A company that relies on an COL system must keep it operating until a new solution is available Which of the following is the most secure way to meet this goal?

Isolating the system and enforcing firewall rules to allow access to only required endpoints

Enforcing strong credentials and improving monitoring capabilities

Restricting system access to perform necessary maintenance by the IT team

Placing the system in a screened subnet and blocking access from internal resources

A user reports application access issues to the help desk. The help desk reviews the logs for the user Which of the following is most likely The reason for the issue?

The user inadvertently tripped the impossible travel security rule in the SSO system.

A threat actor has compromised the user's account and attempted to lop, m

The user is not allowed to access the human resources system outside of business hours

The user did not attempt to connect from an approved subnet

An organization wants to manage specialized endpoints and needs a solution that provides the ability to* Centrally manage configurations* Push policies.* Remotely wipe devices* Maintain asset inventoryWhich of the following should the organization do to best meet these requirements?

Implement a mobile device management solution.

Use a configuration management database

Implement a mobile device management solution.

Configure contextual policy management

Deploy a software asset manager

A company plans to implement a research facility with Intellectual property data that should be protected The following is the security diagram proposed by the security architect Which of the following security architect models is illustrated by the diagram?

Identity and access management model

Perimeter protection security model

A company hosts a platform-as-a-service solution with a web-based front end, through which customer interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks. Which of the following most directly supports the administrator's objective'

Creating WAF policies for relevant programming languages

improving security dashboard visualization on SIEM

Rotating API access and authorization keys every two months

Implementing application toad balancing and cross-region availability

Creating WAF policies for relevant programming languages

A security analyst is reviewing the following log: Which of the following possible events should the security analyst investigate further?

A text file containing passwords that were leaked

A macro that was prevented from running

A text file containing passwords that were leaked

A malicious file that was run in this environment

A PDF that exposed sensitive information improperly

A systems administrator wants to use existing resources to automate reporting from disparate security appliances that do not currently communicate. Which of the following is the best way to meet this objective?

Configuring an API Integration to aggregate the different data sets

Combining back-end application storage into a single, relational database

Purchasing and deploying commercial off the shelf aggregation software

Migrating application usage logs to on-premises storage

After an incident occurred, a team reported during the lessons-learned review that the team.* Lost important Information for further analysis.* Did not utilize the chain of communication* Did not follow the right steps for a proper responseWhich of the following solutions is the best way to address these findinds?

Building playbooks for different scenarios and performing regular table-top exercises

Requesting budget for better forensic tools to Improve technical capabilities for Incident response operations

Building playbooks for different scenarios and performing regular table-top exercises

Requiring professional incident response certifications tor each new team member

Publishing the incident response policy and enforcing it as part of the security awareness program

After remote desktop capabilities were deployed in the environment, various vulnerabilities were noticed.* Exfiltration of intellectual property* Unencrypted files* Weak user passwordsWhich of the following is the best way to mitigate these vulnerabilities? (Select two).

Implementing data loss prevention

Enabling modem authentication that supports MFA

Implementing data loss prevention

Deploying file integrity monitoring

Restricting access to critical file services only

Deploying directory-based group policies

Enabling modem authentication that supports MFA

Implementing a version control system

A company lined an email service provider called my-email.com to deliver company emails. The company stalled having several issues during the migration. A security engineer is troubleshooting and observes the following configuration snippet: Which of the following should the security engineer modify to fix the issue? (Select two).

The TXT record must be Changed to 'v=dmarc ip4:192.168.1.10 include:my-email.com -all'

The email CNAME record must be changed to a type A record pointing to 192.168.1.10

The email CNAME record must be changed to a type A record pointing to 192.168.111

The TXT record must be Changed to 'v=dmarc ip4:192.168.1.10 include:my-email.com -all'

The srvo1 A record must be changed to a type CNAME record pointing to the email server

The email CNAME record must be changed to a type A record pointing to 192.168.1.10

The TXT record must be changed to 'v=dkim ip4:l92.168.1.11 include my-email.com -ell'

The TXT record must be Changed to 'v=dkim ip4:192.168.1.10 include:email-all'

The srv01 A record must be changed to a type CNAME record pointing to the web01 server

Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment. Which of the following actions should be taken to address this requirement?

Isolating the historian server for connections only from The SCADA environment

Publishing the C$ share from SCADA to the enterprise

Deploying a screened subnet between 11 and SCADA

Adding the business workstations to the SCADA domain

All organization is concerned about insider threats from employees who have individual access to encrypted material. Which of the following techniques best addresses this issue?

Account federation with hardware tokens

A vulnerability can on a web server identified the following: Which of the following actions would most likely eliminate on path decryption attacks? (Select two).

Removing support for CBC-based key exchange and signing algorithms

Adding TLS_ECDHE_ECDSA_WITH_AE3_256_GCMS_HA256

Disallowing cipher suites that use ephemeral modes of operation for key agreement

Removing support for CBC-based key exchange and signing algorithms

Adding TLS_ECDHE_ECDSA_WITH_AE3_256_GCMS_HA256

Implementing HIPS rules to identify and block BEAST attack attempts

Restricting cipher suites to only allow TLS_RSA_WITH_AES_128_CBC_SHA

Increasing the key length to 256 for TLS_RSA_WITH_AES_128_CBC_SHA

The identity and access management team is sending logs to the SIEM for continuous monitoring. The deployed log collector is forwarding logs to the SIEM. However, only false positive alerts are being generated. Which of the following is the most likely reason for the inaccurate alerts?

The data is not being properly parsed

The compute resources are insufficient to support the SIEM

The data is not being properly parsed

The retention policy is not property configured

An incident response team is analyzing malware and observes the following:* Does not execute in a sandbox* No network loCs* No publicly known hash match* No process injection method detectedWhich of the following should the team do next to proceed with further analysis?

Check for an anti-virtualization code in the sample

Use an online vims analysis tool to analyze the sample

Check for an anti-virtualization code in the sample

Utilize a new deployed machine to run the sample.

Search oilier internal sources for a new sample.

Which of the following best explains the importance of determining organization risk appetite when operating with a constrained budget?

Risk appetite directly impacts acceptance of high-impact low-likelihood events.

Organizational risk appetite varies from organization to organization

Budgetary pressure drives risk mitigation planning in all companies

Risk appetite directly influences which breaches are disclosed publicly

Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process. Which of the following is the best strategy for the engineer to use?

Disabling the BIOS and moving to UEFI

Managing secrets on the vTPM hardware

Employing shielding lo prevent LMI

Users are willing passwords on paper because of the number of passwords needed in an environment. Which of the following solutions is the best way to manage this situation and decrease risks?

implementing an SSO solution and integrating with applications

Increasing password complexity to require 31 least 16 characters

implementing an SSO solution and integrating with applications

Requiring users to use an open-source password manager

Implementing an MFA solution to avoid reliance only on passwords

The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep. Which of the following solutions are the best ways to mitigate this issue? (Select two).Setting different access controls defined by business area

Implementing a role-based access policy

Performing periodic access reviews

Implementing a role-based access policy

Designing a least-needed privilege policy

Establishing a mandatory vacation policy

Performing periodic access reviews

Requiring periodic job rotation

A security architect is establishing requirements to design resilience in un enterprise system trial will be extended to other physical locations. The system must* Be survivable to one environmental catastrophe* Re recoverable within 24 hours of critical loss of availability* Be resilient to active exploitation of one site-to-site VPN solution

Allocate fully redundant and geographically distributed standby sites.

Load-balance connection attempts and data Ingress at internet gateways

Allocate fully redundant and geographically distributed standby sites.

Employ layering of routers from diverse vendors

Lease space to establish cold sites throughout other countries

Use orchestration to procure, provision, and transfer application workloads lo cloud services

Implement full weekly backups to be stored off-site for each of the company's sites

Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network A network engineer observes the following:* Users should be redirected to the captive portal.* The Motive portal runs Tl. S 1 2* Newer browser versions encounter security errors that cannot be bypassed* Certain websites cause unexpected re directsWhich of the following mow likely explains this behavior?

The TLS ciphers supported by the captive portal ate deprecated

Employment of the HSTS setting is proliferating rapidly.

Allowed traffic rules are causing the NIPS to drop legitimate traffic

An attacker is redirecting supplicants to an evil twin WLAN.

A security configure is building a solution to disable weak CBC configuration for remote access connections lo Linux systems. Which of the following should the security engineer modify?

The /etc/etc/sshd, configure file updating the ciphers

The /etc/openssl.conf file, updating the virtual site parameter

The /etc/nsswith.conf file, updating the name server

The /etc/hosts file, updating the IP parameter

The /etc/etc/sshd, configure file updating the ciphers

A security team is responding to malicious activity and needs to determine the scope of impact the malicious activity appears to affect certain version of an application used by the organization Which of the following actions best enables the team to determine the scope of Impact?

Inspecting egress network traffic

A software development team requires valid data for internal tests. Company regulations, however do not allow the use of this data in cleartext. Which of the following solutions best meet these requirements?

Replacing data with null record

An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform. Which of the following should the company do to secure the Al environment?

Limn the platform's abilities to only non-sensitive functions

Enhance the training model's effectiveness.

Grant the system the ability to self-govern

Require end-user acknowledgement of organizational policies.

A security officer received several complaints from users about excessive MPA push notifications at night The security team investigates and suspects malicious activities regarding user account authentication Which of the following is the best way for the security officer to restrict MI~A notifications''

Deploying a text message based on MFA

A security professional is investigating a trend in vulnerability findings for newly deployed cloud systems Given the following output: Which of the following actions would address the root cause of this issue?

Automating the patching system to update base Images

Recompiling the affected programs with the most current patches

Disabling unused/unneeded ports on all servers

Deploying a WAF with virtual patching upstream of the affected systems

Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?

insufficient coprocessor support

Incomplete mathematical primitives

Quantum computers not yet capable

insufficient coprocessor support

After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation. Which of the following would the company most likely do to decrease this type of risk?

Implement a cloud-access security broker

Improve firewall rules to avoid access to those platforms.

Implement a cloud-access security broker

Create SIEM rules to raise alerts for access to those platforms

Deploy an internet proxy that filters certain domains

An organization wants to create a threat model to identity vulnerabilities in its infrastructure. Which of the following, should be prioritized first?

External-facing Infrastructure with known exploited vulnerabilities

Internal infrastructure with high-seventy and Known exploited vulnerabilities

External facing Infrastructure with a low risk score and no known exploited vulnerabilities

External-facing infrastructure with a high risk score that can only be exploited with local access to the resource

CompTIA CAS-005 Practice Test 1 - Free Online Exam Questions 1-40

A hospital provides tablets to its medical staff to enable them to more quickly access and edit patients' charts. The hospital wants to ensure that if a tablet is Identified as lost or stolen and a remote command is issued, the risk of data loss can be mitigated within seconds. The tablets are configured as follows to meet hospital policy

* Full disk encryption is enabled

* 'Always On' corporate VPN is enabled

* ef-use-backed keystore is enabled'ready.

* Wi-Fi 6 is configured with SAE.

* Location services is disabled.

*Application allow list is configured

Comment (0)

CompTIA CAS-005 Practice Test 1

Question

CompTIA CAS-005 Practice Tests

Practice Tests