CompTIA SecurityX CAS-005 Dumps in PDF

Free CompTIA CAS-005 Real Questions (page: 4)

A systems administrator is working with the SOC to identify potential intrusions associated with ransomware. The SOC wants the systems administrator to perform network-level analysis to identify outbound traffic from any infected machines.
Which of the following is the most appropriate action for the systems administrator to take?

  1. Monitor for IoCs associated with C&C communications.
  2. Tune alerts to Identify changes to administrative groups.
  3. Review NetFlow logs for unexpected increases in egress traffic.
  4. Perform binary hash comparisons to identify infected devices.

Answer(s): C

Explanation:

When investigating potential ransomware infections, one of the key indicators of compromise (IoC) is abnormal outbound traffic, especially if the ransomware is attempting to communicate with a command and control (C&C) server to receive further instructions or send exfiltrated data.

Reviewing NetFlow logs is an effective way to identify unusual outbound traffic patterns, particularly unexpected increases in egress traffic that might indicate infected machines attempting to connect to external servers. NetFlow logs provide insight into the volume, destination, and origin of traffic, helping to identify anomalous or suspicious communications typically associated with ransomware activity.



A retail organization wants to properly test and verify its capabilities to detect and/or prevent specific TTPs as mapped to the MITRE ATTACK framework specific to APTs.
Which of the following should be used by the organization to accomplish this goal?

  1. Tabletop exercise
  2. Penetration test
  3. Sandbox detonation
  4. Honeypot

Answer(s): B

Explanation:

A penetration test is the most appropriate method to test and verify an organization's capabilities to detect and prevent specific Tactics, Techniques, and Procedures (TTPs) as mapped to the MITRE ATT&CK framework.
During a penetration test, ethical hackers simulate real-world attacks, attempting to exploit vulnerabilities and execute the TTPs associated with advanced persistent threats (APTs). This allows the organization to evaluate its detection mechanisms, security controls, and response capabilities in a controlled environment.



IoCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming.
Which of the following would be the most appropriate recommendation?

  1. FIM
  2. SASE
  3. UEBA
  4. CSPM
  5. EAP

Answer(s): C

Explanation:

UEBA (User and Entity Behavior Analytics) is a security solution that uses machine learning and advanced analytics to detect anomalies based on the behavior of users and entities within a network. Unlike signature- based detection, which relies on known indicators of compromise (IoCs), UEBA can identify suspicious activity by recognizing deviations from established behavior patterns, which is especially useful for detecting advanced threats and insider attacks that might evade traditional signature-based methods.



A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data's confidentiality is maintained in a dynamic, low-risk environment.
Which of the following would best achieve this goal? (Choose two.)

  1. Install a SOAR on all endpoints.
  2. Hash all files.
  3. Install SIEM within a SO
  4. Encrypt all data and files at rest, in transit, and in use.
  5. Configure SOAR to monitor and intercept files and data leaving the network.
  6. Implement file integrity monitoring.

Answer(s): D,F

Explanation:

Encrypt all data and files at rest, in transit, and in use: Encryption ensures that sensitive data is protected and its confidentiality is maintained. By encrypting data at all stages--whether stored (at rest), transmitted (in transit), or actively being processed (in use)--the company can significantly reduce the risk of unauthorized access or exposure, ensuring the confidentiality of highly sensitive data.
Implement file integrity monitoring: File Integrity Monitoring (FIM) ensures that files containing sensitive data are not altered without authorization. By monitoring changes to critical files, it helps detect tampering, modifications, or potential data breaches, adding an extra layer of security to sensitive information in a dynamic environment.



An organization wants to implement an access control system based on its data classification policy that includes the following data types:

Confidential

Restricted

Internal

Public Flag for Review

The access control system should support SSO federation to map users into groups. Each group should only access systems that process and store data at the classification assigned to the group.
Which of the following should the organization implement to enforce its requirements with a minimal impact to systems and resources?

  1. A tagging strategy in which all resources are assigned a tag based on the data classification type, and a system that enforces attribute-based access control
  2. Role-based access control that maps data types to internal roles, which are defined in the human resources department's source of truth system
  3. Network microsegmentation based on data types, and a network access control system enforcing mandatory access control based on the user principal
  4. A rule-based access control strategy enforced by the SSO system with rules managed by the internal LDAP and applied on a per-system basis

Answer(s): A

Explanation:

Tagging strategy: All resources (e.g., systems, files, databases) can be assigned tags based on their classification type (Confidential, Restricted, Internal, Public Flag for Review). This allows the access control system to easily associate resources with their respective data classifications without needing significant changes to the underlying systems.
Attribute-based access control (ABAC): ABAC allows access control decisions to be based on attributes (such as user group, resource tags, or data classification). By using ABAC, the system can enforce rules dynamically, allowing users in specific groups (mapped through SSO federation) to only access resources that match their assigned data classification.



A security analyst was monitoring the networks of a group of companies. The analyst identified several periods of concentrated, coordinated activity by unknown actors. The activity repeated at regular intervals and affected all the companies. Minor hardware outages that correlated with the same times as the discovered activity escalated in severity.
Which of the following threat actors was most likely involved?

  1. An organized crime collective running a ransomware campaign
  2. A group of politically motivated hackers
  3. Disgruntled employees who were recently terminated
  4. An advanced persistent threat financed by a nation-state

Answer(s): D

Explanation:

The described activity - concentrated, coordinated attacks that happen at regular intervals and affect multiple companies - suggests the involvement of an advanced persistent threat (APT). APTs are often well-funded and organized, typically backed by nation-states. They focus on long-term, stealthy campaigns to achieve strategic goals, which might include espionage or disruption.
The fact that the attacks correlate with minor hardware outages and increasing severity indicates a well- planned and ongoing attack that escalates over time, a hallmark of nation-state-backed APTs. These attackers often have the resources, skill, and persistence to operate over extended periods without detection, making them a likely candidate for this type of activity.



The company's client service team is receiving a large number of inquiries from clients regarding a new vulnerability.
Which of the following would provide the customer service team with a consistent message to deliver directly to clients?

  1. Communication plan
  2. Response playbook
  3. Disaster recovery procedure
  4. Automated runbook

Answer(s): B

Explanation:

A response playbook is a detailed document that outlines predefined steps, procedures, and templates for responding to specific incidents or situations. In this case, it would provide the customer service team with a consistent, clear, and accurate message to deliver to clients regarding the new vulnerability. The playbook would ensure that all team members are providing uniform responses to inquiries, reducing confusion and ensuring that the company's communication is coherent and accurate.



A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes.
Which of the following would be best to use as part of the process to support copyright protections of the document?

  1. Steganography
  2. E-signature
  3. Watermarking
  4. Cryptography

Answer(s): A

Explanation:

Steganography involves embedding information covertly within another file, such as a document, in a way that is not immediately apparent to the viewer. This can be used to embed a "sign of ownership" in a proprietary document without adding any visible or overt identifying attributes. It helps protect copyright by embedding hidden, identifying information that can later be used for verification or proof of ownership.



Share your comments for CompTIA CAS-005 exam with other users:

H
hello
10/31/2023 12:07:00 PM

good content

M
Matheus
9/3/2023 2:14:00 PM

just testing if the comments are real

Y
yenvti2@gmail.com
8/12/2023 7:56:00 PM

very helpful for exam preparation

M
Miguel
10/5/2023 12:16:00 PM

question 11: https://help.salesforce.com/s/articleview?id=sf.admin_lead_to_patient_setup_overview.htm&type=5

N
Noushin
11/28/2023 4:52:00 PM

i think the answer to question 42 is b not c

S
susan sandivore
8/28/2023 1:00:00 AM

thanks for the dump

A
Aderonke
10/31/2023 12:51:00 AM

fantastic assessments

P
Priscila
7/22/2022 9:59:00 AM

i find the xengine test engine simulator to be more fun than reading from pdf.

S
suresh
12/16/2023 10:54:00 PM

nice document

W
Wali
6/4/2023 10:07:00 PM

thank you for making the questions and answers intractive and selectable.

N
Nawaz
7/18/2023 1:10:00 AM

answers are correct?

D
das
6/23/2023 7:57:00 AM

can i belive this dump

S
Sanjay
10/15/2023 1:34:00 PM

great site to practice for sitecore exam

J
jaya
12/17/2023 8:36:00 AM

good for students

B
Bsmaind
8/20/2023 9:23:00 AM

nice practice dumps

K
kumar
11/15/2023 11:24:00 AM

nokia 4a0-114 dumps

V
Vetri
10/3/2023 12:59:00 AM

great content and wonderful to have the answers with explanation

R
Ranjith
8/21/2023 3:39:00 PM

for question #118, the answer is option c. the screen shot is showing the drop down, but the answer is marked incorrectly please update . thanks for sharing such nice questions.

E
Eduardo Ramírez
12/11/2023 9:55:00 PM

the correct answer for the question 29 is d.

D
Dass
11/2/2023 7:43:00 AM

question no 22: correct answers: bc, 1 per session 1 per page 1 per component always

R
Reddy
12/14/2023 2:42:00 AM

these are pretty useful

D
Daisy Delgado
1/9/2023 1:05:00 PM

awesome

A
Atif
6/13/2023 4:09:00 AM

yes please upload

X
Xunil
6/12/2023 3:04:00 PM

great job whoever put this together, for the greater good! thanks!

L
Lakshmi
10/2/2023 5:26:00 AM

just started to view all questions for the exam

R
rani
1/19/2024 11:52:00 AM

helpful material

G
Greg
11/16/2023 6:59:00 AM

hope for the best

H
hi
10/5/2023 4:00:00 AM

will post exam has finished

V
Vmotu
8/24/2023 11:14:00 AM

really correct and good analyze!

H
hicham
5/30/2023 8:57:00 AM

excellent thanks a lot

S
Suman C
7/7/2023 8:13:00 AM

will post once pass the cka exam

R
Ram
11/3/2023 5:10:00 AM

good content

N
Nagendra Pedipina
7/13/2023 2:12:00 AM

q:32 answer has to be option c

T
Tamer Barakat
12/7/2023 5:17:00 PM

nice questions

AI Tutor 👋 I’m here to help!