Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. CAS-005

CompTIA CAS-005 Exam (page: 6)
CompTIA SecurityX
Updated on: 25-Dec-2025

Viewing Page 6 of 45
CAS-005 PDF 408 Questions

A web application server is running a legacy operating system with an unpatched RCE vulnerability. The server cannot be upgraded until the corresponding application code is changed.
Which of the following compensating controls would best prevent successful exploitation?

  1. Segmentation
  2. CASB
  3. HIPS
  4. UEBA

Answer(s): A

Explanation:

Segmentation is a compensating control that helps mitigate risks by isolating critical systems or vulnerable systems from the rest of the network. In this case, the web application server running a legacy operating system with an unpatched remote code execution (RCE) vulnerability can be isolated through network segmentation. This limits the potential for attackers to exploit the vulnerability by restricting access to the server and preventing lateral movement within the network. By segmenting the server, the attack surface is reduced, and the risk of successful exploitation is minimized until the system can be properly patched.



Which of the following is the reason why security engineers often cannot upgrade the security of embedded facility automation systems?

  1. They are constrained by available compute.
  2. They lack x86-64 processors.
  3. They lack EEPROM.
  4. They are not logic-bearing devices.

Answer(s): A

Explanation:

Embedded facility automation systems, such as those used for controlling HVAC, lighting, or security, are often constrained by limited computational resources. These systems are designed to be low-cost and energy- efficient, which means they typically have limited processing power, memory, and storage capacity. As a result, security engineers often face difficulties when trying to upgrade or implement additional security measures, such as more sophisticated encryption or security patches, because these systems lack the necessary compute resources to handle such upgrades.



A security analyst identified a vulnerable and deprecated runtime engine that Is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month.
Which of the following controls would best mitigate the risk without interrupting the service during the transition?

  1. Shutting down the systems until the code is ready
  2. Uninstalling the impacted runtime engine
  3. Selectively blocking traffic on the affected port
  4. Configuring IPS and WAF with signatures

Answer(s): D

Explanation:

To mitigate the risk of the vulnerable and deprecated runtime engine while the developers transition to a more modern environment, configuring an Intrusion Prevention System (IPS) and a Web Application Firewall (WAF) with appropriate signatures would provide protection without disrupting the service. These security controls can help detect and block known exploits targeting the vulnerable runtime engine. By applying these measures, the application can continue running while minimizing the risk of exploitation from external threats.



A security architect wants to ensure a remote host's identity and decides that pinning the X.509 certificate to the device is the most effective solution.
Which of the following must happen first?

  1. Use Distinguished Encoding Rules (DER) for the certificate.
  2. Extract the private key from the certificate.
  3. Use an out-of-band method to obtain the certificate.
  4. Compare the retrieved certificate with the embedded certificate.

Answer(s): C

Explanation:

When implementing certificate pinning, the first step is to securely obtain the remote host's X.509 certificate through an out-of-band method. This ensures that the certificate is trusted and verified outside of the regular communication channel (e.g., via a secure channel or pre-distribution), preventing any potential man-in-the- middle attacks. Once the certificate is securely obtained and verified, it can then be pinned to the device so that future connections to that host will only be accepted if the certificate matches the pinned one.



A company hired a third-party consultant to run a cybersecurity incident simulation in order to identify security gaps and prepare stakeholders for a potential incident.
Which of the following best describes this activity?

  1. Tabletop exercise
  2. Walk-through review
  3. Lessons learned
  4. Business impact analysis

Answer(s): A

Explanation:

A tabletop exercise is a discussion-based simulation where key stakeholders, including management and technical teams, gather to walk through a hypothetical cybersecurity incident. The goal is to identify security gaps, assess response strategies, and prepare for real-world incidents. During this exercise, participants typically discuss their roles and decisions in handling the incident, but no actual systems are impacted.



A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed. Data on this network must be protected at the same level of each clearance holder. The need to know must be verified by the data owner.
Which of the following should the security officer do to meet these requirements?

  1. Create a rule to authorize personnel only from certain IPs to access the files.
  2. Assign labels to the files and require formal access authorization.
  3. Assign attributes to each file and allow authorized users to share the files.
  4. Assign roles to users and authorize access to files based on the roles.

Answer(s): B

Explanation:

To meet the requirement of ensuring that data is protected at the clearance level of each personnel member and that access is based on the need to know, labeling the files according to their classification level is an effective method. Labels indicate the sensitivity of the data and ensure that only individuals with the appropriate clearance and need-to-know access are authorized to view or modify the files.
By requiring formal access authorization from the data owner, the security officer ensures that access is explicitly verified before any personnel can access data at a given classification level.



A security team receives alerts regarding impossible travel and possible brute-force attacks after normal business hours. After reviewing more logs, the team determines that specific users were targeted and attempts were made to transfer data to an unknown site.
Which of the following should the team do to help mitigate these issues?

  1. Create a firewall rule to prevent those users from accessing sensitive data.
  2. Restrict uploading activity to only authorized sites.
  3. Enable packet captures to continue to run for the source and destination related to the file transfer.
  4. Disable login activity for those users after business hours.

Answer(s): B

Explanation:

The security team has identified that certain users are being targeted by what appears to be impossible travel and brute-force attacks, followed by attempts to transfer data to an unknown site. To mitigate this, the best approach is to restrict uploading activity to only authorized sites. This ensures that even if the attackers gain access to the user accounts, they will not be able to exfiltrate data to unknown or unauthorized locations.
This control directly addresses the data exfiltration risk by preventing unauthorized file uploads, regardless of whether the attacker successfully compromises user credentials.



A company recently acquired a SaaS company and performed a gap analysis. The results of the gap analysis Indicate security controls are absent throughout the SDLC and have led to several vulnerable production releases.
Which of the following security tools best reduces the risk of vulnerable code being pushed to production in the future?

  1. Static application security testing
  2. Regression testing
  3. Code signing
  4. Sandboxing

Answer(s): A

Explanation:

Static application security testing (SAST) is the best tool for identifying security vulnerabilities in code early in the Software Development Life Cycle (SDLC). SAST tools analyze source code or binaries for vulnerabilities without executing the program, allowing teams to catch and address security issues before the code is pushed to production. This aligns with reducing the risk of vulnerable code being released.



Viewing Page 6 of 45



Share your comments for CompTIA CAS-005 exam with other users:

Antony 11/28/2023 12:13:00 AM

great material thanks
AUSTRALIA


Thembelani 5/30/2023 2:22:00 AM

anyone who wrote this exam recently
Anonymous


P 9/16/2023 1:27:00 AM

ok they re good
Anonymous


Jorn 7/13/2023 5:05:00 AM

relevant questions
UNITED KINGDOM


AM 6/20/2023 7:54:00 PM

please post
UNITED STATES


Nagendra Pedipina 7/13/2023 2:22:00 AM

q:42 there has to be a image in the question to choose what does it mean from the options
INDIA


BrainDumpee 11/18/2023 1:36:00 PM

looking for cphq dumps, where can i find these for free? please and thank you.
UNITED STATES


sheik 10/14/2023 11:37:00 AM

@aarun , thanks for the information. it would be great help if you share your email
Anonymous


Random user 12/11/2023 1:34:00 AM

1z0-1078-23 need this dumps
Anonymous


labuschanka 11/16/2023 6:06:00 PM

i gave the microsoft azure az-500 tests and prepared from this site as it has latest mock tests available which helped me evaluate my performance and score 919/1000
Anonymous


Marianne 10/22/2023 11:57:00 PM

i cannot see the button to go to the questions
Anonymous


sushant 6/28/2023 4:52:00 AM

good questions
EUROPEAN UNION


A\MAM 6/27/2023 5:17:00 PM

q-6 ans-b correct. https://docs.paloaltonetworks.com/pan-os/9-1/pan-os-cli-quick-start/use-the-cli/commit-configuration-changes
UNITED STATES


unanimous 12/15/2023 6:38:00 AM

very nice very nice
Anonymous


akminocha 9/28/2023 10:36:00 AM

please help us with 1z0-1107-2 dumps
INDIA


Jefi 9/4/2023 8:15:00 AM

please upload the practice questions
Anonymous


Thembelani 5/30/2023 2:45:00 AM

need this dumps
Anonymous


Abduraimov 4/19/2023 12:43:00 AM

preparing for this exam is overwhelming. you cannot pass without the help of these exam dumps.
UNITED KINGDOM


Puneeth 10/5/2023 2:06:00 AM

new to this site but i feel it is good
EUROPEAN UNION


Ashok Kumar 1/2/2024 6:53:00 AM

the correct answer to q8 is b. explanation since the mule app has a dependency, it is necessary to include project modules and dependencies to make sure the app will run successfully on the runtime on any other machine. source code of the component that the mule app is dependent of does not need to be included in the exported jar file, because the source code is not being used while executing an app. compiled code is being used instead.
Anonymous


Merry 7/30/2023 6:57:00 AM

good questions
Anonymous


VoiceofMidnight 12/17/2023 4:07:00 PM

Delayed the exam until December 29th.
UNITED STATES


Umar Ali 8/29/2023 2:59:00 PM

A and D are True
Anonymous


vel 8/28/2023 9:17:09 AM

good one with explanation
Anonymous


Gurdeep 1/18/2024 4:00:15 PM

This is one of the most useful study guides I have ever used.
CANADA