Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > CompTIA > CompTIA Certifications > CAS-005 > CAS-005 Online Practice Questions and Answers

CAS-005 Online Practice Questions and Answers

Questions 4

DRAG DROP

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Select and Place:

Buy Now

Correct Answer:

Questions 5

DRAG DROP

Drag and drop the cloud deployment model to the associated use-case scenario. Options may be used only once or not at all.

Select and Place:

Buy Now

Correct Answer:

Questions 6

A security review revealed that not all of the client proxy traffic is being captured. Which of the following architectural changes best enables the capture of traffic for analysis?

A. Adding an additional proxy server to each segmented VLAN

B. Setting up a reverse proxy for client logging at the gateway

C. Configuring a span port on the perimeter firewall to ingest logs

D. Enabling client device logging and system event auditing

Buy Now

Correct Answer: C

Configuring a span port on the perimeter firewall to ingest logs is the best architectural change to ensure that all client proxy traffic is captured for analysis. Here's why:

Comprehensive Traffic Capture: A span port (or mirror port) on the perimeter firewall can capture all inbound and outbound traffic, including traffic that might bypass the proxy. This ensures that all network traffic is available for analysis.

Centralized Logging: By capturing logs at the perimeter firewall, the organization can centralize logging and analysis, making it easier to detect and investigate anomalies. Minimal Disruption: Implementing a span port is a non-intrusive

method that does not require significant changes to the network architecture, thus minimizing disruption to existing services.

Questions 7

Which of the following is the security engineer most likely doing?

A. Assessing log in activities using geolocation to tune impossible Travel rate alerts

B. Reporting on remote log-in activities to track team metrics

C. Threat hunting for suspicious activity from an insider threat

D. Baselining user behavior to support advanced analytics

Buy Now

Correct Answer: A

In the given scenario, the security engineer is likely examining login activities and their associated geolocations. This type of analysis is aimed at identifying unusual login patterns that might indicate an impossible travel scenario. An impossible travel scenario is when a single user account logs in from geographically distant locations in a short time, which is physically impossible. By assessing login activities using geolocation, the engineer can tune alerts to identify and respond to potential security breaches more effectively.

Questions 8

A company wants to use loT devices to manage and monitor thermostats at all facilities The thermostats must receive vendor security updates and limit access to other devices within the organization

Which of the following best addresses the company's requirements''

A. Only allowing Internet access to a set of specific domains

B. Operating lot devices on a separate network with no access to other devices internally

C. Only allowing operation for loT devices during a specified time window

D. Configuring IoT devices to always allow automatic updates

Buy Now

Correct Answer: B

The best approach for managing and monitoring IoT devices, such as thermostats, is to operate them on a separate network with no access to other internal devices. This segmentation ensures that the IoT devices are isolated from the main

network, reducing the risk of potential security breaches affecting other critical systems. Additionally, this setup allows for secure vendor updates without exposing the broader network to potential vulnerabilities inherent in IoT devices.

References:

CompTIA SecurityX Study Guide: Recommends network segmentation for IoT devices to minimize security risks.

NIST Special Publication 800-183, "Network of Things": Advises on the isolation of IoT devices to enhance security.

"Practical IoT Security" by Brian Russell and Drew Van Duren: Discusses best practices for securing IoT devices, including network segmentation.

Questions 9

A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP

Which of the following is me best way to reduce the risk oi reoccurrence?

A. Enforcing allow lists for authorized network pons and protocols

B. Measuring and attesting to the entire boot chum

C. Rolling the cryptographic keys used for hardware security modules

D. Using code signing to verify the source of OS updates

Buy Now

Correct Answer: A

The scenario describes a sophisticated attack where the threat actor used steganography within LDAP to exfiltrate data. Given that the hardware and OS firmware were validated and found uncompromised, the attack vector likely exploited a

network communication channel. To mitigate such risks, enforcing allow lists for authorized network ports and protocols is the most effective strategy.

Here's why this option is optimal:

Port and Protocol Restrictions: By creating an allow list, the organization can restrict communications to only those ports and protocols that are necessary for legitimate business operations. This reduces the attack surface by preventing

unauthorized or unusual traffic.

Network Segmentation: Enforcing such rules helps in segmenting the network and ensuring that only approved communications occur, which is critical in preventing data exfiltration methods like steganography. Preventing Unauthorized

Access: Allow lists ensure that only predefined, trusted connections are allowed, blocking potential paths that attackers could use to infiltrate or exfiltrate data.

Other options, while beneficial in different contexts, are not directly addressing the network communication threat:

B. Measuring and attesting to the entire boot chain: While this improves system integrity, it doesn't directly mitigate the risk of data exfiltration through network channels. C. Rolling the cryptographic keys used for hardware security modules:

This is useful for securing data and communications but doesn't directly address the specific method of exfiltration described. D. Using code signing to verify the source of OS updates: Ensures updates are from legitimate sources, but it

doesn't mitigate the risk of network-based data exfiltration.

References:

CompTIA SecurityX Study Guide

NIST Special Publication 800-41, "Guidelines on Firewalls and Firewall Policy" CIS Controls Version 8, Control 9: Limitation and Control of Network Ports, Protocols, and Services

Questions 10

Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process.

Which of the following is the best strategy for the engineer to use?

A. Disabling the BIOS and moving to UEFI

B. Managing secrets on the vTPM hardware

C. Employing shielding lo prevent LMI

D. Managing key material on a HSM

Buy Now

Correct Answer: D

The best strategy for securely managing cryptographic material is to use a Hardware Security Module (HSM). Here's why:

Security and Integrity: HSMs are specialized hardware devices designed to protect and manage digital keys. They provide high levels of physical and logical security, ensuring that cryptographic material is well protected against tampering

and unauthorized access.

Centralized Key Management: Using HSMs allows for centralized management of cryptographic keys, reducing the risks associated with decentralized and potentially insecure key storage practices, such as on personal laptops. Compliance

and Best Practices: HSMs comply with various industry standards and regulations (such as FIPS 140-2) for secure key management. This ensures that the organization adheres to best practices and meets compliance requirements.

Questions 11

An organization is implementing Zero Trust architecture A systems administrator must increase the effectiveness of the organization's context-aware access system. Which of the following is the best way to improve the effectiveness of the system?

A. Secure zone architecture

B. Always-on VPN

C. Accurate asset inventory

D. Microsegmentation

Buy Now

Correct Answer: D

Microsegmentation is a critical strategy within Zero Trust architecture that enhances context-aware access systems by dividing the network into smaller, isolated segments. This reduces the attack surface and limits lateral movement of

attackers within the network. It ensures that even if one segment is compromised, the attacker cannot easily access other segments. This granular approach to network security is essential for enforcing strict access controls and monitoring

within Zero Trust environments.

Reference: CompTIA SecurityX Study Guide, Chapter on Zero Trust Security, Section on Microsegmentation and Network Segmentation.

Questions 12

Which of the following industrial protocols is most likely to be found in public utility applications, such as water or electric?

A. CIP

B. Zigbee

C. Modbus

D. DNP3

Buy Now

Correct Answer: D

DNP3 (Distributed Network Protocol 3) is specifically designed for use in SCADA (Supervisory Control and Data Acquisition) systems, which are commonly employed in public utility sectors such as water and electric utilities. DNP3 is known for its robustness in handling communication over long distances and in noisy environments typical of utility operations. It supports features essential for reliable and secure communication, including time synchronization, data integrity checks, and error recovery mechanisms. These capabilities make DNP3 highly suitable for monitoring and controlling remote devices and systems critical to public utilities.

Questions 13

A company has a website with a huge database. The company wants to ensure that a DR site could be brought online quickly in the event of a failover, and end users would miss no more than 30 minutes of data. Which of the following should the company do to meet these objectives?

A. Build a content caching system at the DR site.

B. Store the nightly full backups at the DR site.

C. Increase the network bandwidth to the DR site.

D. Implement real-time replication for the DR site.

Buy Now

Correct Answer: D

Exam Code: CAS-005
Exam Name: CompTIA SecurityX
Last Update: Mar 31, 2025
Questions: 261

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2025 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.