• Home
  • Blogs
  • Free CompTIA CAS-005 Exam Questions & Answer from Training Expert Prep4away [Q203-Q218]

Free CompTIA CAS-005 Exam Questions & Answer from Training Expert Prep4away [Q203-Q218]

Share

Free CompTIA CAS-005 Exam Questions and Answer from Training Expert Prep4away

Top CompTIA CAS-005 Courses Online


CompTIA CAS-005 Exam Syllabus Topics:

TopicDetails
Topic 1
  • Security Architecture: This domain focuses on analyzing requirements to design resilient systems, including the configuration of firewalls and intrusion detection systems.
Topic 2
  • Security Operations: This domain is designed for CompTIA security architects and covers analyzing data to support monitoring and response activities, as well as assessing vulnerabilities and recommending solutions to reduce attack surfaces. Candidates will apply threat-hunting techniques and utilize threat intelligence concepts to enhance operational security.
Topic 3
  • Security Engineering: This section measures the skills of CompTIA security architects that involve troubleshooting common issues related to identity and access management (IAM) components within an enterprise environment. Candidates will analyze requirements to enhance endpoint and server security while implementing hardware security technologies. This domain also emphasizes the importance of advanced cryptographic concepts in securing systems.
Topic 4
  • Governance, Risk, and Compliance: This section of the exam measures the skills of CompTIA security architects that cover the implementation of governance components based on organizational security requirements, including developing policies, procedures, and standards. Candidates will learn about managing security programs, including awareness training on phishing and social engineering.

 

NEW QUESTION # 203
During a review of the email security solution, a security analyst collects the following information:

Which of the following is the best way to improve the email security solution on the email gateway?

  • A. Implementing a HIDS
  • B. Deploying sandboxing
  • C. Enabling allow lists
  • D. Configuring signature-based detection

Answer: B


NEW QUESTION # 204
An organization recently migrated data to a new file management system. The architect decides to use a discretionary authorization model on the new system. Which of the following best explains the architect's choice?

  • A. The data custodians were selected by business stakeholders to ensure backups of the file management system are maintained off site.
  • B. The permissions were not able to be migrated to the new system, and several stakeholders were made responsible for granting appropriate access.
  • C. The legacy file management system did not support modern authentication techniques despite the business requirements.
  • D. The responsibility of migrating data to the new file management system was outsourced to the vendor providing the platform.

Answer: B

Explanation:
Comprehensive and Detailed Explanation:
In a Discretionary Access Control (DAC) model, the data owner or an assigned stakeholder has the authority to determine who can access resources. SecurityX CAS-005 IAM objectives describe DAC as user- or owner-controlled, where permissions can be granted or revoked at the owner's discretion.
In this scenario, because permissions from the legacy system could not be migrated, multiple stakeholders were made responsible for assigning and managing access-matching the DAC model's characteristics.
* Option A relates to outsourcing, which does not define an access control model.
* Option C is about authentication limitations, unrelated to the choice of DAC.
* Option D describes backup responsibilities, which are operational tasks, not access control.


NEW QUESTION # 205
An analyst reviews a SIEM and generates the following report:

OnlyHOST002is authorized for internet traffic. Which of the following statements is accurate?

  • A. The SIEM platform is reporting multiple false positives on the alerts.
  • B. The HOST002 host is under attack, and a security incident should be declared.
  • C. The network connection activity is unusual, and a network infection is highly possible.
  • D. The VM002 host is misconfigured and needs to be revised by the network team.

Answer: C

Explanation:
Comprehensive and Detailed
Understanding the Security Event:
HOST002 is the only device authorized for internet traffic. However, theSIEM logs show that VM002 is making network connections to web.corp.local.
This indicatesunauthorized access, which could bea sign of lateral movement or network infection.
This is ared flagfor potential malware, unauthorized software, or a compromised host.
Why Option D is Correct:
Unusual network traffic patternsare often an indicator of acompromised system.
VM002 should not be communicating externally, but it is.
This suggests a possiblebreach or malware infectionattempting to communicate with a command-and-control (C2) server.
Why Other Options Are Incorrect:
A (Misconfiguration):While a misconfiguration could explain the unauthorized connections, the pattern of activity suggests something more malicious.
B (Security incident on HOST002):The issue is not with HOST002. The suspicious activity isfrom VM002.
C (False positives):The repeated pattern of unauthorized connections makes false positivesunlikely.
Reference:
CompTIASecurityX CAS-005 Official Study Guide:Chapter on SIEM & Incident Analysis MITRE ATT&CK Tactics:Lateral Movement & Network-based Attacks NIST 800-94:Guidelines for Network Intrusion Detection and Analysis


NEW QUESTION # 206
An administrator brings the company's fleet of mobile devices into its PKI in order to align device WLAN NAC configurations with existing workstations and laptops. Thousands of devices need to be reconfigured in a cost-effective, time-efficient, and secure manner. Which of the following actions best achieve this goal? (Select two)

  • A. Deploying clientAuth extended key usage certificate templates
  • B. Deploying netAuth extended key usage certificate templates
  • C. Submitting a CSR to the CA to obtain a single certificate that can be used across all devices
  • D. Configuring SCEP on the CA with an OTP for bulk device enrollment
  • E. Deploying serverAuth extended key usage certificate templates
  • F. Using the existing MDM solution to integrate with directory services for authentication and enrollment

Answer: D,F

Explanation:
For bulk PKI enrollment:
MDM integration with directory services streamlines certificate request and deployment per device, leveraging existing authentication methods.
Simple Certificate Enrollment Protocol (SCEP) with one-time passwords allows automated, secure, large-scale certificate issuance without manual CSR handling.
clientAuth templates are used for device authentication, but selecting it alone is insufficient without automated enrollment mechanisms.
A single certificate for all devices violates PKI security principles and compromises individual device accountability.


NEW QUESTION # 207
A security engineer is reviewing the results of an annual penetration test. The report lists one of the results as "critical severity" on several domain-joined workstations:
SSL/TLS Weak Protocols Supported TLS 1.0, TLS 1.1
Which of the following should the security engineer implement to remediate this finding in the most centralized manner?

  • A. An SCCM patch to disable weak protocols in the Schannel hive
  • B. A GPO to disable weak protocols in the Schannel hive
  • C. A registry script to disable weak protocols in the Schannel hive
  • D. A PowerShell script to disable weak protocols in the HKLM Schannel hive

Answer: B


NEW QUESTION # 208
A nation-state actor is exposed for attacking large corporations by establishing persistence in smaller companies that are likely to be acquired by these large corporations. The actor then provisions user accounts in the companies for use post-acquisition. Before an upcoming acquisition, a security officer conducts threat modeling with this attack vector. Which of the following practices is the best way to investigate this threat?

  • A. Restricting internet traffic originating from countries in which the nation-state actor is known to operate
  • B. Placing a hold on all information about corporate interest in acquisitions
  • C. Comparing all existing credentials to personnel and services
  • D. Auditing vendors to mitigate supply chain risk during the acquisition

Answer: C


NEW QUESTION # 209
A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:

Which of the following is the most appropriate action for the analyst to take?

  • A. Update the log configuration settings on the directory server that Is not being captured properly.
  • B. Have the admin account owner change their password to avoid credential stuffing.
  • C. Block employees from logging in to applications that are not part of their business area.
  • D. implement automation to disable accounts that nave been associated with high-risk activity.

Answer: D

Explanation:
The log-in activity indicates a security threat, particularly involving the ADMIN account with a high-risk failure status. This suggests that the account may be targeted by malicious activities such as credential stuffing or brute force attacks.
Updating log configuration settings (A) may help in better logging future activities but does not address the immediate threat.
Changing the admin account password (B) is a good practice but may not fully mitigate the ongoing threat if the account has already been compromised.
Blocking employees (C) from logging into non-business applications might help in reducing attack surfaces but doesn't directly address the compromised account issue.
Implementing automation to disable accounts associated with high-risk activities ensures an immediate response to the detected threat, preventing further unauthorized access and allowing time for thorough investigation and remediation.


NEW QUESTION # 210
Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process. Which of the following is the best strategy for the engineer to use?

  • A. Employing shielding lo prevent LMI
  • B. Managing secrets on the vTPM hardware
  • C. Managing key material on a HSM
  • D. Disabling the BIOS and moving to UEFI

Answer: C

Explanation:
The best strategy for securely managing cryptographic material is to use a Hardware Security Module (HSM).
Here's why:
* Security and Integrity: HSMs are specialized hardware devices designed to protect and manage digital keys. They provide high levels of physical and logical security, ensuring that cryptographic material is well protected against tampering and unauthorized access.
* Centralized Key Management: Using HSMs allows for centralized management of cryptographic keys, reducing the risks associated with decentralized and potentially insecure key storage practices, such as on personal laptops.
* Compliance and Best Practices: HSMs comply with various industry standards and regulations (such as FIPS 140-2) for secure key management. This ensures that the organization adheres to best practices and meets compliance requirements.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-57: Recommendation for Key Management
* ISO/IEC 19790:2012: Information Technology - Security Techniques - Security Requirements for Cryptographic Modules


NEW QUESTION # 211
An organization recently implemented a purchasing freeze that has impacted endpoint life-cycle management efforts. Which of the following should a security manager do to reduce risk without replacing the endpoints?

  • A. Reimage the system
  • B. Dispose of end-of-support devices
  • C. Deploy EDR
  • D. Remove unneeded services

Answer: D

Explanation:
Removing unnecessary services from existing endpoints reduces the attack surface by minimizing the number of potential vulnerabilities attackers could exploit. This is a cost-effective method to harden devices without requiring new purchases, aligning perfectly with a purchasing freeze. Deploying new EDR solutions or disposing of devices would likely conflict with the resource freeze, and reimaging systems does not address minimizing services proactively.


NEW QUESTION # 212
A global manufacturing company has an internal application mat is critical to making products This application cannot be updated and must Be available in the production area A security architect is implementing security for the application. Which of the following best describes the action the architect should take-?

  • A. Create an acceptable use policy for the use of the application
  • B. Create a separate network for users who need access to the application
  • C. Disallow wireless access to the application.
  • D. Deploy Intrusion detection capabilities using a network tap

Answer: B

Explanation:
Creating a separate network for users who need access to the application is the best action to secure an internal application that is critical to the production area and cannot be updated.
Why Separate Network?
* Network Segmentation: Isolates the critical application from the rest of the network, reducing the risk of compromise and limiting the potential impact of any security incidents.
* Controlled Access: Ensures that only authorized users have access to the application, enhancing security and reducing the attack surface.
* Minimized Risk: Segmentation helps in protecting the application from vulnerabilities that could be exploited from other parts of the network.
Other options, while beneficial, do not provide the same level of security for a critical application:
* A. Disallow wireless access: Useful but does not provide comprehensive protection.
* B. Deploy intrusion detection capabilities using a network tap: Enhances monitoring but does not provide the same level of isolation and control.
* C. Create an acceptable use policy: Important for governance but does not provide technical security controls.
References:
* CompTIA SecurityX Study Guide
* NIST Special Publication 800-125, "Guide to Security for Full Virtualization Technologies"
* "Network Segmentation Best Practices," Cisco Documentation


NEW QUESTION # 213
A company is developing an application that will be used to perform e-commerce transactions for a subscription-based service. The application must be able to use previously saved payment methods to perform recurring transactions. Which of the following is the most appropriate?

  • A. Token-based access for application users
  • B. Address space layout randomization
  • C. NX/XN Implementation to minimize data retention
  • D. Self-encrypting disks with field-level encryption
  • E. Tokenization through an HSM

Answer: E

Explanation:
trying to connect a remote site to the central
Tokenization through an HSM (Hardware Security Module) is the most appropriate solution for securely storing and using previously saved payment methods for recurring transactions.
Tokenization replaces sensitive data (like credit card numbers) with a token, which is a non- sensitive equivalent that cannot be reversed without the corresponding HSM. This ensures that sensitive payment information is never stored in an accessible format and protects customer data from breaches while still enabling the application to perform transactions.


NEW QUESTION # 214
A security engineer must resolve a vulnerability in a deprecated version of Python for a custom-developed flight simulation application that is monitored and controlled remotely. The source code is proprietary and built with Python functions running on the Ubuntu operating system. Version control is not enabled for the application in development or production. However, the application must remain online in the production environment using built-in features. Which of the following solutions best reduces the attack surface of these issues and meets the outlined requirements?

  • A. Configure version designation within the Python interpreter. Update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.
  • B. Code-signing within the CI/CD pipeline ensures that only verified and signed code is deployed, mitigating the risk of supply chain attacks. Updating Python with aptitude and updating modules with pip ensures vulnerabilities are patched. Deploying the solution to production after testing maintains application availability while securing the development lifecycle.
    Branch protection (B) applies only to version-controlled environments, which is not the case here.
    NFS network share (C) does not address the deprecated Python vulnerability.
    Version designation (D) does not eliminate security risks from outdated dependencies.
  • C. Enable branch protection in the GitHub repository. Update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.
  • D. Configure code-signing within the CI/CD pipeline, update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.
  • E. Use an NFS network share. Update Python with aptitude, and update modules with pip in a test environment. Deploy the solution to production.

Answer: B


NEW QUESTION # 215
SIMULATION
[Security Engineering and Cryptography]
An IPSec solution is being deployed. The configuration files for both the VPN concentrator and the AAA server are shown in the diagram.
Complete the configuration files to meet the following requirements:
* The EAP method must use mutual certificate-based authentication (With issued client certificates).
* The IKEv2 Cipher suite must be configured to the MOST secure
authenticated mode of operation,
* The secret must contain at least one uppercase character, one lowercase character, one numeric character, and one special character, and it must meet a minimumlength requirement of eight characters, INSTRUCTIONS Click on the AAA server and VPN concentrator to complete the configuration.
Fill in the appropriate fields and make selections from the drop-down menus.

VPN Concentrator:

AAA Server:

Answer:

Explanation:
See the solution below in Explanation
Explanation:
VPN Concentrator:

AAA Server:


NEW QUESTION # 216
A security analyst is reviewing the following event timeline from an COR solution:

Which of the following most likely has occurred and needs to be fixed?

  • A. The DlP has failed to block malicious exfiltration and data tagging is not being utilized property
  • B. A logic law has introduced a TOCTOU vulnerability and must be addressed by the COR vendor
  • C. A potential insider threat is being investigated and will be addressed by the senior management team.
  • D. An EDR bypass was utilized by a threat actor and updates must be installed by the administrator.

Answer: B

Explanation:
The event timeline indicates a sequence where a file (hr-reporting.docx) was saved, scanned, executed, and eventually found to contain malware. The critical issue here is that the malware scan completed after the file was already executed. This suggests a Time-Of-Check to Time-Of- Use (TOCTOU) vulnerability, where the state of the file changed between the time it was checked and the time it was used.


NEW QUESTION # 217
The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep.
Which of the following solutions are the best ways to mitigate this issue? (Select two).
Setting different access controls defined by business area

  • A. Establishing a mandatory vacation policy
  • B. Requiring periodic job rotation
  • C. Designing a least-needed privilege policy
  • D. Performing periodic access reviews
  • E. Implementing a role-based access policy

Answer: D,E

Explanation:
To mitigate the issue of excessive permissions and privilege creep, the best solutions are:
* Implementing a Role-Based Access Policy:
* Role-Based Access Control (RBAC): This policy ensures that access permissions are granted based on the user's role within the organization, aligning with the principle of least privilege.
Users are only granted access necessary for their role, reducing the risk of excessive permissions.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations
* Performing Periodic Access Reviews:
* Regular Audits: Periodic access reviews help identify and rectify instances of privilege creep by ensuring that users' access permissions are appropriate for their current roles. These reviews can highlight unnecessary or outdated permissions, allowing for timely adjustments.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* ISO/IEC 27001:2013 - Information Security Management


NEW QUESTION # 218
......

New (2026) CompTIA CAS-005 Exam Dumps: https://www.prep4away.com/CompTIA-certification/braindumps.CAS-005.ete.file.html

CAS-005 Practice Dumps - Verified By Prep4away Updated 530 Questions: https://drive.google.com/open?id=1SGiJO3LNkkpl8o_srutMtTsvahjp6qPK

Related Blogs

more
CompTIA CAS-005 Certification Practice Exam