Amazon
Avaya
Cisco
CompTIA
CrowdStrike
EC-Council
EXIN
Fortinet
Google
ISC
ISC2
ITIL
Juniper
Microsoft
NVIDIA
Okta
Palo Alto Networks
Salesforce
SAP
ServiceNow
All Vendors
  1. Home
  2. CompTIA
  3. CAS-005

CompTIA CAS-005 Exam (page: 9)
CompTIA SecurityX
Updated on: 31-Mar-2026

Viewing Page 9 of 45
CAS-005 PDF 408 Questions

A security engineer would like to control configurations on mobile devices while fulfilling the following requirements:
Support and control Apple and Android devices.

The device must be corporate-owned.

Which of the following would enable the engineer to meet these requirements? (Choose two.)

  1. Create a group policy to lock down mobile devices.
  2. Update verbiage in the acceptable use policy for the internet.
  3. Implement an MDM solution.
  4. Implement a captive portal solution.
  5. Update policy to prohibit the use of BYOD devices.
  6. Implement a RADIUS solution.

Answer(s): C,E

Explanation:

Implement an MDM solution (Mobile Device Management): An MDM solution is specifically designed to manage, monitor, and secure mobile devices. It allows organizations to enforce configuration policies, enforce encryption, restrict apps, and control access to corporate resources on both Apple and Android devices. This solution directly meets the requirement to support and control corporate-owned devices.
Update policy to prohibit the use of BYOD devices: By prohibiting the use of Bring Your Own Device (BYOD) devices, the organization ensures that only corporate-owned devices are used, fulfilling the requirement that the devices must be corporate-owned. This policy helps maintain control over the mobile devices within the organization's environment.



A pharmaceutical company uses a cloud provider to host thousands of independent resources in object storage. The company needs a practical and effective means of discovering data, monitoring changes, and identifying suspicious activity.
Which of the following would best meet these requirements?

  1. A machine-learning-based data security service
  2. A file integrity monitoring service
  3. A cloud configuration assessment and compliance service
  4. An automated data classification system

Answer(s): A

Explanation:

A machine-learning-based data security service would be the best solution for discovering data, monitoring changes, and identifying suspicious activity in the context of a cloud-based object storage environment. Such a service can analyze patterns in data access and usage to identify anomalies, suspicious behavior, and potential security incidents. Machine learning models can continuously learn and adapt to new behaviors, making it effective at detecting emerging threats in real time.



A security analyst is assessing a new application written in Java. The security analyst must determine which vulnerabilities exist during runtime.
Which of the following would provide the most exhaustive list of vulnerabilities while meeting the objective?

  1. Input validation
  2. Dynamic analysis
  3. Side-channel analysis
  4. Fuzz testing
  5. Static analysis

Answer(s): B

Explanation:

Dynamic analysis is the most appropriate technique for assessing vulnerabilities during runtime. It involves testing the application while it is running, which allows the security analyst to observe the application's behavior, detect vulnerabilities that emerge during execution, and understand how the application interacts with its environment. This provides a comprehensive view of vulnerabilities that may not be detected through static code analysis, as it accounts for issues like memory corruption, data leaks, and runtime exceptions.



Recently, two large engineering companies in the same line of business decided to approach cyberthreats in a united way.
Which of the following best describes this unified approach?

  1. NDA
  2. SOW
  3. SLA
  4. MOU

Answer(s): D

Explanation:

An MOU (Memorandum of Understanding) is the best choice in this scenario, as it represents an agreement between two parties outlining the intention to collaborate or work together on a common goal, without creating legally binding obligations. In this case, the two engineering companies are uniting to approach cyberthreats in a unified way, and an MOU would formalize this cooperative arrangement and define the terms of their collaboration.



A regulated company is in the process of refreshing its entire infrastructure. The company has a business- critical process running on an old 2008 Windows server. If this server fails, the company would lose millions of dollars in revenue.
Which of the following actions should the company should take?

  1. Accept the risk as the cost of doing business.
  2. Create an organizational risk register for project prioritization.
  3. Implement network compensating controls.
  4. Purchase insurance to offset the cost if a failure occurred.

Answer(s): B

Explanation:

The most appropriate action is to create an organizational risk register for project prioritization. This helps the company document and assess risks, prioritize critical systems, and determine which systems, such as the old 2008 Windows server running a business-critical process, need to be addressed most urgently. A risk register ensures that resources are allocated properly and that mitigation plans are in place for the most critical systems to prevent revenue loss in the event of a failure.



A security engineer needs to ensure production containers are automatically scanned for vulnerabilities before they are accepted into the production environment.
Which of the following should the engineer use to automatically incorporate vulnerability scanning on every commit?

  1. Code repository
  2. CI/CD pipeline
  3. Integrated development environment
  4. Container orchestrator

Answer(s): B

Explanation:

The best solution for automatically scanning containers for vulnerabilities before they are accepted into the production environment is to incorporate vulnerability scanning into the CI/CD pipeline. Continuous Integration (CI) and Continuous Deployment (CD) pipelines can be configured to automatically trigger security scans, including container vulnerability assessments, every time code is committed or changes are pushed. This ensures that vulnerabilities are detected early in the development cycle before the containers are deployed to production.



A security architect recommends replacing the company's monolithic software application with a containerized solution. Historically, secrets have been stored in the application's configuration files.
Which of the following changes should the security architect make in the new system?

  1. Use a secrets management tool.
  2. Save secrets in key escrow.
  3. Store the secrets inside the Dockerfiles.
  4. Run all Dockerfiles in a randomized namespace.

Answer(s): A

Explanation:

A secrets management tool is the most appropriate solution for securely managing and storing secrets (such as API keys, passwords, or tokens) in the new containerized environment. Secrets management tools, such as HashiCorp Vault, AWS Secrets Manager, or Azure Key Vault, provide secure storage, access control, and audit logs for secrets. They are designed to manage secrets in a way that avoids hardcoding sensitive data in configuration files or Dockerfiles, which could be exposed or compromised.



A security engineer is assessing a new tool to segment data and communications between domains. The assessment must determine how data transmission controls can be bypassed without detection.
Which of the following techniques should the security engineer use?

  1. Machine-learning statistical analysis
  2. Fuzz testing
  3. Covert channel analysis
  4. Protocol analysis

Answer(s): C

Explanation:

Covert channel analysis is the technique best suited for assessing how data transmission controls can be bypassed without detection. Covert channels involve using a system or communication protocol in unintended ways to transmit data secretly. This analysis helps identify potential hidden channels that might bypass security controls and allow unauthorized communication between domains.



Viewing Page 9 of 45



Share your comments for CompTIA CAS-005 exam with other users:

Nicholas 2/2/2024 6:17:08 PM

Thank you for providing these questions. It helped me a lot with passing my exam.
Anonymous


Timi 8/19/2023 5:30:00 PM

my first attempt
UNITED KINGDOM


Blessious Phiri 8/13/2023 10:32:00 AM

very explainable
Anonymous


m7md ibrahim 5/26/2023 6:21:00 PM

i think answer of q 462 is variance analysis
Anonymous


Tehu 5/25/2023 12:25:00 PM

hi i need see questions
Anonymous


Ashfaq Nasir 1/17/2024 1:19:00 AM

best study material for exam
Anonymous


Roberto 11/27/2023 12:33:00 AM

very interesting repository
ITALY


Nale 9/18/2023 1:51:00 PM

american history 1
Anonymous


Tanvi 9/27/2023 4:02:00 AM

good level of questions
Anonymous


Boopathy 8/17/2023 1:03:00 AM

i need this dump kindly upload it
Anonymous


s_123 8/12/2023 4:28:00 PM

do we need c# coding to be az204 certified
Anonymous


Blessious Phiri 8/15/2023 3:38:00 PM

excellent topics covered
Anonymous


Manasa 12/5/2023 3:15:00 AM

are these really financial cloud questions and answers, seems these are basic admin question and answers
Anonymous


Not Robot 5/14/2023 5:33:00 PM

are these comments real
Anonymous


kriah 9/4/2023 10:44:00 PM

please upload the latest dumps
UNITED STATES


ed 12/17/2023 1:41:00 PM

a company runs its workloads on premises. the company wants to forecast the cost of running a large application on aws. which aws service or tool can the company use to obtain this information? pricing calculator ... the aws pricing calculator is primarily used for estimating future costs
UNITED STATES


Muru 12/29/2023 10:23:00 AM

looks interesting
Anonymous


Tech Lady 10/17/2023 12:36:00 PM

thanks! that’s amazing
Anonymous


Mike 8/20/2023 5:12:00 PM

the exam dumps are helping me get a solid foundation on the practical techniques and practices needed to be successful in the auditing world.
UNITED STATES


Nobody 9/18/2023 6:35:00 PM

q 14 should be dmz sever1 and notepad.exe why does note pad have a 443 connection
Anonymous


Muhammad Rawish Siddiqui 12/4/2023 12:17:00 PM

question # 108, correct answers are business growth and risk reduction.
SAUDI ARABIA


Emmah 7/29/2023 9:59:00 AM

are these valid chfi questions
KENYA


Mort 10/19/2023 7:09:00 PM

question: 162 should be dlp (b)
EUROPEAN UNION


Eknath 10/4/2023 1:21:00 AM

good exam questions
INDIA


Nizam 6/16/2023 7:29:00 AM

I have to say this is really close to real exam. Passed my exam with this.
EUROPEAN UNION


poran 11/20/2023 4:43:00 AM

good analytics question
Anonymous


Antony 11/23/2023 11:36:00 AM

this looks accurate
INDIA


Ethan 8/23/2023 12:52:00 AM

question 46, the answer should be data "virtualization" (not visualization).
Anonymous


nSiva 9/22/2023 5:58:00 AM

its useful.
UNITED STATES


Ranveer 7/26/2023 7:26:00 PM

Pass this exam 3 days ago. The PDF version and the Xengine App is quite useful.
SOUTH AFRICA


Sanjay 8/15/2023 10:22:00 AM

informative for me.
UNITED STATES


Tom 12/12/2023 8:53:00 PM

question 134s answer shoule be "dlp"
JAPAN


Alex 11/7/2023 11:02:00 AM

in 72 the answer must be [sys_user_has_role] table.
Anonymous


Finn 5/4/2023 10:21:00 PM

i appreciated the mix of multiple-choice and short answer questions. i passed my exam this morning.
IRLAND