CompTIA CAS-005 Online Practice Questions and Exam Preparation

CompTIA CAS-005 Online Questions & Answers

• Question 321:

  A security team is responding to malicious activity and needs to determine the scope of impact the malicious activity appears to affect certain version of an application used by the organization

  Which of the following actions best enables the team to determine the scope of Impact?

  A. Performing a port scan
  B. Inspecting egress network traffic
  C. Reviewing the asset inventory
  D. Analyzing user behavior
  C. Reviewing the asset inventory

  ---

  Explanation

  Reviewing the asset inventory allows the security team to identify all instances of the affected application versions within the organization. By knowing which systems are running the vulnerable versions, the team can assess the full scope of the impact, determine which systems might be compromised, and prioritize them for further investigation and remediation. Performing a port scan (Option A) might help identify open ports but does not provide specific information about the application versions. Inspecting egress network traffic (Option B) and analyzing user behavior (Option D) are important steps in the incident response process but do not directly identify which versions of the application are affected.

  References: CompTIA Security+ Study Guide NIST SP 800-61 Rev. 2, "Computer Security Incident Handling Guide" CIS Controls, "Control 1: Inventory and Control of Hardware Assets" and "Control

  2: Inventory and Control of Software Assets"

• Question 322:

  An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability.

  Which of the following components provides the best foundation to achieve this goal?

  A. SASE
  B. CMDB
  C. SBoM
  D. SLM
  B. CMDB

  ---

  Explanation

  A Configuration Management Database (CMDB) provides the best foundation for identifying which specific assets are affected by a given vulnerability. A CMDB maintains detailed information about the IT environment, including hardware,

  software, configurations, and relationships between assets. This comprehensive view allows organizations to quickly identify and address vulnerabilities affecting specific assets.

  References:

  CompTIA SecurityX Study Guide: Discusses the role of CMDBs in asset management and vulnerability identification.

  ITIL (Information Technology Infrastructure Library) Framework: Recommends the use of CMDBs for effective configuration and asset management. "Configuration Management Best Practices" by Bob Aiello and Leslie Sachs:

  Covers the importance of CMDBs in managing IT assets and addressing vulnerabilities.

• Question 323:

  An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the least amount of downtime. Which of the following should the analyst perform?

  A. Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.
  B. Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.
  C. Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.
  D. Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.
  C. Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

  ---

  Explanation

  To minimize downtime, testing should occur in a virtual lab, not production. The best approach is to test solutions methodically: implement one solution at a time, run an attack simulation, collect metrics, roll back, and repeat. This isolates

  each solution's effectiveness, ensuring accurate metrics for decision-making without production impact. Option A:Testing all solutions simultaneously muddies the results--metrics won't show which solution worked.

  Option B:Collecting metrics before the simulation misses the point of testing against the attack.

  Option C:Correct--tests each solution independently with simulation and metrics, minimizing downtime via virtual lab use.

  Option D:Like A, combining solutions obscures individual effectiveness.

  CompTIA SecurityX CAS-005 Domain 4: Cybersecurity Operations ?Incident Response and Testing.

• Question 324:

  A security analyst is reviewing the following log:

  

  Which of the following possible events should the security analyst investigate further?

  A. A macro that was prevented from running
  B. A text file containing passwords that were leaked
  C. A malicious file that was run in this environment
  D. A PDF that exposed sensitive information improperly
  B. A text file containing passwords that were leaked

  ---

  Explanation

  Based on the log provided, the most concerning event that should be investigated further is the presence of a text file containing passwords that were leaked. Here's why:

  Sensitive Information Exposure: A text file containing passwords represents a significant security risk, as it indicates that sensitive credentials have been exposed in plain text, potentially leading to unauthorized access. Immediate Threat:

  Password leaks can lead to immediate exploitation by attackers, compromising user accounts and sensitive data. This requires urgent investi

• Question 325:

  The IT team suggests the company would save money by using self-signed certificates, but the security team indicates the company must use digitally signed third-party certificates. Which of the following is a valid reason to pursue the security team's recommendation?

  A. PKCS #10 is still preferred over PKCS #12.
  B. Private-key CSR signage prevents on-path interception.
  C. There is more control in using a local certificate over a third-party certificate.
  D. There is minimal benefit in using a certificate revocation list.
  B. Private-key CSR signage prevents on-path interception.

  ---

  Explanation

  Using a digitally signed third-party certificate ensures that the certificate is trusted and verified, reducing the risk of man-in-the-middle attacks and ensuring secure communications.

• Question 326:

  A company detects suspicious activity associated with inbound connections. Security detection tools are unable to categorize this activity. Which of the following is the best solution to help the company overcome this challenge?

  A. Implement an interactive honeypot.
  B. Map network traffic to known IoCs.
  C. Monitor the dark web.
  D. Implement UEBA.
  A. Implement an interactive honeypot.

  ---

  The best solution is to implement an interactive honeypot (A). Honeypots are decoy systems designed to attract and observe adversary behavior in real time. When security tools cannot categorize suspicious inbound traffic, a honeypot provides an isolated environment where the suspicious activity can be redirected and monitored without risking production systems. By deploying an interactive honeypot, analysts can study attacker tactics, techniques, and procedures (TTPs), extract Indicators of Compromise

  (IoCs), and improve defensive controls.

  Option B (mapping to known IoCs) fails because the activity cannot be categorized, implying it is novel or not yet identified in threat intelligence feeds.

  Option C (monitoring the dark web) provides intelligence about potential threats but does not address real-time inbound suspicious activity.

  Option D (UEBA) focuses on analyzing user and entity behaviors but is less effective for categorizing inbound external traffic.

  By using honeypots, organizations gain visibility into new, unknown, or advanced attack techniques, which helps improve detection capabilities, enrich threat intelligence, and strengthen incident response.

• Question 327:

  An organization recently experienced a security incident due to an exterior door in a busy area getting stuck open. The organization launches a security campaign focused on the motto, "See Something, Say Something." Which of the following best describes what the organization wants to educate employees about?

  A. Situational awareness
  B. Phishing
  C. Social engineering
  D. Tailgating
  A. Situational awareness

  ---

• Question 328:

  A healthcare system recently suffered from a ransomware incident. As a result, the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits, and had open RDP access to servers with personal health information.

  As the consultant builds the remediation plan, which of the following solutions would best solve these challenges? (Select three).

  A. SD-WAN
  B. PAM
  C. Remote access VPN
  D. MFA
  E. Network segmentation
  F. BGP
  G. NAC
  B. PAM
  D. MFA
  E. Network segmentation

  ---

  Explanation

  Privileged Access Management (PAM) restricts elevated permissions, reducing the risk of widespread ransomware attacks.Multi-Factor Authentication (MFA)protects against credential theft and ensures that even if passwords are

  compromised, accounts are not easily accessible.Network segmentation breaks the flat network into secure zones, limiting lateral movement by attackers. SD-WAN and BGP relate to network routing and efficiency, not security architecture

  specifically. Remote access VPN secures external access but does not solve internal flat network issues. Network Access Control (NAC) is helpful but secondary compared to PAM, MFA, and segmentation in this context.

  CompTIA SecurityX CAS-005, Domain 2.0: Implement identity and access controls, network segmentation, and authentication hardening to mitigate internal threats.

• Question 329:

  A security engineer is implementing DLP. Which of the following should the security engineer include in the overall DLP strategy?

  A. Tokenization
  B. Network traffic analysis
  C. Data classification
  D. Multifactor authentication
  C. Data classification

  ---

  Explanation

• Question 330:

  A software developer has been tasked with creating a unique threat detection mechanism that is based on machine learning. The information system for which the tool is being developed is on a rapid CI/CD pipeline, and the tool developer is considered a supplier to the process. Which of the following presents the most risk to the development life cycle and to the ability to deliver the security tool on time?

  A. Deep learning language barriers
  B. Big Data processing required for maturity
  C. Secure, multiparty computation requirements
  D. Computing capabilities available to the developer
  B. Big Data processing required for maturity

  ---

  Explanation