CompTIA CAS-005 Online Practice Questions and Exam Preparation

CompTIA CAS-005 Online Questions & Answers

• Question 221:

  An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform.

  Which of the following should the company do to secure the Al environment?

  A. Limn the platform's abilities to only non-sensitive functions
  B. Enhance the training model's effectiveness.
  C. Grant the system the ability to self-govern
  D. Require end-user acknowledgement of organizational policies.
  A. Limn the platform's abilities to only non-sensitive functions

  ---

  Explanation

  Limiting the platform's abilities to only non-sensitive functions helps to mitigate risks associated with AI operations. By ensuring that the AI-enabled digital worker is only allowed to perform tasks that do not involve sensitive or critical data, the

  organization reduces the potential impact of any security breaches or misuse. Enhancing the training model's effectiveness (Option B) is important but does not directly address security guardrails. Granting the system the ability to self-govern

  (Option C) could increase risk as it may act beyond the organization's control. Requiring end-user acknowledgement of organizational policies (Option D) is a good practice but does not implement technical guardrails to secure the AI

  environment.

  References:

  CompTIA Security+ Study Guide

  NIST SP 800-53 Rev. 5, "Security and Privacy Controls for Information Systems and Organizations"

  ISO/IEC 27001, "Information Security Management"

• Question 222:

  A compliance officer is reviewing the data sovereignty laws in several countries where the organization has no presence

  Which of the following is the most likely reason for reviewing these laws?

  A. The organization is performing due diligence of potential tax issues.
  B. The organization has been subject to legal proceedings in countries where it has a presence.
  C. The organization is concerned with new regulatory enforcement in other countries
  D. The organization has suffered brand reputation damage from incorrect media coverage
  C. The organization is concerned with new regulatory enforcement in other countries

  ---

  Explanation

  Reviewing data sovereignty laws in countries where the organization has no presence is likely due to concerns about regulatory enforcement. Data sovereignty laws dictate how data can be stored, processed, and transferred across borders. Understanding these laws is crucial for compliance, especially if the organization handles data that may be subject to foreign regulations. A. The organization is performing due diligence of potential tax issues: This is less likely as tax issues are generally not directly related to data sovereignty laws.

  B. The organization has been subject to legal proceedings in countries where it has a presence: While possible, this does not explain the focus on countries where the organization has no presence.

  C. The organization is concerned with new regulatory enforcement in other countries: This is the most likely reason. New regulations could impact the organization's operations, especially if they involve data transfers or processing data from

  these countries.

  D. The organization has suffered brand reputation damage from incorrect media coverage: This is less relevant to the need for reviewing data sovereignty laws.

  References:

  CompTIA Security+ Study Guide

  GDPR and other global data protection regulations "Data Sovereignty: The Future of Data Protection?" by Mark Burdon

• Question 223:

  A malware researcher has discovered a credential stealer is looking at a specific memory register to harvest passwords that will be used later for lateral movement in corporate networks. The malware is using TCP 4444 to communicate with other workstations. The lateral movement would be best mitigated by:

  A. Configuring the CPU's NX bit
  B. Enabling a host firewall
  C. Enabling an edge firewall
  D. Enforcing all systems to use UEFI
  E. Enabling ASLR on the Active Directory server
  B. Enabling a host firewall

  ---

  Explanation

  The malware uses TCP 4444 to move laterally between systems. A host-based firewall can block unauthorized communication ports (like TCP 4444) on each workstation, preventing malware from establishing connections and spreading.

  Configuring the CPU's NX bit and enabling ASLR primarily help in mitigating memory-based exploits, not in stopping lateral movement. Enabling UEFI ensures boot integrity but does not mitigate active lateral communication. An edge firewall

  would protect the network perimeter, not internal workstation-to-workstation communication.

  CompTIA SecurityX CAS-005, Domain 2.0: Implement host-based security solutions, including host-based firewalls to mitigate threats.

• Question 224:

  Engineers are unable to control pumps at Site A from Site B when the SCADA controller at Site A experiences an outage. A security analyst must provide a secure solution that ensures Site A pumps can be controlled by a SCADA controller at Site B if a similar outage occurs again. Which of the following represents the most cost-effective solution?

  A. Procure direct fiber connectivity between Site A and Site B and limit its use to the critical SCADA controller traffic only
  B. Install backup SCADA controllers at each site, isolate them from the OT network, and assign these backup controllers as high-availability pairs.
  C. Isolate the OT environment by providing an air-gapped network segment. Place the SCADA controller for each site in this network segment to minimize outages.
  D. Configure VPN concentrators inside the OT network segments at Site A and Site B and allow the controllers to act as secondary devices for the other site's pumps across this encrypted tunnel.
  D. Configure VPN concentrators inside the OT network segments at Site A and Site B and allow the controllers to act as secondary devices for the other site's pumps across this encrypted tunnel.

  ---

  The most cost-effective and secure solution is to configure VPN concentrators inside the OT networks at both sites (Option D). This setup allows encrypted communications between Site A and Site B, enabling controllers at either site to serve as secondary or failover devices for the other. By leveraging VPN tunnels, the organization avoids the expensive and time-consuming process of laying new fiber infrastructure, while still ensuring secure, authenticated, and encrypted connections across sites.

  Option A, direct fiber connectivity, provides high performance but is extremely costly and less flexible than VPN solutions.

  Option B, deploying redundant SCADA controllers at each site, increases hardware, licensing, and management costs while still requiring interconnectivity.

  Option C, air-gapping the OT network, may improve isolation but would prevent remote failover capabilities, contradicting the requirement for cross-site control.

  By implementing VPN concentrators, the organization achieves secure cross-site redundancy, supports operational continuity in case of controller outages, and does so in a cost-effective manner aligned with common OT security practices.

• Question 225:

  SIMULATION

  You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.

  The company's hardening guidelines indicate the following:

  There should be one primary server or service per device.

  Only default ports should be used.

  Non-secure protocols should be disabled.

  INSTRUCTIONS

  Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

  For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

  The IP address of the device

  The primary server or service of the device (Note that each IP should by associated with one service/port only)

  The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  

  

  A. See the complete solution below in Explanation.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the complete solution below in Explanation.

  ---

  Explanation

  10.1.45.65 SFTP Server Disable 8080

  10.1.45.66 Email Server Disable 415 and 443

  10.1.45.67 Web Server Disable 21, 80

  10.1.45.68 UTM Appliance Disable 21

• Question 226:

  Company A acquired Company

  B. During an audit, a security engineer found Company B's environment was inadequately patched. In response, Company A placed a firewall between the two environments until Company B's infrastructure could be integrated into Company A's security program.

  Which of the following risk-handling techniques was used?

  A. Accept
  B. Avoid
  C. Transfer
  D. Mitigate
  D. Mitigate

  ---

  Explanation

  Risk mitigation involves taking actions to reduce either the likelihood or impact of a threat. By implementing a firewall between the two environments, Company A is minimizing the risk of threats from Company B impacting its own systems.

  Accepting the risk would involve taking no action, avoiding it would mean terminating activities with Company B, and transferring would involve outsourcing the risk, none of which occurred here.

  CompTIA SecurityX CAS-005, Domain 1.0: Apply appropriate risk response techniques to identified risks.

• Question 227:

  An organization wants to create a threat model to identity vulnerabilities in its infrastructure.

  Which of the following, should be prioritized first?

  A. External-facing Infrastructure with known exploited vulnerabilities
  B. Internal infrastructure with high-seventy and Known exploited vulnerabilities
  C. External facing Infrastructure with a low risk score and no known exploited vulnerabilities
  D. External-facing infrastructure with a high risk score that can only be exploited with local access to the resource
  A. External-facing Infrastructure with known exploited vulnerabilities

  ---

  Explanation

  When creating a threat model to identify vulnerabilities in an organization's infrastructure, prioritizing external-facing infrastructure with known exploited vulnerabilities is critical.

  Here's why:

  Exposure to Attack: External-facing infrastructure is directly exposed to the internet, making it a primary target for attackers. Any vulnerabilities in this layer pose an immediate risk to the organization's security. Known Exploited Vulnerabilities:

  Vulnerabilities that are already known and exploited in the wild are of higher concern because they are actively being used by attackers. Addressing these vulnerabilities reduces the risk of exploitation significantly. Risk Mitigation: By

  prioritizing external-facing infrastructure with known exploited vulnerabilities, the organization can mitigate the most immediate and impactful threats, thereby improving overall security posture.

• Question 228:

  Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process.

  Which of the following is the best strategy for the engineer to use?

  A. Disabling the BIOS and moving to UEFI
  B. Managing secrets on the vTPM hardware
  C. Employing shielding lo prevent LMI
  D. Managing key material on a HSM
  D. Managing key material on a HSM

  ---

  Explanation

  The best strategy for securely managing cryptographic material is to use a Hardware Security Module (HSM). Here's why:

  Security and Integrity: HSMs are specialized hardware devices designed to protect and manage digital keys. They provide high levels of physical and logical security, ensuring that cryptographic material is well protected against tampering

  and unauthorized access.

  Centralized Key Management: Using HSMs allows for centralized management of cryptographic keys, reducing the risks associated with decentralized and potentially insecure key storage practices, such as on personal laptops. Compliance

  and Best Practices: HSMs comply with various industry standards and regulations (such as FIPS 140-2) for secure key management. This ensures that the organization adheres to best practices and meets compliance requirements.

• Question 229:

  An application engineer is using the Swagger framework to leverage REST APIs to authenticate endpoints. The engineer is receiving HTTP 403 responses. Which of the following should the engineer do to correct this issue? (Choose two.)

  A. Obtain a security token.
  B. Obtain a public key.
  C. Leverage Kerberos for authentication
  D. Leverage OAuth for authentication.
  E. Leverage LDAP for authentication.
  F. Obtain a hash value.
  A. Obtain a security token.
  D. Leverage OAuth for authentication.

  ---

  Explanation

  Obtain a security token: HTTP 403 responses typically indicate that the request is authenticated but the user does not have the necessary permissions to access the endpoint. Obtaining a security token is a common method for authenticating

  requests. This token is usually required by the API to verify that the requestor has the proper access rights.

  Leverage OAuth for authentication: OAuth is a widely used authentication framework that allows an application to obtain limited access to user accounts on an HTTP service. It is commonly used for token- based authentication, and

  leveraging OAuth would help in obtaining the necessary tokens and permissions to access the API endpoints.

• Question 230:

  A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident. Which of the following would be best to proceed with the transformation?

  A. An on-premises solution as a backup
  B. A load balancer with a round-robin configuration
  C. A multicloud provider solution
  D. An active-active solution within the same tenant
  C. A multicloud provider solution

  ---

  Explanation

  Multicloud provider solutions involve using services from more than one cloud provider to ensure resiliency and redundancy. In the event of a failure or SLA breach by one CSP, another provider can maintain service continuity. An on-

  premises backup could help, but does not address CSP-specific SLA concerns directly. Round-robin load balancing and active-active within the same tenant still depend on a single provider, thus posing risks if the CSP fails.

  CompTIA SecurityX CAS-005, Domain 4.0: Implement redundancy and fault- tolerant strategies, including multicloud deployment for service resiliency.