CompTIA CAS-005 Online Practice Questions and Exam Preparation

CompTIA CAS-005 Online Questions & Answers

• Question 281:

  A company lined an email service provider called my-email.com to deliver company emails. The company stalled having several issues during the migration. A security engineer is troubleshooting and observes the following configuration snippet:

  

  Which of the following should the security engineer modify to fix the issue? (Select two).

  A. The email CNAME record must be changed to a type A record pointing to 192.168.111
  B. The TXT record must be Changed to "v=dmarc ip4:192.168.1.10 include:my-email.com - all"
  C. The srvo1 A record must be changed to a type CNAME record pointing to the email server
  D. The email CNAME record must be changed to a type A record pointing to 192.168.1.10
  E. The TXT record must be changed to "v=dkim ip4:l92.168.1.11 include my-email.com - ell"
  F. The TXT record must be Changed to "v=dkim ip4:192.168.1.10 include:email-all"
  G. The srv01 A record must be changed to a type CNAME record pointing to the web01 server
  B. The TXT record must be Changed to "v=dmarc ip4:192.168.1.10 include:my-email.com - all"
  D. The email CNAME record must be changed to a type A record pointing to 192.168.1.10

  ---

  Explanation

  The security engineer should modify the following to fix the email migration issues:

  Email CNAME Record: The email CNAME record must be changed to a type A record pointing to 192.168.1.10. This is because CNAME records should not be used where an IP address (A record) is required. Changing it to an A record

  ensures direct pointing to the correct IP.

  TXT Record for DMARC: The TXT record must be changed to "v=dmarc ip4:192.168.1.10 include

  com -all". This ensures proper configuration of DMARC (Domain-based Message Authentication, Reporting and Conformance) to include the correct IP address and the email service provider domain.

  uk.co.certification.simulator.questionpool.PList@492af720

  References:

• Question 282:

  An administrator brings the company's fleet of mobile devices into its PKI in order to align device WLAN NAC configurations with existing workstations and laptops. Thousands of devices need to be reconfigured in a cost-effective, time-efficient, and secure manner. Which of the following actions best achieve this goal? (Select two)

  A. Using the existing MDM solution to integrate with directory services for authentication and enrollment
  B. Deploying netAuth extended key usage certificate templates
  C. Deploying serverAuth extended key usage certificate templates
  D. Deploying clientAuth extended key usage certificate templates
  E. Configuring SCEP on the CA with an OTP for bulk device enrollment
  F. Submitting a CSR to the CA to obtain a single certificate that can be used across all devices
  A. Using the existing MDM solution to integrate with directory services for authentication and enrollment
  E. Configuring SCEP on the CA with an OTP for bulk device enrollment

  ---

  Explanation

• Question 283:

  An organization mat performs real-time financial processing is implementing a new backup solution Given the following business requirements?

  1.The backup solution must reduce the risk for potential backup compromise

  2.The backup solution must be resilient to a ransomware attack.

  3.The time to restore from backups is less important than the backup data integrity

  4.Multiple copies of production data must be maintained

  Which of the following backup strategies best meets these requirement?

  A. Creating a secondary, immutable storage array and updating it with live data on a continuous basis
  B. Utilizing two connected storage arrays and ensuring the arrays constantly sync
  C. Enabling remote journaling on the databases to ensure real-time transactions are mirrored
  D. Setting up antitempering on the databases to ensure data cannot be changed unintentionally
  A. Creating a secondary, immutable storage array and updating it with live data on a continuous basis

  ---

  Explanation

  A. Creating a secondary, immutable storage array and updating it with live data on a continuous basis: An immutable storage array ensures that data, once written, cannot be altered or deleted. This greatly reduces the risk of backup

  compromise and provides resilience against ransomware attacks, as the ransomware cannot modify or delete the backup data. Maintaining multiple copies of production data with an immutable storage solution ensures data integrity and

  compliance with the requirement for multiple copies.

  Other options:

  B. Utilizing two connected storage arrays and ensuring the arrays constantly sync:

  While this ensures data redundancy, it does not provide protection against ransomware attacks, as both arrays could be compromised simultaneously.

  C. Enabling remote journaling on the databases: This ensures real-time transaction

  mirroring but does not address the requirement for reducing the risk of backup compromise or resilience to ransomware.

  D. Setting up anti-tampering on the databases: While this helps ensure data integrity, it does not provide a comprehensive backup solution that meets all the specified requirements.

  References:

  CompTIA Security+ Study Guide

  NIST SP 800-209, "Security Guidelines for Storage Infrastructure" "Immutable Backup Architecture" by Veeam

• Question 284:

  A company uses a CSP to provide a front end for its new payment system offering. The new offering is currently certified as PCI compliant. In order for the integrated solution to be compliant, the customer:

  A. must also be PCI compliant, because the risk is transferred to the provider.
  B. still needs to perform its own PCI assessment of the provider's managed serverless service.
  C. needs to perform a penetration test of the cloud provider's environment.
  D. must ensure in-scope systems for the new offering are also PCI compliant.
  D. must ensure in-scope systems for the new offering are also PCI compliant.

  ---

  Explanation

• Question 285:

  A company that uses several cloud applications wants to properly identify:

  All the devices potentially affected by a given vulnerability. All the internal servers utilizing the same physical switch. The number of endpoints using a particular operating system.Which of the following is the best way to meet the requirements?

  A. SBoM
  B. CASB
  C. GRC
  D. CMDB
  D. CMDB

  ---

  Explanation

  Comprehensive and Detailed Explanation:

  The requirements demand detailed asset tracking and inventory management. Let's analyze:

  A. SBoM (Software Bill of Materials):Tracks software components, not hardware or network topology.

  B. CASB (Cloud Access Security Broker):Secures cloud apps but doesn't map physical switches or OS counts.

  C. GRC (Governance, Risk, and Compliance):Focuses on risk management, not detailed asset tracking.

  CompTIA SecurityX (CAS-005) objectives, Domain 4: Governance, Risk, and Compliance, covering asset management.

• Question 286:

  A global organization is reviewing potential vendors to outsource a critical payroll function. Each vendor's plan includes using local resources in multiple regions to ensure compliance with all regulations. The organization's Chief Information Security Officer is conducting a risk assessment on the potential outsourcing vendors' subprocessors. Which of the following best explains the need for this risk assessment?

  A. Risk mitigations must be more comprehensive than the existing payroll provider.
  B. Due care must be exercised during all procurement activities.
  C. The responsibility of protecting PII remains with the organization.
  D. Specific regulatory requirements must be met in each jurisdiction.
  C. The responsibility of protecting PII remains with the organization.

  ---

  Explanation

• Question 287:

  A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not normally send traffic to those sites. The technician will define this threat as:

  A. A decrypting RSA using an obsolete and weakened encryption attack.
  B. A zero-day attack.
  C. An advanced persistent threat.
  D. An on-path attack.
  C. An advanced persistent threat.

  ---

  Explanation

  The scenario describes a prolonged, stealthy operation where files were exfiltrated over three months via secure channels (TLS-protected HTTP) from unexpected systems, then ceased. This aligns with anAdvanced Persistent Threat (APT),

  characterized by long- term, targeted attacks aimed at data theft or surveillance, often using sophisticated methods to remain undetected. Option A:Decrypting RSA with weak encryption implies a cryptographic attack, but TLS suggests

  modern encryption was used, and there's no evidence of decryption here. Option B:A zero-day attack exploits unknown vulnerabilities, but the duration and cessation suggest a planned operation, not a single exploit. Option C:APT fits

  perfectly--slow, persistent exfiltration from unusual systems indicates a coordinated, stealthy threat actor.

  Option D:An on-path (man-in-the-middle) attack intercepts traffic, but there's no indication of interception; the focus is on unauthorized transfers.

  CompTIA SecurityX CAS-005 Domain 1: Risk Management ?Threat Identification and

  Analysis.

• Question 288:

  A security administrator needs to automate alerting. The server generates structured log files that need to be parsed to determine whether an alarm has been triggered Given the following code function:

  

  Which of the following is most likely the log input that the code will parse?

  A. ["error_log] ["system_1"] ["InAlarmState": True]
  C. error_log; -system_1: InAlarmState: True
  D. {"error_log": {"system_1": {"InAlarmState": True}}}
  A. ["error_log] ["system_1"] ["InAlarmState": True]

  ---

  Explanation

  The code function provided in the question seems to be designed to parse JSON formatted logs to check for an alarm state. Option A is a JSON format that matches the structure likely expected by the code. The presence of the "error_log"

  and "InAlarmState" keys suggests that this is the correct input format.

  CompTIA SecurityX Study Guide, Chapter on Log Management and Automation, Section on Parsing Structured Logs.

• Question 289:

  A security analyst is reviewing the following event timeline from an COR solution:

  

  Which of the following most likely has occurred and needs to be fixed?

  A. The Dl P has failed to block malicious exfiltration and data tagging is not being utilized property
  B. An EDR bypass was utilized by a threat actor and updates must be installed by the administrator.
  C. A logic law has introduced a TOCTOU vulnerability and must be addressed by the COR vendor
  D. A potential insider threat is being investigated and will be addressed by the senior management team.
  C. A logic law has introduced a TOCTOU vulnerability and must be addressed by the COR vendor

  ---

  Explanation

  The event timeline indicates a sequence where a file (hr-reporting.docx) was saved, scanned, executed, and eventually found to contain malware. The critical issue here is that the malware scan completed after the file was already executed.

  This suggests a Time-Of- Check to Time-Of-Use (TOCTOU) vulnerability, where the state of the file changed between the time it was checked and the time it was used.

  References:

  CompTIA SecurityX Study Guide: Discusses TOCTOU vulnerabilities as a timing attack where the state of a resource changes after it has been validated. NIST Special Publication 800-53, "Security and Privacy Controls for Federal

  Information Systems and Organizations": Recommends addressing TOCTOU vulnerabilities to ensure the integrity of security operations. "The Art of Software Security Assessment" by Mark Dowd, John McDonald, and Justin Schuh: Covers

  logic flaws and timing vulnerabilities, including TOCTOU issues.

• Question 290:

  A company has data it would like to aggregate from its PLCs for data visualization and predictive maintenance purposes. Which of the following is the most likely destination for the tag data from the PLCs?

  A. External drive
  B. Cloud storage
  C. System aggregator
  D. Local historian
  D. Local historian

  ---

  Explanation

  PLCs (Programmable Logic Controllers) are commonly used in industrial automation to control machinery and processes. They generate a significant amount of data known as tag data, which includes real-time information about variables such as temperatures, pressures, and other operational parameters.

  A local historian is a dedicated software or system component used in industrial automation environments to collect, store, and manage tag data from PLCs. The local historian typically resides on-site or within the industrial network environment. Its primary function is to capture and archive historical data from PLCs at a high frequency, providing insights into the operational history and trends of the industrial processes.