Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. CompTIA
  3. CAS-005

CompTIA CAS-005 Exam (page: 8)
CompTIA SecurityX
Updated on: 31-Mar-2026

Viewing Page 8 of 45
CAS-005 PDF 408 Questions

A company is decommissioning old servers and hard drives that contain sensitive data.
Which of the following best protects against data leakage?

  1. Purging
  2. Clearing
  3. Shredding
  4. Degaussing

Answer(s): A

Explanation:

Purging is the best option for protecting against data leakage when decommissioning old servers and hard drives that contain sensitive data. Purging involves the removal of data in such a way that it cannot be recovered by any known means, even by advanced forensic techniques. This typically involves overwriting the data multiple times or using specialized software to ensure it is completely erased.



An engineer has had scaling issues with a web application hosted on premises and would like to move to a serverless architecture.
Which of the following cloud benefits would be best to utilize for this project?

  1. Cost savings for hosting
  2. Automation of resource provisioning
  3. Providing geo-redundant hosting
  4. Eliminating need to patch

Answer(s): B

Explanation:

The best cloud benefit for moving to a serverless architecture in this case is Automation of resource provisioning. Serverless computing automatically scales resources based on demand without requiring manual intervention. This helps to address the scaling issues the engineer is facing by dynamically adjusting resource allocation as needed, improving performance and efficiency without manual effort.



An organization needs to classify its systems and data in accordance with external requirements.
Which of the following roles is best qualified to perform this task?

  1. Systems administrator
  2. Data owner
  3. Data processor
  4. Data custodian
  5. Data steward

Answer(s): B

Explanation:

The Data owner is the role best qualified to classify systems and data according to external requirements. The data owner is responsible for the oversight of data assets within the organization, including determining how data is classified and ensuring that it meets relevant regulatory or compliance standards. This role involves setting policies and guidelines for data usage, classification, and security.



A company is developing an application that will be used to perform e-commerce transactions for a subscription-based service. The application must be able to use previously saved payment methods to perform recurring transactions.
Which of the following is the most appropriate?

  1. Tokenization through an HSM
  2. Self-encrypting disks with field-level encryption
  3. NX/XN Implementation to minimize data retention
  4. Token-based access for application users
  5. Address space layout randomization

Answer(s): A

Explanation:

Tokenization through an HSM (Hardware Security Module) is the most appropriate solution for securely storing and using previously saved payment methods for recurring transactions. Tokenization replaces sensitive data (like credit card numbers) with a token, which is a non-sensitive equivalent that cannot be reversed without the corresponding HSM. This ensures that sensitive payment information is never stored in an accessible format and protects customer data from breaches while still enabling the application to perform transactions.



A security technician is trying to connect a remote site to the central office over a site-to-site VPN. The technician has verified the source and destination IP addresses are correct, but the technician is unable to get the remote site to connect. The following error message keeps repeating:

An error has occurred during Phase 1 handshake. Deleting keys and retrying...

Which of the following is most likely the reason the connection is failing?

  1. The IKE hashing algorithm uses different key lengths on each VPN device.
  2. The IPSec settings allow more than one cipher suite on both devices.
  3. The Diffie-Hellman group on both sides matches but is a legacy group.
  4. The remote VPN is attempting to connect with a protocol other than SSL/TLS.

Answer(s): A

Explanation:

The error message "An error has occurred during Phase 1 handshake. Deleting keys and retrying..." indicates an issue during the IKE (Internet Key Exchange) Phase 1 handshake. One common cause for failure at this stage is a mismatch in the hashing algorithm or key length used on both devices. If the IKE hashing algorithm or key lengths differ between the two devices, they will not be able to establish a secure connection.



A security analyst received the following finding from a cloud security assessment tool:

Virtual Machine Data Disk is encrypted with the default encryption key.

Because the organization hosts highly sensitive data files, regulations dictate it must be encrypted so It is unreadable to the CSP.
Which of the following should be implemented to remediate the finding and meet the regulatory requirement? (Choose two.)

  1. Disk encryption with customer-provided keys
  2. Disk encryption with keys from a third party
  3. Row-level encryption with a key escrow
  4. File-level encryption with cloud vendor-provided keys
  5. File-level encryption with customer-provided keys
  6. Disk-level encryption with a cross-signed certificate

Answer(s): A,E

Explanation:

To meet the regulatory requirement of ensuring that the data is unreadable to the cloud service provider (CSP), the best approach is to use customer-provided keys for encryption. This ensures that only the customer (organization) holds the keys to access the encrypted data, not the CSP.
Disk encryption with customer-provided keys: This ensures the encryption key for the virtual machine's data disk is managed by the customer, preventing the CSP from having access to the data.
File-level encryption with customer-provided keys: If data needs to be encrypted at the file level, customer- provided keys can be used to ensure that the organization retains control over the encryption and decryption process.



A security analyst discovers a new device on the company's dedicated IoT subnet during the most recent vulnerability scan. The scan results show numerous open ports and insecure protocols in addition to default usernames and passwords. A camera needs to transmit video to the security server in the IoT subnet.
Which of the following should the security analyst recommend to securely operate the camera?

  1. Harden the camera configuration.
  2. Send camera logs to the SIEM.
  3. Encrypt the camera's video stream.
  4. Place the camera on an isolated segment.

Answer(s): A

Explanation:

Harden the camera configuration by changing default usernames and passwords, disabling unnecessary open ports, and ensuring that secure protocols (such as HTTPS, SSH, or others) are used instead of insecure ones (like HTTP or Telnet). This is a critical step in securing IoT devices and protecting them from being exploited.
Since the camera is part of the IoT subnet and has been identified with vulnerabilities such as default credentials and open ports, hardening the configuration is the most direct and effective solution to secure its operation.



The Chief Information Security Officer of a large multinational organization has asked the security risk manager to use risk scenarios during a risk analysis.
Which of the following is the most likely reason for this approach?

  1. To connect risks to business objectives
  2. To ensure a consistent approach to risk
  3. To present a comprehensive view of risk
  4. To provide context to the relevancy of risk

Answer(s): D

Explanation:

Using risk scenarios helps to provide context to the relevancy of risk by illustrating how specific risks could affect the organization. This approach helps stakeholders understand the potential impact of risks in real-world terms, making it easier to prioritize actions based on the likelihood and consequences of each scenario. It also helps decision-makers better assess the practical implications of different risks on business operations.



Viewing Page 8 of 45



Share your comments for CompTIA CAS-005 exam with other users:

Ridima 9/12/2023 4:18:00 AM

need dump and sap notes for c_s4cpr_2308 - sap certified application associate - sap s/4hana cloud, public edition - sourcing and procurement
Anonymous


Tanvi Rajput 10/6/2023 6:50:00 AM

question 11: d i personally feel some answers are wrong.
UNITED KINGDOM


Anil 7/18/2023 9:38:00 AM

nice questions
Anonymous


Chris 8/26/2023 1:10:00 AM

looking for c1000-158: ibm cloud technical advocate v4 questions
Anonymous


sachin 6/27/2023 1:22:00 PM

can you share the pdf
Anonymous


Blessious Phiri 8/13/2023 10:26:00 AM

admin ii is real technical stuff
Anonymous


Luis Manuel 7/13/2023 9:30:00 PM

could you post the link
UNITED STATES


vijendra 8/18/2023 7:54:00 AM

hello send me dumps
Anonymous


Simeneh 7/9/2023 8:46:00 AM

it is very nice
Anonymous


john 11/16/2023 5:13:00 PM

i gave the amazon dva-c02 tests today and passed. very helpful.
Anonymous


Tao 11/20/2023 8:53:00 AM

there is an incorrect word in the problem statement. for example, in question 1, there is the word "speci c". this is "specific. in the other question, there is the word "noti cation". this is "notification. these mistakes make this site difficult for me to use.
Anonymous


patricks 10/24/2023 6:02:00 AM

passed my az-120 certification exam today with 90% marks. studied using the dumps highly recommended to all.
Anonymous


Ananya 9/14/2023 5:17:00 AM

i need it, plz make it available
UNITED STATES


JM 12/19/2023 2:41:00 PM

q47: intrusion prevention system is the correct answer, not patch management. by definition, there are no patches available for a zero-day vulnerability. the way to prevent an attacker from exploiting a zero-day vulnerability is to use an ips.
UNITED STATES


Ronke 8/18/2023 10:39:00 AM

this is simple but tiugh as well
Anonymous


CesarPA 7/12/2023 10:36:00 PM

questão 4, segundo meu compilador local e o site https://www.jdoodle.com/online-java-compiler/, a resposta correta é "c" !
UNITED STATES


Jeya 9/13/2023 7:50:00 AM

its very useful
INDIA


Tracy 10/24/2023 6:28:00 AM

i mastered my skills and aced the comptia 220-1102 exam with a score of 920/1000. i give the credit to for my success.
Anonymous


James 8/17/2023 4:33:00 PM

real questions
UNITED STATES


Aderonke 10/23/2023 1:07:00 PM

very helpful assessments
UNITED KINGDOM


Simmi 8/24/2023 7:25:00 AM

hi there, i would like to get dumps for this exam
AUSTRALIA


johnson 10/24/2023 5:47:00 AM

i studied for the microsoft azure az-204 exam through it has 100% real questions available for practice along with various mock tests. i scored 900/1000.
GERMANY


Manas 9/9/2023 1:48:00 AM

please upload 1z0-1072-23 exam dups
UNITED STATES


SB 9/12/2023 5:15:00 AM

i was hoping if you could please share the pdf as i’m currently preparing to give the exam.
Anonymous


Jagjit 8/26/2023 5:01:00 PM

i am looking for oracle 1z0-116 exam
UNITED STATES


S Mallik 11/27/2023 12:32:00 AM

where we can get the answer to the questions
Anonymous


PiPi Li 12/12/2023 8:32:00 PM

nice questions
NETHERLANDS


Dan 8/10/2023 4:19:00 PM

question 129 is completely wrong.
UNITED STATES


gayathiri 7/6/2023 12:10:00 AM

i need dump
UNITED STATES


Deb 8/15/2023 8:28:00 PM

love the site.
UNITED STATES


Michelle 6/23/2023 4:08:00 AM

can you please upload it back?
Anonymous


Ajay 10/3/2023 12:17:00 PM

could you please re-upload this exam? thanks a lot!
Anonymous


him 9/30/2023 2:38:00 AM

great about shared quiz
Anonymous


San 11/14/2023 12:46:00 AM

goood helping
Anonymous