CompTIA CAS-005 Exam Practice Test Instant Access

Question 1

[Security Architecture]

Asoftware company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application Which of the following is the most likely cause of the alerts?

AMisconfigured code commit

BUnsecure bundled libraries

CInvalid code signing certificate

DData leakage

Answer : B

The most likely cause of the anti-malware alerts on customer workstations is unsecure bundled libraries. When developing and deploying new applications, it is common for developers to use third-party libraries. If these libraries are not properly vetted for security, they can introduce vulnerabilities or malicious code.

Why Unsecure Bundled Libraries?

Third-Party Risks: Using libraries that are not secure can lead to malware infections if the libraries contain malicious code or vulnerabilities.

Code Dependencies: Libraries may have dependencies that are not secure, leading to potential security risks.

Common Issue: This is a frequent issue in software development where libraries are used for convenience but not properly vetted for security.

Other options, while relevant, are less likely to cause widespread anti-malware alerts:

A . Misconfigured code commit: Could lead to issues but less likely to trigger anti-malware alerts.

C . Invalid code signing certificate: Would lead to trust issues but not typically anti-malware alerts.

D . Data leakage: Relevant for privacy concerns but not directly related to anti-malware alerts.

CompTIA SecurityX Study Guide

'Securing Open Source Libraries,' OWASP

'Managing Third-Party Software Security Risks,' Gartner Research

Question 2

An organization decides to move to a distributed workforce model. Several legacy systems exist on premises and cannot be migrated because of existing compliance requirements. However, all new systems are required to be cloud-based. Which of the following would best ensure network access security?

AUtilizing a VPN for all users who require legacy system access

BShifting all legacy systems to the existing public cloud infrastructure

CConfiguring an SDN to block malicious traffic to on-premises networks

DDeploying microsegmentation with a firewall acting as the core router

Answer : A

Comprehensive and Detailed

For a distributed workforce needing access to compliance-bound on-premises systems, VPN access ensures encrypted, authenticated connectivity while limiting exposure. SecurityX CAS-005 emphasizes using VPNs for secure remote access when direct migration to cloud is not possible.

Moving legacy systems to cloud (B) violates the compliance constraints.

SDN security controls (C) are beneficial but do not inherently provide secure remote connectivity.

Microsegmentation (D) is useful for internal lateral movement control but does not solve remote access needs.

Question 3

[Governance, Risk, and Compliance (GRC)]

An audit finding reveals that a legacy platform has not retained loos for more than 30 days The platform has been segmented due to its interoperability with newer technology. As a temporarysolution, the IT department changed the log retention to 120 days. Which of the following should the security engineer do to ensure the logs are being properly retained?

AConfigure a scheduled task nightly to save the logs

BConfigure event-based triggers to export the logs at a threshold.

CConfigure the SIEM to aggregate the logs

DConfigure a Python script to move the logs into a SQL database.

Answer : C

To ensure that logs from a legacy platform are properly retained beyond the default retention period, configuring the SIEM to aggregate the logs is the best approach. SIEM solutions are designed to collect, aggregate, and store logs from various sources, providing centralized log management and retention. This setup ensures that logs are retained according to policy and can be easily accessed for analysis and compliance purposes.

CompTIA SecurityX Study Guide: Discusses the role of SIEM in log management and retention.

NIST Special Publication 800-92, 'Guide to Computer Security Log Management': Recommends the use of centralized log management solutions, such as SIEM, for effective log retention and analysis.

'Security Information and Event Management (SIEM) Implementation' by David Miller: Covers best practices for configuring SIEM systems to aggregate and retain logs from various sources.

Question 4

[Security Engineering and Cryptography]

Which of the following best describes the challengesassociated with widespread adoption of homomorphic encryption techniques?

AIncomplete mathematical primitives

BNo use cases to drive adoption

CQuantum computers not yet capable

DInsufficient coprocessor support

Answer : D

Homomorphic encryption allows computations to be performed on encrypted data without decrypting it, preserving confidentiality. However, its adoption faces significant challenges due to performance overhead. According to the CompTIA SecurityX CAS-005 study materials (Domain 3: Cybersecurity Technology, 3.3), homomorphic encryption requires substantial computational resources, which standard processors struggle to provide efficiently. Specialized hardware, such as coprocessors (e.g., GPUs or TPUs), is oftenneeded to handle the complex mathematical operations involved. The lack of widespread, optimized coprocessor support in existing infrastructure is a primary barrier to adoption.

Option A (Incomplete mathematical primitives):While early homomorphic encryption schemes had limitations, modern schemes (e.g., CKKS, BFV) have mature mathematical foundations, making this less of a challenge today.

Option B (No use cases):Use cases exist, such as secure cloud computing and privacy-preserving data analytics, so this is not accurate.

Option C (Quantum computers):Homomorphic encryption is not dependent on quantum computing, and quantum computers are unrelated to its current challenges.

Option D (Insufficient coprocessor support):This is the most accurate, as performance bottlenecks require specialized hardware that is not yet widely available or integrated.

CompTIA SecurityX CAS-005 Official Study Guide, Domain 3: Cybersecurity Technology, Section 3.3: 'Evaluate emerging cryptographic technologies, including homomorphic encryption challenges.'

CAS-005 Exam Objectives, 3.3: 'Analyze barriers to adopting advanced encryption techniques.'

Question 5

[Emerging Technologies and Threats]

Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

ASecuring data transfer between hospitals

BProviding for non-repudiation data

CReducing liability from identity theft

DProtecting privacy while supporting portability.

Answer : D

Encrypting patient data at rest is a critical requirement for healthcare providers to ensure compliance with regulations such as the Health Insurance Portability and Accountability Act (HIPAA). The primary business requirement fulfilled by this practice is the protection of patient privacy while supporting the portability of medical information. By encrypting data at rest, healthcare providers safeguard sensitive patient information from unauthorized access, ensuring that privacy is maintained even if the storage media are compromised. Additionally, encryption supports the portability of patient records, allowing for secure transfer and access across different systems and locations while ensuring that privacy controls are in place.

CompTIA SecurityX Study Guide: Emphasizes the importance of data encryption for protecting sensitive information and ensuring compliance with regulatory requirements.

HIPAA Security Rule: Requires healthcare providers to implement safeguards, including encryption, to protect patient data.

'Health Informatics: Practical Guide for Healthcare and Information TechnologyProfessionals' by Robert E. Hoyt: Discusses encryption as a key measure for protecting patient data privacy and supporting data portability.

Question 6

[Security Engineering and Cryptography]

Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process. Which of thefollowing is the best strategy for the engineer to use?

ADisabling the BIOS and moving to UEFI

BManaging secrets on the vTPM hardware

CEmploying shielding lo prevent LMI

DManaging key material on a HSM

Answer : D

The beststrategy for securely managing cryptographic material is to use a Hardware Security Module (HSM). Here's why:

Security and Integrity: HSMs are specialized hardware devices designed to protect and manage digital keys. They provide high levels of physical and logical security, ensuring that cryptographic material is well protected against tampering and unauthorized access.

Centralized Key Management: Using HSMs allows for centralized management of cryptographic keys, reducing the risks associated with decentralized and potentially insecure key storage practices, such as on personal laptops.

Compliance and Best Practices: HSMs comply with various industry standards and regulations (such as FIPS 140-2) for secure key management. This ensures that the organization adheres to best practices and meets compliance requirements.

CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl

NIST Special Publication 800-57: Recommendation for Key Management

ISO/IEC 19790:2012: Information Technology - Security Techniques - Security Requirements for Cryptographic Modules

Question 7

[Governance, Risk, and Compliance (GRC)]

A company recentlyexperienced aransomware attack. Although the company performssystems and data backupon a schedule that aligns with itsRPO (Recovery Point Objective) requirements, thebackup administratorcould not recovercritical systems and datafrom its offline backups to meet the RPO. Eventually, the systems and data were restored with information that wassix months outside of RPO requirements.

Which of the following actions should the company take to reduce the risk of a similar attack?

AEncrypt and label the backup tapes with the appropriate retention schedule before they are sent to the off-site location.

BImplement a business continuity process that includes reverting manual business processes.

CPerform regular disaster recovery testing of IT and non-IT systems and processes.

DCarry out a tabletop exercise to update and verify the RACI matrix with IT and critical business functions.

Answer : C

Comprehensive and Detailed

Understanding the Ransomware Issue:

The key issue here is thatbackups were not recoverable within the required RPO timeframe.

This means the organizationdid not properly testitsbackup and disaster recovery (DR) processes.

To prevent this from happening again, regular disaster recovery testing is essential.

Why Option C is Correct:

Disaster recovery testing ensures that backups are functionaland can meetbusiness continuity needs.

Frequent DR testingallows organizations to identify and fixgaps in recovery strategies.

Regular testing ensuresthat recoverymeets the RPO & RTO (Recovery Time Objective) requirements.

Why Other Options Are Incorrect:

A (Encrypt & label backup tapes):While encryption is important, it does not address thefailure to meet RPO requirements.

B (Reverting to manual business processes):While amanual continuity planis good for resilience, it doesnot resolve the backup and recovery failure.

D (Tabletop exercise & RACI matrix):Atabletop exerciseis a planning activity, butit does not involve actual recovery testing.

CompTIA SecurityX CAS-005 Official Study Guide:Disaster Recovery & Business Continuity Planning

NIST SP 800-34:Contingency Planning Guide for Information Systems

ISO 22301:Business Continuity Management Standards

CompTIA SecurityX Certification CAS-005 Exam Practice Test