4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 206d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 0050 45 00 00 4c 01 03 00 34 6d be 66 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 05 00 00 70 00 00 00 10 00 00 00 d0 00 00 70 4c 01 00 00 e0 00 00 00 50 01 00 00 00 40 0000 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 0000 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00Attempts to run the code in a sandbox produce no results. Which of the following should the malware analyst do next to further analyze the malware and discover useful IoCs?

Convert the hex-encoded sample to binary and attempt to decompile it.

Run the encoded sample through an online vulnerability tool and check for any matches.

Pad the beginning and end of the sample with binary executables and attempt to execute it.

Use a disassembler on the unencoded snippet to convert from binary to ASCII text.

An organization hires a security consultant to establish a SOC that includes a threat-modeling function. During initial activities, the consultant works with system engineers to identify antipatterns within the environment. Which of the following is most critical for the engineers to disclose to the consultant during this phase?

Network and data flow diagrams covering the production environment

Results from the most recent infrastructure access review

A listing of unpatchable IoT devices in use in the data center

Network and data flow diagrams covering the production environment

Results from the most recent software composition analysis

A current inventory of cloud resources and SaaS products in use

Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

Protecting privacy while supporting portability

Securing data transfer between hospitals

Providing for non-repudiation of data

Reducing liability from identity theft

Protecting privacy while supporting portability

An organization is developing a disaster recovery plan that requires data to be backed up and available at a moment's notice. Which of the following should the organization consider first to address this requirement?

Identify critical business processes and determine associated software and hardware requirements.

Implement a change management plan to ensure systems are using the appropriate versions.

Hire additional on-call staff to be deployed if an event occurs.

Design an appropriate warm site for business continuity.

Identify critical business processes and determine associated software and hardware requirements.

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not normally send traffic to those sites. The technician will define this threat as:

A decrypting RSA using an obsolete and weakened encryption attack.

Due to locality and budget constraints, an organization's satellite office has a lower bandwidth allocation than other offices. As a result, the local security infrastructure staff is assessing architectural options that will help preserve network bandwidth and increase speed to both internal and external resources while not sacrificing threat visibility. Which of the following would be the best option to implement?

Distributed connection allocation

A security analyst is performing a review of a web application. During testing as a standard user, the following error log appears:Error Message in Database ConnectionConnection to host USA-WebApp-Database failedDatabase 'Prod-DB01' not foundTable 'CustomerInfo' not foundPlease retry your request laterWhich of the following best describes the analyst's findings and a potential mitigation technique?

The findings indicate information disclosure. The displayed error message should be modified.

The findings indicate unsecure references. All potential user input needs to be properly sanitized.

The findings indicate unsecure protocols. All cookies should be marked as HttpOnly.

The findings indicate information disclosure. The displayed error message should be modified.

The findings indicate a SQL injection. The database needs to be upgraded.

A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following:An administrator's account was hijacked and used on several Autonomous System Numbers within 30 minutes.All administrators use named accounts that require multifactor authentication.Single sign-on is used for all company applications.Which of the following should the security architect do to mitigate the issue?

Enable context-based authentication when network locations change on administrator login attempts.

Configure token theft detection on the single sign-on system with automatic account lockouts.

Enable context-based authentication when network locations change on administrator login attempts.

Decentralize administrator accounts and force unique passwords for each application.

Enforce biometric authentication requirements for the administrator's named accounts.

A senior security engineer flags the following log file snippet as having likely facilitated an attacker's lateral movement in a recent breach:qry_source: 19.27.214.22 TCP/53qry_dest: 199.105.22.13 TCP/53qry_type: AXFR| in comptia.org------------ directoryserver1 A 10.80.8.10------------ directoryserver2 A 10.80.8.11------------ directoryserver3 A 10.80.8.12------------ internal-dns A 10.80.9.1----------- www-int A 10.80.9.3------------ fshare A 10.80.9.4------------ sip A 10.80.9.5------------ msn-crit-apcs A 10.81.22.33Which of the following solutions, if implemented, would mitigate the risk of this issue reoccurring?

Restricting DNS traffic to UDP/53

Implementing DNS masking on internal servers

Permitting only clients from internal networks to query DNS

Which of the following best describes the reason a network architect would enable forward secrecy on all VPN tunnels?

This process reduces the success of attackers performing cryptanalysis.

This process is a requirement to enable hardware-accelerated cryptography.

This process reduces the success of attackers performing cryptanalysis.

The business requirements state that confidentiality is a critical success factor.

Modern cryptographic protocols list this process as a prerequisite for use.

During a periodic internal audit, a company identifies a few new, critical security controls that are missing. The company has a mature risk management program in place, and the following requirements must be met:The stakeholders should be able to see all the risks.The risks need to have someone accountable for them.Which of the following actions should the GRC analyst take next?

Add the risk to the risk register and assign the owner and severity.

Change the risk appetite and assign an owner to it.

Mitigate the risk and change the status to accepted.

Review the risk to decide whether to accept or reject it.

A security engineer must ensure that sensitive corporate information is not exposed if a company laptop is stolen. Which of the following actions best addresses this requirement?

Utilizing desktop as a service for all company data and multifactor authentication

Using explicit allow lists of specific IP addresses and deploying single sign-on

Deploying mobile device management and requiring stronger passwords

Updating security mobile reporting policies and monitoring data breaches

An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the least amount of downtime. Which of the following should the analyst perform?

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.

Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.

A security engineer is implementing a code signing requirement for all code developed by the organization. Currently, the PKI only generates website certificates. Which of the following steps should the engineer perform first?

Add a new template on the internal CA with the correct attributes.

Generate a wildcard certificate for the internal domain.

Recalculate a public/private key pair for the root CA.

Implement a SAN for all internal web applications.

Which of the following are risks associated with vendor lock-in? (Select two).

The vendor can change product offerings.

The client experiences decreased quality of service.

The client can seamlessly move data.

The vendor can change product offerings.

The client receives a sufficient level of service.

The client experiences decreased quality of service.

The client can leverage a multicloud approach.

The client experiences increased interoperability.

An auditor is reviewing the logs from a web application to determine the source of an incident. The web application architecture includes an internet-accessible application load balancer, a number of web servers in a private subnet, application servers, and one database server in a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:Web server logs:192.168.1.10 - - [24/Oct/2020 11:24:34 +05:00] 'GET /bin/bash' HTTP/1.1' 200 453 Safari/536.36192.168.1.10 - - [24/Oct/2020 11:24:35 +05:00] 'GET / HTTP/1.1' 200 453 Safari/536.36Application server logs:24/Oct/2020 11:24:34 +05:00 - 192.168.2.11 - request does not match a known local user. Querying DB24/Oct/2020 11:24:35 +05:00 - 192.168.2.12 - root path. Begin processingDatabase server logs:24/Oct/2020 11:24:34 +05:00 [Warning] 'option read_buffer_size1 unassigned value 0 adjusted to 204824/Oct/2020 11:24:35 +05:00 [Warning] CA certificate ca.pem is self-signed.Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

Enable the X-Forwarded-For header at the load balancer.

Install a software-based HIDS on the application servers.

Install a certificate signed by a trusted CA.

Use stored procedures on the database server.

Store the value of the $_SERVER['REMOTE_ADDR'] received by the web servers.

An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?

Update the organization's threat model.

Move to the next risk in the register.

Recalculate the magnitude of the impact.

An external threat actor attacks public infrastructure providers. In response to the attack and during follow-up activities, various providers share information obtained during response efforts. After the attack, energy sector companies share their status and response data:Company SIEM UEBA DLP ISAC Member TIP Integration Time to Detect Time to Respond1 Yes No Yes Yes Yes 10 minutes 20 minutes2 Yes Yes Yes Yes No 20 minutes 40 minutes3 Yes Yes No No Yes 12 minutes 24 minutesWhich of the following is the most important issue to address to defend against future attacks?

Failure to join the industry ISAC

Failure to implement a UEBA system

Failure to implement a DLP system

Failure to join the industry ISAC

Failure to integrate with the TIP

A company is preparing to move a new version of a web application to production. No issues were reported during security scanning or quality assurance in the CI/CD pipeline. Which of the following actions should the company take next?

Merge the test branch to the main branch

Perform threat modeling on the production application

Conduct unit testing on the submitted code

Perform a peer review on the test branch

Which of the following best describes the reason PQC preparation is important?

To protect data against decryption due to increases in computational resource availability

To have larger key lengths available through key stretching

To improve encryption performance and speed using lightweight cryptography

To leverage asymmetric encryption for large amounts of data

Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?

Insufficient coprocessor support

Incomplete mathematical primitives

Quantum computers not yet capable

Insufficient coprocessor support

A security engineer must ensure that sensitive corporate information is not exposed if a company laptop is stolen. Which of the following actions best addresses this requirement?

Utilizing desktop as a service for all company data and multifactor authentication

Using explicit allow lists of specific IP addresses and deploying single sign-on

Deploying mobile device management and requiring stronger passwords

Updating security mobile reporting policies and monitoring data breaches

A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident. Which of the following would be best to proceed with the transformation?

An on-premises solution as a backup

A load balancer with a round-robin configuration

An active-active solution within the same tenant

CompTIA CAS-005 Practice Test 5 - Free Online Exam Questions 161-200

After a penetration test on the internal network, the following report was generated:

Attack Target Result

Compromised host ADMIN01S.CORP.LOCAL Successful

Hash collected KRBTGT.CORP.LOCAL Successful

Hash collected SQLSV.CORP.LOCAL Successful

Pass the hash SQLSV.CORP.LOCAL Failed

Domain control CORP.LOCAL Successful

Which of the following should be recommended to remediate the attack?

Become a Premium Member for full access

Unlock Premium Member

CompTIA CAS-005 Practice Test 5

Question

CompTIA CAS-005 Practice Tests

Practice Tests