A systems administrator is working with the SOC to identify potential intrusions associated with ransomware. The SOC wants the systems administrator to perform network-level analysis to identify outbound traffic from any infected machines. Which of the following is the most appropriate action for the systems administrator to take?
Answer(s): C
When investigating potential ransomware infections, one of the key indicators of compromise (IoC) is abnormal outbound traffic, especially if the ransomware is attempting to communicate with a command and control (C&C) server to receive further instructions or send exfiltrated data.Reviewing NetFlow logs is an effective way to identify unusual outbound traffic patterns, particularly unexpected increases in egress traffic that might indicate infected machines attempting to connect to external servers. NetFlow logs provide insight into the volume, destination, and origin of traffic, helping to identify anomalous or suspicious communications typically associated with ransomware activity.
A retail organization wants to properly test and verify its capabilities to detect and/or prevent specific TTPs as mapped to the MITRE ATTACK framework specific to APTs. Which of the following should be used by the organization to accomplish this goal?
Answer(s): B
A penetration test is the most appropriate method to test and verify an organization's capabilities to detect and prevent specific Tactics, Techniques, and Procedures (TTPs) as mapped to the MITRE ATT&CK framework.During a penetration test, ethical hackers simulate real-world attacks, attempting to exploit vulnerabilities and execute the TTPs associated with advanced persistent threats (APTs). This allows the organization to evaluate its detection mechanisms, security controls, and response capabilities in a controlled environment.
IoCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming. Which of the following would be the most appropriate recommendation?
UEBA (User and Entity Behavior Analytics) is a security solution that uses machine learning and advanced analytics to detect anomalies based on the behavior of users and entities within a network. Unlike signature- based detection, which relies on known indicators of compromise (IoCs), UEBA can identify suspicious activity by recognizing deviations from established behavior patterns, which is especially useful for detecting advanced threats and insider attacks that might evade traditional signature-based methods.
A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data's confidentiality is maintained in a dynamic, low-risk environment. Which of the following would best achieve this goal? (Choose two.)
Answer(s): D,F
Encrypt all data and files at rest, in transit, and in use: Encryption ensures that sensitive data is protected and its confidentiality is maintained. By encrypting data at all stages--whether stored (at rest), transmitted (in transit), or actively being processed (in use)--the company can significantly reduce the risk of unauthorized access or exposure, ensuring the confidentiality of highly sensitive data.Implement file integrity monitoring: File Integrity Monitoring (FIM) ensures that files containing sensitive data are not altered without authorization. By monitoring changes to critical files, it helps detect tampering, modifications, or potential data breaches, adding an extra layer of security to sensitive information in a dynamic environment.
An organization wants to implement an access control system based on its data classification policy that includes the following data types:ConfidentialRestrictedInternalPublic Flag for ReviewThe access control system should support SSO federation to map users into groups. Each group should only access systems that process and store data at the classification assigned to the group. Which of the following should the organization implement to enforce its requirements with a minimal impact to systems and resources?
Answer(s): A
Tagging strategy: All resources (e.g., systems, files, databases) can be assigned tags based on their classification type (Confidential, Restricted, Internal, Public Flag for Review). This allows the access control system to easily associate resources with their respective data classifications without needing significant changes to the underlying systems.Attribute-based access control (ABAC): ABAC allows access control decisions to be based on attributes (such as user group, resource tags, or data classification). By using ABAC, the system can enforce rules dynamically, allowing users in specific groups (mapped through SSO federation) to only access resources that match their assigned data classification.
A security analyst was monitoring the networks of a group of companies. The analyst identified several periods of concentrated, coordinated activity by unknown actors. The activity repeated at regular intervals and affected all the companies. Minor hardware outages that correlated with the same times as the discovered activity escalated in severity. Which of the following threat actors was most likely involved?
Answer(s): D
The described activity - concentrated, coordinated attacks that happen at regular intervals and affect multiple companies - suggests the involvement of an advanced persistent threat (APT). APTs are often well-funded and organized, typically backed by nation-states. They focus on long-term, stealthy campaigns to achieve strategic goals, which might include espionage or disruption.The fact that the attacks correlate with minor hardware outages and increasing severity indicates a well- planned and ongoing attack that escalates over time, a hallmark of nation-state-backed APTs. These attackers often have the resources, skill, and persistence to operate over extended periods without detection, making them a likely candidate for this type of activity.
The company's client service team is receiving a large number of inquiries from clients regarding a new vulnerability. Which of the following would provide the customer service team with a consistent message to deliver directly to clients?
A response playbook is a detailed document that outlines predefined steps, procedures, and templates for responding to specific incidents or situations. In this case, it would provide the customer service team with a consistent, clear, and accurate message to deliver to clients regarding the new vulnerability. The playbook would ensure that all team members are providing uniform responses to inquiries, reducing confusion and ensuring that the company's communication is coherent and accurate.
A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be best to use as part of the process to support copyright protections of the document?
Steganography involves embedding information covertly within another file, such as a document, in a way that is not immediately apparent to the viewer. This can be used to embed a "sign of ownership" in a proprietary document without adding any visible or overt identifying attributes. It helps protect copyright by embedding hidden, identifying information that can later be used for verification or proof of ownership.
Share your comments for CompTIA CAS-005 exam with other users:
please upload the dumps, real need of them
any recent feeedback?
question number 2 is indicating you are giving proper questions. observe and change properly.
passed today.40% questions were new.litwere case study,lots of new questions on afd,ratelimit,tm,lb,app gatway.got 2 set series of questions which are not present here.questions on azure cyclecloud, no.of vnet/vms required for implimentation,blueprints assignment/management group etc
practice test
want the dumps for emc content management server programming(cmsp)
brilliant and helpful
q75. azure files is pass
very helpful
thank you for these questions. it helped a lot.
how do i get the h12-724 dumps
nice data dumps
answers are correct
good explanation
hi team just want to know if there is any update version of the exam 350-401
helpful on 2017 scrum guide
planning to attempt for the exam.
pleaseee upload
thanks ly so i have information cia
hello team, i need sap qm dumps for practice
it’s good but not senatios based
q.119 - the correct answer is b - they are not captured in an update set as theyre data.
good matter
please upload c_sacp_2308
please upload the dump. thanks very much !!
good questions
hi, could you please update the latest dump version
this question is keep repeat : you are developing a sales application that will contain several azure cloud services and handle different components of a transaction. different cloud services will process customer orders, billing, payment, inventory, and shipping. you need to recommend a solution to enable the cloud services to asynchronously communicate transaction information by using xml messages. what should you include in the recommendation?
great questions
its realy good
oracle 1z0-1059-22 dumps
please share me the pdf..
q50: which two functions can be used by an end user when pivoting an interactive report? the correct answer is a, c because we do not have rank in the function pivoting you can check in the apex app
best to practice