A security engineer would like to control configurations on mobile devices while fulfilling the following requirements:Support and control Apple and Android devices.The device must be corporate-owned.Which of the following would enable the engineer to meet these requirements? (Choose two.)
Answer(s): C,E
Implement an MDM solution (Mobile Device Management): An MDM solution is specifically designed to manage, monitor, and secure mobile devices. It allows organizations to enforce configuration policies, enforce encryption, restrict apps, and control access to corporate resources on both Apple and Android devices. This solution directly meets the requirement to support and control corporate-owned devices.Update policy to prohibit the use of BYOD devices: By prohibiting the use of Bring Your Own Device (BYOD) devices, the organization ensures that only corporate-owned devices are used, fulfilling the requirement that the devices must be corporate-owned. This policy helps maintain control over the mobile devices within the organization's environment.
A pharmaceutical company uses a cloud provider to host thousands of independent resources in object storage. The company needs a practical and effective means of discovering data, monitoring changes, and identifying suspicious activity. Which of the following would best meet these requirements?
Answer(s): A
A machine-learning-based data security service would be the best solution for discovering data, monitoring changes, and identifying suspicious activity in the context of a cloud-based object storage environment. Such a service can analyze patterns in data access and usage to identify anomalies, suspicious behavior, and potential security incidents. Machine learning models can continuously learn and adapt to new behaviors, making it effective at detecting emerging threats in real time.
A security analyst is assessing a new application written in Java. The security analyst must determine which vulnerabilities exist during runtime. Which of the following would provide the most exhaustive list of vulnerabilities while meeting the objective?
Answer(s): B
Dynamic analysis is the most appropriate technique for assessing vulnerabilities during runtime. It involves testing the application while it is running, which allows the security analyst to observe the application's behavior, detect vulnerabilities that emerge during execution, and understand how the application interacts with its environment. This provides a comprehensive view of vulnerabilities that may not be detected through static code analysis, as it accounts for issues like memory corruption, data leaks, and runtime exceptions.
Recently, two large engineering companies in the same line of business decided to approach cyberthreats in a united way. Which of the following best describes this unified approach?
Answer(s): D
An MOU (Memorandum of Understanding) is the best choice in this scenario, as it represents an agreement between two parties outlining the intention to collaborate or work together on a common goal, without creating legally binding obligations. In this case, the two engineering companies are uniting to approach cyberthreats in a unified way, and an MOU would formalize this cooperative arrangement and define the terms of their collaboration.
A regulated company is in the process of refreshing its entire infrastructure. The company has a business- critical process running on an old 2008 Windows server. If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company should take?
The most appropriate action is to create an organizational risk register for project prioritization. This helps the company document and assess risks, prioritize critical systems, and determine which systems, such as the old 2008 Windows server running a business-critical process, need to be addressed most urgently. A risk register ensures that resources are allocated properly and that mitigation plans are in place for the most critical systems to prevent revenue loss in the event of a failure.
A security engineer needs to ensure production containers are automatically scanned for vulnerabilities before they are accepted into the production environment. Which of the following should the engineer use to automatically incorporate vulnerability scanning on every commit?
The best solution for automatically scanning containers for vulnerabilities before they are accepted into the production environment is to incorporate vulnerability scanning into the CI/CD pipeline. Continuous Integration (CI) and Continuous Deployment (CD) pipelines can be configured to automatically trigger security scans, including container vulnerability assessments, every time code is committed or changes are pushed. This ensures that vulnerabilities are detected early in the development cycle before the containers are deployed to production.
A security architect recommends replacing the company's monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files. Which of the following changes should the security architect make in the new system?
A secrets management tool is the most appropriate solution for securely managing and storing secrets (such as API keys, passwords, or tokens) in the new containerized environment. Secrets management tools, such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault, provide secure storage, access control, and audit logs for secrets. They are designed to manage secrets in a way that avoids hardcoding sensitive data in configuration files or Dockerfiles, which could be exposed or compromised.
A security engineer is assessing a new tool to segment data and communications between domains. The assessment must determine how data transmission controls can be bypassed without detection. Which of the following techniques should the security engineer use?
Answer(s): C
Covert channel analysis is the technique best suited for assessing how data transmission controls can be bypassed without detection. Covert channels involve using a system or communication protocol in unintended ways to transmit data secretly. This analysis helps identify potential hidden channels that might bypass security controls and allow unauthorized communication between domains.
Share your comments for CompTIA CAS-005 exam with other users:
Question 23:Question 23 describes a multimodal model where users can upload unsafe images that could contain hidden instructions. The goal is to implement controls to mitigate this risk. Key points to understand
beautiful exams
You need to implement the date dimension in the data store. The solution must meet the technical requirements. What are two ways to achieve the goal? Each correct answer presents a complete solution. NOTE: Each correct selection is worth one point. Populate the date dimension table by using a dataflow. Populate the date dimension table by using a Copy activity in a pipeline. Populate the date dimension view by using T-SQL. Populate the date dimension table by using a Stored procedure activity in a pipeline.Please answer
Question 14:
Question 5:Question 5 asks how to identify min and max values for each column in a Dataflow result. Correct options: B and E.
Question 18:Question 18: Why not A?
Question 4:Question 4 is about when to use batch processing.
Question 5:I can’t see the [Image] in Question 5, but I can explain the likely reasoning.
Question 12:Here’s why Question 12’s correct choices are C and D.
Question 3:Question 3 asks for two valid ways to meet the purchase order creation validation (warn if the vendor is on the exclusion list for the customer/product and block/alert accordingly). Correct answers: C and D
Question 12:Here’s how to understand question 12.
Question 6:Here’s how question 6 works. Key constraint: All new and extended objects must be in an existing model named FinanceExt. Creating a brand-new model is not allowed. Why the two correct options work:
Question 2:I don’t have the text for Question 2 here. Please paste the exact Question 2 (including all answer choices) or describe the topic it covers. Once I have it, I’ll:
Which statement is true about using default environment variables? The environment variables can be read in workflows using the ENV: variable_name syntax. The environment variables created should be prefixed with GITHUB_ to ensure they can be accessed in workflows The environment variables can be set in the defaults: sections of the workflow The GITHUB_WORKSPACE environment variable should be used to access files from within the runner.Correct answer: The statement "The GITHUB_WORKSPACE environment variable should be used to access files from within the runner." is true. Why the others are false:
${{ env.VARIABLE }}
$VARIABLE
GITHUB_
defaults:
run
GITHUB_WORKSPACE
${{ github.workspace }}
$GITHUB_WORKSPACE/...
${{ github.workspace }}/...
As an administrator for this subscription, you have been tasked with recommending a solution that prohibits users from copying corporate information from managed applications installed on unmanaged devices. Which of the following should you recommend? Windows Virtual Desktop. Microsoft Intune. Windows AutoPilot. Azure AD Application Proxy.
Question 34:
Policy
function of appnav in sdwan
Question 1:
Question 5:
Why this is correct
Question 7:
Question 104:
clustering keys
Q23: Fabric Admin is correct. Because Domain admin cannot create domains. Only Fabric Admin can among the given options. Q51: Wrapping @pipeline.parameter.param1 inside {} will return a string. But question requires the expression to return Int, so correct answer should be @pipeline.parameter.param1 (no {})
Question 62:
ZDX
Analyze Score
Y Engine
Question 32:
Question 3:
date = sys.argv[1]
sys.argv[1]
date = spark.conf.get("date")
input()
date = dbutils.notebooks.getParam("date")
dbutils.notebook.run
Question 528:
Question 23:The correct answer is Domain admin (option B), not Fabric admin.
Question 2:For question 2, the key concept is the Longest Prefix Match. Routers pick the route whose subnet mask is the most specific (largest prefix length) that still matches the destination IP. From the options:
Question 129:Correct answer: CNAME
compute.osAdminLogin
enable-oslogin
Question 2:
Keeping this site free takes real effort. We constantly battle automated scraping and unauthorized content copying. A quick account helps us protect the community and keep the site free.
To continue studying for your CAS-005, please sign in or create a free account.