CompTIA CAS-005 Exam Practice Test Instant Access

Question 1

After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation. Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?

AApply code stylometry.

BLook for common IOCs.

CUse IOC extractions.

DLeverage malware detonation.

Answer : A, A

Determining if attacks are from the same actor requires unique attribution. Let's analyze:

A . Code stylometry:Analyzes coding style to identify authorship, the best method for linking malware to a specific actor per CAS-005's threat intelligence focus.

B . Common IOCs:Indicates similar attacks but not necessarily the same actor.

C . IOCextractions:Similar to B, lacks specificity for attribution.

Question 2

Answer : A, A

The issue is tracing the original source of requests in a tiered architecture with a load balancer. The web server logs show internal IPs (192.168.1.10), not the external client IPs, because the load balancer forwards requests without preserving the source. Enabling theX-Forwarded-Forheader on the load balancer adds the client's original IP to the HTTP request headers, allowing downstream servers to log it. This ensures traceability without altering the architecture significantly.

Option A:Correct---X-Forwarded-For is the standard solution for preserving client IPs through load balancers.

Option B:A Host-based Intrusion Detection System (HIDS) detects anomalies but doesn't address IP traceability.

Option C:A trusted CA certificate fixes the self-signed warning but is unrelated to source tracking.

Option D:Stored procedures improve database security but don't help with IP logging.

Option E:Storing $_SERVER['REMOTE_ADDR'] captures the loadbalancer's IP, not the client's, unless X-Forwarded-For is enabled.

Question 3

Which of the following AI concerns is most adequately addressed by input sanitation?

AModel inversion

BPrompt Injection

CData poisoning

DNon-explainable model

Answer : B

Input sanitation is a critical process in cybersecurity that involvesvalidating and cleaning data provided by users to prevent malicious inputs from causing harm. In the context of AI concerns:

A . Model inversion involves an attacker inferring sensitive data from model outputs, typically requiring sophisticated methods beyond just manipulating input data.

B . Prompt Injection is a form of attack where an adversary provides malicious input to manipulate the behavior of AI models, particularly those dealing with natural language processing (NLP). Input sanitation directly addresses this by ensuring that inputs are cleaned and validated to remove potentially harmful commands or instructions that could alter the AI's behavior.

C . Data poisoning involves injecting malicious data into the training set to compromise the model. While input sanitation can help by filtering out bad data, data poisoning is typically addressed through robust data validation and monitoring during the model training phase, rather than real-time input sanitation.

D . Non-explainable model refers to the lack of transparency in how AI models make decisions. This concern is not addressed by input sanitation, as it relates more to model design and interpretability techniques.

Input sanitation is most relevant and effective for preventing Prompt Injection attacks, where the integrity of user inputs directly impacts the performance and security of AI models.

CompTIA Security+ Study Guide

'Security of Machine Learning' by Battista Biggio, Blaine Nelson, and Pavel Laskov

OWASP (Open Web Application Security Project) guidelines on input validation and injection attacks

Top of Form

Bottom of Form

Question 4

After an organization met with its ISAC, the organization decided to test the resiliency of its security controls against a small number of advanced threat actors. Which of the following will enable the security administrator to accomplish this task?

AAdversary emulation

BReliability factors

CDeployment of a honeypot

DInternal reconnaissance

Answer : A, A

Adversary emulation simulates specific advanced persistent threat (APT) behaviors and techniques to test an organization's security posture. In SecurityX CAS-005, this is part of red-teaming and purple-teaming strategies for realistic resilience testing.

Reliability factors (B) relate to operational uptime, not threat

SIMULATION.

Honeypots (C) attract attackers but do not directly emulate specific adversaries.

Internal reconnaissance (D) is one phase of an attack

SIMULATION, not the full emulation of advanced threat actors.

Question 5

An organization recently implemented a new email DLP solution. Emails sent from company email addresses to matching personal email addresses generated a large number of alerts, but the content of the emails did not include company data. The security team needs to reduce the number of emails sent without blocking all emails to common personal email services. Which of the following should the security team implement first?

DPerform security awareness training focusing on phishing.

AAutomatically quarantine outgoing email.

BCreate an acceptable use policy.

CEnforce email encryption standards.

DPerform security awareness training focusing on phishing.

Answer : B

Anacceptable use policy (AUP)defines what is considered appropriate use of corporate email and prevents unnecessary emails to personal accounts. This helps in reducing false DLP alerts while maintaining compliance.

Quarantining emails (A)is unnecessary since the content was not flagged as sensitive.

Encryption (C)secures emails but does not address overuse.

Phishing awareness training (D)is unrelated to policy enforcement for outgoing emails.

Question 6

A global organization is reviewing potential vendors to outsource a critical payroll function. Each vendor's plan includes using local resources in multiple regions to ensure compliance with all regulations. The organization's Chief Information Security Officer is conducting a risk assessment on the potential outsourcing vendors' subprocessors. Which of the following best explains the need for this risk assessment?

BDue care must be exercised during all procurement activities.

ARisk mitigations must be more comprehensive than the existing payroll provider.

CThe responsibility of protecting PII remains with the organization.

BDue care must be exercised during all procurement activities.

DSpecific regulatory requirements must be met in each jurisdiction.

CThe responsibility of protecting PII remains with the organization.

DSpecific regulatory requirements must be met in each jurisdiction.

Answer : C, C

Per SecurityX CAS-005 GRC principles, outsourcing a function does not transfer accountability for protecting personally identifiable information (PII). While subprocessors handle data, the originating organization remains responsible under most data protection laws and frameworks (e.g., GDPR, CCPA).

Due care in procurement (option B) is important, but it is a supporting concept, not the primary driver in this context.

Jurisdictional compliance (option D) is a requirement, but the underlying reason for risk assessment is that accountability for PII protection remains with the organization.

Question 7

Answer : A, A, B, B

To protect company information on stolen mobile devices, implementingremote wipe proceduresensures data can be erased if a device is suspected lost or stolen.Biometric access controlwith enforced timeouts further secures the device, requiring biometric authentication periodically, thus limiting unauthorized access even if the device is stolen. Geofencing and certificates provide additional security layers but are less immediate protections against information exposure after theft. Application control and side-loading prevention are important for malware threats but less so for stolen device scenarios.

===========

CompTIA SecurityX Certification CAS-005 Exam Practice Test