Weekend Special 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: exams65

ExamsBrite Dumps

CompTIA SecurityX Certification Exam Question and Answers

CompTIA SecurityX Certification Exam

Last Update Feb 14, 2025
Total Questions : 136

We are offering FREE CAS-005 CompTIA exam questions. All you do is to just go and sign up. Give your details, prepare CAS-005 free exam questions and then go for complete pool of CompTIA SecurityX Certification Exam test questions that will help you more.

CAS-005 pdf

CAS-005 PDF

$36.75  $104.99
CAS-005 Engine

CAS-005 Testing Engine

$43.75  $124.99
CAS-005 PDF + Engine

CAS-005 PDF + Testing Engine

$57.75  $164.99
Questions 1

A security analyst wants to use lessons learned from a poor incident response to reduce dwell lime in the future The analyst is using the following data points

Which of the following would the analyst most likely recommend?

Options:

A.  

Adjusting the SIEM to alert on attempts to visit phishing sites

B.  

Allowing TRACE method traffic to enable better log correlation

C.  

Enabling alerting on all suspicious administrator behavior

D.  

utilizing allow lists on the WAF for all users using GFT methods

Discussion 0
Questions 2

An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry Which of the following should the security analyst use to perform threat modeling?

Options:

A.  

ATT&CK

B.  

OWASP

C.  

CAPEC

D.  

STRIDE

Discussion 0
Questions 3

During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.

INSTRUCTIONS

Review each of the events and select the appropriate analysis and remediation options for each IoC.

Options:

Discussion 0
Questions 4

A systems engineer is configuring a system baseline for servers that will provide email services. As part of the architecture design, the engineer needs to improve performance of the systems by using an access vector cache, facilitating mandatory access control and protecting against:

• Unauthorized reading and modification of data and programs

• Bypassing application security mechanisms

• Privilege escalation

• interference with other processes

Which of the following is the most appropriate for the engineer to deploy?

Options:

A.  

SELinux

B.  

Privileged access management

C.  

Self-encrypting disks

D.  

NIPS

Discussion 0
Questions 5

A security engineer is given the following requirements:

• An endpoint must only execute Internally signed applications

• Administrator accounts cannot install unauthorized software.

• Attempts to run unauthorized software must be logged

Which of the following best meets these requirements?

Options:

A.  

Maintaining appropriate account access through directory management and controls

B.  

Implementing a CSPM platform to monitor updates being pushed to applications

C.  

Deploying an EDR solution to monitor and respond to software installation attempts

D.  

Configuring application control with blocked hashes and enterprise-trusted root certificates

Discussion 0
Questions 6

A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors Which of the following is the most relevant to the DevSecOps team's task'

Options:

A.  

Static application security testing

B.  

Software composition analysis

C.  

Runtime application self-protection

D.  

Web application vulnerability scanning

Discussion 0
Questions 7

A security analyst Detected unusual network traffic related to program updating processes The analyst collected artifacts from compromised user workstations. The discovered artifacts were binary files with the same name as existing, valid binaries but. with different hashes which of the following solutions would most likely prevent this situation from reoccurring?

Options:

A.  

Improving patching processes

B.  

Implementing digital signature

C.  

Performing manual updates via USB ports

D.  

Allowing only dies from internal sources

Discussion 0
Questions 8

An organization wants to manage specialized endpoints and needs a solution that provides the ability to

* Centrally manage configurations

* Push policies.

• Remotely wipe devices

• Maintain asset inventory

Which of the following should the organization do to best meet these requirements?

Options:

A.  

Use a configuration management database

B.  

Implement a mobile device management solution.

C.  

Configure contextual policy management

D.  

Deploy a software asset manager

Discussion 0
Questions 9

A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution Which of the following most likely explains the choice to use a proxy-based CASB?

Options:

A.  

The capability to block unapproved applications and services is possible

B.  

Privacy compliance obligations are bypassed when using a user-based deployment.

C.  

Protecting and regularly rotating API secret keys requires a significant time commitment

D.  

Corporate devices cannot receive certificates when not connected to on-premises devices

Discussion 0
Questions 10

A cybersecurity architect is reviewing the detection and monitoring capabilities for a global company that recently made multiple acquisitions. The architect discovers that the acquired companies use different vendors for detection and monitoring The architect's goal is to:

• Create a collection of use cases to help detect known threats

• Include those use cases in a centralized library for use across all of the companies

Which of the following is the best way to achieve this goal?

Options:

A.  

Sigma rules

B.  

Ariel Query Language

C.  

UBA rules and use cases

D.  

TAXII/STIX library

Discussion 0
Questions 11

A company that relies on an COL system must keep it operating until a new solution is available Which of the following is the most secure way to meet this goal?

Options:

A.  

Isolating the system and enforcing firewall rules to allow access to only required endpoints

B.  

Enforcing strong credentials and improving monitoring capabilities

C.  

Restricting system access to perform necessary maintenance by the IT team

D.  

Placing the system in a screened subnet and blocking access from internal resources

Discussion 0
Questions 12

A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP Which of the following is me b»« way to reduce the risk oi reoccurrence?

Options:

A.  

Enforcing allow lists for authorized network pons and protocols

B.  

Measuring and attesting to the entire boot chum

C.  

Rolling the cryptographic keys used for hardware security modules

D.  

Using code signing to verify the source of OS updates

Discussion 0
Questions 13

A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin. Which of the following best describes the cyberthreat to the bank?

Options:

A.  

Ability to obtain components during wartime

B.  

Fragility and other availability attacks

C.  

Physical Implants and tampering

D.  

Non-conformance to accepted manufacturing standards

Discussion 0
Questions 14

An organization mat performs real-time financial processing is implementing a new backup solution Given the following business requirements?

* The backup solution must reduce the risk for potential backup compromise

* The backup solution must be resilient to a ransomware attack.

* The time to restore from backups is less important than the backup data integrity

* Multiple copies of production data must be maintained

Which of the following backup strategies best meets these requirement?

Options:

A.  

Creating a secondary, immutable storage array and updating it with live data on a continuous basis

B.  

Utilizing two connected storage arrays and ensuring the arrays constantly sync

C.  

Enabling remote journaling on the databases to ensure real-time transactions are mirrored

D.  

Setting up antitempering on the databases to ensure data cannot be changed unintentionally

Discussion 0
Questions 15

A company detects suspicious activity associated with external connections Security detection tools are unable to categorize this activity. Which of the following is the best solution to help the company overcome this challenge?

Options:

A.  

Implement an Interactive honeypot

B.  

Map network traffic to known loCs.

C.  

Monitor the dark web

D.  

implement UEBA

Discussion 0
Questions 16

All organization is concerned about insider threats from employees who have individual access to encrypted material. Which of the following techniques best addresses this issue?

Options:

A.  

SSO with MFA

B.  

Sating and hashing

C.  

Account federation with hardware tokens

D.  

SAE

E.  

Key splitting

Discussion 0
Questions 17

A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries Which of the following should the organization most likely leverage to facilitate this activity? (Select two).

Options:

A.  

CWPP

B.  

YAKA

C.  

ATTACK

D.  

STIX

E.  

TAXII

F.  

JTAG

Discussion 0
Questions 18

Third parties notified a company's security team about vulnerabilities in the company's application. The security team determined these vulnerabilities were previously disclosed in third-party libraries. Which of the following solutions best addresses the reported vulnerabilities?

Options:

A.  

Using laC to include the newest dependencies

B.  

Creating a bug bounty program

C.  

Implementing a continuous security assessment program

D.  

Integrating a SASI tool as part of the pipeline

Discussion 0
Questions 19

A company wants to use loT devices to manage and monitor thermostats at all facilities The thermostats must receive vendor security updates and limit access to other devices within the organization Which of the following best addresses the company's requirements''

Options:

A.  

Only allowing Internet access to a set of specific domains

B.  

Operating lot devices on a separate network with no access to other devices internally

C.  

Only allowing operation for loT devices during a specified time window

D.  

Configuring IoT devices to always allow automatic updates

Discussion 0
Questions 20

After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation. Which of the following would the company most likely do to decrease this type of risk?

Options:

A.  

Improve firewall rules to avoid access to those platforms.

B.  

Implement a cloud-access security broker

C.  

Create SIEM rules to raise alerts for access to those platforms

D.  

Deploy an internet proxy that filters certain domains

Discussion 0
Questions 21

During a security assessment using an CDR solution, a security engineer generates the following report about the assets in me system:

After five days, the EDR console reports an infection on the host 0WIN23 by a remote access Trojan Which of the following is the most probable cause of the infection?

Options:

A.  

OW1N23 uses a legacy version of Windows that is not supported by the EDR

B.  

LN002 was not supported by the EDR solution and propagates the RAT

C.  

The EDR has an unknown vulnerability that was exploited by the attacker.

D.  

0W1N29 spreads the malware through other hosts in the network

Discussion 0
Questions 22

Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Select two).

Implementing DLP controls preventing sensitive data from leaving Company B's network

Options:

A.  

Documenting third-party connections used by Company B

B.  

Reviewing the privacy policies currently adopted by Company B

C.  

Requiring data sensitivity labeling tor all files shared with Company B

D.  

Forcing a password reset requiring more stringent passwords for users on Company B's network

E.  

Performing an architectural review of Company B's network

Discussion 0
Questions 23

Which of the following best explains the importance of determining organization risk appetite when operating with a constrained budget?

Options:

A.  

Risk appetite directly impacts acceptance of high-impact low-likelihood events.

B.  

Organizational risk appetite varies from organization to organization

C.  

Budgetary pressure drives risk mitigation planning in all companies

D.  

Risk appetite directly influences which breaches are disclosed publicly

Discussion 0
Questions 24

A security analyst needs to ensure email domains that send phishing attempts without previous communications are not delivered to mailboxes The following email headers are being reviewed

Which of the following is the best action for the security analyst to take?

Options:

A.  

Block messages from hr-saas.com because it is not a recognized domain.

B.  

Reroute all messages with unusual security warning notices to the IT administrator

C.  

Quarantine all messages with sales-mail.com in the email header

D.  

Block vendor com for repeated attempts to send suspicious messages

Discussion 0
Questions 25

A news organization wants to implement workflows that allow users to request that untruthful data be retraced and scrubbed from online publications to comply with the right to be forgotten Which of the following regulations is the organization most likely trying to address'

Options:

A.  

GDPR

B.  

COPPA

C.  

CCPA

D.  

DORA

Discussion 0
Questions 26

A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic. Which of the following should the analyst use to determine whether the requests are malicious?

Options:

A.  

User-agent string

B.  

Byte length of the request

C.  

Web application headers

D.  

HTML encoding field

Discussion 0
Questions 27

A network engineer must ensure that always-on VPN access is enabled Curt restricted to company assets Which of the following best describes what the engineer needs to do''

Options:

A.  

Generate device certificates using the specific template settings needed

B.  

Modify signing certificates in order to support IKE version 2

C.  

Create a wildcard certificate for connections from public networks

D.  

Add the VPN hostname as a SAN entry on the root certificate

Discussion 0
Questions 28

A security analyst is reviewing the following log:

Which of the following possible events should the security analyst investigate further?

Options:

A.  

A macro that was prevented from running

B.  

A text file containing passwords that were leaked

C.  

A malicious file that was run in this environment

D.  

A PDF that exposed sensitive information improperly

Discussion 0
Questions 29

Users are willing passwords on paper because of the number of passwords needed in an environment. Which of the following solutions is the best way to manage this situation and decrease risks?

Options:

A.  

Increasing password complexity to require 31 least 16 characters

B.  

implementing an SSO solution and integrating with applications

C.  

Requiring users to use an open-source password manager

D.  

Implementing an MFA solution to avoid reliance only on passwords

Discussion 0
Questions 30

A company's SICM Is continuously reporting false positives and false negatives The security operations team has Implemented configuration changes to troubleshoot possible reporting errors Which of the following sources of information best supports the required analysts process? (Select two).

Options:

A.  

Third-party reports and logs

B.  

Trends

C.  

Dashboards

D.  

Alert failures

E.  

Network traffic summaries

F.  

Manual review processes

Discussion 0
Questions 31

A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?

Options:

A.  

Dark web monitoring

B.  

Threat intelligence platform

C.  

Honeypots

D.  

Continuous adversary emulation

Discussion 0
Questions 32

Emails that the marketing department is sending to customers are pomp to the customers' spam folders. The security team is investigating the issue and discovers that the certificates used by the email server were reissued, but DNS records had not been updated. Which of the following should the security team update in order to fix this issue? (Select three.)

Options:

A.  

DMARC

B.  

SPF

C.  

DKIM

D.  

DNSSEC

E.  

SASC

F.  

SAN

G.  

SOA

Discussion 0
Questions 33

A security analyst is reviewing the following event timeline from an COR solution:

Which of the following most likely has occurred and needs to be fixed?

Options:

A.  

The Dl P has failed to block malicious exfiltration and data tagging is not being utilized property

B.  

An EDR bypass was utilized by a threat actor and updates must be installed by the administrator.

C.  

A logic law has introduced a TOCTOU vulnerability and must be addressed by the COR vendor

D.  

A potential insider threat is being investigated and will be addressed by the senior management team.

Discussion 0
Questions 34

A security analyst is troubleshooting the reason a specific user is having difficulty accessing company resources The analyst reviews the following information:

Which of the following is most likely the cause of the issue?

Options:

A.  

The local network access has been configured to bypass MFA requirements.

B.  

A network geolocation is being misidentified by the authentication server

C.  

Administrator access from an alternate location is blocked by company policy

D.  

Several users have not configured their mobile devices to receive OTP codes

Discussion 0
Questions 35

Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

Options:

A.  

Securing data transfer between hospitals

B.  

Providing for non-repudiation data

C.  

Reducing liability from identity theft

D.  

Protecting privacy while supporting portability.

Discussion 0