ExamGecko
Login
Home / CompTIA / CAS-005 / List of questions
Ask Question

CompTIA CAS-005 Practice Test - Questions Answers, Page 14

Add to Whishlist

List of questions

Question 131

Report Export Collapse

Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

Become a Premium Member for full access
  Unlock Premium Member

Question 132

Report Export Collapse

A user submits a help desk ticket stating then account does not authenticate sometimes. An analyst reviews the following logs for the user:

Which of the following best explains the reason the user's access is being denied?

Become a Premium Member for full access
  Unlock Premium Member

Question 133

Report Export Collapse

A financial services organization is using Al lo fully automate the process of deciding client loan rates Which of the following should the organization be most concerned about from a privacy perspective?

Become a Premium Member for full access
  Unlock Premium Member

Question 134

Report Export Collapse

A user reports application access issues to the help desk. The help desk reviews the logs for the user:

CompTIA CAS-005 image Question 1 63877766563168194375618

Which of the following is most likely the reason for the issue?

Become a Premium Member for full access
  Unlock Premium Member

Question 135

Report Export Collapse

A systems engineer is configuring SSO for a business that will be using SaaS applications for its remote-only workforce. Privileged actions in SaaS applications must be allowed only from corporate mobile devices that meet minimum security requirements, but BYOD must also be permitted for other activity. Which of the following would best meet this objective?

Become a Premium Member for full access
  Unlock Premium Member

Question 136

Report Export Collapse

A company wants to modify its process to comply with privacy requirements after an incident involving PII data in a development environment. In order to perform functionality tests, the QA team still needs to use valid data in the specified format. Which of the following best addresses the risk without impacting the development life cycle?

Become a Premium Member for full access
  Unlock Premium Member

Question 137

Report Export Collapse

A security architect must make sure that the least number of services as possible is exposed in order to limit an adversary's ability to access the systems. Which of the following should the architect do first?

Become a Premium Member for full access
  Unlock Premium Member

Question 138

Report Export Collapse

As part of a security audit in the software development life cycle, a product manager must demonstrate and provide evidence of a complete representation of the code and modules used within the production-deployed application prior to the build. Which of the following best provides the required evidence?

Become a Premium Member for full access
  Unlock Premium Member

Question 139

Report Export Collapse

An organization determines existing business continuity practices are inadequate to support critical internal process dependencies during a contingency event. A compliance analyst wants the Chief Information Officer (CIO) to identify the level of residual risk that is acceptable to guide remediation activities. Which of the following does the CIO need to clarify?

Become a Premium Member for full access
  Unlock Premium Member

Question 140

Report Export Collapse

A company recently experienced a ransomware attack. Although the company performs systems and data backup on a schedule that aligns with its RPO (Recovery Point Objective) requirements, the backup administrator could not recover critical systems and data from its offline backups to meet the RPO. Eventually, the systems and data were restored with information that was six months outside of RPO requirements.

Which of the following actions should the company take to reduce the risk of a similar attack?

Become a Premium Member for full access
  Unlock Premium Member
Total 198 questions
Go to page: of 20
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A global company's Chief Financial Officer (CFO) receives a phone call from someone claiming to be the Chief Executive Officer (CEO). The caller claims to be stranded and in desperate need of money. The CFO is suspicious, but the caller's voice sounds similar to the CEO's. Which of the following best describes this type of attack?
A security engineer must ensure that sensitive corporate information is not exposed if a company laptop is stolen. Which of the following actions best addresses this requirement?
Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?
Which of the following best describes the reason PQC preparation is important?
A company is preparing to move a new version of a web application to production. No issues were reported during security scanning or quality assurance in the CI/CD pipeline. Which of the following actions should the company take next?
A cloud engineer wants to configure mail security protocols to support email authenticity and enable the flow of email security information to a third-party platform for further analysis. Which of the following must be configured to achieve these requirements? (Select two).
An external threat actor attacks public infrastructure providers. In response to the attack and during follow-up activities, various providers share information obtained during response efforts. After the attack, energy sector companies share their status and response data: Company SIEM UEBA DLP ISAC Member TIP Integration Time to Detect Time to Respond 1 Yes No Yes Yes Yes 10 minutes 20 minutes 2 Yes Yes Yes Yes No 20 minutes 40 minutes 3 Yes Yes No No Yes 12 minutes 24 minutes Which of the following is the most important issue to address to defend against future attacks?
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?
An auditor is reviewing the logs from a web application to determine the source of an incident. The web application architecture includes an internet-accessible application load balancer, a number of web servers in a private subnet, application servers, and one database server in a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets: Web server logs: 192.168.1.10 - - [24/Oct/2020 11:24:34 +05:00] 'GET /bin/bash' HTTP/1.1' 200 453 Safari/536.36 192.168.1.10 - - [24/Oct/2020 11:24:35 +05:00] 'GET / HTTP/1.1' 200 453 Safari/536.36 Application server logs: 24/Oct/2020 11:24:34 +05:00 - 192.168.2.11 - request does not match a known local user. Querying DB 24/Oct/2020 11:24:35 +05:00 - 192.168.2.12 - root path. Begin processing Database server logs: 24/Oct/2020 11:24:34 +05:00 [Warning] 'option read_buffer_size1 unassigned value 0 adjusted to 2048 24/Oct/2020 11:24:35 +05:00 [Warning] CA certificate ca.pem is self-signed. Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?
Which of the following are risks associated with vendor lock-in? (Select two).