Amazon
Avaya
Checkpoint
Cisco®
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL®
Juniper
Microsoft
Okta
Palo Alto Networks
Salesforce
All Vendors
  1. Home
  2. CompTIA
  3. CAS-005

CompTIA CAS-005 Exam (page: 7)
CompTIA SecurityX
Updated on: 25-Dec-2025

Viewing Page 7 of 45
CAS-005 PDF 408 Questions

Which of the following is the best reason for obtaining file hashes from a confiscated laptop?

  1. To prevent metadata tampering on each file
  2. To later validate the integrity of each file
  3. To generate unique identifiers for each file
  4. To preserve the chain of custody of files

Answer(s): B

Explanation:

Obtaining file hashes from a confiscated laptop is primarily done to ensure that the integrity of each file can be validated later. By generating a hash of each file, investigators can later compare the hash values to ensure that no files have been altered or tampered with during the investigation process. This helps confirm that the files remain unchanged from the time they were seized.



A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation.
Which of the following metric groups would the analyst need to determine to get the overall scores? (Choose three.)

  1. Temporal
  2. Availability
  3. Integrity
  4. Confidentiality
  5. Base
  6. Environmental

  7. Impact
  8. Attack vector

Answer(s): A,E,F

Explanation:

To calculate the overall CVSS (Common Vulnerability Scoring System) score, an analyst needs to determine three metric groups:
Base: This group captures the intrinsic characteristics of a vulnerability that are constant over time and across environments, such as exploitability and impact.
Temporal: This group considers the current state of the vulnerability, such as how easily it can be exploited at the moment or whether mitigation is available.
Environmental: This group takes into account the specific environment where the vulnerability exists,

adjusting the score based on factors such as security controls in place or the importance of the affected system.



Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?

  1. At the individual product level
  2. Through the selection of a random product
  3. Using a third-party audit report
  4. By choosing a major product

Answer(s): A

Explanation:

A risk assessment should be performed at the individual product level when an organization has a critical vendor providing multiple products. This approach ensures that each product is evaluated for its specific risks, vulnerabilities, and impact on the organization. By assessing each product separately, the organization can identify and prioritize the risks associated with each product rather than making assumptions based on a single product or a general overview.



A security engineer is performing a vulnerability management scan on multihomed Linux systems. The engineer notices that the vulnerability count is high due to the fact that each vulnerability is multiplied by the number of NICs on each system.
Which of the following should the engineer do to deduplicate the vulnerabilities and to associate the vulnerabilities with a particular host?

  1. Use a SCAP scanner.
  2. Deploy an agent.
  3. Initiate a discovery scan.
  4. Perform an Nmap scan.

Answer(s): B

Explanation:

Deploying an agent on the systems will allow for more accurate and centralized vulnerability management. The agent can deduplicate vulnerabilities by associating them with a specific host, regardless of how many network interface cards (NICs) the system has. This helps eliminate the issue of vulnerabilities being counted multiple times for each NIC. Agents can also collect data from the system more accurately and ensure that vulnerabilities are tied to the correct host.



Which of the following best describes a risk associated with using facial recognition to locally authenticate to a mobile device?

  1. Data remanence
  2. Deepfake
  3. Metadata scraping
  4. Biometric impersonation

Answer(s): D

Explanation:

Biometric impersonation refers to the risk of someone using a photo, video, or other methods to spoof or trick a facial recognition system into authenticating them as the legitimate user. This is a significant concern with facial recognition used for local authentication on mobile devices, as attackers might exploit this vulnerability to gain unauthorized access. Other options such as "deepfake" could be a method used in biometric impersonation, but the best description of the risk is biometric impersonation itself.



The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:

SECURE BOOT FAILED:
FIRMWARE MISMATCH EXPECTED UXFDC479 ACTUAL 0x79F31B

During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum.
Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?

  1. Evasion
  2. Persistence
  3. Collection
  4. Lateral movement

Answer(s): B

Explanation:

The technique described in the scenario, where modified firmware with an altered checksum is found on multiple controllers, aligns with the Persistence stage of the MITRE ATT&CK framework for ICS (Industrial Control Systems). Persistence involves ensuring that an adversary can maintain access to a system even after reboots, credential changes, or other defensive measures. The manipulation of firmware is a classic method used by attackers to ensure that they can maintain control over a system or device across reboots or resets, which is a key characteristic of the Persistence stage.



A web service provider has just taken on a very large contract that comes with requirements that are currently not being implemented. In order to meet contractual requirements, the company must achieve the following thresholds:

99.99% uptime


Load time in 3 seconds

Response time = <1.0 seconds

Starting with the computing environment, which of the following should a security engineer recommend to best meet the requirements? (Choose three.)

  1. Installing a firewall at corporate headquarters
  2. Deploying a content delivery network
  3. Implementing server clusters
  4. Employing bare-metal loading of applications
  5. Lowering storage input/output
  6. Implementing RAID on the backup servers
  7. Utilizing redundant power for all developer workstations

Answer(s): B,C,E

Explanation:

To meet the high uptime, load time, and response time requirements, the following recommendations would be most effective:
Deploying a content delivery network (CDN): A CDN can distribute content across multiple locations globally, reducing load times by serving content from the nearest edge server to the user.
Implementing server clusters: Server clusters can ensure high availability and load balancing, which is essential for maintaining 99.99% uptime and improving response times during high traffic periods.
Lowering storage input/output (I/O): Reducing storage I/O can improve performance by speeding up data access and enhancing the system's ability to meet load time and response time requirements.
These solutions directly address the performance and availability metrics that are required for the contract.
Other options like implementing RAID, using redundant power for workstations, or installing firewalls would not directly contribute to the high availability or performance requirements.



An analyst is working to address a potential compromise of a corporate endpoint and discovers the attacker accessed a user's credentials. However, it is unclear if the system baseline was modified to achieve persistence.
Which of the following would most likely support forensic activities in this scenario?

  1. Side-channel analysis
  2. Bit-level disk duplication
  3. Software composition analysis
  4. SCAP scanner

Answer(s): B

Explanation:

Bit-level disk duplication is the best option in this scenario for supporting forensic activities. It involves creating an exact, sector-by-sector copy of the hard drive, which allows forensic analysts to examine the entire disk, including deleted files, hidden data, or modifications that may have been made by the attacker to achieve persistence. This approach provides the most comprehensive data for investigating the potential compromise and determining if the system baseline was modified.



Viewing Page 7 of 45



Share your comments for CompTIA CAS-005 exam with other users:

TS 7/18/2023 3:32:00 PM

good knowledge
Anonymous


Asad Khan 11/1/2023 2:44:00 AM

answer 10 should be a because only a new project will be created & the organization is the same.
Anonymous


Raj 9/12/2023 3:49:00 PM

can you please upload the dump again
UNITED STATES


Christian Klein 6/23/2023 1:32:00 PM

is it legit questions from sap certifications ?
UNITED STATES


anonymous 1/12/2024 3:34:00 PM

question 16 should be b (changing the connector settings on the monitor) pc and monitor were powered on. the lights on the pc are on indicating power. the monitor is showing an error text indicating that it is receiving power too. this is a clear sign of having the wrong input selected on the monitor. thus, the "connector setting" needs to be switched from hdmi to display port on the monitor so it receives the signal from the pc, or the other way around (display port to hdmi).
UNITED STATES


NSPK 1/18/2024 10:26:00 AM

q 10. ans is d (in the target org: open deployment settings, click edit next to the source org. select allow inbound changes and save
Anonymous


mohamed abdo 9/1/2023 4:59:00 AM

very useful
Anonymous


Tom 3/18/2022 8:00:00 PM

i purchased this exam dumps from another website with way more questions but they were all invalid and outdate. this exam dumps was right to the point and all from recent exam. it was a hard pass.
UNITED KINGDOM


Edrick GOP 10/24/2023 6:00:00 AM

it was a good experience and i got 90% in the 200-901 exam.
Anonymous


anonymous 8/10/2023 2:28:00 AM

hi please upload this
Anonymous


Bakir 7/6/2023 7:24:00 AM

please upload it
UNITED KINGDOM


Aman 6/18/2023 1:27:00 PM

really need this dump. can you please help.
UNITED KINGDOM


Neela Para 1/8/2024 6:39:00 PM

really good and covers many areas explaining the answer.
NEW ZEALAND


Karan Patel 8/15/2023 12:51:00 AM

yes, can you please upload the exam?
UNITED STATES


NISHAD 11/7/2023 11:28:00 AM

how many questions are there in these dumps?
UNITED STATES


Pankaj 7/3/2023 3:57:00 AM

hi team, please upload this , i need it.
UNITED STATES


DN 9/4/2023 11:19:00 PM

question 14 - run terraform import: this is the recommended best practice for bringing manually created or destroyed resources under terraform management. you use terraform import to associate an existing resource with a terraform resource configuration. this ensures that terraform is aware of the resource, and you can subsequently manage it with terraform.
Anonymous


Zhiguang 8/19/2023 11:37:00 PM

please upload dump. thanks in advance.
Anonymous


deedee 12/23/2023 5:51:00 PM

great great
UNITED STATES


Asad Khan 11/1/2023 3:10:00 AM

answer 16 should be b your organizational policies require you to use virtual machines directly
Anonymous


Sale Danasabe 10/24/2023 5:21:00 PM

the question are kind of tricky of you didnt get the hnag on it.
Anonymous


Luis 11/16/2023 1:39:00 PM

can anyone tell me if this is for rhel8 or rhel9?
UNITED STATES


hik 1/19/2024 1:47:00 PM

good content
UNITED STATES


Blessious Phiri 8/15/2023 2:18:00 PM

pdb and cdb are critical to the database
Anonymous


Zuned 10/22/2023 4:39:00 AM

till 104 questions are free, lets see how it helps me in my exam today.
UNITED STATES


Muhammad Rawish Siddiqui 12/3/2023 12:11:00 PM

question # 56, answer is true not false.
SAUDI ARABIA


Amaresh Vashishtha 8/27/2023 1:33:00 AM

i would be requiring dumps to prepare for certification exam
Anonymous


Asad 9/8/2023 1:01:00 AM

very helpful
PAKISTAN


Blessious Phiri 8/13/2023 3:10:00 PM

control file is the heart of rman backup
Anonymous


Senthil 9/19/2023 5:47:00 AM

hi could you please upload the ibm c2090-543 dumps
Anonymous


Harry 6/27/2023 7:20:00 AM

appriciate if you could upload this again
AUSTRALIA


Anonymous 7/10/2023 4:10:00 AM

please upload the dump
SWEDEN


Raja 6/20/2023 5:30:00 AM

i found some questions answers mismatch with explanation answers. please properly update
UNITED STATES


Doora 11/30/2023 4:20:00 AM

nothing to mention
Anonymous