CompTIA CAS-005 Exam Practice Test Instant Access

Question 1

[Identity and Access Management (IAM)]

A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password Which of the following models should the company implement to bst solve this issue?

ARule based

BTime-based

CRole based

DContext-based

Answer : D

Context-based authentication enhances traditional security methods by incorporating additional layers of information about the user's current environment and behavior. This can include factors such as the user's location, the time of access, the device used, and the behavior patterns. It is particularly useful in preventing unauthorized access even if an attacker has obtained a valid password.

Rule-based (A) focuses on predefined rules and is less flexible in adapting to dynamic threats.

Time-based (B) authentication considers the time factor but doesn't provide comprehensive protection against stolen credentials.

Role-based (C) is more about access control based on the user's role within the organization rather than authenticating the user based on current context.

By implementing context-based authentication, the company can ensure that even if a password is compromised, the additional contextual factors required for access (which an attacker is unlikely to possess) provide a robust defense mechanism.

CompTIA SecurityX guide on authentication models and best practices.

NIST guidelines on authentication and identity proofing.

Analysis of multi-factor and adaptive authentication techniques.

Question 2

[Security Architecture]

Which of the following supports the process of collecting a large pool of behavioral observations to inform decision-making?

ALinear regression

BDistributed consensus

CBig Data

DMachine learning

Answer : C

Collecting a large pool of behavioral observations requires handling vast datasets, which is the domain ofBig Data. Big Data technologies enable the storage, processing, and analysis of large-scale data (e.g., user behavior logs) to inform decisions, a key capability in security analytics.

Option A:Linear regression is a statistical method for modeling relationships, not collecting data.

Option B:Distributed consensus relates to agreement in distributed systems (e.g., blockchain), not data collection.

Option C:Big Data directly supports collecting and analyzing large datasets for insights, fitting the question perfectly.

Option D:Machine learning uses data to train models but relies on data being collected first, often via Big Data.

Question 3

[Governance, Risk, and Compliance (GRC)]

A systems administrator works with engineers to process and address vulnerabilities as a result of continuous scanning activities. The primary challenge faced by the administrator is differentiating between valid and invalid findings. Which of the following would the systems administrator most likely verify is properly configured?

AReport retention time

BScanning credentials

CExploit definitions

DTesting cadence

Answer : B

When differentiating between valid and invalid findings from vulnerability scans, the systemsadministrator should verify that the scanning credentials are properly configured. Valid credentials ensure that the scanner can authenticate and access the systems being evaluated, providing accurate and comprehensive results. Without proper credentials, scans may miss vulnerabilities or generate false positives, making it difficult to prioritize and address the findings effectively.

CompTIA SecurityX Study Guide: Highlights the importance of using valid credentials for accurate vulnerability scanning.

'Vulnerability Management' by Park Foreman: Discusses the role of scanning credentials in obtaining accurate scan results and minimizing false positives.

'The Art of Network Security Monitoring' by Richard Bejtlich: Covers best practices for configuring and using vulnerability scanning tools, including the need for valid credentials.

Question 4

[Security Operations]

During a recentsecurity event, access from thenon-production environment to the production environmentenabledunauthorized usersto:

Installunapproved software

Makeunplanned configuration changes

During theinvestigation, the following findings were identified:

Several new users were added in bulkby theIAM team

Additionalfirewalls and routerswere recently added

Vulnerability assessmentshave been disabled formore than 30 days

Theapplication allow listhas not been modified intwo weeks

Logs were unavailablefor various types of traffic

Endpoints have not been patchedinover ten days

Which of the following actions would most likely need to be taken toensure proper monitoring?(Select two)

ADisable bulk user creationsby the IAM team

BExtend log retention for all security and network devices to180 daysfor all traffic

CReview the application allow listdaily

DRoutinely update allendpoints and network devicesas soon as new patches/hot fixes are available

EEnsure allnetwork and security devicesare sending relevant data to theSIEM

FConfigure firewall rules toonly allow production-to-non-productiontraffic

Answer : A, D, E

Comprehensive and Detailed

Understanding the Security Event:

Unauthorized usersgained access from non-production to production.

IAM policies were weak, allowingbulk user creation.

Vulnerability assessments were disabled, andpatching was delayed.

Logs were unavailable, making incident response difficult.

Why Options A, D, and E areCorrect:

A (Disable bulk user creation by IAM team) Prevents unauthorized mass user account creation, which could beexploited by attackers.

D (Routine updates for endpoints & network devices) Patch management ensuresvulnerabilities are not left open for attackers.

E (Ensure all security/network devices send logs to SIEM) Helps withreal-time monitoring and detection of unauthorized activities.

Why Other Options Are Incorrect:

B (180-day log retention) While log retention is good,real-time monitoring is the priority.

C (Review application allow list daily) Reviewing itdaily is impractical. Regular audits are better.

F (Restrict production-to-non-production traffic) The issue isunauthorized access, not traffic routing.

CompTIA SecurityX CAS-005 Official Study Guide:IAM, Patch Management & SIEM Logging Best Practices

NIST 800-53 (AC-2, AU-12):Audit Logging & Access Control

Question 5

[Security Architecture]

A security engineer is reviewing the following vulnerability scan report:

Which of the following should the engineer prioritize for remediation?

AApache HTTP Server

BOpenSSH

CGoogle Chrome

DMigration to TLS 1.3

Answer : B

OpenSSH vulnerabilityispublic facingand has acritical CVSS of 9.2.

Exploitable SSH services can lead to direct server compromise.

Although Apache has a higher score, it's internal.

FromCAS-005, Domain 3: Vulnerability Management:

''Prioritize external vulnerabilities with high CVSS and exposed attack surfaces.''

Question 6

[Security Architecture]

An organization hires a security consultant to establish a SOC that includes athreat-modeling function. During initial activities, the consultant works with system engineers to identify antipatterns within the environment. Which of the following is most critical for the engineers to disclose to the consultant during this phase?

AResults from the most recent infrastructure access review

BA listing of unpatchable IoT devices in use in the data center

CNetwork and data flow diagrams covering the production environment

DResults from the most recent software composition analysis

EA current inventory of cloud resources and SaaS products in use

Answer : C

In the context of establishing a Security Operations Center (SOC) with a threat-modeling function, it's crucial to understand how data flows within the organization's systems. Network and data flow diagrams provide a visual representation of the system's architecture, illustrating how data moves between components, which is essential for identifying potential security weaknesses and antipatterns. Antipatterns are common responses to recurring problems that are ineffective and risk-inducing. By analyzing these diagrams, the consultant can pinpoint areas where security controls may be lacking or misconfigured, thereby facilitating the development of effective threat models.

While other options like unpatchable IoT devices (Option B) and inventories of cloud resources (Option E) are important for comprehensive security assessments, they are more pertinent during later stages, such as vulnerability management and asset inventory. The initial phase of threat modeling focuses on understanding the system's structure and data flows to identify potential threats, making network and data flow diagrams the most critical information at this stage.

Question 7

[Security Architecture]

A user reports application access issues to the help desk. The help desk reviews the logs for the user

Which of the following is most likely The reason for the issue?

AThe userinadvertently tripped the impossible travel security rule in the SSO system.

BA threat actor has compromised the user's account and attempted to lop, m

CThe user is not allowed to access the human resources system outside of business hours

DThe user did not attempt to connect from an approved subnet

Answer : A

Based on the provided logs, the user has accessed various applications from different geographic locations within a very short timeframe. This pattern is indicative of the 'impossible travel' security rule, a common feature in Single Sign-On (SSO) systems designed to detect and prevent fraudulent access attempts.

Analysis of Logs:

At 8:47 p.m., the user accessed a VPN from Toronto.

At 8:48 p.m., the user accessed email from Los Angeles.

At 8:48 p.m., the user accessed the human resources system from Los Angeles.

At 8:49 p.m., the user accessed email again from Los Angeles.

At 8:52 p.m., the user attempted to access the human resources system from Toronto, which was denied.

These rapid changes in location are physically impossible and typically trigger security measures to prevent unauthorized access. The SSO system detected these inconsistencies and likely flagged the activity as suspicious, resulting in access denial.

CompTIA SecurityX Study Guide

NIST Special Publication 800-63B, 'Digital Identity Guidelines'

'Impossible Travel Detection,' Microsoft Documentation

CompTIA CAS-005 CompTIA SecurityX Certification Exam Practice Test