Special Summer Sale 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: clap70

CAS-005 CompTIA SecurityX Certification Exam Questions and Answers

Questions 4

Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment. Which of the following actions should be taken to address this requirement?

Options:

A.

Isolating the historian server for connections only from The SCADA environment

B.

Publishing the C$ share from SCADA to the enterprise

C.

Deploying a screened subnet between 11 and SCADA

D.

Adding the business workstations to the SCADA domain

Buy Now
Questions 5

A systems administrator wants to introduce a newly released feature for an internal application. The administrate docs not want to test the feature in the production environment. Which of the following locations is the best place to test the new feature?

Options:

A.

Staging environment

B.

Testing environment

C.

CI/CO pipeline

D.

Development environment

Buy Now
Questions 6

An organization is planning for disaster recovery and continuity of operations, and has noted the following relevant findings:

1. A natural disaster may disrupt operations at Site A, which would then cause an evacuation. Users are

unable to log into the domain from-their workstations after relocating to Site B.

2. A natural disaster may disrupt operations at Site A, which would then cause the pump room at Site B

to become inoperable.

3. A natural disaster may disrupt operations at Site A, which would then cause unreliable internet

connectivity at Site B due to route flapping.

INSTRUCTIONS

Match each relevant finding to the affected host by clicking on the host name and selecting the appropriate number.

For findings 1 and 2, select the items that should be replicated to Site B. For finding 3, select the item requiring configuration changes, then select the appropriate corrective action from the drop-down menu.

Options:

Buy Now
Questions 7

An analyst reviews a SIEM and generates the following report:

OnlyHOST002is authorized for internet traffic. Which of the following statements is accurate?

Options:

A.

The VM002 host is misconfigured and needs to be revised by the network team.

B.

The HOST002 host is under attack, and a security incident should be declared.

C.

The SIEM platform is reporting multiple false positives on the alerts.

D.

The network connection activity is unusual, and a network infection is highly possible.

Buy Now
Questions 8

An organization is implementing advanced security controls associated with the execution of software applications on corporate endpoints. The organization must implement a deny-all, permit-by-exception approach to software authorization for all systems regardless of OS. Which of the following should be implemented to meet these requirements?

Options:

A.

SELinux

B.

MDM

C.

XDR

D.

Block list

E.

Atomic execution

Buy Now
Questions 9

A security administrator needs to automate alerting. The server generates structured log files that need to be parsed to determine whether an alarm has been triggered Given the following code function:

Which of the following is most likely the log input that the code will parse?

A)

B)

C)

D)

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Buy Now
Questions 10

A systems engineer is configuring SSO for a business that will be using SaaS applications for its remote-only workforce. Privileged actions in SaaS applications must be allowed only from corporate mobile devices that meet minimum security requirements, but BYOD must also be permitted for other activity. Which of the following would best meet this objective?

Options:

A.

Block any connections from outside the business's network security boundary.

B.

Install machine certificates on corporate devices and perform checks against the clients.

C.

Configure device attestations and continuous authorization controls.

D.

Deploy application protection policies using a corporate, cloud-based MDM solution.

Buy Now
Questions 11

A company hosts a platform-as-a-service solution with a web-based front end, through which customer interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks. Which of the following most directly supports the administrator's objective'

Options:

A.

improving security dashboard visualization on SIEM

B.

Rotating API access and authorization keys every two months

C.

Implementing application toad balancing and cross-region availability

D.

Creating WAF policies for relevant programming languages

Buy Now
Questions 12

Which of the following is the security engineer most likely doing?

Options:

A.

Assessing log in activities using geolocation to tune impossible Travel rate alerts

B.

Reporting on remote log-in activities to track team metrics

C.

Threat hunting for suspicious activity from an insider threat

D.

Baselining user behavior to support advanced analytics

Buy Now
Questions 13

Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

Options:

A.

Securing data transfer between hospitals

B.

Providing for non-repudiation data

C.

Reducing liability from identity theft

D.

Protecting privacy while supporting portability.

Buy Now
Questions 14

A security engineer is given the following requirements:

• An endpoint must only execute Internally signed applications

• Administrator accounts cannot install unauthorized software.

• Attempts to run unauthorized software must be logged

Which of the following best meets these requirements?

Options:

A.

Maintaining appropriate account access through directory management and controls

B.

Implementing a CSPM platform to monitor updates being pushed to applications

C.

Deploying an EDR solution to monitor and respond to software installation attempts

D.

Configuring application control with blocked hashes and enterprise-trusted root certificates

Buy Now
Questions 15

After a penetration test on the internal network, the following report was generated:

Attack Target Result

Compromised host ADMIN01S.CORP.LOCAL Successful

Hash collected KRBTGT.CORP.LOCAL Successful

Hash collected SQLSV.CORP.LOCAL Successful

Pass the hash SQLSV.CORP.LOCAL Failed

Domain control CORP.LOCAL Successful

Which of the following should be recommended to remediate the attack?

Options:

A.

Deleting SQLSV

B.

Reimaging ADMIN01S

C.

Rotating KRBTGT password

D.

Resetting the local domain

Buy Now
Questions 16

During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.

INSTRUCTIONS

Review each of the events and select the appropriate analysis and remediation options for each IoC.

Options:

Buy Now
Questions 17

A security analyst reviews the following report:

Which of the following assessments is the analyst performing?

Options:

A.

System

B.

Supply chain

C.

Quantitative

D.

Organizational

Buy Now
Questions 18

A senior security engineer flags me following log file snippet as hawing likely facilitated an attacker's lateral movement in a recent breach:

Which of the following solutions, if implemented, would mitigate the nsk of this issue reoccurnnp?

Options:

A.

Disabling DNS zone transfers

B.

Restricting DNS traffic to UDP'W

C.

Implementing DNS masking on internal servers

D.

Permitting only clients from internal networks to query DNS

Buy Now
Questions 19

You are a security analyst tasked with interpreting an Nmap scan output from company’s privileged network.

The company’s hardening guidelines indicate the following:

There should be one primary server or service per device.

Only default ports should be used.

Non-secure protocols should be disabled.

INSTRUCTIONS

Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.

For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:

The IP address of the device

The primary server or service of the device (Note that each IP should by associated with one service/port only)

The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines)

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Options:

Buy Now
Questions 20

A security analyst is troubleshooting the reason a specific user is having difficulty accessing company resources The analyst reviews the following information:

Which of the following is most likely the cause of the issue?

Options:

A.

The local network access has been configured to bypass MFA requirements.

B.

A network geolocation is being misidentified by the authentication server

C.

Administrator access from an alternate location is blocked by company policy

D.

Several users have not configured their mobile devices to receive OTP codes

Buy Now
Questions 21

A company that uses several cloud applications wants to properly identify:

    All the devices potentially affected by a given vulnerability.

    All the internal servers utilizing the same physical switch.

    The number of endpoints using a particular operating system.Which of the following is the best way to meet the requirements?

Options:

A.

SBoM

B.

CASB

C.

GRC

D.

CMDB

Buy Now
Questions 22

A security architect wants to develop a baseline of security configurations These configurations automatically will be utilized machine is created Which of the following technologies should the security architect deploy to accomplish this goal?

Options:

A.

Short

B.

GASB

C.

Ansible

D.

CMDB

Buy Now
Questions 23

Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?

Options:

A.

Incomplete mathematical primitives

B.

No use cases to drive adoption

C.

Quantum computers not yet capable

D.

insufficient coprocessor support

Buy Now
Questions 24

Embedded malware has been discovered in a popular PDF reader application and is currently being exploited in the wild. Because the supply chain was compromised, this malware is present in versions 10.0 through 10.3 of the software's official versions. The malware is not present in version 10.4.

Since the details around this malware are still emerging, the Chief Information Security Officer has asked the senior security analyst to collaborate with the IT asset inventory manager to find instances of the installed software in order to begin response activities. The asset inventory manager has asked an analyst to provide a regular expression that will identify the affected versions. The software installation entries are formatted as follows:

Reader 10.0

Reader 10.1

Reader 10.2

Reader 10.3

Reader 10.4

Which of the following regular expression entries will accurately identify all the affected versions?

Options:

A.

Reader(*)[1][0].[0-4:

B.

Reader[11[01X.f0-3'

C.

Reader( )[1][0].[0-3:

D.

Reader( )[1][0] X.[1-3:

Buy Now
Questions 25

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the least amount of downtime. Which of the following should the analyst perform?

Options:

A.

Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.

B.

Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.

C.

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

D.

Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.

Buy Now
Questions 26

An organization is required to

* Respond to internal and external inquiries in a timely manner

* Provide transparency.

* Comply with regulatory requirements

The organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?

Options:

A.

Outsourcing the handling of necessary regulatory filing to an external consultant

B.

Integrating automated response mechanisms into the data subject access request process

C.

Developing communication templates that have been vetted by internal and external counsel

D.

Conducting lessons-learned activities and integrating observations into the crisis management plan

Buy Now
Questions 27

Previously intercepted communications must remain secure even if a current encryption key is compromised in the future. Which of the following best supports this requirement?

Options:

A.

Tokenization

B.

Key stretching

C.

Forward secrecy

D.

Simultaneous authentication of equals

Buy Now
Questions 28

A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password Which of the following models should the company implement to b«st solve this issue?

Options:

A.

Rule based

B.

Time-based

C.

Role based

D.

Context-based

Buy Now
Questions 29

A senior security engineer flags the following log file snippet as having likely facilitated an attacker’s lateral movement in a recent breach:

qry_source: 19.27.214.22 TCP/53

qry_dest: 199.105.22.13 TCP/53

qry_type: AXFR

| in comptia.org

------------ directoryserver1 A 10.80.8.10

------------ directoryserver2 A 10.80.8.11

------------ directoryserver3 A 10.80.8.12

------------ internal-dns A 10.80.9.1

----------- www-int A 10.80.9.3

------------ fshare A 10.80.9.4

------------ sip A 10.80.9.5

------------ msn-crit-apcs A 10.81.22.33

Which of the following solutions, if implemented, would mitigate the risk of this issue reoccurring?

Options:

A.

Disabling DNS zone transfers

B.

Restricting DNS traffic to UDP/53

C.

Implementing DNS masking on internal servers

D.

Permitting only clients from internal networks to query DNS

Buy Now
Questions 30

A security configure is building a solution to disable weak CBC configuration for remote access connections lo Linux systems. Which of the following should the security engineer modify?

Options:

A.

The /etc/openssl.conf file, updating the virtual site parameter

B.

The /etc/nsswith.conf file, updating the name server

C.

The /etc/hosts file, updating the IP parameter

D.

The /etc/etc/sshd, configure file updating the ciphers

Buy Now
Questions 31

A company's SICM Is continuously reporting false positives and false negatives The security operations team has Implemented configuration changes to troubleshoot possible reporting errors Which of the following sources of information best supports the required analysts process? (Select two).

Options:

A.

Third-party reports and logs

B.

Trends

C.

Dashboards

D.

Alert failures

E.

Network traffic summaries

F.

Manual review processes

Buy Now
Questions 32

While reviewing recent modem reports, a security officer discovers that several employees were contacted by the same individual who impersonated a recruiter. Which of the following best describes this type of correlation?

Options:

A.

Spear-phishing campaign

B.

Threat modeling

C.

Red team assessment

D.

Attack pattern analysis

Buy Now
Questions 33

A security architect must make sure that the least number of services as possible is exposed in order to limit an adversary's ability to access the systems. Which of the following should the architect do first?

Options:

A.

Enforce Secure Boot.

B.

Perform attack surface reduction.

C.

Disable third-party integrations.

D.

Limit access to the systems.

Buy Now
Questions 34

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack. Which of the following is the next step of the incident response plan?

Options:

A.

Remediation

B.

Containment

C.

Response

D.

Recovery

Buy Now
Questions 35

After an incident occurred, a team reported during the lessons-learned review that the team.

* Lost important Information for further analysis.

* Did not utilize the chain of communication

* Did not follow the right steps for a proper response

Which of the following solutions is the best way to address these findinds?

Options:

A.

Requesting budget for better forensic tools to Improve technical capabilities for Incident response operations

B.

Building playbooks for different scenarios and performing regular table-top exercises

C.

Requiring professional incident response certifications tor each new team member

D.

Publishing the incident response policy and enforcing it as part of the security awareness program

Buy Now
Questions 36

The identity and access management team is sending logs to the SIEM for continuous monitoring. The deployed log collector is forwarding logs to

the SIEM. However, only false positive alerts are being generated. Which of the following is the most likely reason for the inaccurate alerts?

Options:

A.

The compute resources are insufficient to support the SIEM

B.

The SIEM indexes are 100 large

C.

The data is not being properly parsed

D.

The retention policy is not property configured

Buy Now
Questions 37

A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic. Which of the following should the analyst use to determine whether the requests are malicious?

Options:

A.

User-agent string

B.

Byte length of the request

C.

Web application headers

D.

HTML encoding field

Buy Now
Questions 38

A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP Which of the following is me b»« way to reduce the risk oi reoccurrence?

Options:

A.

Enforcing allow lists for authorized network pons and protocols

B.

Measuring and attesting to the entire boot chum

C.

Rolling the cryptographic keys used for hardware security modules

D.

Using code signing to verify the source of OS updates

Buy Now
Questions 39

A security analyst is reviewing the following authentication logs:

Which of the following should the analyst do first?

Options:

A.

Disable User2's account

B.

Disable User12's account

C.

Disable User8's account

D.

Disable User1's account

Buy Now
Questions 40

A company's security policy states that any publicly available server must be patched within 12 hours after a patch is released A recent llS zero-day vulnerability was discovered that affects all versions of the Windows Server OS:

Which of the following hosts should a security analyst patch first once a patch is available?

Options:

A.

1

B.

2

C.

3

D.

4

E.

5

F.

6

Buy Now
Questions 41

A company must build and deploy security standards for all servers in its on-premises and cloud environments based on hardening guidelines. Which of the following solutions most likely meets the requirements?

Options:

A.

Develop a security baseline to integrate with the vulnerability scanning platform to alert about any server not aligned with the new security standards.

B.

Create baseline images for each OS in use, following security standards, and integrate the images into the patching and deployment solution.

C.

Build all new images from scratch, installing only needed applications and modules in accordance with the new security standards.

D.

Run a script during server deployment to remove all the unnecessary applications as part of provisioning.

Buy Now
Questions 42

A systems administrator wants to use existing resources to automate reporting from disparate security appliances that do not currently communicate. Which of the following is the best way to meet this objective?

Options:

A.

Configuring an API Integration to aggregate the different data sets

B.

Combining back-end application storage into a single, relational database

C.

Purchasing and deploying commercial off the shelf aggregation software

D.

Migrating application usage logs to on-premises storage

Buy Now
Questions 43

A security engineer must resolve a vulnerability in a deprecated version of Python for a custom-developed flight simul-ation application that is monitored and controlled remotely. The source code is proprietary and built with Python functions running on the Ubuntu operating system. Version control is not enabled for the application in development or production. However, the application must remain online in the production environment using built-in features. Which of the following solutions best reduces the attack surface of these issues and meets the outlined requirements?

Options:

A.

Configure code-signing within the CI/CD pipeline, update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.

B.

Enable branch protection in the GitHub repository. Update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.

C.

Use an NFS network share. Update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.

D.

Configure version designation within the Python interpreter. Update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.

Buy Now
Questions 44

A security officer performs due diligence activities before implementing a third-party solution into the enterprise environment. The security officer needs evidence from the third party that a data subject access request handling process is in place. Which of the following is the security officer most likely seeking to maintain compliance?

Options:

A.

Information security standards

B.

E-discovery requirements

C.

Privacy regulations

D.

Certification requirements

E.

Reporting frameworks

Buy Now
Questions 45

An organization currently has IDS, firewall, and DLP systems in place. The systems administrator needs to integrate the tools in the environment to reduce response time. Which of the following should the administrator use?

Options:

A.

SOAR

B.

CWPP

C.

XCCDF

D.

CMDB

Buy Now
Questions 46

After an incident response exercise, a security administrator reviews the following table:

Which of the following should the administrator do to beat support rapid incident response in the future?

Options:

A.

Automate alerting to IT support for phone system outages.

B.

Enable dashboards for service status monitoring

C.

Send emails for failed log-In attempts on the public website

D.

Configure automated Isolation of human resources systems

Buy Now
Questions 47

A developer needs to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module. Which of the following is the most appropriate technique?

Options:

A.

Key splitting

B.

Key escrow

C.

Key rotation

D.

Key encryption

E.

Key stretching

Buy Now
Questions 48

A company wants to improve and automate the compliance of its cloud environments to meet industry standards. Which of the following resources should the company use to best achieve this goal?

Options:

A.

Jenkins

B.

Python

C.

Ansible

D.

PowerShell

Buy Now
Questions 49

A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following:

    An administrator’s account was hijacked and used on several Autonomous System Numbers within 30 minutes.

    All administrators use named accounts that require multifactor authentication.

    Single sign-on is used for all company applications.Which of the following should the security architect do to mitigate the issue?

Options:

A.

Configure token theft detection on the single sign-on system with automatic account lockouts.

B.

Enable context-based authentication when network locations change on administrator login attempts.

C.

Decentralize administrator accounts and force unique passwords for each application.

D.

Enforce biometric authentication requirements for the administrator’s named accounts.

Buy Now
Questions 50

A software company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application Which of the following is the most likely cause of the alerts?

Options:

A.

Misconfigured code commit

B.

Unsecure bundled libraries

C.

Invalid code signing certificate

D.

Data leakage

Buy Now
Questions 51

A company is having issues with its vulnerability management program New devices/lPs are added and dropped regularly, making the vulnerability report inconsistent Which of the following actions should the company lake to most likely improve the vulnerability management process'

Options:

A.

Request a weekly report with all new assets deployed and decommissioned

B.

Extend the DHCP lease lime to allow the devices to remain with the same address for a longer period.

C.

Implement a shadow IT detection process to avoid rogue devices on the network

D.

Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool

Buy Now
Questions 52

A financial services organization is using Al lo fully automate the process of deciding client loan rates Which of the following should the organization be most concerned about from a privacy perspective?

Options:

A.

Model explainability

B.

Credential Theft

C.

Possible prompt Injections

D.

Exposure to social engineering

Buy Now
Questions 53

An engineering team determines the cost to mitigate certain risks is higher than the asset values The team must ensure the risks are prioritized appropriately. Which of the following is the best way to address the issue?

Options:

A.

Data labeling

B.

Branch protection

C.

Vulnerability assessments

D.

Purchasing insurance

Buy Now
Questions 54

A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Select three).

Options:

A.

Temporal

B.

Availability

C.

Integrity

D.

Confidentiality

E.

Base

F.

Environmental

G.

Impact

Buy Now
Questions 55

A company wants to protect against the most common attacks and rapidly integrate with different programming languages. Which of the following technologies is most likely to meet this need?

Options:

A.

RASP

B.

Cloud-based IDE

C.

DAST

D.

NIPS

Buy Now
Questions 56

A company lined an email service provider called my-email.com to deliver company emails. The company stalled having several issues during the migration. A security engineer is troubleshooting and observes the following configuration snippet:

Which of the following should the security engineer modify to fix the issue? (Select two).

Options:

A.

The email CNAME record must be changed to a type A record pointing to 192.168.111

B.

The TXT record must be Changed to "v=dmarc ip4:192.168.1.10 include:my-email.com -all"

C.

The srvo1 A record must be changed to a type CNAME record pointing to the email server

D.

The email CNAME record must be changed to a type A record pointing to 192.168.1.10

E.

The TXT record must be changed to "v=dkim ip4:l92.168.1.11 include my-email.com -ell"

F.

The TXT record must be Changed to "v=dkim ip4:192.168.1.10 include:email-all"

G.

The srv01 A record must be changed to a type CNAME record pointing to the web01 server

Buy Now
Exam Code: CAS-005
Exam Name: CompTIA SecurityX Certification Exam
Last Update: Apr 1, 2025
Questions: 187
CAS-005 pdf

CAS-005 PDF

$25.5  $84.99
CAS-005 Engine

CAS-005 Testing Engine

$30  $99.99
CAS-005 PDF + Engine

CAS-005 PDF + Testing Engine

$40.5  $134.99