CompTIA CAS-005 Online Practice Questions and Exam Preparation

CompTIA CAS-005 Online Questions & Answers

• Question 271:

  A company discovers intellectual property data on commonly known collaboration web applications that allow the use of slide templates. The systems administrator is reviewing the configurations of each tool to determine how to prevent this issue. The following security solutions are deployed:

  CASB SASE WAF EDR Firewall IDS SIEM DLP endpoints

  Which of the following should the administrator do to address the issue?

  A. Enable blocking for all WAF policies.
  B. Enforce a policy to block unauthorized web applications within CASB.
  C. Create an alert within the SIEM for outgoing network traffic to the suspected website.
  D. Configure DLP endpoints to block sensitive data to removable storage.
  B. Enforce a policy to block unauthorized web applications within CASB.

  ---

• Question 272:

  A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment.

  Which of the following is the best solution?

  A. Limiting the tool to a specific coding language and tuning the rule set
  B. Configuring branch protection rules and dependency checks
  C. Using an application vulnerability scanner to identify coding flaws in production
  D. Performing updates on code libraries before code development
  A. Limiting the tool to a specific coding language and tuning the rule set

  ---

  Explanation

  To improve the quality of code scanning results and reduce false positives, the best solution is to limit the tool to a specific coding language and fine-tune the rule set. By configuring the code scanning tool to focus on the specific language

  used in the application, the tool can more accurately identify relevant issues and reduce the number of false positives. Additionally, tuning the rule set ensures that the tool's checks are appropriate for the application's context, further

  improving the accuracy of the scan results.

  References:

  CompTIA SecurityX Study Guide: Discusses best practices for configuring code scanning tools, including language-specific tuning and rule set adjustments. "Secure Coding: Principles and Practices" by Mark

  G. Graff and Kenneth R. van

  Wyk: Highlights the importance of customizing code analysis tools to reduce false positives.

  OWASP (Open Web Application Security Project): Provides guidelines for configuring and tuning code scanning tools to improve accuracy.

• Question 273:

  A nation-state actor is exposed for attacking large corporations by establishing persistence in smaller companies that are likely to be acquired by these large corporations. The actor then provisions user accounts in the companies for use post-acquisition. Before an upcoming acquisition, a security officer conducts threat modeling with this attack vector. Which of the following practices is the best way to investigate this threat?

  A. Restricting internet traffic originating from countries in which the nation-state actor is known to operate
  B. Comparing all existing credentials to personnel and services
  C. Auditing vendors to mitigate supply chain risk during the acquisition
  D. Placing a hold on all information about corporate interest in acquisitions
  B. Comparing all existing credentials to personnel and services

  ---

• Question 274:

  A senior cybersecurity engineer is solving a digital certificate issue in which the CA denied certificate issuance due to failed subject identity validation. At which of the following steps within the PKI enrollment process would the denial have occurred?

  A. RA
  B. OCSP
  C. CA
  D. IdP
  C. CA

  ---

  Explanation

  While the CA is responsible for issuing the certificates, it relies on the RA (if one is used) to perform the identity validation. If the RA performs its duties correctly, any failed identity validation would be handled at the RA level, and the CA would not issue the certificate.

• Question 275:

  A company wants to use loT devices to manage and monitor thermostats at all facilities. The thermostats must receive vendor security updates and limit access to other devices within the organization.

  Which of the following best addresses the company's requirements?

  A. Only allowing Internet access to a set of specific domains
  B. Operating lot devices on a separate network with no access to other devices internally
  C. Only allowing operation for loT devices during a specified time window
  D. Configuring IoT devices to always allow automatic updates
  B. Operating lot devices on a separate network with no access to other devices internally

  ---

  Explanation

  The best approach for managing and monitoring IoT devices, such as thermostats, is to operate them on a separate network with no access to other internal devices. This segmentation ensures that the IoT devices are isolated from the main network, reducing the risk of potential security breaches affecting other critical systems. Additionally, this setup allows for secure vendor updates without exposing the broader network to potential vulnerabilities inherent in IoT devices.

  References:

  CompTIA SecurityX Study Guide: Recommends network segmentation for IoT devices to minimize security risks.

  NIST Special Publication 800-183, "Network of Things": Advises on the isolation of IoT devices to enhance security.

  "Practical IoT Security" by Brian Russell and Drew Van Duren: Discusses best practices for securing IoT devices, including network segmentation.

• Question 276:

  A software engineer is creating a CI/CD pipeline to support the development of a web application. The DevSecOps team is required to identify syntax errors.

  Which of the following is the most relevant to the DevSecOps team's task?

  A. Static application security testing
  B. Software composition analysis
  C. Runtime application self-protection
  D. Web application vulnerability scanning
  A. Static application security testing

  ---

  Explanation

  Static Application Security Testing (SAST) involves analyzing source code or compiled code for security vulnerabilities without executing the program. This method is well-suited for identifying syntax errors, coding standards violations, and potential security issues early in the development lifecycle.

  A. Static application security testing (SAST): SAST tools analyze the source code to detect syntax errors, vulnerabilities, and other issues before the code is run. This is the most relevant task for the DevSecOps team to identify syntax errors

  and improve code quality.

  B. Software composition analysis: This focuses on identifying vulnerabilities in open-source components and libraries used in the application but does not address syntax errors directly.

  C. Runtime application self-protection (RASP): RASP

  involves monitoring and protecting applications during runtime, which does not help in identifying syntax errors during the development phase.

  D. Web application vulnerability scanning: This involves scanning the running application for

  vulnerabilities but does not address syntax errors in the code.

  References:

  CompTIA Security+ Study Guide

  OWASP (Open Web Application Security Project) guidelines on SAST NIST SP 800-95, "Guide to Secure Web Services"

• Question 277:

  A senior security engineer flags the following log file snippet as having likely facilitated an attacker's lateral movement in a recent breach:

  

  Which of the following solutions, if implemented, would mitigate the risk of this issue reoccurring?

  A. Disabling DNS zone transfers
  B. Restricting DNS traffic to UDP/53
  C. Implementing DNS masking on internal servers
  D. Permitting only clients from internal networks to query DNS
  A. Disabling DNS zone transfers

  ---

  Explanation

  The log shows an AXFR (zone transfer) query, which exposed internal DNS records, aiding lateral movement. Let's evaluate:

  Option A: Disabling DNS zone transfers:AXFR allows full DNS zone data to be transferred. Disabling it externally prevents attackers from mapping internal networks, directly mitigating this issue per CAS-005's security operations focus.

  Option B: Restricting to UDP/53:AXFR uses TCP/53, so this wouldn't stop it.

  Option C: DNSmasking:Obscures records but isn't a standard term for this fix.

  CompTIA SecurityX (CAS-005) objectives, Domain 2: Security Operations, covering DNS security.

• Question 278:

  After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation.

  Which of the following would the company most likely do to decrease this type of risk?

  A. Improve firewall rules to avoid access to those platforms.
  B. Implement a cloud-access security broker
  C. Create SIEM rules to raise alerts for access to those platforms
  D. Deploy an internet proxy that filters certain domains
  B. Implement a cloud-access security broker

  ---

  Explanation

  A Cloud Access Security Broker (CASB) is a security policy enforcement point placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. Implementing a CASB provides several benefits:

  A. Improve firewall rules to avoid access to those platforms: This can help but is not as effective or comprehensive as a CASB.

  B. Implement a cloud-access security broker: A CASB can provide visibility into cloud application usage, enforce

  data security policies, and protect against data leaks by monitoring and controlling access to cloud services. It also provides advanced features like data encryption, data loss prevention (DLP), and compliance monitoring.

  C. Create SIEM rules to raise alerts for access to those platforms: This helps in monitoring but does not prevent data leaks.

  D. Deploy an internet proxy that filters certain domains: This can block access to specific sites but lacks the granular control and visibility provided by a CASB. Implementing a CASB is the most comprehensive solution to decrease the risk of

  data leaks by providing visibility, control, and enforcement of security policies for cloud services.

  References:

  CompTIA Security+ Study Guide

  Gartner, "Magic Quadrant for Cloud Access Security Brokers" NIST SP 800-144, "Guidelines on Security and Privacy in Public Cloud Computing"

• Question 279:

  A company developed a new solution that needs to track any changes to the data, and the changes need to be quickly identified. If any changes are attempted without prior approval, multiple events must be triggered, such as:

  1.

  Raising alerts

  2.

  Blocking the unapproved changes

  3.

  Quickly removing access to the data

  Which of the following solutions best meets these requirements?

  A. Tracking all application logs, integrating them to the existing SIEM, flagging any changes, and making them visible on security dashboards
  B. Implementing a file integrity monitoring tool and integrating it via orchestration and automation with other security tools
  C. Introducing more granular access controls and allowing read-only access for non-privileged users
  D. Configuring CASB rules, making access to the data available only to authorized personnel
  B. Implementing a file integrity monitoring tool and integrating it via orchestration and automation with other security tools

  ---

• Question 280:

  A security architect examines a section of code and discovers the following:

  1.char username[20]

  2.char password[20]

  3.gets(username)

  4.checkUserExists(username)

  Which of the following changes should the security architect require before approving the code for release?

  A. Allow only alphanumeric characters for the username.
  B. Make the password variable longer to support more secure passwords.
  C. Prevent more than 20 characters from being entered.
  D. Add a password parameter to the checkUserExists function.
  C. Prevent more than 20 characters from being entered.

  ---

  Explanation

  The code snippet provided is vulnerable to a buffer overflow attack due to the use of the gets function, which does not limit the input size. This can lead to memory corruption and potential security vulnerabilities. By ensuring that no more than 20 characters are entered, the code can prevent buffer overflow attacks, thus mitigating a significant security risk.