CompTIA SecurityX CAS-005 Dumps in PDF

Free CompTIA CAS-005 Real Questions (page: 6)

A web application server is running a legacy operating system with an unpatched RCE vulnerability. The server cannot be upgraded until the corresponding application code is changed.
Which of the following compensating controls would best prevent successful exploitation?

  1. Segmentation
  2. CASB
  3. HIPS
  4. UEBA

Answer(s): A

Explanation:

Segmentation is a compensating control that helps mitigate risks by isolating critical systems or vulnerable systems from the rest of the network. In this case, the web application server running a legacy operating system with an unpatched remote code execution (RCE) vulnerability can be isolated through network segmentation. This limits the potential for attackers to exploit the vulnerability by restricting access to the server and preventing lateral movement within the network. By segmenting the server, the attack surface is reduced, and the risk of successful exploitation is minimized until the system can be properly patched.



Which of the following is the reason why security engineers often cannot upgrade the security of embedded facility automation systems?

  1. They are constrained by available compute.
  2. They lack x86-64 processors.
  3. They lack EEPROM.
  4. They are not logic-bearing devices.

Answer(s): A

Explanation:

Embedded facility automation systems, such as those used for controlling HVAC, lighting, or security, are often constrained by limited computational resources. These systems are designed to be low-cost and energy- efficient, which means they typically have limited processing power, memory, and storage capacity. As a result, security engineers often face difficulties when trying to upgrade or implement additional security measures, such as more sophisticated encryption or security patches, because these systems lack the necessary compute resources to handle such upgrades.



A security analyst identified a vulnerable and deprecated runtime engine that Is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month.
Which of the following controls would best mitigate the risk without interrupting the service during the transition?

  1. Shutting down the systems until the code is ready
  2. Uninstalling the impacted runtime engine
  3. Selectively blocking traffic on the affected port
  4. Configuring IPS and WAF with signatures

Answer(s): D

Explanation:

To mitigate the risk of the vulnerable and deprecated runtime engine while the developers transition to a more modern environment, configuring an Intrusion Prevention System (IPS) and a Web Application Firewall (WAF) with appropriate signatures would provide protection without disrupting the service. These security controls can help detect and block known exploits targeting the vulnerable runtime engine. By applying these measures, the application can continue running while minimizing the risk of exploitation from external threats.



A security architect wants to ensure a remote host's identity and decides that pinning the X.509 certificate to the device is the most effective solution.
Which of the following must happen first?

  1. Use Distinguished Encoding Rules (DER) for the certificate.
  2. Extract the private key from the certificate.
  3. Use an out-of-band method to obtain the certificate.
  4. Compare the retrieved certificate with the embedded certificate.

Answer(s): C

Explanation:

When implementing certificate pinning, the first step is to securely obtain the remote host's X.509 certificate through an out-of-band method. This ensures that the certificate is trusted and verified outside of the regular communication channel (e.g., via a secure channel or pre-distribution), preventing any potential man-in-the- middle attacks. Once the certificate is securely obtained and verified, it can then be pinned to the device so that future connections to that host will only be accepted if the certificate matches the pinned one.



A company hired a third-party consultant to run a cybersecurity incident simulation in order to identify security gaps and prepare stakeholders for a potential incident.
Which of the following best describes this activity?

  1. Tabletop exercise
  2. Walk-through review
  3. Lessons learned
  4. Business impact analysis

Answer(s): A

Explanation:

A tabletop exercise is a discussion-based simulation where key stakeholders, including management and technical teams, gather to walk through a hypothetical cybersecurity incident. The goal is to identify security gaps, assess response strategies, and prepare for real-world incidents. During this exercise, participants typically discuss their roles and decisions in handling the incident, but no actual systems are impacted.



A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed. Data on this network must be protected at the same level of each clearance holder. The need to know must be verified by the data owner.
Which of the following should the security officer do to meet these requirements?

  1. Create a rule to authorize personnel only from certain IPs to access the files.
  2. Assign labels to the files and require formal access authorization.
  3. Assign attributes to each file and allow authorized users to share the files.
  4. Assign roles to users and authorize access to files based on the roles.

Answer(s): B

Explanation:

To meet the requirement of ensuring that data is protected at the clearance level of each personnel member and that access is based on the need to know, labeling the files according to their classification level is an effective method. Labels indicate the sensitivity of the data and ensure that only individuals with the appropriate clearance and need-to-know access are authorized to view or modify the files.
By requiring formal access authorization from the data owner, the security officer ensures that access is explicitly verified before any personnel can access data at a given classification level.



A security team receives alerts regarding impossible travel and possible brute-force attacks after normal business hours. After reviewing more logs, the team determines that specific users were targeted and attempts were made to transfer data to an unknown site.
Which of the following should the team do to help mitigate these issues?

  1. Create a firewall rule to prevent those users from accessing sensitive data.
  2. Restrict uploading activity to only authorized sites.
  3. Enable packet captures to continue to run for the source and destination related to the file transfer.
  4. Disable login activity for those users after business hours.

Answer(s): B

Explanation:

The security team has identified that certain users are being targeted by what appears to be impossible travel and brute-force attacks, followed by attempts to transfer data to an unknown site. To mitigate this, the best approach is to restrict uploading activity to only authorized sites. This ensures that even if the attackers gain access to the user accounts, they will not be able to exfiltrate data to unknown or unauthorized locations.
This control directly addresses the data exfiltration risk by preventing unauthorized file uploads, regardless of whether the attacker successfully compromises user credentials.



A company recently acquired a SaaS company and performed a gap analysis. The results of the gap analysis Indicate security controls are absent throughout the SDLC and have led to several vulnerable production releases.
Which of the following security tools best reduces the risk of vulnerable code being pushed to production in the future?

  1. Static application security testing
  2. Regression testing
  3. Code signing
  4. Sandboxing

Answer(s): A

Explanation:

Static application security testing (SAST) is the best tool for identifying security vulnerabilities in code early in the Software Development Life Cycle (SDLC). SAST tools analyze source code or binaries for vulnerabilities without executing the program, allowing teams to catch and address security issues before the code is pushed to production. This aligns with reducing the risk of vulnerable code being released.



Share your comments for CompTIA CAS-005 exam with other users:

B
Bhavya
9/12/2023 7:18:00 AM

help to practice csa exam

M
Malik
9/28/2023 1:09:00 PM

nice tip and well documented

R
rodrigo
6/22/2023 7:55:00 AM

i need the exam

D
Dan
6/29/2023 1:53:00 PM

please upload

A
Ale M
11/22/2023 6:38:00 PM

prepping for fsc exam

A
ahmad hassan
9/6/2023 3:26:00 AM

pd1 with great experience

Ž
Žarko
9/5/2023 3:35:00 AM

@t it seems like azure service bus message quesues could be the best solution

S
Shiji
10/15/2023 1:08:00 PM

helpful to check your understanding.

D
Da Costa
8/27/2023 11:43:00 AM

question 128 the answer should be static not auto

B
bot
7/26/2023 6:45:00 PM

more comments here

K
Kaleemullah
12/31/2023 1:35:00 AM

great support to appear for exams

B
Bsmaind
8/20/2023 9:26:00 AM

useful dumps

B
Blessious Phiri
8/13/2023 8:37:00 AM

making progress

N
Nabla
9/17/2023 10:20:00 AM

q31 answer should be d i think

V
vladputin
7/20/2023 5:00:00 AM

is this real?

N
Nick W
9/29/2023 7:32:00 AM

q10: c and f are also true. q11: this is outdated. you no longer need ownership on a pipe to operate it

N
Naveed
8/28/2023 2:48:00 AM

good questions with simple explanation

C
cert
9/24/2023 4:53:00 PM

admin guide (windows) respond to malicious causality chains. when the cortex xdr agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files—the agent can automatically block the ip address to close all existing communication and block new connections from this ip address to the endpoint. when cortex xdrblocks an ip address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. you can view the list of all blocked ip addresses per endpoint from the action center, as well as unblock them to re-enable communication as appropriate. this module is supported with cortex xdr agent 7.3.0 and later. select the action mode to take when the cortex xdr agent detects remote malicious causality chains: enabled (default)—terminate connection and block ip address of the remote connection. disabled—do not block remote ip addresses. to allow specific and known s

Y
Yves
8/29/2023 8:46:00 PM

very inciting

M
Miguel
10/16/2023 11:18:00 AM

question 5, it seems a instead of d, because: - care plan = case - patient = person account - product = product2;

B
Byset
9/25/2023 12:49:00 AM

it look like real one

D
Debabrata Das
8/28/2023 8:42:00 AM

i am taking oracle fcc certification test next two days, pls share question dumps

N
nITA KALE
8/22/2023 1:57:00 AM

i need dumps

C
CV
9/9/2023 1:54:00 PM

its time to comptia sec+

S
SkepticReader
8/1/2023 8:51:00 AM

question 35 has an answer for a different question. i believe the answer is "a" because it shut off the firewall. "0" in registry data means that its false (aka off).

N
Nabin
10/16/2023 4:58:00 AM

helpful content

B
Blessious Phiri
8/15/2023 3:19:00 PM

oracle 19c is complex db

S
Sreenivas
10/24/2023 12:59:00 AM

helpful for practice

L
Liz
9/11/2022 11:27:00 PM

support team is fast and deeply knowledgeable. i appreciate that a lot.

N
Namrata
7/15/2023 2:22:00 AM

helpful questions

L
lipsa
11/8/2023 12:54:00 PM

thanks for question

E
Eli
6/18/2023 11:27:00 PM

the software is provided for free so this is a big change. all other sites are charging for that. also that fucking examtopic site that says free is not free at all. you are hit with a pay-wall.

O
open2exam
10/29/2023 1:14:00 PM

i need exam questions nca 6.5 any help please ?

G
Gerald
9/11/2023 12:22:00 PM

just took the comptia cybersecurity analyst (cysa+) - wished id seeing this before my exam

AI Tutor 👋 I’m here to help!