Practice Free CAS-005 Exam Online Questions
Question #31
A security engineer is given the following requirements:
• An endpoint must only execute Internally signed applications
• Administrator accounts cannot install unauthorized software.
• Attempts to run unauthorized software must be logged
Which of the following best meets these requirements?
- A . Maintaining appropriate account access through directory management and controls
- B . Implementing a CSPM platform to monitor updates being pushed to applications
- C . Deploying an EDR solution to monitor and respond to software installation attempts
- D . Configuring application control with blocked hashes and enterprise-trusted root certificates
Correct Answer: D
D
Explanation:
To meet the requirements of only allowing internally signed applications, preventing unauthorized software installations, and logging attempts to run unauthorized software, configuring application control with blocked hashes and enterprise-trusted root certificates is the best solution. This approach ensures that only applications signed by trusted certificates are allowed to execute, while all other attempts are blocked and logged. It effectively prevents unauthorized software installations by restricting execution to pre-approved applications.
Reference: CompTIA SecurityX Study Guide: Describes application control mechanisms and the use of trusted certificates to enforce security policies.
NIST Special Publication 800-53, "Security and Privacy Controls for Information Systems and Organizations": Recommends application whitelisting and execution control for securing endpoints. "The Application Security Handbook" by Mark Dowd, John McDonald, and Justin Schuh: Covers best practices for implementing application control and managing trusted certificates
D
Explanation:
To meet the requirements of only allowing internally signed applications, preventing unauthorized software installations, and logging attempts to run unauthorized software, configuring application control with blocked hashes and enterprise-trusted root certificates is the best solution. This approach ensures that only applications signed by trusted certificates are allowed to execute, while all other attempts are blocked and logged. It effectively prevents unauthorized software installations by restricting execution to pre-approved applications.
Reference: CompTIA SecurityX Study Guide: Describes application control mechanisms and the use of trusted certificates to enforce security policies.
NIST Special Publication 800-53, "Security and Privacy Controls for Information Systems and Organizations": Recommends application whitelisting and execution control for securing endpoints. "The Application Security Handbook" by Mark Dowd, John McDonald, and Justin Schuh: Covers best practices for implementing application control and managing trusted certificates
Question #32
A cloud engineer needs to identify appropriate solutions to:
• Provide secure access to internal and external cloud resources.
• Eliminate split-tunnel traffic flows.
• Enable identity and access management capabilities.
Which of the following solutions arc the most appropriate? (Select two).
- A . Federation
- B . Microsegmentation
- C . CASB
- D . PAM
- E . SD-WAN
- F . SASE
Correct Answer: C, F
C, F
Explanation:
To provide secure access to internal and external cloud resources, eliminate split-tunnel traffic flows, and enable identity and access management capabilities, the most appropriate solutions are CASB (Cloud Access Security Broker) and SASE (Secure Access Service Edge).
Why CASB and SASE?
CASB (Cloud Access Security Broker):
Secure Access: CASB solutions provide secure access to cloud resources by enforcing security policies and monitoring user activities.
Identity and Access Management: CASBs integrate with identity and access management (IAM) systems to ensure that only authorized users can access cloud resources.
Visibility and Control: They offer visibility into cloud application usage and control over data sharing and access.
SASE (Secure Access Service Edge):
Eliminate Split-Tunnel Traffic: SASE integrates network security functions with WAN capabilities to ensure secure access without the need for split-tunnel configurations.
Comprehensive Security: SASE provides a holistic security approach, including secure web gateways, firewalls, and zero trust network access (ZTNA).
Identity-Based Access: SASE leverages IAM to enforce access controls based on user identity and context.
Other options, while useful, do not comprehensively address all the requirements:
C, F
Explanation:
To provide secure access to internal and external cloud resources, eliminate split-tunnel traffic flows, and enable identity and access management capabilities, the most appropriate solutions are CASB (Cloud Access Security Broker) and SASE (Secure Access Service Edge).
Why CASB and SASE?
CASB (Cloud Access Security Broker):
Secure Access: CASB solutions provide secure access to cloud resources by enforcing security policies and monitoring user activities.
Identity and Access Management: CASBs integrate with identity and access management (IAM) systems to ensure that only authorized users can access cloud resources.
Visibility and Control: They offer visibility into cloud application usage and control over data sharing and access.
SASE (Secure Access Service Edge):
Eliminate Split-Tunnel Traffic: SASE integrates network security functions with WAN capabilities to ensure secure access without the need for split-tunnel configurations.
Comprehensive Security: SASE provides a holistic security approach, including secure web gateways, firewalls, and zero trust network access (ZTNA).
Identity-Based Access: SASE leverages IAM to enforce access controls based on user identity and context.
Other options, while useful, do not comprehensively address all the requirements:
Question #33
Which of the following AI concerns is most adequately addressed by input sanitation?
- A . Model inversion
- B . Prompt Injection
- C . Data poisoning
- D . Non-explainable model
Correct Answer: B
B
Explanation:
Input sanitation is a critical process in cybersecurity that involves validating and cleaning data provided by users to prevent malicious inputs from causing harm. In the context of AI concerns: A. Model inversion involves an attacker inferring sensitive data from model outputs, typically requiring sophisticated methods beyond just manipulating input data.
B. Prompt Injection is a form of attack where an adversary provides malicious input to manipulate the behavior of AI models, particularly those dealing with natural language processing (NLP). Input sanitation directly addresses this by ensuring that inputs are cleaned and validated to remove potentially harmful commands or instructions that could alter the AI’s behavior.
C. Data poisoning involves injecting malicious data into the training set to compromise the model. While input sanitation can help by filtering out bad data, data poisoning is typically addressed through robust data validation and monitoring during the model training phase, rather than real-time input sanitation.
D. Non-explainable model refers to the lack of transparency in how AI models make decisions. This concern is not addressed by input sanitation, as it relates more to model design and interpretability techniques.
Input sanitation is most relevant and effective for preventing Prompt Injection attacks, where the integrity of user inputs directly impacts the performance and security of AI models.
Reference: CompTIA Security+ Study Guide
"Security of Machine Learning" by Battista Biggio, Blaine Nelson, and Pavel Laskov
OWASP (Open Web Application Security Project) guidelines on input validation and injection attacks
Top of Form
Bottom of Form
B
Explanation:
Input sanitation is a critical process in cybersecurity that involves validating and cleaning data provided by users to prevent malicious inputs from causing harm. In the context of AI concerns: A. Model inversion involves an attacker inferring sensitive data from model outputs, typically requiring sophisticated methods beyond just manipulating input data.
B. Prompt Injection is a form of attack where an adversary provides malicious input to manipulate the behavior of AI models, particularly those dealing with natural language processing (NLP). Input sanitation directly addresses this by ensuring that inputs are cleaned and validated to remove potentially harmful commands or instructions that could alter the AI’s behavior.
C. Data poisoning involves injecting malicious data into the training set to compromise the model. While input sanitation can help by filtering out bad data, data poisoning is typically addressed through robust data validation and monitoring during the model training phase, rather than real-time input sanitation.
D. Non-explainable model refers to the lack of transparency in how AI models make decisions. This concern is not addressed by input sanitation, as it relates more to model design and interpretability techniques.
Input sanitation is most relevant and effective for preventing Prompt Injection attacks, where the integrity of user inputs directly impacts the performance and security of AI models.
Reference: CompTIA Security+ Study Guide
"Security of Machine Learning" by Battista Biggio, Blaine Nelson, and Pavel Laskov
OWASP (Open Web Application Security Project) guidelines on input validation and injection attacks
Top of Form
Bottom of Form
Question #34
A company wants to invest in research capabilities with the goal to operationalize the research output.
Which of the following is the best option for a security architect to recommend?
- A . Dark web monitoring
- B . Threat intelligence platform
- C . Honeypots
- D . Continuous adversary emulation
Correct Answer: B
B
Explanation:
Investing in a threat intelligence platform is the best option for a company looking to operationalize research output. A threat intelligence platform helps in collecting, processing, and analyzing threat data to provide actionable insights. These platforms integrate data from various sources, including dark web monitoring, honeypots, and other security tools, to offer a comprehensive view of the threat landscape.
Why a Threat Intelligence Platform?
Data Integration: It consolidates data from multiple sources, including dark web monitoring and honeypots, making it easier to analyze and derive actionable insights.
Actionable Insights: Provides real-time alerts and reports on potential threats, helping the organization take proactive measures.
Operational Efficiency: Streamlines the process of threat detection and response, allowing the security team to focus on critical issues.
Research and Development: Facilitates the operationalization of research output by providing a platform for continuous monitoring and analysis of emerging threats.
Other options, while valuable, do not offer the same level of integration and operationalization capabilities:
B
Explanation:
Investing in a threat intelligence platform is the best option for a company looking to operationalize research output. A threat intelligence platform helps in collecting, processing, and analyzing threat data to provide actionable insights. These platforms integrate data from various sources, including dark web monitoring, honeypots, and other security tools, to offer a comprehensive view of the threat landscape.
Why a Threat Intelligence Platform?
Data Integration: It consolidates data from multiple sources, including dark web monitoring and honeypots, making it easier to analyze and derive actionable insights.
Actionable Insights: Provides real-time alerts and reports on potential threats, helping the organization take proactive measures.
Operational Efficiency: Streamlines the process of threat detection and response, allowing the security team to focus on critical issues.
Research and Development: Facilitates the operationalization of research output by providing a platform for continuous monitoring and analysis of emerging threats.
Other options, while valuable, do not offer the same level of integration and operationalization capabilities:
Question #35
After an incident occurred, a team reported during the lessons-learned review that the team.
* Lost important Information for further analysis.
* Did not utilize the chain of communication
* Did not follow the right steps for a proper response
Which of the following solutions is the best way to address these findinds?
- A . Requesting budget for better forensic tools to Improve technical capabilities for Incident response operations
- B . Building playbooks for different scenarios and performing regular table-top exercises
- C . Requiring professional incident response certifications tor each new team member
- D . Publishing the incident response policy and enforcing it as part of the security awareness program
Correct Answer: B
B
Explanation:
Building playbooks for different scenarios and performing regular table-top exercises directly addresses the issues identified in the lessons-learned review.
Here’s why:
Lost important information for further analysis: Playbooks outline step-by-step procedures for incident response, ensuring that team members know exactly what to document and how to preserve evidence.
Did not utilize the chain of communication: Playbooks include communication protocols, specifying who to notify and when. Regular table-top exercises reinforce these communication channels, ensuring they are followed during actual incidents.
Did not follow the right steps for a proper response: Playbooks provide a clear sequence of actions to be taken during various types of incidents, helping the team to respond in a structured and effective manner. Regular exercises allow the team to practice these steps, identifying and correcting any deviations from the plan.
Investing in better forensic tools (Option A) or requiring certifications (Option C) are also valuable,
but they do not directly address the procedural and communication gaps identified. Publishing and enforcing the incident response policy (Option D) is important but not as practical and hands-on as playbooks and exercises in ensuring the team is prepared.
Reference: CompTIA Security+ Study Guide
NIST SP 800-61 Rev. 2, "Computer Security Incident Handling Guide"
SANS Institute, "Incident Handler’s Handbook"
B
Explanation:
Building playbooks for different scenarios and performing regular table-top exercises directly addresses the issues identified in the lessons-learned review.
Here’s why:
Lost important information for further analysis: Playbooks outline step-by-step procedures for incident response, ensuring that team members know exactly what to document and how to preserve evidence.
Did not utilize the chain of communication: Playbooks include communication protocols, specifying who to notify and when. Regular table-top exercises reinforce these communication channels, ensuring they are followed during actual incidents.
Did not follow the right steps for a proper response: Playbooks provide a clear sequence of actions to be taken during various types of incidents, helping the team to respond in a structured and effective manner. Regular exercises allow the team to practice these steps, identifying and correcting any deviations from the plan.
Investing in better forensic tools (Option A) or requiring certifications (Option C) are also valuable,
but they do not directly address the procedural and communication gaps identified. Publishing and enforcing the incident response policy (Option D) is important but not as practical and hands-on as playbooks and exercises in ensuring the team is prepared.
Reference: CompTIA Security+ Study Guide
NIST SP 800-61 Rev. 2, "Computer Security Incident Handling Guide"
SANS Institute, "Incident Handler’s Handbook"
Question #36
A company must build and deploy security standards for all servers in its on-premises and cloud environments based on hardening guidelines.
Which of the following solutions most likely meets the requirements?
- A . Develop a security baseline to integrate with the vulnerability scanning platform to alert about any server not aligned with the new security standards.
- B . Create baseline images for each OS in use, following security standards, and integrate the images into the patching and deployment solution.
- C . Build all new images from scratch, installing only needed applications and modules in accordance with the new security standards.
- D . Run a script during server deployment to remove all the unnecessary applications as part of provisioning.
Correct Answer: B
B
Explanation:
Creating secure baseline images ensures consistent, repeatable deployment aligned with hardening
standards. These images can be used across on-premises and cloud environments, ensuring
compliance and reducing misconfigurations.
Vulnerability alerts (A) are reactive, not preventive.
Building images from scratch (C) is time-consuming and unnecessary if baselines exist. Scripts for cleanup (D) are useful but do not prevent initial insecure configurations.
Reference: CompTIA SecurityX (CAS-005) Exam Objectives – Domain 3.0 (Security Engineering), Section on System Hardening & Configuration Management
B
Explanation:
Creating secure baseline images ensures consistent, repeatable deployment aligned with hardening
standards. These images can be used across on-premises and cloud environments, ensuring
compliance and reducing misconfigurations.
Vulnerability alerts (A) are reactive, not preventive.
Building images from scratch (C) is time-consuming and unnecessary if baselines exist. Scripts for cleanup (D) are useful but do not prevent initial insecure configurations.
Reference: CompTIA SecurityX (CAS-005) Exam Objectives – Domain 3.0 (Security Engineering), Section on System Hardening & Configuration Management
Question #37
A security engineer is assisting a DevOps team that has the following requirements for container images:
Ensure container images are hashed and use version controls.
Ensure container images are up to date and scanned for vulnerabilities.
Which of the following should the security engineer do to meet these requirements?
- A . Enable clusters on the container image and configure the mesh with ACLs.
- B . Enable new security and quality checks within a CI/CD pipeline.
- C . Enable audits on the container image and monitor for configuration changes.
- D . Enable pulling of the container image from the vendor repository and deploy directly to operations.
Correct Answer: B
B
Explanation:
Implementing security and quality checks in a CI/CD pipeline ensures that:
Container images are scanned for vulnerabilities before deployment.
Version control is enforced, preventing unauthorized changes.
Hashes validate image integrity.
Other options:
A (Configuring ACLs on mesh networks) improves access control but does not ensure scanning.
C (Audits on container images) detect changes but do not enforce best practices.
D (Pulling from a vendor repository) does not ensure vulnerability scanning.
Reference: CASP+ CAS-005 C DevSecOps and Secure Containerization
B
Explanation:
Implementing security and quality checks in a CI/CD pipeline ensures that:
Container images are scanned for vulnerabilities before deployment.
Version control is enforced, preventing unauthorized changes.
Hashes validate image integrity.
Other options:
A (Configuring ACLs on mesh networks) improves access control but does not ensure scanning.
C (Audits on container images) detect changes but do not enforce best practices.
D (Pulling from a vendor repository) does not ensure vulnerability scanning.
Reference: CASP+ CAS-005 C DevSecOps and Secure Containerization
Question #38
A security analyst Detected unusual network traffic related to program updating processes The analyst collected artifacts from compromised user workstations. The discovered artifacts were binary files with the same name as existing, valid binaries but. with different hashes which of the following solutions would most likely prevent this situation from reoccurring?
- A . Improving patching processes
- B . Implementing digital signature
- C . Performing manual updates via USB ports
- D . Allowing only dies from internal sources
Correct Answer: B
B
Explanation:
Implementing digital signatures ensures the integrity and authenticity of software binaries. When a binary is digitally signed, any tampering with the file (e.g., replacing it with a malicious version) would invalidate the signature. This allows systems to verify the origin and integrity of binaries before execution, preventing the execution of unauthorized or compromised binaries.
B
Explanation:
Implementing digital signatures ensures the integrity and authenticity of software binaries. When a binary is digitally signed, any tampering with the file (e.g., replacing it with a malicious version) would invalidate the signature. This allows systems to verify the origin and integrity of binaries before execution, preventing the execution of unauthorized or compromised binaries.
Question #39
A security engineer is developing a solution to meet the following requirements?
• All endpoints should be able to establish telemetry with a SIEM.
• All endpoints should be able to be integrated into the XDR platform.
• SOC services should be able to monitor the XDR platform
Which of the following should the security engineer implement to meet the requirements?
- A . CDR and central logging
- B . HIDS and vTPM
- C . WAF and syslog
- D . HIPS and host-based firewall
Correct Answer: D
D
Explanation:
To meet the requirements of having all endpoints establish telemetry with a SIEM, integrate into an XDR platform, and allow SOC services to monitor the XDR platform, the best approach is to implement Host Intrusion Prevention Systems (HIPS) and a host-based firewall. HIPS can provide detailed telemetry data to the SIEM and can be integrated into the XDR platform for comprehensive monitoring and response. The host-based firewall ensures that only authorized traffic is allowed, providing an additional layer of security.
Reference: CompTIA SecurityX Study Guide: Describes the roles of HIPS and host-based firewalls in endpoint security and their integration with SIEM and XDR platforms.
NIST Special Publication 800-94, "Guide to Intrusion Detection and Prevention Systems (IDPS)":
Highlights the capabilities of HIPS for security monitoring and incident response.
"Network Security Monitoring" by Richard Bejtlich: Discusses the integration of various security tools, including HIPS and firewalls, for effective security monitoring.
D
Explanation:
To meet the requirements of having all endpoints establish telemetry with a SIEM, integrate into an XDR platform, and allow SOC services to monitor the XDR platform, the best approach is to implement Host Intrusion Prevention Systems (HIPS) and a host-based firewall. HIPS can provide detailed telemetry data to the SIEM and can be integrated into the XDR platform for comprehensive monitoring and response. The host-based firewall ensures that only authorized traffic is allowed, providing an additional layer of security.
Reference: CompTIA SecurityX Study Guide: Describes the roles of HIPS and host-based firewalls in endpoint security and their integration with SIEM and XDR platforms.
NIST Special Publication 800-94, "Guide to Intrusion Detection and Prevention Systems (IDPS)":
Highlights the capabilities of HIPS for security monitoring and incident response.
"Network Security Monitoring" by Richard Bejtlich: Discusses the integration of various security tools, including HIPS and firewalls, for effective security monitoring.
Question #40
A company lined an email service provider called my-email.com to deliver company emails. The company stalled having several issues during the migration.
A security engineer is troubleshooting and observes the following configuration snippet:
Which of the following should the security engineer modify to fix the issue? (Select two).
- A . The email CNAME record must be changed to a type A record pointing to 192.168.111
- B . The TXT record must be Changed to "v=dmarc ip4:192.168.1.10 include:my-email.com -all"
- C . The srvo1 A record must be changed to a type CNAME record pointing to the email server
- D . The email CNAME record must be changed to a type A record pointing to 192.168.1.10
- E . The TXT record must be changed to "v=dkim ip4:l92.168.1.11 include my-email.com -ell"
- F . The TXT record must be Changed to "v=dkim ip4:192.168.1.10 include:email-all"
- G . The srv01 A record must be changed to a type CNAME record pointing to the web01 server
Correct Answer: D, B
D, B
Explanation:
The security engineer should modify the following to fix the email migration issues:
Email CNAME Record: The email CNAME record must be changed to a type A record pointing to 192.168.1.10. This is because CNAME records should not be used where an IP address (A record) is required. Changing it to an A record ensures direct pointing to the correct IP.
TXT Record for DMARC: The TXT record must be changed to "v=dmarc ip4:192.168.1.10 include .com -all". This ensures proper configuration of DMARC (Domain-based Message Authentication, Reporting & Conformance) to include the correct IP address and the email service provider domain. DMARC: Ensuring the DMARC record is correctly set up helps in preventing email spoofing and phishing, aligning with email security best practices.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
RFC 7489: Domain-based Message Authentication, Reporting & Conformance (DMARC)
NIST Special Publication 800-45: Guidelines on Electronic Mail Security
D, B
Explanation:
The security engineer should modify the following to fix the email migration issues:
Email CNAME Record: The email CNAME record must be changed to a type A record pointing to 192.168.1.10. This is because CNAME records should not be used where an IP address (A record) is required. Changing it to an A record ensures direct pointing to the correct IP.
TXT Record for DMARC: The TXT record must be changed to "v=dmarc ip4:192.168.1.10 include .com -all". This ensures proper configuration of DMARC (Domain-based Message Authentication, Reporting & Conformance) to include the correct IP address and the email service provider domain. DMARC: Ensuring the DMARC record is correctly set up helps in preventing email spoofing and phishing, aligning with email security best practices.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
RFC 7489: Domain-based Message Authentication, Reporting & Conformance (DMARC)
NIST Special Publication 800-45: Guidelines on Electronic Mail Security