Users are experiencing a variety of issues when trying to access corporate resources examples include* Connectivity issues between local computers and file servers within branch offices* Inability to download corporate applications on mobile endpoints wtiilc working remotely* Certificate errors when accessing internal web applicationsWhich of the following actions are the most relevant when troubleshooting the reported issues? (Select two).

Restore static content on lite CDN.

A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors Which of the following is the most relevant to the DevSecOps team's task'

Static application security testing

Runtime application self-protection

Web application vulnerability scanning

Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation. The analyst generates the following output: Which of the following would the analyst most likely recommend?

Removing hard coded credentials from the source code

Installing appropriate EDR tools to block pass-the-hash attempts

Adding additional time to software development to perform fuzz testing

Removing hard coded credentials from the source code

Not allowing users to change their local passwords

A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?

Implementing microsegmentation on the server VLANs

Deploying a VPN to prevent remote locations from accessing server VLANs

Configuring a SASb solution to restrict users to server communication

Implementing microsegmentation on the server VLANs

installing a firewall and making it the network core

An organization mat performs real-time financial processing is implementing a new backup solution Given the following business requirements?* The backup solution must reduce the risk for potential backup compromise* The backup solution must be resilient to a ransomware attack.* The time to restore from backups is less important than the backup data integrity* Multiple copies of production data must be maintainedWhich of the following backup strategies best meets these requirement?

Creating a secondary, immutable storage array and updating it with live data on a continuous basis

Utilizing two connected storage arrays and ensuring the arrays constantly sync

Enabling remote journaling on the databases to ensure real-time transactions are mirrored

Setting up antitempering on the databases to ensure data cannot be changed unintentionally

A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution Which of the following most likely explains the choice to use a proxy-based CASB?

The capability to block unapproved applications and services is possible

Privacy compliance obligations are bypassed when using a user-based deployment.

Protecting and regularly rotating API secret keys requires a significant time commitment

Corporate devices cannot receive certificates when not connected to on-premises devices

A security review revealed that not all of the client proxy traffic is being captured. Which of the following architectural changes best enables the capture of traffic for analysis?

Configuring a span port on the perimeter firewall to ingest logs

Adding an additional proxy server to each segmented VLAN

Setting up a reverse proxy for client logging at the gateway

Configuring a span port on the perimeter firewall to ingest logs

Enabling client device logging and system event auditing

A company is having issues with its vulnerability management program New devices/lPs are added and dropped regularly, making the vulnerability report inconsistent Which of the following actions should the company lake to most likely improve the vulnerability management process'

Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool

Request a weekly report with all new assets deployed and decommissioned

Extend the DHCP lease lime to allow the devices to remain with the same address for a longer period.

Implement a shadow IT detection process to avoid rogue devices on the network

Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool

A security analyst Detected unusual network traffic related to program updating processes The analyst collected artifacts from compromised user workstations. The discovered artifacts were binary files with the same name as existing, valid binaries but. with different hashes which of the following solutions would most likely prevent this situation from reoccurring?

Performing manual updates via USB ports

Allowing only dies from internal sources

A company isolated its OT systems from other areas of the corporate network These systems are required to report usage information over the internet to the vendor Which oi the following b*st reduces the risk of compromise or sabotage' (Select two).

Implementing a site-to-site IPSec VPN

Performing boot Integrity checks

Implementing a site-to-site IPSec VPN

A security engineer wants to reduce the attack surface of a public-facing containerized application Which of the following will best reduce the application's privilege escalation attack surface?

Implementing the following commands in the Dockerfile: RUN echo user:x:1000:1000iuser:/home/user:/dew/null > /ete/passwd

Installing an EDR on the container's host with reporting configured to log to a centralized SIFM and Implementing the following alerting rules TF PBOCESS_USEB=rooC ALERT_TYPE=critical

Designing a muiticontainer solution, with one set of containers that runs the mam application, and another set oi containers that perform automatic remediation by replacing compromised containers or disabling compromised accounts

Running the container in an isolated network and placing a load balancer in a public-facing network. Adding the following ACL to the load balancer: PZRKZI HTTES from 0-0.0.0.0/0 pert 443

A compliance officer is reviewing the data sovereignty laws in several countries where the organization has no presence Which of the following is the most likely reason for reviewing these laws?

The organization is concerned with new regulatory enforcement in other countries

The organization is performing due diligence of potential tax issues.

The organization has been subject to legal proceedings in countries where it has a presence.

The organization is concerned with new regulatory enforcement in other countries

The organization has suffered brand reputation damage from incorrect media coverage

A security analyst wants to use lessons learned from a poor incident response to reduce dwell lime in the future The analyst is using the following data points Which of the following would the analyst most likely recommend?

Enabling alerting on all suspicious administrator behavior

Adjusting the SIEM to alert on attempts to visit phishing sites

Allowing TRACE method traffic to enable better log correlation

Enabling alerting on all suspicious administrator behavior

utilizing allow lists on the WAF for all users using GFT methods

A security analyst received a notification from a cloud service provider regarding an attack detected on a web server The cloud service provider shared the following information about the attack:* The attack came from inside the network.* The attacking source IP was from the internal vulnerability scanners.* The scanner is not configured to target the cloud servers.Which of the following actions should the security analyst take first?

Quarantine the scanner sensor to perform a forensic analysis

Create an allow list for the vulnerability scanner IPs m order to avoid false positives

Configure the scan policy to avoid targeting an out-of-scope host

Set network behavior analysis rules

Quarantine the scanner sensor to perform a forensic analysis

A security analyst needs to ensure email domains that send phishing attempts without previous communications are not delivered to mailboxes The following email headers are being reviewed Which of the following is the best action for the security analyst to take?

Block vendor com for repeated attempts to send suspicious messages

Block messages from hr-saas.com because it is not a recognized domain.

Reroute all messages with unusual security warning notices to the IT administrator

Quarantine all messages with sales-mail.com in the email header

Block vendor com for repeated attempts to send suspicious messages

A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP Which of the following is me b way to reduce the risk oi reoccurrence?

Enforcing allow lists for authorized network pons and protocols

Measuring and attesting to the entire boot chum

Rolling the cryptographic keys used for hardware security modules

Using code signing to verify the source of OS updates

A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin. Which of the following best describes the cyberthreat to the bank?

Physical Implants and tampering

Ability to obtain components during wartime

Fragility and other availability attacks

Physical Implants and tampering

Non-conformance to accepted manufacturing standards

Third parties notified a company's security team about vulnerabilities in the company's application. The security team determined these vulnerabilities were previously disclosed in third-party libraries. Which of the following solutions best addresses the reported vulnerabilities?

Integrating a SASI tool as part of the pipeline

Using laC to include the newest dependencies

Implementing a continuous security assessment program

Integrating a SASI tool as part of the pipeline

During a security assessment using an CDR solution, a security engineer generates the following report about the assets in me system: After five days, the EDR console reports an infection on the host 0WIN23 by a remote access Trojan Which of the following is the most probable cause of the infection?

OW1N23 uses a legacy version of Windows that is not supported by the EDR

LN002 was not supported by the EDR solution and propagates the RAT

The EDR has an unknown vulnerability that was exploited by the attacker.

OW1N29 spreads the malware through other hosts in the network

A company wants to use loT devices to manage and monitor thermostats at all facilities The thermostats must receive vendor security updates and limit access to other devices within the organization Which of the following best addresses the company's requirements''

Operating lot devices on a separate network with no access to other devices internally

Only allowing Internet access to a set of specific domains

Operating lot devices on a separate network with no access to other devices internally

Only allowing operation for loT devices during a specified time window

Configuring IoT devices to always allow automatic updates

Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Select two).Implementing DLP controls preventing sensitive data from leaving Company B's network

Documenting third-party connections used by Company B

Reviewing the privacy policies currently adopted by Company B

Documenting third-party connections used by Company B

Reviewing the privacy policies currently adopted by Company B

Requiring data sensitivity labeling tor all files shared with Company B

Forcing a password reset requiring more stringent passwords for users on Company B's network

Performing an architectural review of Company B's network

After an incident response exercise, a security administrator reviews the following table: Which of the following should the administrator do to beat support rapid incident response in the future?

Enable dashboards for service status monitoring

Automate alerting to IT support for phone system outages.

Enable dashboards for service status monitoring

Send emails for failed log-In attempts on the public website

Configure automated Isolation of human resources systems

Company A and Company D ate merging Company A's compliance reports indicate branch protections are not in place A security analyst needs to ensure that potential threats to the software development life cycle are addressed. Which of the following should me analyst cons<der when completing this basic?

If DAST scans are routinely scheduled

If developers are unable to promote to production

If DAST code is being stored to a single code repository

If DAST scans are routinely scheduled

If role-based training is deployed

An organization is required to* Respond to internal and external inquiries in a timely manner* Provide transparency.* Comply with regulatory requirementsThe organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?

Developing communication templates that have been vetted by internal and external counsel

Outsourcing the handling of necessary regulatory filing to an external consultant

Integrating automated response mechanisms into the data subject access request process

Developing communication templates that have been vetted by internal and external counsel

Conducting lessons-learned activities and integrating observations into the crisis management plan

A security analyst is reviewing the following event timeline from an COR solution: Which of the following most likely has occurred and needs to be fixed?

A logic law has introduced a TOCTOU vulnerability and must be addressed by the COR vendor

The Dl P has failed to block malicious exfiltration and data tagging is not being utilized property

An EDR bypass was utilized by a threat actor and updates must be installed by the administrator.

A logic law has introduced a TOCTOU vulnerability and must be addressed by the COR vendor

A potential insider threat is being investigated and will be addressed by the senior management team.

An audit finding reveals that a legacy platform has not retained loos for more than 30 days The platform has been segmented due to its interoperability with newer technology. As a temporary solution, the IT department changed the log retention to 120 days. Which of the following should the security engineer do to ensure the logs are being properly retained?

Configure the SIEM to aggregate the logs

Configure a scheduled task nightly to save the logs

Configure event-based triggers to export the logs at a threshold.

Configure the SIEM to aggregate the logs

Configure a Python script to move the logs into a SQL database.

Which of the following is the main reason quantum computing advancements are leading companies and countries to deploy new encryption algorithms?

Encryption systems based on large prime numbers will be vulnerable to exploitation

Zero Trust security architectures will require homomorphic encryption.

Perfect forward secrecy will prevent deployment of advanced firewall monitoring techniques

Quantum computers will enable malicious actors to capture IP traffic in real time

A network engineer must ensure that always-on VPN access is enabled Curt restricted to company assets Which of the following best describes what the engineer needs to do''

Generate device certificates using the specific template settings needed

Modify signing certificates in order to support IKE version 2

Create a wildcard certificate for connections from public networks

Add the VPN hostname as a SAN entry on the root certificate

CompTIA CAS-005 Practice Test 2 - Free Online Exam Questions 41-80

Comment (0)

CompTIA CAS-005 Practice Test 2

Question

CompTIA CAS-005 Practice Tests

Practice Tests