[2025] New CAS-005 exam Free Sample Questions to Practice
Cover Real CAS-005 Exam Questions Make Sure You 100% Pass
CompTIA CAS-005 Exam Syllabus Topics:
| Topic | Details |
|---|---|
| Topic 1 |
|
| Topic 2 |
|
| Topic 3 |
|
| Topic 4 |
|
NEW QUESTION # 113
An organization mat performs real-time financial processing is implementing a new backup solution Given the following business requirements?
* The backup solution must reduce the risk for potential backup compromise
* The backup solution must be resilient to a ransomware attack.
* The time to restore from backups is less important than the backup data integrity
* Multiple copies of production data must be maintained
Which of the following backup strategies best meets these requirement?
- A. Creating a secondary, immutable storage array and updating it with live data on a continuous basis
- B. Setting up antitempering on the databases to ensure data cannot be changed unintentionally
- C. Utilizing two connected storage arrays and ensuring the arrays constantly sync
- D. Enabling remote journaling on the databases to ensure real-time transactions are mirrored
Answer: A
Explanation:
* A. Creating a secondary, immutable storage array and updating it with live data on a continuous basis: An immutable storage array ensures that data, once written, cannot be altered or deleted. This greatly reduces the risk of backup compromise and provides resilience against ransomware attacks, as the ransomware cannot modify or delete the backup data. Maintaining multiple copies of production data with an immutable storage solution ensures data integrity and compliance with the requirement for multiple copies.
Other options:
* B. Utilizing two connected storage arrays and ensuring the arrays constantly sync: While this ensures data redundancy, it does not provide protection against ransomware attacks, as both arrays could be compromised simultaneously.
* C. Enabling remote journaling on the databases: This ensures real-time transaction mirroring but does not address the requirement for reducing the risk of backup compromise or resilience to ransomware.
* D. Setting up anti-tampering on the databases: While this helps ensure data integrity, it does not provide a comprehensive backup solution that meets all the specified requirements.
References:
* CompTIA Security+ Study Guide
* NIST SP 800-209, "Security Guidelines for Storage Infrastructure"
* "Immutable Backup Architecture" by Veeam
NEW QUESTION # 114
A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?
- A. Threat intelligence platform
- B. Honeypots
- C. Continuous adversary emulation
- D. Dark web monitoring
Answer: A
Explanation:
Investing in a threat intelligence platform is the best option for a company looking to operationalize research output. A threat intelligence platform helps in collecting, processing, and analyzing threat data to provide actionable insights. These platforms integrate data from various sources, including dark web monitoring, honeypots, and other security tools, to offer a comprehensive view of the threat landscape.
NEW QUESTION # 115
A company implemented a new NAC solution based on 802.1X. However, the IT support team notices that some devices are not being enrolled in the new policies, causing access disruptions for key users. Which of the following solutions will most likely solve this issue and prevent reoccurrence?
- A. Check whether the certificate is signed by a certification authority and manually deployed to each device.
- B. Check all the devices without proper access, enrolling them via the solution agent and authenticating to the network.
- C. Include the monitoring agent and digital certificate as part of the patching/updating program, keeping all the corporate devices updated and enrolled.
- D. Implement default credentials to automate RADIUS authentication and grant access to the network if the device owner is an employee.
Answer: B
NEW QUESTION # 116
A company that relies on an COL system must keep it operating until a new solution is available Which of the following is the most secure way to meet this goal?
- A. Placing the system in a screened subnet and blocking access from internal resources
- B. Restricting system access to perform necessary maintenance by the IT team
- C. Enforcing strong credentials and improving monitoring capabilities
- D. Isolating the system and enforcing firewall rules to allow access to only required endpoints
Answer: D
Explanation:
To ensure the most secure way of keeping a legacy system (COL) operating until a new solution is available, isolating the system and enforcing strict firewall rules is the best approach. This method minimizes the attack surface by restricting access to only the necessary endpoints, thereby reducing the risk of unauthorized access and potential security breaches. Isolating the system ensures that it is not exposed to the broader network, while firewall rules control the traffic that can reach the system, providing a secure environment until a replacement is implemented.
References:
* CompTIA SecurityX Study Guide: Recommends network isolation and firewall rules as effective measures for securing legacy systems.
* NIST Special Publication 800-82, "Guide to Industrial Control Systems (ICS) Security": Advises on isolating critical systems and using firewalls to control access.
* "Network Security Assessment" by Chris McNab: Discusses techniques for isolating systems and enforcing firewall rules to protect vulnerable or legacy systems.
By isolating the system and implementing strict firewall controls, the organization can maintain the necessary operations securely while working on deploying a new solution.
NEW QUESTION # 117
A vulnerability can on a web server identified the following:
Which of the following actions would most likely eliminate on path decryption attacks? (Select two).
- A. Implementing HIPS rules to identify and block BEAST attack attempts
- B. Increasing the key length to 256 for TLS_RSA_WITH_AES_128_CBC_SHA
- C. Disallowing cipher suites that use ephemeral modes of operation for key agreement
- D. Removing support for CBC-based key exchange and signing algorithms
- E. Adding TLS_ECDHE_ECDSA_WITH_AE3_256_GCMS_HA256
- F. Restricting cipher suites to only allow TLS_RSA_WITH_AES_128_CBC_SHA
Answer: D,E
Explanation:
On-path decryption attacks, such as BEAST (Browser Exploit Against SSL/TLS) and other related vulnerabilities, often exploit weaknesses in the implementation of CBC (Cipher Block Chaining) mode. To mitigate these attacks, the following actions are recommended:
Removing support for CBC-based key exchange and signing algorithms: CBC mode is vulnerable to certain attacks like BEAST. By removing support for CBC-based ciphers, you can eliminate one of the primary vectors for these attacks. Instead, use modern cipher modes like GCM (Galois/Counter Mode) which offer better security properties.
Adding TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA256: This cipher suite uses Elliptic Curve Diffie-Hellman Ephemeral (ECDHE) for key exchange, which provides perfect forward secrecy. It also uses AES in GCM mode, which is not susceptible to the same attacks as CBC.
SHA-256 is a strong hash function that ensures data integrity.
NEW QUESTION # 118
A security analyst is assessing a new application written in Java. The security analyst must determine which vulnerabilities exist during runtime. Which of the following would provide the most exhaustive list of vulnerabilities while meeting the objective?
- A. Input validation
- B. Side-channel analysis
- C. Dynamic analysis
- D. Fuzz testing
- E. Static analysis
Answer: C
Explanation:
Dynamic analysis involves testing the application while it is running to identify vulnerabilities present during execution, providing the most exhaustive runtime vulnerability detection. Input validation is a specific security control, not a method for exhaustive testing. Side-channel analysis examines unintended information leakage but does not comprehensively assess runtime vulnerabilities.
Fuzz testing is a specific technique within dynamic analysis but does not ensure exhaustive coverage. Static analysis examines code without execution, missing runtime-specific vulnerabilities.
NEW QUESTION # 119
A company wants to use loT devices to manage and monitor thermostats at all facilities The thermostats must receive vendor security updates and limit access to other devices within the organization Which of the following best addresses the company's requirements''
- A. Only allowing operation for loT devices during a specified time window
- B. Operating lot devices on a separate network with no access to other devices internally
- C. Only allowing Internet access to a set of specific domains
- D. Configuring IoT devices to always allow automatic updates
Answer: B
Explanation:
The best approach for managing and monitoring IoT devices, such as thermostats, is to operate them on a separate network with no access to other internal devices. This segmentation ensures that the IoT devices are isolated from the main network, reducing the risk of potential security breaches affecting other critical systems. Additionally, this setup allows for secure vendor updates without exposing the broader network to potential vulnerabilities inherent in IoT devices.
References:
* CompTIA SecurityX Study Guide: Recommends network segmentation for IoT devices to minimize security risks.
* NIST Special Publication 800-183, "Network of Things": Advises on the isolation of IoT devices to enhance security.
* "Practical IoT Security" by Brian Russell and Drew Van Duren: Discusses best practices for securing IoT devices, including network segmentation.
NEW QUESTION # 120
A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:
Which of the following is the most appropriate action for the analyst to take?
- A. Update the log configuration settings on the directory server that Is not being captured properly.
- B. Have the admin account owner change their password to avoid credential stuffing.
- C. Block employees from logging in to applications that are not part of their business area.
- D. implement automation to disable accounts that nave been associated with high-risk activity.
Answer: D
Explanation:
The log-in activity indicates a security threat, particularly involving the ADMIN account with a high- risk failure status. This suggests that the account may be targeted by malicious activities such as credential stuffing or brute force attacks.
NEW QUESTION # 121
A threat intelligence company's business objective is to allow customers to integrate data directly to different TIPs through an API. The following additional requirements must also be met:
- Reduce compute spend as much as possible.
- Ensure availability for all users.
- Reduce the potential attack surface.
- Ensure the integrity of the data provided.
Which of the following best meets the requirements?
- A. Providing a hash of all data that is made available
- B. Configuring a unique API secret key for accounts
- C. Publishing a list of IOCs on a public directory
- D. Implementing rate limiting for each registered user
Answer: D
NEW QUESTION # 122
A security audit of a company's application finds that customer account passwords are manually set and never expire. The company wants to fix the password issue on a minimal budget within
30 days while minimizing the impact to customers. Which of the following should the company do?
- A. Configure a privilege access management solution.
- B. Contact each user to reset their password.
- C. Migrate authentication methods to allow for OAuth 2.
- D. Implement a self-service credential reset portal.
Answer: D
NEW QUESTION # 123
After remote desktop capabilities were deployed in the environment, various vulnerabilities were noticed.
- Exfiltration of intellectual property
- Unencrypted files
- Weak user passwords
Which of the following is the best way to mitigate these vulnerabilities? (Select two).
- A. Implementing a CMDB platform
- B. Deploying file integrity monitoring
- C. Implementing data loss prevention
- D. Implementing a version control system
- E. Deploying directory-based group policies
- F. Enabling modem authentication that supports MFA
- G. Restricting access to critical file services only
Answer: C,F
Explanation:
To mitigate the identified vulnerabilities, the following solutions are most appropriate:
Implementing data loss prevention (DLP): DLP solutions help prevent the unauthorized transfer of data outside the organization. This directly addresses the exfiltration of intellectual property by monitoring, detecting, and blocking sensitive data transfers.
Enabling modern authentication that supports Multi-Factor Authentication (MFA): This significantly enhances security by requiring additional verification methods beyond just passwords. It addresses the issue of weak user passwords by making it much harder for unauthorized users to gain access, even if they obtain the password.
NEW QUESTION # 124
An organization with a remote workforce has a new client with the following requirements:
- Consultants need to travel to the client site.
- The company has proprietary information on its hard drives.
- The company prohibits BYOD.
Which of the following would be the most beneficial for the organization to implement?
- A. Measured boot
- B. Secure enclave
- C. Host-based encryption
- D. Virtual hardware
Answer: C
NEW QUESTION # 125
A security engineer wants to reduce the attack surface of a public-facing containerized application Which of the following will best reduce the application's privilege escalation attack surface?
- A. Designing a muiticontainer solution, with one set of containers that runs the mam application, and another set oi containers that perform automatic remediation by replacing compromised containers or disabling compromised accounts
- B. Implementing the following commands in the Dockerfile:
RUN echo user:x:1000:1000iuser:/home/user:/dew/null > /ete/passwd - C. Running the container in an isolated network and placing a load balancer in a public-facing network.Adding the following ACL to the load balancer:PZRKZI HTTES from 0-0.0.0.0/0 pert 443
- D. Installing an EDR on the container's host with reporting configured to log to a centralized SIFM and Implementing the following alerting rules TF PBOCESS_USEB=rooC ALERT_TYPE=critical
Answer: B
Explanation:
Implementing the given commands in the Dockerfile ensures that the container runs with non-root user privileges. Running applications as a non-root user reduces the risk of privilege escalation attacks because even if an attacker compromises the application, they would have limited privileges and would not be able to perform actions that require root access.
* A. Implementing the following commands in the Dockerfile: This directly addresses the privilege escalation attack surface by ensuring the application does not run with elevated privileges.
* B. Installing an EDR on the container's host: While useful for detecting threats, this does not reduce the privilege escalation attack surface within the containerized application.
* C. Designing a multi-container solution: While beneficial for modularity and remediation, it does not specifically address privilege escalation.
* D. Running the container in an isolated network: This improves network security but does not directly reduce the privilege escalation attack surface.
References:
* CompTIA Security+ Study Guide
* Docker documentation on security best practices
* NIST SP 800-190, "Application Container Security Guide"
NEW QUESTION # 126
A security architect is establishing requirements to design resilience in un enterprise system trial will be extended to other physical locations. The system must:
- Be survivable to one environmental catastrophe
- Re recoverable within 24 hours of critical loss of availability
- Be resilient to active exploitation of one site-to-site VPN solution
- A. Lease space to establish cold sites throughout other countries
- B. Allocate fully redundant and geographically distributed standby sites.
- C. Load-balance connection attempts and data Ingress at internet gateways
- D. Implement full weekly backups to be stored off-site for each of the company's sites
- E. Employ layering of routers from diverse vendors
- F. Use orchestration to procure, provision, and transfer application workloads lo cloud services
Answer: B
Explanation:
To design resilience in an enterprise system that can survive environmental catastrophes, recover within 24 hours, and be resilient to active exploitation, the best strategy is to allocate fully redundant and geographically distributed standby sites.
Geographical Redundancy: Having geographically distributed standby sites ensures that if one site is affected by an environmental catastrophe, the other sites can take over, providing continuity of operations.
Full Redundancy: Fully redundant sites mean that all critical systems and data are replicated, enabling quick recovery in the event of a critical loss of availability.
Resilience to Exploitation: Distributing resources across multiple sites reduces the risk of a single point of failure and increases resilience against targeted attacks.
NEW QUESTION # 127
A security analyst is reviewing the following event timeline from an COR solution:
Which of the following most likely has occurred and needs to be fixed?
- A. A potential insider threat is being investigated and will be addressed by the senior management team.
- B. A logic law has introduced a TOCTOU vulnerability and must be addressed by the COR vendor
- C. An EDR bypass was utilized by a threat actor and updates must be installed by the administrator.
- D. The DlP has failed to block malicious exfiltration and data tagging is not being utilized property
Answer: B
Explanation:
The event timeline indicates a sequence where a file (hr-reporting.docx) was saved, scanned, executed, and eventually found to contain malware. The critical issue here is that the malware scan completed after the file was already executed. This suggests a Time-Of-Check to Time-Of- Use (TOCTOU) vulnerability, where the state of the file changed between the time it was checked and the time it was used.
NEW QUESTION # 128
A security analyst reviews network logs and notices a large number of domain name queries originating from an internal server for an unknown domain, similar to the following:
2736287327321782.hgQ43jsi23-y.com
0357320932922C91.hgQ43jsu23Ty.com
4042301801399103.hgQ43jsu23Ly.com
Which of the following should the analyst do next?
- A. Reconfigure the server's DNS settings.
- B. Check for data exfiltration.
- C. Browse for a website on the requested domain.
- D. Add the host names to a block list.
Answer: B
Explanation:
A high volume of DNS queries to unknown domains may indicate domain generation algorithm (DGA) activity associated with malware.
Checking for data exfiltration is the next logical step to determine if sensitive data is being leaked to these domains.
Reconfiguring DNS settings, browsing unknown domains, or blocking the domains are reactive steps that do not address the root cause.
NEW QUESTION # 129
A security engineer wants to enhance the security posture of end-user systems in a zero trust environment. Given the following requirements:
- Reduce the ability for potentially compromised endpoints to contact
C2 infrastructure.
- Track the requests that the malware makes to the IPs.
- Avoid the download of additional payloads.
Which of the following should the engineer deploy to meet these requirements?
- A. Browser isolation
- B. Zone transfer protection
- C. HIDS
- D. DNS sinkholing
Answer: D
NEW QUESTION # 130
Which of the following best explains why AI output could be inaccurate?
- A. Model poisoning
- B. Output handling
- C. Prompt injections
- D. Social engineering
Answer: A
NEW QUESTION # 131
......
Real CAS-005 Quesions Pass Certification Exams Easily: https://www.actualtests4sure.com/CAS-005-test-questions.html
CAS-005 dumps Accurate Questions and Answers with Free: https://drive.google.com/open?id=1Tx5Qpk_9BouBFOM0p5pZud8suykNP0aR
