company looking to operationalize research output. A threat intelligence platform helps in collecting, processing, and analyzing threat data to provide actionable insights. These platforms integrate data from various sources, including dark web monitoring, honeypots, and other security tools, to offer a comprehensive view of the threat landscape.
Why a Threat Intelligence Platform?
Data Integration: It consolidates data from multiple sources, including dark web monitoring and honeypots, making it easier to analyze and derive actionable insights.
Actionable Insights: Provides real-time alerts and reports on potential threats, helping the organization take proactive measures.
Operational Efficiency: Streamlines the process of threat detection and response, allowing the security team to focus on critical issues.
Research and Development: Facilitates the operationalization of research output by providing a platform for continuous monitoring and analysis of emerging threats.
Other options, while valuable, do not offer the same level of integration and operationalization capabilities:
B
Explanation:
Investing in a threat intelligence platform is the best option for a company looking to operationalize research output. A threat intelligence platform helps in collecting, processing, and analyzing threat data to provide actionable insights. These platforms integrate data from various sources, including dark web monitoring, honeypots, and other security tools, to offer a comprehensive view of the threat landscape.
Why a Threat Intelligence Platform?
Data Integration: It consolidates data from multiple sources, including dark web monitoring and honeypots, making it easier to analyze and derive actionable insights.
Actionable Insights: Provides real-time alerts and reports on potential threats, helping the organization take proactive measures.
Operational Efficiency: Streamlines the process of threat detection and response, allowing the security team to focus on critical issues.
Research and Development: Facilitates the operationalization of research output by providing a platform for continuous monitoring and analysis of emerging threats.
Other options, while valuable, do not offer the same level of integration and operationalization capabilities:
Question #76
A security engineer wants to improve the security of an application as part of the development pipeline. The engineer reviews the following component of an internally developed web application that allows employees to manipulate documents from a number of internal servers: response = requests.get(url)
Users can specify the document to be parsed by passing the document URL to the application as a parameter.
Which of the following is the best solution?
- A . Indexing
- B . Output encoding
- C . Code scanner
- D . Penetration testing
Correct Answer: C
C
Explanation:
The application allows users to input URLs, which the application then fetches using requests.get(url). This functionality can be exploited if not properly validated, leading to potential security vulnerabilities such as Server-Side Request Forgery (SSRF).
Implementing a code scanner as part of the development pipeline can help identify insecure coding practices, such as unsanitized user inputs and improper handling of external requests. Code scanners analyze the source code for known vulnerabilities and coding errors, enabling developers to remediate issues before deployment.
Reference: CompTIA SecurityX CAS-005 Exam Objectives, Domain 2.2: "Given a scenario, implement security in the early stages of the systems life cycle and throughout subsequent stages."
C
Explanation:
The application allows users to input URLs, which the application then fetches using requests.get(url). This functionality can be exploited if not properly validated, leading to potential security vulnerabilities such as Server-Side Request Forgery (SSRF).
Implementing a code scanner as part of the development pipeline can help identify insecure coding practices, such as unsanitized user inputs and improper handling of external requests. Code scanners analyze the source code for known vulnerabilities and coding errors, enabling developers to remediate issues before deployment.
Reference: CompTIA SecurityX CAS-005 Exam Objectives, Domain 2.2: "Given a scenario, implement security in the early stages of the systems life cycle and throughout subsequent stages."
Question #77
A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password.
Which of the following models should the company implement to b«st solve this issue?
- A . Rule based
- B . Time-based
- C . Role based
- D . Context-based
Correct Answer: D
D
Explanation:
Context-based authentication enhances traditional security methods by incorporating additional layers of information about the user’s current environment and behavior. This can include factors such as the user’s location, the time of access, the device used, and the behavior patterns. It is particularly useful in preventing unauthorized access even if an attacker has obtained a valid password.
Rule-based (A) focuses on predefined rules and is less flexible in adapting to dynamic threats. Time-based (B) authentication considers the time factor but doesn’t provide comprehensive protection against stolen credentials.
Role-based (C) is more about access control based on the user’s role within the organization rather than authenticating the user based on current context.
By implementing context-based authentication, the company can ensure that even if a password is
compromised, the additional contextual factors required for access (which an attacker is unlikely to
possess) provide a robust defense mechanism.
Reference: CompTIA SecurityX guide on authentication models and best practices.
NIST guidelines on authentication and identity proofing.
Analysis of multi-factor and adaptive authentication techniques.
D
Explanation:
Context-based authentication enhances traditional security methods by incorporating additional layers of information about the user’s current environment and behavior. This can include factors such as the user’s location, the time of access, the device used, and the behavior patterns. It is particularly useful in preventing unauthorized access even if an attacker has obtained a valid password.
Rule-based (A) focuses on predefined rules and is less flexible in adapting to dynamic threats. Time-based (B) authentication considers the time factor but doesn’t provide comprehensive protection against stolen credentials.
Role-based (C) is more about access control based on the user’s role within the organization rather than authenticating the user based on current context.
By implementing context-based authentication, the company can ensure that even if a password is
compromised, the additional contextual factors required for access (which an attacker is unlikely to
possess) provide a robust defense mechanism.
Reference: CompTIA SecurityX guide on authentication models and best practices.
NIST guidelines on authentication and identity proofing.
Analysis of multi-factor and adaptive authentication techniques.
Question #78
An organization is required to
* Respond to internal and external inquiries in a timely manner
* Provide transparency.
* Comply with regulatory requirements
The organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future.
Which of the following is the best way for the organization to prepare?
- A . Outsourcing the handling of necessary regulatory filing to an external consultant
- B . Integrating automated response mechanisms into the data subject access request process
- C . Developing communication templates that have been vetted by internal and external counsel
- D . Conducting lessons-learned activities and integrating observations into the crisis management plan
Correct Answer: C
C
Explanation:
Preparing communication templates that have been vetted by both internal and external counsel ensures that the organization can respond quickly and effectively to internal and external inquiries, comply with regulatory requirements, and provide transparency in the event of a breach.
Why Communication Templates?
Timely Response: Pre-prepared templates ensure that responses are ready to be deployed quickly, reducing response time.
Regulatory Compliance: Templates vetted by counsel ensure that all communications meet legal and regulatory requirements.
Consistent Messaging: Ensures that all responses are consistent, clear, and accurate, maintaining the organization’s credibility.
Crisis Management: Pre-prepared templates are a critical component of a broader crisis management plan, ensuring that all stakeholders are informed appropriately.
Other options, while useful, do not provide the same level of preparedness and compliance:
C
Explanation:
Preparing communication templates that have been vetted by both internal and external counsel ensures that the organization can respond quickly and effectively to internal and external inquiries, comply with regulatory requirements, and provide transparency in the event of a breach.
Why Communication Templates?
Timely Response: Pre-prepared templates ensure that responses are ready to be deployed quickly, reducing response time.
Regulatory Compliance: Templates vetted by counsel ensure that all communications meet legal and regulatory requirements.
Consistent Messaging: Ensures that all responses are consistent, clear, and accurate, maintaining the organization’s credibility.
Crisis Management: Pre-prepared templates are a critical component of a broader crisis management plan, ensuring that all stakeholders are informed appropriately.
Other options, while useful, do not provide the same level of preparedness and compliance:
Question #79
An organization recently implemented a purchasing freeze that has impacted endpoint life-cycle management efforts.
Which of the following should a security manager do to reduce risk without replacing the endpoints?
- A . Remove unneeded services
- B . Deploy EDR
- C . Dispose of end-of-support devices
- D . Reimage the system
Correct Answer: A
A
Explanation:
Removing unnecessary services from existing endpoints reduces the attack surface by minimizing the number of potential vulnerabilities attackers could exploit. This is a cost-effective method to harden devices without requiring new purchases, aligning perfectly with a purchasing freeze. Deploying new EDR solutions or disposing of devices would likely conflict with the resource freeze, and reimaging systems does not address minimizing services proactively.
Reference: CompTIA SecurityX CAS-005, Domain 3.0: Implement endpoint security controls and hardening techniques.
A
Explanation:
Removing unnecessary services from existing endpoints reduces the attack surface by minimizing the number of potential vulnerabilities attackers could exploit. This is a cost-effective method to harden devices without requiring new purchases, aligning perfectly with a purchasing freeze. Deploying new EDR solutions or disposing of devices would likely conflict with the resource freeze, and reimaging systems does not address minimizing services proactively.
Reference: CompTIA SecurityX CAS-005, Domain 3.0: Implement endpoint security controls and hardening techniques.
Question #80
Users are willing passwords on paper because of the number of passwords needed in an environment.
Which of the following solutions is the best way to manage this situation and decrease risks?
- A . Increasing password complexity to require 31 least 16 characters
- B . implementing an SSO solution and integrating with applications
- C . Requiring users to use an open-source password manager
- D . Implementing an MFA solution to avoid reliance only on passwords
Correct Answer: B
B
Explanation:
Implementing a Single Sign-On (SSO) solution and integrating it with applications is the best way to manage the situation and decrease risks.
Here’s why:
Reduced Password Fatigue: SSO allows users to log in once and gain access to multiple applications and systems without needing to remember and manage multiple passwords. This reduces the likelihood of users writing down passwords.
Improved Security: By reducing the number of passwords users need to manage, SSO decreases the attack surface and potential for password-related security breaches. It also allows for the implementation of stronger authentication methods.
User Convenience: SSO improves the user experience by simplifying the login process, which can lead to higher productivity and satisfaction.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle
Management
OWASP Authentication Cheat Sheet
B
Explanation:
Implementing a Single Sign-On (SSO) solution and integrating it with applications is the best way to manage the situation and decrease risks.
Here’s why:
Reduced Password Fatigue: SSO allows users to log in once and gain access to multiple applications and systems without needing to remember and manage multiple passwords. This reduces the likelihood of users writing down passwords.
Improved Security: By reducing the number of passwords users need to manage, SSO decreases the attack surface and potential for password-related security breaches. It also allows for the implementation of stronger authentication methods.
User Convenience: SSO improves the user experience by simplifying the login process, which can lead to higher productivity and satisfaction.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-63B: Digital Identity Guidelines – Authentication and Lifecycle
Management
OWASP Authentication Cheat Sheet