CompTIA CAS-005 Online Practice Questions and Exam Preparation

CompTIA CAS-005 Online Questions & Answers

• Question 291:

  An application requires the storage of PII. A systems engineer needs to implement a solution that uses an external device for key management. Which of the following is the best solution?

  A. TPM
  B. SBoM
  C. vTPM
  D. HSM
  D. HSM

  ---

• Question 292:

  A company plans to deploy a new online application that provides video training for its customers. As part of the design, the application must be:

  1.

  Fast for all users

  2.

  Available for users worldwide

  3.

  Protected against attacks

  Which of the following are the best components the company should use to meet these requirements? (Select two).

  A. WAF
  B. IPS
  C. CDN
  D. SASE
  E. VPN
  F. CASB
  A. WAF
  C. CDN

  ---

• Question 293:

  A security analyst identified a vulnerable and deprecated runtime engine that is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition?

  A. Shutting down the systems until the code is ready
  B. Uninstalling the impacted runtime engine
  C. Selectively blocking traffic on the affected port
  D. Configuring IPS and WAF with signatures
  C. Selectively blocking traffic on the affected port

  ---

  Explanation

  Selectively blocking traffic on the affected port strikes a balance between security and operational continuity. It effectively mitigates the risk posed by the vulnerable and deprecated runtime engine while allowing the banking application to remain operational until the transition to a modern development environment is completed. This approach ensures that customer service is maintained without compromising security during the transitional phase.

  While IPS and WAF are valuable security measures, they are not specifically tailored to address the risks associated with a deprecated runtime engine. Configuring IPS and WAF with signatures is more effective for protecting against specific types of attacks but may not comprehensively mitigate the vulnerabilities in the runtime engine itself. Selectively blocking traffic on the affected port directly addresses the immediate risk posed by the deprecated component without introducing potential operational disruptions or incomplete protection scenarios that could arise from relying solely on IPS and WAF.

• Question 294:

  A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications. To prevent further compromises, the company has decided it will only allow authorized applications to run on its systems. Which of the following should the company implement?

  A. Signing
  B. Access control
  C. HIPS
  D. Permit listing
  D. Permit listing

  ---

  Explanation

  To prevent unauthorized applications from running, the company needs a mechanism to explicitly define and enforce which applications are allowed to execute. "Permit listing" (often referred to as "whitelisting" in security contexts) is the most effective solution here. It involves creating a list of approved applications, and only those on the list are permitted to run, blocking all others by default. This directly addresses the root cause--users installing unapproved software--by restricting execution to only authorized programs. Option A (Signing):Code signing ensures the authenticity and integrity of software by verifying it comes from a trusted source and hasn't been tampered with. While useful, it doesn't inherently prevent unauthorized applications from running unless combined with a policy like whitelisting. Option B (Access control):Access control governs who can access systems or resources but doesn't specifically restrict which applications can execute. It's too broad for this scenario. Option C (HIPS):A Host-based Intrusion Prevention System (HIPS) can detect and block malicious behavior, but it's reactive and relies on signatures or heuristics, not a proactive allow-only approach. Option D (Permit listing):This is the best fit, as it proactively enforces a policy where only explicitly authorized applications can run, preventing malware introduced by unauthorized software.

  CompTIA SecurityX CAS-005 Domain 2: Security Architecture ?Application Security Controls.

• Question 295:

  SIMULATION

  A security engineer needs to review the configurations of several devices on the network to meet the following requirements:

  1. The PostgreSQL server must only allow connectivity in the 10.1.2.0/24 subnet.

  2. The SSH daemon on the database server must be configured to listen to port 4022.

  3. The SSH daemon must only accept connections from a Single workstation.

  4. All host-based firewalls must be disabled on all workstations.

  5. All devices must have the latest updates from within the past eight days.

  6. All HDDs must be configured to secure data at rest.

  7. Cleartext services are not allowed.

  8. All devices must be hardened when possible.

  Instructions:

  Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.

  Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA ssh

  

  WAP A

  

  PC A

  

  Laptop A

  

  Switch A

  

  Switch B:

  

  Laptop B

  

  PC B

  

  PC C

  

  Server A

  

  

  A. See the complete solution below in Explanation.
  B. PlaceHolder
  C. PlaceHolder
  D. PlaceHolder
  A. See the complete solution below in Explanation.

  ---

  Explanation

  WAP A: No issue found. The WAP A is configured correctly and meets the requirements.

  PC A = Enable host-based firewall to block all traffic

  This option will turn off the host-based firewall and allow all traffic to pass through. This will comply with the requirement and also improve the connectivity of PC A to other devices on the network. However, this option will also reduce the

  security of PC A and make it more vulnerable to attacks. Therefore, it is recommended to use other security measures, such as antivirus, encryption, and password complexity, to protect PC A from potential threats.

  Laptop A: Patch management

  This option will install the updates that are available for Laptop A and ensure that it has the most recent security patches and bug fixes. This will comply with the requirement and also improve the performance and stability of Laptop A.

  However, this option may also require a reboot of Laptop A and some downtime during the update process. Therefore, it is recommended to backup any important data and close any open applications before applying the updates.

  Switch A: No issue found. The Switch A is configured correctly and meets the requirements.

  Switch B: No issue found. The Switch B is configured correctly and meets the requirements.

  Laptop B: Disable unneeded services

  This option will stop and disable the telnet service that is using port 23 on Laptop

  B. Telnet is a cleartext service that transmits data in plain text over the network, which exposes it to eavesdropping, interception, and modification by attackers.

  By disabling the telnet service, you will comply with the requirement and also improve the security of Laptop

  B. However, this option may also affect the functionality of Laptop B if it needs to use telnet for remote administration or other

  purposes. Therefore, it is recommended to use a secure alternative to telnet, such as SSH or HTTPS, that encrypts the data in transit.

  PC B: Enable disk encryption

  This option will encrypt the HDD of PC B using a tool such as BitLocker or VeraCrypt. Disk encryption is a technique that protects data at rest by converting it into an unreadable format that can only be decrypted with a valid key or password.

  By enabling disk encryption, you will comply with the requirement and also improve the confidentiality and integrity of PC B's data. However, this option may also affect the performance and usability of PC B, as it requires additional processing

  time and user authentication to access the encrypted data. Therefore, it is recommended to backup any important data and choose a strong key or password before encrypting the disk.

  PC C: Disable unneeded services

  This option will stop and disable the SSH daemon that is using port 22 on PC

  C. SSH is a secure service that allows remote access and command execution over an encrypted channel. However, port 22 is the default and well-known port for

  SSH, which makes it a common target for brute-force attacks and port scanning. By disabling the SSH daemon on port 22, you will comply with the requirement and also improve the security of PC

  C. However, this option may also affect the

  functionality of PC C if it needs to use SSH for remote administration or other purposes. Therefore, it is recommended to enable the SSH daemon on a different port, such as 4022, by editing the configuration file using the following command:

  sudo nano /etc/ssh/sshd_config

  Server A. Need to select the following:

  

• Question 296:

  Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment.

  Which of the following actions should be taken to address this requirement?

  A. Isolating the historian server for connections only from The SCADA environment
  B. Publishing the C$ share from SCADA to the enterprise
  C. Deploying a screened subnet between 11 and SCADA
  D. Adding the business workstations to the SCADA domain
  A. Isolating the historian server for connections only from The SCADA environment

  ---

  Explanation

  The best action to address the requirement of accessing the historian server within a SCADA system is to isolate the historian server for connections only from the SCADA environment. Here's why:

  Security and Isolation: Isolating the historian server ensures that only authorized devices within the SCADA environment can connect to it. This minimizes the attack surface and protects sensitive data from unauthorized access. Access

  Control: By restricting access to the historian server to only SCADA devices, the organization can better control and monitor interactions, ensuring that only legitimate queries and data retrievals occur. Best Practices for Critical Infrastructure:

  Following the principle of least privilege, isolating critical components like the historian server is a standard practice in securing SCADA systems, reducing the risk of cyberattacks.

• Question 297:

  A systems administrator needs to identify new attacks that could be carried out against the environment. The administrator plans to proactively seek out and observe new attacks. Which of the following is the best way to accomplish this goal?

  A. Configuring an IPS
  B. Implementing sandboxing
  C. Scanning for IoCs
  D. Deploying a honeypot
  D. Deploying a honeypot

  ---

  Explanation

• Question 298:

  A recent batch of bug bounty findings indicates a systematic issue related to directory traversal. A security engineer needs to prevent flawed code from being deployed into production. Which of the following is the best mitigation strategy for the engineer?

  A. Setting up secure development training with a focus on filesystem access issues
  B. Implementing static code analysis testing into the CI/CD pipeline and blocking based on findings
  C. Using a software composition analysis tool to look for directory traversal issues in the application
  D. Developing a secure library for filesystem access and blocking builds that do not use the library
  E. Leveraging a dynamic application security testing tool to uncover issues related to directory traversal
  B. Implementing static code analysis testing into the CI/CD pipeline and blocking based on findings

  ---

  Explanation

• Question 299:

  A cloud engineer wants to configure mail security protocols to support email authenticity and enable the flow of email security information to a third-party platform for further analysis.

  Which of the following must be configured to achieve these requirements? (Select two).

  A. DMARC
  B. DKIM
  C. TLS
  D. SPF
  E. DNSSEC
  F. MX
  A. DMARC
  B. DKIM

  ---

  Explanation

  To support email authenticity and enable analysis by a third-party platform, the protocols must verify the sender's identity and provide metadata for inspection. According to the CompTIA SecurityX CAS-005 study guide (Domain 3:

  Cybersecurity Technology, 3.2):

  DMARC (Domain-based Message Authentication, Reporting, and Conformance):DMARC builds on SPF and DKIM to enforce policies for email authenticity and provides reporting mechanisms to share authentication results with third parties

  for analysis.

  DKIM (DomainKeys Identified Mail):DKIM adds a cryptographic signature to emails, allowing recipients to verify the sender's domain and ensure the email's integrity.

  These two protocols are essential for authenticity and reporting.

  Option C (TLS):TLS ensures encryption during transmission but does not address authenticity or reporting.

  Option D (SPF):SPF verifies sender IP addresses but lacks reporting capabilities without DMARC.

  Option E (DNSSEC):DNSSEC secures DNS queries but is not specific to email authenticity.

  Option F (MX):MX records define mail servers, not authenticity or reporting.

  CompTIA SecurityX CAS-005 Official Study Guide, Domain 3: Cybersecurity Technology, Section 3.2: "Configure email security protocols, including DMARC and DKIM." CAS-005 Exam Objectives, 3.2: "Implement technologies for email

  security and authenticity."

• Question 300:

  A security engineer receives an alert from the SIEM platform indicating a possible malicious action on the internal network. The engineer generates a report that outputs the logs associated with the incident:

  

  Which of the following actions best enables the engineer to investigate further?

  A. Consulting logs from the enterprise password manager
  B. Searching dark web monitoring resources for exposure
  C. Reviewing audit logs from privileged actions
  D. Querying user behavior analytics data
  D. Querying user behavior analytics data

  ---

  The best step is to query user behavior analytics (UBA) data. SIEM alerts provide potential security events, but without additional context, they may lead to false positives. UBA solutions detect anomalies by comparing user activity against baselines of normal behavior, highlighting unusual login patterns, lateral movement, or privilege escalation.

  Option A (password manager logs) focuses only on credential use and lacks behavioral insight.

  Option B (dark web monitoring) helps identify compromised accounts but does not investigate the internal incident.

  Option C (audit logs for privileged actions) is useful but narrow in scope--it only covers administrator accounts.

  By correlating SIEM data with UBA, the engineer can validate whether the flagged activity indicates real malicious behavior or benign anomalies. CAS-005 emphasizes advanced analytics integration (UEBA/UBA) to strengthen investigation and reduce false positives, making Option D the most effective choice.