CompTIA CAS-005 Online Practice Questions and Exam Preparation

CompTIA CAS-005 Online Questions & Answers

• Question 161:

  Users are experiencing a variety of issues when trying to access corporate resources examples include

  1.Connectivity issues between local computers and file servers within branch offices

  2.Inability to download corporate applications on mobile endpoints wtiilc working remotely

  3.Certificate errors when accessing internal web applications

  Which of the following actions are the most relevant when troubleshooting the reported issues? (Select two).

  A. Review VPN throughput
  B. Check IPS rules
  C. Restore static content on lite CDN.
  D. Enable secure authentication using NAC
  E. Implement advanced WAF rules.
  F. Validate MDM asset compliance
  A. Review VPN throughput
  F. Validate MDM asset compliance

  ---

  Explanation

  The reported issues suggest problems related to network connectivity, remote access, and certificate management:

  A. Review VPN throughput: Connectivity issues and the inability to download applications while working remotely may be due to VPN bandwidth or performance issues. Reviewing and optimizing VPN throughput can help resolve these

  problems by ensuring that remote users have adequate bandwidth for accessing corporate resources.

  F. Validate MDM asset compliance: Mobile Device Management (MDM) systems ensure that mobile endpoints comply with corporate security policies. Validating MDM compliance can help address issues related to the inability to download

  applications and certificate errors, as non-compliant devices might be blocked from accessing certain resources.

  B. Check IPS rules: While important for security, IPS rules are less likely to directly address the connectivity and certificate issues described.

  C. Restore static content on the CDN: This action is related to content delivery but does not address

  VPN or certificate-related issues.

  D. Enable secure authentication using NAC: Network Access Control (NAC) enhances security but does not directly address the specific issues described.

  E. Implement advanced WAF rules: Web Application

  Firewalls protect web applications but do not address VPN throughput or mobile device compliance.

  References:

  CompTIA Security+ Study Guide

  NIST SP 800-77, "Guide to IPsec VPNs"

  CIS Controls, "Control 11: Secure Configuration for Network Devices"

• Question 162:

  During a recent audit, a company's systems were assessed. Given the following information: Which of the following is the best way to reduce the attack surface?

  

  A. Deploying an EDR solution to all impacted machines in Manufacturing.
  B. Segmenting the Manufacturing network with a firewall and placing the rules in monitor mode.
  C. Setting up an IDS inline to monitor and detect any threats to the software.
  D. Implementing an application-aware firewall and writing strict rules for the application access.
  D. Implementing an application-aware firewall and writing strict rules for the application access.

  ---

  Explanation

• Question 163:

  A company's software developers have indicated that the security team takes too long to perform application security tasks. A security analyst plans to improve the situation by implementing security into the SDLC. The developers have the following requirements:

  1.The solution must be able to initiate SQL injection and reflected XSS attacks.

  2.The solution must ensure the application is not susceptible to memory leaks.

  Which of the following should be implemented to meet these requirements? (Choose two.)

  A. Side-channel analysis
  B. Protocol scanner
  C. HTTP interceptor
  D. DAST
  E. Fuzz testing
  F. SAST
  G. SCAP
  D. DAST
  F. SAST

  ---

  Explanation

  DAST (Dynamic Application Security Testing): DAST is a type of black-box testing that involves testing an application in its running state. It can initiate SQL injection and reflected XSS attacks by simulating these attacks against the live application to identify vulnerabilities. This meets the first requirement of initiating SQL injection and reflected XSS attacks. SAST (Static Application Security Testing): SAST is a type of white-box testing that involves analyzing the source code of an application. It can detect vulnerabilities related to memory management, such as memory leaks, by examining the code for issues that could lead to such problems. This meets the second requirement of ensuring the application is not susceptible to memory leaks.

• Question 164:

  After an incident response exercise, a security administrator reviews the following table:

  

  Which of the following should the administrator do to beat support rapid incident response in the future?

  A. Automate alerting to IT support for phone system outages.
  B. Enable dashboards for service status monitoring
  C. Send emails for failed log-In attempts on the public website
  D. Configure automated Isolation of human resources systems
  B. Enable dashboards for service status monitoring

  ---

  Explanation

  Enabling dashboards for service status monitoring is the best action to support rapid incident response. The table shows various services with different risk, criticality, and alert severity ratings. To ensure timely and effective incident response,

  real-time visibility into the status of these services is crucial.

  Why Dashboards for Service Status Monitoring?

  Real-time Visibility: Dashboards provide an at-a-glance view of the current status of all critical services, enabling rapid detection of issues. Centralized Monitoring: A single platform to monitor the status of multiple services helps streamline

  incident response efforts.

  Proactive Alerting: Dashboards can be configured to show alerts and anomalies immediately, ensuring that incidents are addressed as soon as they arise. Improved Decision Making: Real-time data helps incident response teams make

  informed decisions quickly, reducing downtime and mitigating impact. Other options, while useful, do not offer the same level of comprehensive, real-time visibility and proactive alerting:

  A. Automate alerting to IT support for phone system outages: This addresses one service but does not provide a holistic view.

  C. Send emails for failed log-in attempts on the public website: This is a specific alert for one type of issue and does not cover all services.

  D. Configure automated isolation of human resources systems: This is a reactive measure for a

  specific service and does not provide real-time status monitoring.

  References:

  CompTIA SecurityX Study Guide

  NIST Special Publication 800-61 Revision 2, "Computer Security Incident Handling Guide"

  "Best Practices for Implementing Dashboards," Gartner Research

• Question 165:

  Which of the following AI concerns is most adequately addressed by input sanitation?

  A. Model inversion
  B. Prompt Injection
  C. Data poisoning
  D. Non-explainable model
  B. Prompt Injection

  ---

  Explanation

  Input sanitation is a critical process in cybersecurity that involves validating and cleaning data provided by users to prevent malicious inputs from causing harm. In the context of AI concerns:

  A. Model inversion involves an attacker inferring sensitive data from model outputs, typically requiring sophisticated methods beyond just manipulating input data.

  B. Prompt Injection is a form of attack where an adversary provides malicious input to manipulate the behavior of AI models, particularly those dealing with natural language processing (NLP). Input sanitation directly addresses this by ensuring that inputs are cleaned and validated to remove potentially harmful commands or instructions that could alter the AI's behavior.

  C. Data poisoning involves injecting malicious data into the training set to compromise the model. While input sanitation can help by filtering out bad data, data poisoning is typically addressed through robust data validation and monitoring during the model training phase, rather than real-time input sanitation.

  D. Non-explainable model refers to the lack of transparency in how AI models make decisions. This concern is not addressed by input sanitation, as it relates more to model design and interpretability techniques. Input sanitation is most relevant and effective for preventing Prompt Injection attacks, where the integrity of user inputs directly impacts the performance and security of AI models.

  References: CompTIA Security+ Study Guide "Security of Machine Learning" by Battista Biggio, Blaine Nelson, and Pavel Laskov OWASP (Open Web Application Security Project) guidelines on input validation and injection attacks

• Question 166:

  A security analyst is reviewing the following vulnerability assessment report:

  192.168.1.5, Host = Server1, CVSS 7.5, Web Server, Remotely Executable = Yes, Exploit = Yes

  205.1.3.5, Host = Server2, CVSS 6.5, Bind Server, Remotely Executable = Yes, Exploit = POC

  207.1.5.7, Host = Server3, CVSS 5.5, Email Server, Remotely Executable = Yes, Exploit = Yes

  192.168.1.6, Host = Server4, CVSS 9.8, Domain Controller, Remotely Executable = Yes, Exploit = Yes

  Which of the following should be patched first to minimize attacks against internet-facing hosts?

  A. Server1
  B. Server2
  C. Server3
  D. Server4
  B. Server2

  ---

  Explanation

  The question focuses oninternet-facing hosts, implying external exposure. CVSS scores, remote executability, and exploit availability guide prioritization. Server2 (205.1.3.5, CVSS 6.5, Bind Server) has a public IP, suggesting it's internetfacing, unlike Server1 and Server4 (192.168.x.x, private IPs). Server3 (207.1.5.7, CVSS 5.5) is also public but has a lower score and risk compared to Server2's proof-of-concept (POC) exploit. Server2's Bind Server (DNS) role is critical and commonly targeted, making it the priority. Option A:Server1 (CVSS 7.5) is private, not internet-facing. Option B:Server2 (CVSS 6.5) is internet-facing with an exploit POC, warranting immediate patching. Option C:Server3 (CVSS 5.5) is internet-facing but less severe. Option D:Server4 (CVSS 9.8) is critical but private, not internet-facing.

  CompTIA SecurityX CAS-005 Domain 1: Risk Management ?Vulnerability Prioritization.

• Question 167:

  An organization determines existing business continuity practices areinadequateto support critical internal process dependencies during a contingency event. Acompliance analyst wants the Chief Information Officer (CIO) to identify the level ofresidual riskthat is acceptable to guide remediation activities. Which of the following does the CIO need to clarify?

  A. Mitigation
  B. Impact
  C. Likelihood
  D. Appetite
  D. Appetite

  ---

  Explanation

  Comprehensive and Detailed Explanation:

  Understanding Residual Risk:

  Why Option D is Correct:

  Why Other Options Are Incorrect:

  CompTIA SecurityX CAS-005 Official Study Guide:Risk Management and Business Continuity

  NIST SP 800-37:Risk Management Framework

  ISO 27005:Risk Tolerance and Acceptance

• Question 168:

  An administrator needs to craft a single certificate-signing request for a web server certificate. The server should be able to use the following identities to mutually authenticate with other resources over TLS:

  www.int.comptia.org

  webserver01.int.comptia.org

  10.5.100.10

  Which of the following certificate fields must be set properly to support this objective?

  A.

  Subject alternative name

  
  B.

  Organizational unit

  
  C.

  Extended key usage

  
  D.

  Certificate extension

  A.

  Subject alternative name

  ---

  Explanation

• Question 169:

  A systems administrator wants to use existing resources to automate reporting from disparate security appliances that do not currently communicate. Which of the following is the best way to meet this objective?

  A. Configuring an API Integration to aggregate the different data sets
  B. Combining back-end application storage into a single, relational database
  C. Purchasing and deploying commercial off the shelf aggregation software
  D. Migrating application usage logs to on-premises storage
  A. Configuring an API Integration to aggregate the different data sets

  ---

  Explanation

  The best way to automate reporting from disparate security appliances that do not currently communicate is to configure an API Integration to aggregate the different data sets. Here's why:

  Interoperability: APIs allow different systems to communicate and share data, even if they were not originally designed to work together. This enables the integration of various security appliances into a unified reporting system. Automation:

  API integrations can automate the process of data collection, aggregation, and reporting, reducing manual effort and increasing efficiency. Scalability: APIs provide a scalable solution that can easily be extended to include additional security

  appliances or data sources as needed.

• Question 170:

  A company is having issues with its vulnerability management program New devices/lPs are added and dropped regularly, making the vulnerability report inconsistent.

  Which of the following actions should the company lake to most likely improve the vulnerability management process?

  A. Request a weekly report with all new assets deployed and decommissioned.
  B. Extend the DHCP lease lime to allow the devices to remain with the same address for a longer period.
  C. Implement a shadow IT detection process to avoid rogue devices on the network.
  D. Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool.
  D. Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool.

  ---

  Explanation

  To improve the vulnerability management process in an environment where new devices/IPs are added and dropped regularly, the company should perform regular discovery scanning throughout the IT landscape using the vulnerability

  management tool.

  Here's why:

  Accurate Asset Inventory: Regular discovery scans help maintain an up-to-date inventory of all assets, ensuring that the vulnerability management process includes all relevant devices and IPs. Consistency in Reporting: By continuously

  discovering and scanning new and existing assets, the company can generate consistent and comprehensive vulnerability reports that reflect the current state of the network. Proactive Management:

  Regular scans enable the organization to proactively identify and address vulnerabilities on new and existing assets, reducing the window of exposure to potential threats.