CompTIA CAS-005 CompTIA SecurityX Certification Exam Practice Test

Page: 1 / 14
Total 216 questions
Question 1

A global organization wants to manage all endpoint and user telemetry. The organization also needs to differentiate this data based on which office it is correlated to. Which of the following strategies best aligns with this goal?



Answer : B

Comprehensive and Detailed

Managing telemetry and differentiating it by office requires a way to categorize data. Let's evaluate:

A . Sensor placement: Useful for data collection but doesn't inherently differentiate by office.

B . Data labeling: Assigns metadata (e.g., office location) to telemetry, enabling differentiation. This aligns with CAS-005's focus on data management for security operations.

C . Continuous monitoring: Ensures ongoing data collection but doesn't address differentiation.

D . Centralized logging: Consolidates data but lacks specific office-based categorization without labeling.


Question 2

An organization currently has IDS, firewall, and DLP systems in place. The systems administrator needs to integrate the tools in the environment to reduce response time. Which of the following should the administrator use?



Answer : A

Comprehensive and Detailed

Integrating IDS, firewall, and DLP to reduce response time requires orchestration and automation. Let's evaluate:

A . SOAR (Security Orchestration, Automation, and Response): SOAR integrates security tools, automates workflows, and speeds up incident response. It's the best fit for this scenario, as CAS-005 highlights SOAR for operational efficiency.

B . CWPP (Cloud Workload Protection Platform): Focused on securing cloud workloads, not integrating on-premises tools.

C . XCCDF (Extensible Configuration Checklist Description Format): A standard for compliance checklists, not a tool for integration or response.

D . CMDB (Configuration Management Database): Tracks assets but doesn't automate or integrate security responses.


Question 3

A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following:

An administrator's account was hijacked and used on several Autonomous System Numbers within 30 minutes.

All administrators use named accounts that require multifactor authentication.

Single sign-on is used for all company applications.

Which of the following should the security architect do to mitigate the issue?



Answer : B

Comprehensive and Detailed

The hijacked administrator account was used across multiple ASNs (indicating different network locations) in a short time, despite MFA and SSO. This suggests a stolen session or token misuse. Let's analyze:

A . Token theft detection with lockouts: Useful for detecting stolen SSO tokens, but it's reactive and may not prevent initial misuse across networks.

B . Context-based authentication: This adds real-time checks (e.g., geolocation, IP changes) to verify login attempts. Given the rapid ASN changes, this proactively mitigates the issue by challenging suspicious logins, aligning with CAS-005's focus on adaptive security.

C . Decentralize accounts: This removes SSO, increasing complexity and weakening MFA enforcement, which isn't practical or secure.

D . Biometric authentication: While strong, it doesn't address the network-hopping behavior and may not integrate easily with SSO.


Question 4

A company wants to improve and automate the compliance of its cloud environments to meet industry standards. Which of the following resources should the company use to best achieve this goal?



Answer : C

Comprehensive and Detailed

Automating compliance in cloud environments requires a tool that can enforce configurations, manage infrastructure as code, and align with industry standards (e.g., NIST, ISO). Let's evaluate:

A . Jenkins: A CI/CD tool for automating software builds and deployments. It's not designed for compliance enforcement or infrastructure management.

B . Python: A programming language that can be scripted for automation but lacks built-in compliance-focused features without significant custom development.

C . Ansible: An automation tool for configuration management, application deployment, and compliance enforcement. It uses playbooks to define desired states, making it ideal for automating compliance checks and remediation in cloud environments (e.g., AWS, Azure). CAS-005 emphasizes automation tools for security and compliance, and Ansible fits perfectly.

D . PowerShell: A scripting tool primarily for Windows environments. While useful for automation, it's less versatile for cross-platform cloud compliance compared to Ansible.


Question 5

A security analyst is performing a review of a web application. During testing as a standard user, the following error log appears:

Error Message in Database Connection

Connection to host USA-WebApp-Database failed

Database "Prod-DB01" not found

Table "CustomerInfo" not found

Please retry your request later

Which of the following best describes the analyst's findings and a potential mitigation technique?



Answer : C

The error message reveals sensitive details (hostnames, database names, table names), constituting information disclosure. This aids attackers in reconnaissance. Mitigation involves modifying the application to display generic error messages (e.g., ''An error occurred'') instead of specifics.

Option A: Unsecure references suggest coding flaws, but this is a configuration/output issue, not input sanitization.

Option B: Unsecure protocols and HttpOnly cookies relate to session security, not error handling.

Option C: Correct---information disclosure is the issue; generic errors mitigate it.

Option D: No evidence of SQL injection (e.g., manipulated input); upgrading the database doesn't address disclosure.


Question 6

A user from the sales department opened a suspicious file attachment. The sales department then contacted the SOC to investigate a number of unresponsive systems, and the team successfully identified the file and the origin of the attack. Which of the following is the next step of the incident response plan?



Answer : B

Incident response follows a standard process (e.g., NIST 800-61): Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned. After identifying the attack (file and origin), the next step is Containment---limiting the spread or impact (e.g., isolating systems) before remediation or recovery.

Option A: Remediation (fixing the root cause) follows containment.

Option B: Correct---containment prevents further damage post-identification.

Option C: ''Response'' is too vague; it encompasses all steps.

Option D: Recovery (restoring systems) comes after containment and eradication.


Question 7

PKI can be used to support security requirements in the change management process. Which of the following capabilities does PKI provide for messages?



Answer : A

Public Key Infrastructure (PKI) supports change management by securing messages (e.g., approvals, updates). Non-repudiation, provided via digital signatures, ensures a sender cannot deny sending a message, critical for auditability in change processes.

Option A: Correct---PKI's digital signatures ensure non-repudiation.

Option B: Confidentiality (via encryption) is a PKI feature but less tied to change management's focus on accountability.

Option C: Delivery receipts are not a PKI function; they're protocol-specific (e.g., SMTP).

Option D: Attestation relates to verifying attributes, not a direct PKI message capability.


Page:    1 / 14   
Total 216 questions