CompTIA CAS-005 Online Practice Questions and Exam Preparation

CompTIA CAS-005 Online Questions & Answers

• Question 141:

  A cloud engineer needs to identify appropriate solutions to:

  1.Provide secure access to internal and external cloud resources.

  2.Eliminate split-tunnel traffic flows.

  3.Enable identity and access management capabilities.

  Which of the following solutions arc the most appropriate? (Select two).

  A. Federation
  B. Microsegmentation
  C. CASB
  D. PAM
  E. SD-WAN
  F. SASE
  C. CASB
  F. SASE

  ---

  Explanation

  To provide secure access to internal and external cloud resources, eliminate split-tunnel traffic flows, and enable identity and access management capabilities, the most appropriate solutions are CASB (Cloud Access Security Broker) and

  SASE (Secure Access Service Edge).

  Why CASB and SASE?

  CASB (Cloud Access Security Broker):

  SASE (Secure Access Service Edge):

  Other options, while useful, do not comprehensively address all the requirements:

  A. Federation: Useful for identity management but does not eliminate split-tunnel traffic or provide comprehensive security.

  B. Microsegmentation: Enhances security within the network but does not directly address secure access to cloud resources or split-tunnel traffic.

  D. PAM (Privileged Access Management): Focuses on managing privileged accounts and does not provide comprehensive access control for internal and external resources.

  E. SD-WAN: Enhances WAN performance but does not inherently provide the identity and access management capabilities or eliminate split-tunnel traffic.

  References: CompTIA SecurityX Study Guide "CASB: Cloud Access Security Broker," Gartner Research

• Question 142:

  An organization recently acquired another company that is running a different EDR solution. A SOC analyst wants to automate the isolation of endpoints that are found to be compromised. Which of the following workflows best mitigates the risk of false positives and reduces the spread of malicious code?

  A. Using a SOAR solution to look up entities via a TIP platform and isolate endpoints via APIs
  B. Setting a policy on each EDR management console to isolate all endpoints that trigger any alerts
  C. Reviewing all alerts manually in the various portals and taking action to isolate them
  D. Automating the suppression of all alerts that are not critical and sending an email asking SOC analysts to review these alerts
  A. Using a SOAR solution to look up entities via a TIP platform and isolate endpoints via APIs

  ---

  Explanation

• Question 143:

  During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server Given the following portion of the code:

  

  Which of the following best describes this incident?

  A. XSRF attack
  B. Command injection
  C. Stored XSS
  D. SQL injection
  C. Stored XSS

  ---

  Explanation

  The provided code snippet shows a script that captures the user's cookies and sends them to a remote server. This type of attack is characteristic of Cross-Site Scripting (XSS), specifically stored XSS, where the malicious script is stored on the target server (e.g., in a database) and executed in the context of users who visit the infected web page. A. XSRF (Cross-Site Request Forgery) attack: This involves tricking the user into performing actions on a different site without their knowledge but does not involve stealing cookies via script injection.

  B. Command injection: This involves executing arbitrary commands on the host operating system, which is not relevant to the given JavaScript code.

  C. Stored XSS: The provided code snippet matches the pattern of a stored XSS attack,

  where the script is injected into a web page, and when users visit the page, the script executes and sends the user's cookies to the attacker's server.

  D. SQL injection: This involves injecting malicious SQL queries into the database and is

  unrelated to the given JavaScript code.

  References:

  CompTIA Security+ Study Guide

  OWASP (Open Web Application Security Project) guidelines on XSS "The Web Application Hacker's Handbook" by Dafydd Stuttard and Marcus Pinto

• Question 144:

  As part of a security audit in the software development life cycle, a product manager must demonstrate and provide evidence of a complete representation of the code and modules used within the production-deployed application prior to the build. Which of the following best provides the required evidence?

  A. Software composition analysis
  B. Runtime application inspection
  C. Static application security testing
  D. Interactive application security testing
  A. Software composition analysis

  ---

  Explanation

  Software Composition Analysis (SCA) is the best method for identifying all components, dependencies, and open-source libraries used in an application. It ensures that organizations track and manage vulnerabilities in third-party code before

  deployment.

  SCA tools generate a Software Bill of Materials (SBOM), which provides a full representation of the code and modules used in the application.

  Other options:

  Static Application Security Testing (SAST) (C) checks for vulnerabilities but does not map dependencies.

  Interactive Application Security Testing (IAST) (D) works at runtime, not before deployment.

  Runtime Application Self-Protection (RASP) (B) works while the application is running.

• Question 145:

  A security engineer wants to propose an MDM solution to mitigate certain risks. The MDM solution should meet the following requirements:

  Mobile devices should be disabled if they leave the trusted zone.

  If the mobile device is lost, data is not accessible.

  Which of the following options should the security engineer enable on the MDM solution? (Select two).

  A. Geofencing
  B. Patch management
  C. Containerization
  D. Full disk encryption
  E. Allow/blocklist
  F. Geotagging
  A. Geofencing
  D. Full disk encryption

  ---

  Explanation

  Geofencing allows the device to be restricted based on its physical location -- disabling or locking devices when they move outside of trusted zones.Full disk encryptionensures that if a device is lost, the data remains inaccessible to

  unauthorized users. Containerization protects specific apps or data, but does not disable the entire device. Patch management, allow/blocklists, and geotagging serve other important functions but are not directly linked to the requirements in

  this scenario.

  CompTIA SecurityX CAS-005, Domain 3.0: Implement mobile device security, including encryption and location-based access controls like geofencing.

• Question 146:

  A security analyst is reviewing the following authentication logs: Which of the following should the analyst do first?

  

  A. Disable User2's account
  B. Disable User12's account
  C. Disable User8's account
  D. Disable User1's account
  D. Disable User1's account

  ---

  Explanation

  Based on the provided authentication logs, we observe that User1's account experienced multiple failed login attempts within a very short time span (at 8:01:23 AM on 12/15). This pattern indicates a potential brute-force attack or an attempt

  to gain unauthorized access. Here's a breakdown of why disabling User1's account is the appropriate first step:

  Failed Login Attempts: The logs show that User1 had four consecutive failed login attempts:

  Security Protocols and Best Practices: According to CompTIA Security+ guidelines, multiple failed login attempts within a short timeframe should trigger an immediate response to prevent further potential unauthorized access attempts. This

  typically involves temporarily disabling the account to stop ongoing brute- force attacks.

  Account Lockout Policy: Implementing an account lockout policy is a standard practice to thwart brute-force attacks. Disabling User1's account will align with these best practices and prevent further failed attempts, which might lead to

  successful unauthorized access if not addressed.

  References:

  By addressing User1's account first, we effectively mitigate the immediate threat of a brute- force attack, ensuring that further investigation can be conducted without the risk of unauthorized access continuing during the investigation period.

• Question 147:

  SIMULATION

  You are tasked with integrating a new B2B client application with an existing OAuth workflow that must meet the following requirements:

  1. The application does not need to know the users' credentials.

  2. An approval interaction between the users and the HTTP service must be orchestrated.

  3. The application must have limited access to users' data.

  INSTRUCTIONS

  Use the drop-down menus to select the action items for the appropriate locations. All placeholders must be filled.

  

  A. See the complete solution below in Explanation.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the complete solution below in Explanation.

  ---

  Explanation

  Select the Action Items for the Appropriate Locations:

  Authorization Server:

  Resource Server:

  B2B Client Application:

  Detailed Explanation:

  OAuth 2.0 is designed to provide specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. The integration involves multiple steps and components, including:

  Resource Owner (User):

  Client Application (B2B Client Application):

  Authorization Server:

  Resource Server:

  OAuth Workflow:

  The resource owner accesses the client application. The client application redirects the resource owner to the authorization server for authentication.

  The authorization server authenticates the resource owner and asks for consent to grant access to the client application.

  Upon consent, the authorization server issues an authorization code or token to the client application.

  The client application uses the authorization code or token to request access to the resources from the resource server.

  The resource server verifies the token with the authorization server and, if valid, grants access to the requested resources.

  References:

  CompTIA Security+ Study Guide: Provides comprehensive information on various authentication and authorization protocols, including OAuth. OAuth 2.0 Authorization Framework (RFC 6749): The official documentation detailing the OAuth

  2.0 framework, its flows, and components. OAuth 2.0 Simplified: A book by Aaron Parecki that provides a detailed yet easy- to-understand explanation of the OAuth 2.0 protocol. By ensuring that each component in the OAuth workflow performs its designated role, the B2B client application can securely access the necessary resources without compromising user credentials, adhering to the principle of least privilege.

• Question 148:

  Based on the results of a SAST report on a legacy application, a security engineer is reviewing the following snippet of code flagged as vulnerable: Which of the following is the vulnerable line of code that must be changed?

  [01] #include

  [02] #include

  [03] ...

  [04] char input[256] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA";

  [05] ...

  [06] char transmit[20] = "0000";

  [07] char *ret_xmit;

  [08] printf("To be submitted: \"%s\"\n", input);

  [09] result in ret_xmit

  [10] ret_xmit = strcpy(transmit, input);

  [11] return 0;

  [12] }

  [13]

  A. Line (02]
  B. Line [04]
  C. Line [07]
  D. Line 108]
  E. Line [10]
  E. Line [10]

  ---

  The vulnerability lies in line [10], where the function strcpy(transmit, input) is used. The strcpy function does not perform boundary checking when copying strings. Since input is defined with a size of 256 characters and transmit only has 20 characters allocated, the strcpy operation will cause a buffer overflow when the contents of input exceed the allocated size of transmit. This creates a significant security vulnerability, as attackers can overwrite adjacent memory, potentially injecting malicious code or

  altering program execution.

  Lines [02], [04], [07], and [08] are not inherently vulnerable by themselves. Line [04] defines the oversized input, but the vulnerability only materializes when combined with the unsafe copy in line [10]. Secure coding practices recommend using safer alternatives like strncpy, which includes a length parameter, or implementing runtime checks to ensure the destination buffer size is not exceeded.

  Thus, the vulnerable line that must be changed is line [10], where strcpy is used.

• Question 149:

  A company would like to move its payment card data to a cloud provider. Which of the following solutions will best protect account numbers from unauthorized disclosure?

  A. Storing the data in an encoded file
  B. Implementing database encryption at rest
  C. Only storing tokenized card data
  D. Implementing data field masking
  C. Only storing tokenized card data

  ---

  Explanation

  Tokenization: Tokenization replaces sensitive payment card data with a non-sensitive token that has no meaningful value outside the specific context of the tokenization system. This method ensures that even if the

• Question 150:

  An organization currently has IDS, firewall, and DLP systems in place. The systems administrator needs to integrate the tools in the environment to reduce response time. Which of the following should the administrator use?

  A. SOAR
  B. CWPP
  C. XCCDF
  D. CMDB
  A. SOAR

  ---

  Explanation

  Comprehensive and Detailed Explanation:

  Integrating IDS, firewall, and DLP to reduce response time requires orchestration and automation. Let's evaluate:

  A. SOAR (Security Orchestration, Automation, and Response):SOAR integrates security tools, automates workflows, and speeds up incident response. It's the best fit for this scenario, as CAS-005 highlights SOAR for operational efficiency.

  B.

  CWPP (Cloud Workload Protection Platform):Focused on securing cloud workloads, not integrating on-premises tools.

  C. XCCDF (Extensible Configuration Checklist Description Format):A standard for compliance checklists, not a tool for integration or response.

  CompTIA SecurityX (CAS-005) objectives, Domain 2: Security Operations, focusing on

  SOAR for tool integration.