CompTIA CAS-005 Online Practice Questions and Exam Preparation

CompTIA CAS-005 Online Questions & Answers

• Question 251:

  SIMULATION

  An organization is planning for disaster recovery and continuity of operations, and has noted the following relevant findings:

  1.A natural disaster may disrupt operations at Site A, which would then cause an evacuation. Users are unable to log into the domain from-their workstations after relocating to Site B.

  2.A natural disaster may disrupt operations at Site A, which would then cause the pump room at Site B to become inoperable.

  3.A natural disaster may disrupt operations at Site A, which would then cause unreliable internet connectivity at Site B due to route flapping.

  INSTRUCTIONS

  Match each relevant finding to the affected host by clicking on the host name and selecting the appropriate number.

  For findings 1 and 2, select the items that should be replicated to Site B. For finding 3, select the item requiring configuration changes, then select the appropriate corrective action from the drop-down menu.

  

  A. See the complete solution below in Explanation.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the complete solution below in Explanation.

  ---

  Explanation

  Matching Relevant Findings to the Affected Hosts:

  Finding 1:

  Affected Host: DNS

  Reason: Users are unable to log into the domain from their workstations after relocating to Site B, which implies a failure in domain name services that are critical for user authentication and domain login.

  Finding 2:

  Affected Host: Pumps

  Reason: The pump room at Site B becoming inoperable directly points to the critical infrastructure components associated with pumping operations.

  Finding 3:

  Affected Host: VPN Concentrator

  Reason: Unreliable internet connectivity at Site B due to route flapping indicates issues with network routing, which is often managed by VPN concentrators that handle site-to-site connectivity.

  Corrective Actions for Finding 3:

  Finding 3 Corrective Action:

  Action: Modify the BGP configuration

  Reason: Route flapping is often related to issues with Border Gateway Protocol (BGP) configurations. Adjusting BGP settings can stabilize routes and improve internet connectivity reliability.

  Replication to Site B for Finding 1:

  Affected Host: DNS

  Domain Name System (DNS) services are essential for translating domain names into IP addresses, allowing users to log into the network. Replicating DNS services ensures that even if Site A is disrupted, users at Site B can still authenticate and access necessary resources.

  Replication to Site B for Finding 2:

  Affected Host: Pumps

  The operation of the pump room is crucial for maintaining various functions within the infrastructure. Replicating the control systems and configurations for the pumps at Site B ensures that operations can continue smoothly even if Site A is affected.

  Configuration Changes for Finding 3:

  Affected Host: VPN Concentrator

  Route flapping is a situation where routes become unstable, causing frequent changes in the best path for data to travel. This instability can be mitigated by modifying BGP configurations to ensure more stable routing. VPN concentrators, which manage connections between sites, are typically configured with BGP for optimal routing.

• Question 252:

  A security review revealed that not all of the client proxy traffic is being captured. Which of the following architectural changes best enables the capture of traffic for analysis?

  A. Adding an additional proxy server to each segmented VLAN
  B. Setting up a reverse proxy for client logging at the gateway
  C. Configuring a span port on the perimeter firewall to ingest logs
  D. Enabling client device logging and system event auditing
  C. Configuring a span port on the perimeter firewall to ingest logs

  ---

  Explanation

  Configuring a span port on the perimeter firewall to ingest logs is the best architectural change to ensure that all client proxy traffic is captured for analysis. Here's why:

  Comprehensive Traffic Capture: A span port (or mirror port) on the perimeter firewall can capture all inbound and outbound traffic, including traffic that might bypass the proxy. This ensures that all network traffic is available for analysis.

  Centralized Logging: By capturing logs at the perimeter firewall, the organization can centralize logging and analysis, making it easier to detect and investigate anomalies. Minimal Disruption: Implementing a span port is a non-intrusive

  method that does not require significant changes to the network architecture, thus minimizing disruption to existing services.

• Question 253:

  Which of the following tests explains why AI output could be inaccurate?

  A. Model poisoning
  B. Social engineering
  C. Output handling
  D. Prompt injections
  A. Model poisoning

  ---

  Explanation

• Question 254:

  A developer needs to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module. Which of the following is the most appropriate technique?

  A. Key splitting
  B. Key escrow
  C. Key rotation
  D. Key encryption
  E. Key stretching
  E. Key stretching

  ---

  Explanation

  The most appropriate technique to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto- module is key stretching. Here's why:

  Enhanced Security: Key stretching algorithms, such as PBKDF2, bcrypt, and scrypt, increase the computational effort required to derive the encryption key from the password, making brute-force attacks more difficult and time-consuming.

  Compatibility: Key stretching can be implemented alongside existing cryptographic modules, enhancing their security without the need for a complete overhaul. Industry Best Practices: Key stretching is a widely recommended practice for

  securely storing passwords, as it significantly improves resistance to password- cracking attacks.

• Question 255:

  Which of the following provides the best solution for organizations that want to securely back up the MFA seeds for its employees in a central, offline location with minimal management overhead?

  A. Key escrow service
  B. Secrets management
  C. Encrypted database
  D. Hardware security module
  D. Hardware security module

  ---

  Explanation

  An HSM provides a highly secure method for storing and managing cryptographic keys and other sensitive data, including MFA seeds. HSMs are designed to be tamper-resistant and are capable of securely generating, storing, and backing up cryptographic keys in an offline environment. Once configured, HSMs require minimal management overhead and provide robust security features, including physical security, to protect the stored data.

• Question 256:

  An organization recently implemented a policy that requires all passwords to be rotated every 90 days. An administrator observes a large volume of failed sign-on logs from multiple servers that are often accessed by users. The administrator determines users are disconnecting from the RDPsession but not logging off.

  Which of the following should the administrator do to prevent account lockouts?

  A. Increase the account lockout threshold.
  B. Enforce password complexity.
  C. Automate logout of inactive sessions.
  D. Extend the allowed session length.
  C. Automate logout of inactive sessions.

  ---

  Explanation

• Question 257:

  An organization wants to manage specialized endpoints and needs a solution that provides the ability to:

  1.Centrally manage configurations

  2.Push policies.

  3.Remotely wipe devices

  4.Maintain asset inventory

  Which of the following should the organization do to best meet these requirements?

  A. Use a configuration management database
  B. Implement a mobile device management solution.
  C. Configure contextual policy management
  D. Deploy a software asset manager
  B. Implement a mobile device management solution.

  ---

  Explanation

  To meet the requirements of centrally managing configurations, pushing policies, remotely wiping devices, and maintaining an asset inventory, the best solution is to implement a Mobile Device Management (MDM) solution.

  MDM Capabilities:

  Central Management: MDM allows administrators to manage the configurations of all devices from a central console.

  Policy Enforcement: MDM solutions enable the push of security policies and updates to ensure compliance across all managed devices. Remote Wipe: In case a device is lost or stolen, MDM provides the capability to remotely wipe the device

  to protect sensitive data. Asset Inventory: MDM maintains an up-to-date inventory of all managed devices, including their configurations and installed applications. Other options do not provide the same comprehensive capabilities required for

  managing specialized endpoints.

  References:

  CompTIA SecurityX Study Guide

  NIST Special Publication 800-124 Revision 1, "Guidelines for Managing the Security of Mobile Devices in the Enterprise"

  "Mobile Device Management Overview," Gartner Research

• Question 258:

  A security engineer wants to improve the security of an application as part of the development pipeline. The engineer reviews the following component of an internally developed web application that allows employees to manipulate documents from a number of internal servers:

  response = requests.get(url)

  Users can specify the document to be parsed by passing the document URL to the application as a parameter. Which of the following is the best solution?

  A. Indexing
  B. Output encoding
  C. Code scanner
  D. Penetration testing
  C. Code scanner

  ---

  Explanation

• Question 259:

  A security architect must make sure that the least number of services as possible is exposed in order to limit an adversary's ability to access the systems. Which of the following should the architect do first?

  A. Enforce Secure Boot.
  B. Perform attack surface reduction.
  C. Disable third-party integrations.
  D. Limit access to the systems.
  B. Perform attack surface reduction.

  ---

  Explanation

  Attack surface reductionfocuses on minimizingunnecessary services, open ports, and vulnerabilities, reducing the exposure to potential adversaries. This aligns withzero trust and least privilege principles. Secure Boot (A)helps

  ensure system integrity but does not minimize exposed services.

  Disabling third-party integrations (C)may help, but broader attack surface reduction is the best first step.

  Limiting access (D)is important but does not directly reduce exposed services.

  CompTIA SecurityX (CAS-005) Exam Objectives- Domain 2.0 (Security Architecture), Section onAttack Surface Management and Reduction

• Question 260:

  A company has the following requirements for a cloud-based web application:

  1.

  Must authenticate customers

  2.

  Must prevent data exposure

  3.

  Must allow customer access to data throughout the cloud environment

  4.

  Must restrict access by specific regions

  Which of the following solutions best addresses these security requirements?

  A. Applying role-based access controls and configuring geolocation policies
  B. Replicating the data in each customer environment
  C. Hosting the data regionally and providing each customer with a unique link
  D. Moving to a cloud provider that operates only in one specific region
  A. Applying role-based access controls and configuring geolocation policies

  ---

  The best way to address these requirements is to apply Role-Based Access Controls (RBAC) combined with geolocation policies. RBAC ensures that customers are authenticated and authorized to access only the data they are entitled to, thereby minimizing data exposure risks. At the same time, geolocation policies enforce restrictions on which regions customers can access data from, helping with compliance requirements such as GDPR or regional sovereignty laws.

  Option B (replicating data in each customer environment) is inefficient, expensive, and introduces additional risks related to data sprawl.

  Option C (regional hosting with unique links) complicates access management and does not inherently prevent exposure or enforce strong authentication.

  Option D (restricting to a single region provider) removes flexibility and may conflict with customer needs for global access.

  Therefore, implementing RBAC along with geolocation controls provides fine-grained access management, ensures compliance, prevents unnecessary data exposure, and is scalable for a global cloud environment.