Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. CompTIA
  3. CAS-005

CompTIA CAS-005 Exam (page: 4)
CompTIA SecurityX
Updated on: 31-Mar-2026

Viewing Page 4 of 45
CAS-005 PDF 408 Questions

A systems administrator is working with the SOC to identify potential intrusions associated with ransomware. The SOC wants the systems administrator to perform network-level analysis to identify outbound traffic from any infected machines.
Which of the following is the most appropriate action for the systems administrator to take?

  1. Monitor for IoCs associated with C&C communications.
  2. Tune alerts to Identify changes to administrative groups.
  3. Review NetFlow logs for unexpected increases in egress traffic.
  4. Perform binary hash comparisons to identify infected devices.

Answer(s): C

Explanation:

When investigating potential ransomware infections, one of the key indicators of compromise (IoC) is abnormal outbound traffic, especially if the ransomware is attempting to communicate with a command and control (C&C) server to receive further instructions or send exfiltrated data.

Reviewing NetFlow logs is an effective way to identify unusual outbound traffic patterns, particularly unexpected increases in egress traffic that might indicate infected machines attempting to connect to external servers. NetFlow logs provide insight into the volume, destination, and origin of traffic, helping to identify anomalous or suspicious communications typically associated with ransomware activity.



A retail organization wants to properly test and verify its capabilities to detect and/or prevent specific TTPs as mapped to the MITRE ATTACK framework specific to APTs.
Which of the following should be used by the organization to accomplish this goal?

  1. Tabletop exercise
  2. Penetration test
  3. Sandbox detonation
  4. Honeypot

Answer(s): B

Explanation:

A penetration test is the most appropriate method to test and verify an organization's capabilities to detect and prevent specific Tactics, Techniques, and Procedures (TTPs) as mapped to the MITRE ATT&CK framework.
During a penetration test, ethical hackers simulate real-world attacks, attempting to exploit vulnerabilities and execute the TTPs associated with advanced persistent threats (APTs). This allows the organization to evaluate its detection mechanisms, security controls, and response capabilities in a controlled environment.



IoCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming.
Which of the following would be the most appropriate recommendation?

  1. FIM
  2. SASE
  3. UEBA
  4. CSPM
  5. EAP

Answer(s): C

Explanation:

UEBA (User and Entity Behavior Analytics) is a security solution that uses machine learning and advanced analytics to detect anomalies based on the behavior of users and entities within a network. Unlike signature- based detection, which relies on known indicators of compromise (IoCs), UEBA can identify suspicious activity by recognizing deviations from established behavior patterns, which is especially useful for detecting advanced threats and insider attacks that might evade traditional signature-based methods.



A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data's confidentiality is maintained in a dynamic, low-risk environment.
Which of the following would best achieve this goal? (Choose two.)

  1. Install a SOAR on all endpoints.
  2. Hash all files.
  3. Install SIEM within a SO
  4. Encrypt all data and files at rest, in transit, and in use.
  5. Configure SOAR to monitor and intercept files and data leaving the network.
  6. Implement file integrity monitoring.

Answer(s): D,F

Explanation:

Encrypt all data and files at rest, in transit, and in use: Encryption ensures that sensitive data is protected and its confidentiality is maintained. By encrypting data at all stages--whether stored (at rest), transmitted (in transit), or actively being processed (in use)--the company can significantly reduce the risk of unauthorized access or exposure, ensuring the confidentiality of highly sensitive data.
Implement file integrity monitoring: File Integrity Monitoring (FIM) ensures that files containing sensitive data are not altered without authorization. By monitoring changes to critical files, it helps detect tampering, modifications, or potential data breaches, adding an extra layer of security to sensitive information in a dynamic environment.



An organization wants to implement an access control system based on its data classification policy that includes the following data types:

Confidential

Restricted

Internal

Public Flag for Review

The access control system should support SSO federation to map users into groups. Each group should only access systems that process and store data at the classification assigned to the group.
Which of the following should the organization implement to enforce its requirements with a minimal impact to systems and resources?

  1. A tagging strategy in which all resources are assigned a tag based on the data classification type, and a system that enforces attribute-based access control
  2. Role-based access control that maps data types to internal roles, which are defined in the human resources department's source of truth system
  3. Network microsegmentation based on data types, and a network access control system enforcing mandatory access control based on the user principal
  4. A rule-based access control strategy enforced by the SSO system with rules managed by the internal LDAP and applied on a per-system basis

Answer(s): A

Explanation:

Tagging strategy: All resources (e.g., systems, files, databases) can be assigned tags based on their classification type (Confidential, Restricted, Internal, Public Flag for Review). This allows the access control system to easily associate resources with their respective data classifications without needing significant changes to the underlying systems.
Attribute-based access control (ABAC): ABAC allows access control decisions to be based on attributes (such as user group, resource tags, or data classification). By using ABAC, the system can enforce rules dynamically, allowing users in specific groups (mapped through SSO federation) to only access resources that match their assigned data classification.



A security analyst was monitoring the networks of a group of companies. The analyst identified several periods of concentrated, coordinated activity by unknown actors. The activity repeated at regular intervals and affected all the companies. Minor hardware outages that correlated with the same times as the discovered activity escalated in severity.
Which of the following threat actors was most likely involved?

  1. An organized crime collective running a ransomware campaign
  2. A group of politically motivated hackers
  3. Disgruntled employees who were recently terminated
  4. An advanced persistent threat financed by a nation-state

Answer(s): D

Explanation:

The described activity - concentrated, coordinated attacks that happen at regular intervals and affect multiple companies - suggests the involvement of an advanced persistent threat (APT). APTs are often well-funded and organized, typically backed by nation-states. They focus on long-term, stealthy campaigns to achieve strategic goals, which might include espionage or disruption.
The fact that the attacks correlate with minor hardware outages and increasing severity indicates a well- planned and ongoing attack that escalates over time, a hallmark of nation-state-backed APTs. These attackers often have the resources, skill, and persistence to operate over extended periods without detection, making them a likely candidate for this type of activity.



The company's client service team is receiving a large number of inquiries from clients regarding a new vulnerability.
Which of the following would provide the customer service team with a consistent message to deliver directly to clients?

  1. Communication plan
  2. Response playbook
  3. Disaster recovery procedure
  4. Automated runbook

Answer(s): B

Explanation:

A response playbook is a detailed document that outlines predefined steps, procedures, and templates for responding to specific incidents or situations. In this case, it would provide the customer service team with a consistent, clear, and accurate message to deliver to clients regarding the new vulnerability. The playbook would ensure that all team members are providing uniform responses to inquiries, reducing confusion and ensuring that the company's communication is coherent and accurate.



A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes.
Which of the following would be best to use as part of the process to support copyright protections of the document?

  1. Steganography
  2. E-signature
  3. Watermarking
  4. Cryptography

Answer(s): A

Explanation:

Steganography involves embedding information covertly within another file, such as a document, in a way that is not immediately apparent to the viewer. This can be used to embed a "sign of ownership" in a proprietary document without adding any visible or overt identifying attributes. It helps protect copyright by embedding hidden, identifying information that can later be used for verification or proof of ownership.



Viewing Page 4 of 45



Share your comments for CompTIA CAS-005 exam with other users:

krishna 12/19/2023 2:05:00 AM

valied exam dumps. they were very helpful and i got a pretty good score. i am very grateful for this service and exam questions
Anonymous


Pie 9/3/2023 4:56:00 AM

will it help?
INDIA


Lucio 10/6/2023 1:45:00 PM

very useful to verify knowledge before exam
POLAND


Ajay 5/17/2023 4:54:00 AM

good stuffs
Anonymous


TestPD1 8/10/2023 12:19:00 PM

question 17 : responses arent b and c ?
EUROPEAN UNION


Nhlanhla 12/13/2023 5:26:00 AM

just passed the exam on my first try using these dumps.
Anonymous


Rizwan 1/6/2024 2:18:00 AM

very helpful
INDIA


Yady 5/24/2023 10:40:00 PM

these questions look good.
SINGAPORE


Kettie 10/12/2023 1:18:00 AM

this is very helpful content
Anonymous


SB 7/21/2023 3:18:00 AM

please provide the dumps
UNITED STATES


David 8/2/2023 8:20:00 AM

it is amazing
Anonymous


User 8/3/2023 3:32:00 AM

quesion 178 about "a banking system that predicts whether a loan will be repaid is an example of the" the answer is classification. not regresion, you should fix it.
EUROPEAN UNION


quen 7/26/2023 10:39:00 AM

please upload apache spark dumps
Anonymous


Erineo 11/2/2023 5:34:00 PM

q14 is b&c to reduce you will switch off mail for every single alert and you will switch on daily digest to get a mail once per day, you might even skip the empty digest mail but i see this as a part of the daily digest adjustment
Anonymous


Paul 10/21/2023 8:25:00 AM

i think it is good question
Anonymous


Unknown 8/15/2023 5:09:00 AM

good for students who wish to give certification.
INDIA


Ch 11/20/2023 10:56:00 PM

is there a google drive link to the images? the links in questions are not working.
AUSTRALIA


Joey 5/16/2023 5:25:00 AM

very promising, looks great, so much wow!
Anonymous


alaska 10/24/2023 5:48:00 AM

i scored 87% on the az-204 exam. thanks! i always trust
GERMANY


nnn 7/9/2023 11:09:00 PM

good need more
Anonymous


User-sfdc 12/29/2023 7:21:00 AM

sample questions seems good
Anonymous


Tamer dam 8/4/2023 10:21:00 AM

huawei is ok
UNITED STATES


YK 12/11/2023 1:10:00 AM

good one nice
JAPAN


de 8/28/2023 2:38:00 AM

please continue
GERMANY


DMZ 6/25/2023 11:56:00 PM

this exam dumps just did the job. i donot want to ruffle your feathers but your exam dumps and mock test engine is amazing.
UNITED KINGDOM


Jose 8/30/2023 6:14:00 AM

nice questions
PORTUGAL


Tar01 7/24/2023 7:07:00 PM

the explanation are really helpful
Anonymous


DaveG 12/15/2023 4:50:00 PM

just passed my exam yesterday on my first attempt. these dumps were extremely helpful in passing first time. the questions were very, very similar to these questions!
Anonymous


A.K. 6/30/2023 6:34:00 AM

cosmos db is paas not saas
Anonymous


S Roychowdhury 6/26/2023 5:27:00 PM

what is the percentage of common questions in gcp exam compared to 197 dump questions? are they 100% matching with real gcp exam?
Anonymous


Bella 7/22/2023 2:05:00 AM

not able to see questions
Anonymous


Scott 9/8/2023 7:19:00 AM

by far one of the best sites for free questions. i have pass 2 exams with the help of this website.
CANADA


donald 8/19/2023 11:05:00 AM

excellent question bank.
Anonymous


Ashwini 8/22/2023 5:13:00 AM

it really helped
Anonymous