Winter Special Sale Limited Time 60% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 713PS592

CAS-005 CompTIA SecurityX Certification Exam Questions and Answers

Questions 4

A security architect wants to develop a baseline of security configurations These configurations automatically will be utilized machine is created Which of the following technologies should the security architect deploy to accomplish this goal?

Options:

A.

Short

B.

GASB

C.

Ansible

D.

CMDB

Buy Now
Questions 5

CAS-005 Question 5

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Options:

Buy Now
Questions 6

A systems administrator wants to reduce the number of failed patch deployments in an organization. The administrator discovers that system owners modify systems or applications in an ad hoc manner. Which of the following is the best way to reduce the number of failed patch deployments?

Options:

A.

Compliance tracking

B.

Situational awareness

C.

Change management

D.

Quality assurance

Buy Now
Questions 7

The identity and access management team is sending logs to the SIEM for continuous monitoring. The deployed log collector is forwarding logs to

the SIEM. However, only false positive alerts are being generated. Which of the following is the most likely reason for the inaccurate alerts?

Options:

A.

The compute resources are insufficient to support the SIEM

B.

The SIEM indexes are 100 large

C.

The data is not being properly parsed

D.

The retention policy is not property configured

Buy Now
Questions 8

A cloud engineer needs to identify appropriate solutions to:

• Provide secure access to internal and external cloud resources.

• Eliminate split-tunnel traffic flows.

• Enable identity and access management capabilities.

Which of the following solutions arc the most appropriate? (Select two).

Options:

A.

Federation

B.

Microsegmentation

C.

CASB

D.

PAM

E.

SD-WAN

F.

SASE

Buy Now
Questions 9

The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep. Which of the following solutions are the best ways to mitigate this issue? (Select two).

Setting different access controls defined by business area

Options:

A.

Implementing a role-based access policy

B.

Designing a least-needed privilege policy

C.

Establishing a mandatory vacation policy

D.

Performing periodic access reviews

E.

Requiring periodic job rotation

Buy Now
Questions 10

Which of the following best explains the importance of determining organization risk appetite when operating with a constrained budget?

Options:

A.

Risk appetite directly impacts acceptance of high-impact low-likelihood events.

B.

Organizational risk appetite varies from organization to organization

C.

Budgetary pressure drives risk mitigation planning in all companies

D.

Risk appetite directly influences which breaches are disclosed publicly

Buy Now
Questions 11

A company hosts a platform-as-a-service solution with a web-based front end, through which customer interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks. Which of the following most directly supports the administrator's objective'

Options:

A.

improving security dashboard visualization on SIEM

B.

Rotating API access and authorization keys every two months

C.

Implementing application toad balancing and cross-region availability

D.

Creating WAF policies for relevant programming languages

Buy Now
Questions 12

A security analyst received a report that an internal web page is down after a company-wide update to the web browser Given the following error message:

CAS-005 Question 12

Which of the following is the b«« way to fix this issue?

Options:

A.

Rewriting any legacy web functions

B.

Disabling all deprecated ciphers

C.

Blocking all non-essential pons

D.

Discontinuing the use of self-signed certificates

Buy Now
Questions 13

A security analyst is reviewing the following log:

CAS-005 Question 13

Which of the following possible events should the security analyst investigate further?

Options:

A.

A macro that was prevented from running

B.

A text file containing passwords that were leaked

C.

A malicious file that was run in this environment

D.

A PDF that exposed sensitive information improperly

Buy Now
Questions 14

A security analyst Detected unusual network traffic related to program updating processes The analyst collected artifacts from compromised user workstations. The discovered artifacts were binary files with the same name as existing, valid binaries but. with different hashes which of the following solutions would most likely prevent this situation from reoccurring?

Options:

A.

Improving patching processes

B.

Implementing digital signature

C.

Performing manual updates via USB ports

D.

Allowing only dies from internal sources

Buy Now
Questions 15

A security analyst wants to use lessons learned from a poor incident response to reduce dwell lime in the future The analyst is using the following data points

CAS-005 Question 15

Which of the following would the analyst most likely recommend?

Options:

A.

Adjusting the SIEM to alert on attempts to visit phishing sites

B.

Allowing TRACE method traffic to enable better log correlation

C.

Enabling alerting on all suspicious administrator behavior

D.

utilizing allow lists on the WAF for all users using GFT methods

Buy Now
Questions 16

A company wants to use loT devices to manage and monitor thermostats at all facilities The thermostats must receive vendor security updates and limit access to other devices within the organization Which of the following best addresses the company's requirements''

Options:

A.

Only allowing Internet access to a set of specific domains

B.

Operating lot devices on a separate network with no access to other devices internally

C.

Only allowing operation for loT devices during a specified time window

D.

Configuring IoT devices to always allow automatic updates

Buy Now
Questions 17

After remote desktop capabilities were deployed in the environment, various vulnerabilities were noticed.

• Exfiltration of intellectual property

• Unencrypted files

• Weak user passwords

Which of the following is the best way to mitigate these vulnerabilities? (Select two).

Options:

A.

Implementing data loss prevention

B.

Deploying file integrity monitoring

C.

Restricting access to critical file services only

D.

Deploying directory-based group policies

E.

Enabling modem authentication that supports MFA

F.

Implementing a version control system

G.

Implementing a CMDB platform

Buy Now
Questions 18

A company's SICM Is continuously reporting false positives and false negatives The security operations team has Implemented configuration changes to troubleshoot possible reporting errors Which of the following sources of information best supports the required analysts process? (Select two).

Options:

A.

Third-party reports and logs

B.

Trends

C.

Dashboards

D.

Alert failures

E.

Network traffic summaries

F.

Manual review processes

Buy Now
Questions 19

Third parties notified a company's security team about vulnerabilities in the company's application. The security team determined these vulnerabilities were previously disclosed in third-party libraries. Which of the following solutions best addresses the reported vulnerabilities?

Options:

A.

Using laC to include the newest dependencies

B.

Creating a bug bounty program

C.

Implementing a continuous security assessment program

D.

Integrating a SASI tool as part of the pipeline

Buy Now
Questions 20

A company's security policy states that any publicly available server must be patched within 12 hours after a patch is released A recent llS zero-day vulnerability was discovered that affects all versions of the Windows Server OS:

CAS-005 Question 20

Which of the following hosts should a security analyst patch first once a patch is available?

Options:

A.

1

B.

2

C.

3

D.

4

E.

5

F.

6

Buy Now
Questions 21

A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password Which of the following models should the company implement to b«st solve this issue?

Options:

A.

Rule based

B.

Time-based

C.

Role based

D.

Context-based

Buy Now
Questions 22

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

CAS-005 Question 22

CAS-005 Question 22

Options:

Buy Now
Questions 23

A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:

CAS-005 Question 23

Which of the following is the most appropriate action for the analyst to take?

Options:

A.

Update the log configuration settings on the directory server that Is not being captured properly.

B.

Have the admin account owner change their password to avoid credential stuffing.

C.

Block employees from logging in to applications that are not part of their business area.

D.

implement automation to disable accounts that nave been associated with high-risk activity.

Buy Now
Questions 24

A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries Which of the following should the organization most likely leverage to facilitate this activity? (Select two).

Options:

A.

CWPP

B.

YAKA

C.

ATTACK

D.

STIX

E.

TAXII

F.

JTAG

Buy Now
Questions 25

A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP Which of the following is me b»« way to reduce the risk oi reoccurrence?

Options:

A.

Enforcing allow lists for authorized network pons and protocols

B.

Measuring and attesting to the entire boot chum

C.

Rolling the cryptographic keys used for hardware security modules

D.

Using code signing to verify the source of OS updates

Buy Now
Questions 26

A company is having issues with its vulnerability management program New devices/lPs are added and dropped regularly, making the vulnerability report inconsistent Which of the following actions should the company lake to most likely improve the vulnerability management process'

Options:

A.

Request a weekly report with all new assets deployed and decommissioned

B.

Extend the DHCP lease lime to allow the devices to remain with the same address for a longer period.

C.

Implement a shadow IT detection process to avoid rogue devices on the network

D.

Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool

Buy Now
Questions 27

Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment. Which of the following actions should be taken to address this requirement?

Options:

A.

Isolating the historian server for connections only from The SCADA environment

B.

Publishing the C$ share from SCADA to the enterprise

C.

Deploying a screened subnet between 11 and SCADA

D.

Adding the business workstations to the SCADA domain

Buy Now
Questions 28

A company isolated its OT systems from other areas of the corporate network These systems are required to report usage information over the internet to the vendor Which oi the following b*st reduces the risk of compromise or sabotage' (Select two).

Options:

A.

Implementing allow lists

B.

Monitoring network behavior

C.

Encrypting data at rest

D.

Performing boot Integrity checks

E.

Executing daily health checks

F.

Implementing a site-to-site IPSec VPN

Buy Now
Questions 29

A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic. Which of the following should the analyst use to determine whether the requests are malicious?

Options:

A.

User-agent string

B.

Byte length of the request

C.

Web application headers

D.

HTML encoding field

Buy Now
Questions 30

An organization is required to

* Respond to internal and external inquiries in a timely manner

* Provide transparency.

* Comply with regulatory requirements

The organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?

Options:

A.

Outsourcing the handling of necessary regulatory filing to an external consultant

B.

Integrating automated response mechanisms into the data subject access request process

C.

Developing communication templates that have been vetted by internal and external counsel

D.

Conducting lessons-learned activities and integrating observations into the crisis management plan

Buy Now
Questions 31

Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network A network engineer observes the following:

• Users should be redirected to the captive portal.

• The Motive portal runs Tl. S 1 2

• Newer browser versions encounter security errors that cannot be bypassed

• Certain websites cause unexpected re directs

Which of the following mow likely explains this behavior?

Options:

A.

The TLS ciphers supported by the captive portal ate deprecated

B.

Employment of the HSTS setting is proliferating rapidly.

C.

Allowed traffic rules are causing the NIPS to drop legitimate traffic

D.

An attacker is redirecting supplicants to an evil twin WLAN.

Buy Now
Questions 32

A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors Which of the following is the most relevant to the DevSecOps team's task'

Options:

A.

Static application security testing

B.

Software composition analysis

C.

Runtime application self-protection

D.

Web application vulnerability scanning

Buy Now
Questions 33

A security architect is establishing requirements to design resilience in un enterprise system trial will be extended to other physical locations. The system must

• Be survivable to one environmental catastrophe

• Re recoverable within 24 hours of critical loss of availability

• Be resilient to active exploitation of one site-to-site VPN solution

Options:

A.

Load-balance connection attempts and data Ingress at internet gateways

B.

Allocate fully redundant and geographically distributed standby sites.

C.

Employ layering of routers from diverse vendors

D.

Lease space to establish cold sites throughout other countries

E.

Use orchestration to procure, provision, and transfer application workloads lo cloud services

F.

Implement full weekly backups to be stored off-site for each of the company's sites

Buy Now
Questions 34

A systems administrator wants to use existing resources to automate reporting from disparate security appliances that do not currently communicate. Which of the following is the best way to meet this objective?

Options:

A.

Configuring an API Integration to aggregate the different data sets

B.

Combining back-end application storage into a single, relational database

C.

Purchasing and deploying commercial off the shelf aggregation software

D.

Migrating application usage logs to on-premises storage

Buy Now
Questions 35

A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?

Options:

A.

Dark web monitoring

B.

Threat intelligence platform

C.

Honeypots

D.

Continuous adversary emulation

Buy Now
Exam Code: CAS-005
Exam Name: CompTIA SecurityX Certification Exam
Last Update: Dec 4, 2024
Questions: 117

PDF + Testing Engine

$66  $164.99

Testing Engine

$50  $124.99
buy now CAS-005 testing engine

PDF (Q&A)

$42  $104.99
buy now CAS-005 pdf