CompTIA SecurityX Certification Exam CAS-005 Practice Questions

Answer : D

Code signing uses cryptographic digital signatures to prove that software or updates come from a trusted source and have not been altered. In the SecurityX CAS-005 objectives, this is covered under security engineering and cryptographic assurance mechanisms.

Envelope encryption protects confidentiality but does not authenticate the source.

File integrity monitoring detects file changes but does not confirm the origin of the update.

Application control manages which software can run but does not ensure authenticity of distributed files.Only code signing meets all three objectives: verifying the source, ensuring authorization, and proving integrity.

Answer : D

The correct regulation is COPPA (Children's Online Privacy Protection Act). COPPA is a U.S. law that requires organizations to obtain parental consent and implement specific protections before collecting personal data from children under the age of 13. Since the legal counsel is advising about age-related sign-up requirements, the concern clearly points to COPPA compliance.

GDPR (A) is a European regulation governing privacy and data protection but is broader and not specifically tied to children's age verification, though it has related provisions. LGPD (B) is Brazil's data protection law, similar in scope to GDPR. PCI DSS (C) is focused on protecting cardholder data in payment environments, unrelated to age-related concerns.

CAS-005 covers the importance of aligning software platforms with legal and regulatory frameworks. For gaming and online services, COPPA compliance is crucial to avoid fines and reputational harm, ensuring the platform properly handles children's data.

Answer : D

Based on the provided authentication logs, we observe that User1's accountexperienced multiple failed login attempts within a very short time span (at 8:01:23 AM on 12/15). This pattern indicates a potential brute-force attack or an attempt to gain unauthorized access. Here's a breakdown of why disabling User1's account is the appropriate first step:

Failed Login Attempts: The logs show that User1 had four consecutive failed login attempts:

VM01 at 8:01:23 AM

VM08 at 8:01:23 AM

VM01 at 8:01:23 AM

VM08 at 8:01:23 AM

Security Protocols and Best Practices: According to CompTIA Security+ guidelines, multiple failed login attempts within a short timeframe should trigger an immediate response to prevent further potential unauthorized access attempts. This typically involves temporarily disabling the account to stop ongoing brute-force attacks.

Account Lockout Policy: Implementing an account lockout policy is a standard practice to thwart brute-force attacks. Disabling User1's account will align with these best practices and prevent further failed attempts, which might lead to successful unauthorized access if not addressed.

CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl

CompTIA Security+ Certification Exam Objectives

NIST Special Publication 800-63B: Digital Identity Guidelines

By addressing User1's account first, we effectively mitigate the immediate threat of a brute-force attack, ensuring that further investigation can be conducted without the risk of unauthorized access continuing during the investigation period.

Answer : B

Authenticated scans allow the scanner to verify installed patches and configurations, reducing false positives.

Other options:

A (CMDB updates) improve asset tracking but do not validate patch installations.

C (Advanced fingerprinting) improves accuracy but does not replace authentication.

D (Coordination with teams) is good practice but does not prevent false positives.

Answer : C

The best answer is C. To block malicious radio connections. The agency is preventing the government-issued endpoint itself from directly attaching to foreign cellular networks while roaming. That reduces the exposure of the endpoint to hostile or untrusted cellular infrastructure, including rogue or malicious radio environments. Requiring the use of agency-issued hotspots keeps the endpoint off direct cellular attachment and places the radio exposure on a controlled intermediary device instead. In CompTIA SecurityX CAS-005, one of the core expected skills is to ''utilize cryptographic technologies and techniques while evaluating the impact of emerging trends... on information security'' and to design secure solutions across complex environments. This question fits that theme of managing risk from modern communications technologies through architecture and control choices.

Why the other options are less accurate:

A is too specific because the scenario is broader than SIM hijacking; disabling direct cellular service on the endpoint is not solely about SIM theft. B is less accurate because the hotspot still depends on a carrier, so this does not fully eliminate over-the-air carrier-related risks. D is possible as a radio-security concern, but the question is framed more broadly around disallowing direct endpoint cellular connections altogether, so malicious radio connections is the more complete rationale. E is incorrect because directed electromagnetic interference is not what mobile hotspots are primarily designed to mitigate in this context.

CompTIA SecurityX (CAS-005) official certification page and exam objectives summary, including secure solution design across complex environments and evaluating emerging technology impacts on security.

===========

Answer : C

Step-by-Step

Regression testing ensures that new changes do not break existing functionality. It would have identified the memory leak before deployment, preventing downtime.

Answer : D

Risk mitigation involves taking actions to reduce either the likelihood or impact of a threat. By implementing a firewall between the two environments, Company A is minimizing the risk of threats from Company B impacting its own systems. Accepting the risk would involve taking no action, avoiding it would mean terminating activities with Company B, and transferring would involve outsourcing the risk, none of which occurred here.