Ask Question
CompTIA CAS-005 Practice Test - Questions Answers, Page 3
Add to Whishlist
List of questions
Question 21
The identity and access management team is sending logs to the SIEM for continuous monitoring. The deployed log collector is forwarding logs to the SIEM. However, only false positive alerts are being generated. Which of the following is the most likely reason for the inaccurate alerts?
The compute resources are insufficient to support the SIEM
The SIEM indexes are 100 large
The data is not being properly parsed
The retention policy is not property configured
Proper parsing of data is crucial for the SIEM to accurately interpret and analyze the logs being forwarded by the log collector. If the data is not parsed correctly, the SIEM may misinterpret the logs, leading to false positives and inaccurate alerts. Ensuring that the log data is correctly parsed allows the SIEM to correlate and analyze the logs effectively, which is essential for accurate alerting and monitoring.
Question 22
An incident response team is analyzing malware and observes the following:
* Does not execute in a sandbox
* No network loCs
* No publicly known hash match
* No process injection method detected
Which of the following should the team do next to proceed with further analysis?
Use an online vims analysis tool to analyze the sample
Check for an anti-virtualization code in the sample
Utilize a new deployed machine to run the sample.
Search oilier internal sources for a new sample.
Malware that does not execute in a sandbox environment often contains anti-analysis techniques, such as anti-virtualization code. This code detects when the malware is running in a virtualized environment and alters its behavior to avoid detection. Checking for anti-virtualization code is a logical next step because:
It helps determine if the malware is designed to evade analysis tools.
Identifying such code can provide insights into the malware's behavior and intent.
This step can also inform further analysis methods, such as running the malware on physical hardware.
CompTIA Security+ Study Guide
SANS Institute, 'Malware Analysis Techniques'
'Practical Malware Analysis' by Michael Sikorski and Andrew Honig
Question 23
Which of the following best explains the importance of determining organization risk appetite when operating with a constrained budget?
Risk appetite directly impacts acceptance of high-impact low-likelihood events.
Organizational risk appetite varies from organization to organization
Budgetary pressure drives risk mitigation planning in all companies
Risk appetite directly influences which breaches are disclosed publicly
Risk appetite is the amount of risk an organization is willing to accept to achieve its objectives. When operating with a constrained budget, understanding the organization's risk appetite is crucial because:
It helps prioritize security investments based on the level of risk the organization is willing to tolerate.
High-impact, low-likelihood events may be deemed acceptable if they fall within the organization's risk appetite, allowing for budget allocation to other critical areas.
Properly understanding and defining risk appetite ensures that limited resources are used effectively to manage risks that align with the organization's strategic goals.
CompTIA Security+ Study Guide
NIST Risk Management Framework (RMF) guidelines
ISO 31000, 'Risk Management -- Guidelines'
Question 24
Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process. Which of the following is the best strategy for the engineer to use?
Disabling the BIOS and moving to UEFI
Managing secrets on the vTPM hardware
Employing shielding lo prevent LMI
Managing key material on a HSM
The best strategy for securely managing cryptographic material is to use a Hardware Security Module (HSM). Here's why:
Security and Integrity: HSMs are specialized hardware devices designed to protect and manage digital keys. They provide high levels of physical and logical security, ensuring that cryptographic material is well protected against tampering and unauthorized access.
Centralized Key Management: Using HSMs allows for centralized management of cryptographic keys, reducing the risks associated with decentralized and potentially insecure key storage practices, such as on personal laptops.
Compliance and Best Practices: HSMs comply with various industry standards and regulations (such as FIPS 140-2) for secure key management. This ensures that the organization adheres to best practices and meets compliance requirements.
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-57: Recommendation for Key Management
ISO/IEC 19790:2012: Information Technology - Security Techniques - Security Requirements for Cryptographic Modules
Question 25
Users are willing passwords on paper because of the number of passwords needed in an environment. Which of the following solutions is the best way to manage this situation and decrease risks?
Increasing password complexity to require 31 least 16 characters
implementing an SSO solution and integrating with applications
Requiring users to use an open-source password manager
Implementing an MFA solution to avoid reliance only on passwords
Implementing a Single Sign-On (SSO) solution and integrating it with applications is the best way to manage the situation and decrease risks. Here's why:
Reduced Password Fatigue: SSO allows users to log in once and gain access to multiple applications and systems without needing to remember and manage multiple passwords. This reduces the likelihood of users writing down passwords.
Improved Security: By reducing the number of passwords users need to manage, SSO decreases the attack surface and potential for password-related security breaches. It also allows for the implementation of stronger authentication methods.
User Convenience: SSO improves the user experience by simplifying the login process, which can lead to higher productivity and satisfaction.
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-63B: Digital Identity Guidelines - Authentication and Lifecycle Management
OWASP Authentication Cheat Sheet
Question 26
The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep. Which of the following solutions are the best ways to mitigate this issue? (Select two).
Setting different access controls defined by business area
Implementing a role-based access policy
Designing a least-needed privilege policy
Establishing a mandatory vacation policy
Performing periodic access reviews
Requiring periodic job rotation
To mitigate the issue of excessive permissions and privilege creep, the best solutions are:
Implementing a Role-Based Access Policy:
Role-Based Access Control (RBAC): This policy ensures that access permissions are granted based on the user's role within the organization, aligning with the principle of least privilege. Users are only granted access necessary for their role, reducing the risk of excessive permissions.
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations
Performing Periodic Access Reviews:
Regular Audits: Periodic access reviews help identify and rectify instances of privilege creep by ensuring that users' access permissions are appropriate for their current roles. These reviews can highlight unnecessary or outdated permissions, allowing for timely adjustments.
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
ISO/IEC 27001:2013 - Information Security Management
Question 27
A security architect is establishing requirements to design resilience in un enterprise system trial will be extended to other physical locations. The system must
* Be survivable to one environmental catastrophe
* Re recoverable within 24 hours of critical loss of availability
* Be resilient to active exploitation of one site-to-site VPN solution
Load-balance connection attempts and data Ingress at internet gateways
Allocate fully redundant and geographically distributed standby sites.
Employ layering of routers from diverse vendors
Lease space to establish cold sites throughout other countries
Use orchestration to procure, provision, and transfer application workloads lo cloud services
Implement full weekly backups to be stored off-site for each of the company's sites
To design resilience in an enterprise system that can survive environmental catastrophes, recover within 24 hours, and be resilient to active exploitation, the best strategy is to allocate fully redundant and geographically distributed standby sites. Here's why:
Geographical Redundancy: Having geographically distributed standby sites ensures that if one site is affected by an environmental catastrophe, the other sites can take over, providing continuity of operations.
Full Redundancy: Fully redundant sites mean that all critical systems and data are replicated, enabling quick recovery in the event of a critical loss of availability.
Resilience to Exploitation: Distributing resources across multiple sites reduces the risk of a single point of failure and increases resilience against targeted attacks.
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-34: Contingency Planning Guide for Federal Information Systems
ISO/IEC 27031:2011 - Guidelines for Information and Communication Technology Readiness for Business Continuity
Question 28
Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network A network engineer observes the following:
* Users should be redirected to the captive portal.
* The Motive portal runs Tl. S 1 2
* Newer browser versions encounter security errors that cannot be bypassed
* Certain websites cause unexpected re directs
Which of the following mow likely explains this behavior?
The TLS ciphers supported by the captive portal ate deprecated
Employment of the HSTS setting is proliferating rapidly.
Allowed traffic rules are causing the NIPS to drop legitimate traffic
An attacker is redirecting supplicants to an evil twin WLAN.
The most likely explanation for the issues encountered with the captive portal is that the TLS ciphers supported by the captive portal are deprecated. Here's why:
TLS Cipher Suites: Modern browsers are continuously updated to support the latest security standards and often drop support for deprecated and insecure cipher suites. If the captive portal uses outdated TLS ciphers, newer browsers may refuse to connect, causing security errors.
HSTS and Browser Security: Browsers with HTTP Strict Transport Security (HSTS) enabled will not allow connections to sites with weak security configurations. Deprecated TLS ciphers would cause these browsers to block the connection.
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-52: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
OWASP Transport Layer Protection Cheat Sheet
By updating the TLS ciphers to modern, supported ones, the security engineer can ensure compatibility with newer browser versions and resolve the connectivity issues reported by users.
Question 29
A security configure is building a solution to disable weak CBC configuration for remote access connections lo Linux systems. Which of the following should the security engineer modify?
The /etc/openssl.conf file, updating the virtual site parameter
The /etc/nsswith.conf file, updating the name server
The /etc/hosts file, updating the IP parameter
The /etc/etc/sshd, configure file updating the ciphers
The sshd_config file is the main configuration file for the OpenSSH server. To disable weak CBC (Cipher Block Chaining) ciphers for SSH connections, the security engineer should modify the sshd_config file to update the list of allowed ciphers. This file typically contains settings for the SSH daemon, including which encryption algorithms are allowed.
By editing the /etc/ssh/sshd_config file and updating the Ciphers directive, weak ciphers can be removed, and only strong ciphers can be allowed. This change ensures that the SSH server does not use insecure encryption methods.
CompTIA Security+ Study Guide
OpenSSH manual pages (man sshd_config)
CIS Benchmarks for Linux
Question 30
A security team is responding to malicious activity and needs to determine the scope of impact the malicious activity appears to affect certain version of an application used by the organization Which of the following actions best enables the team to determine the scope of Impact?
Performing a port scan
Inspecting egress network traffic
Reviewing the asset inventory
Analyzing user behavior
Reviewing the asset inventory allows the security team to identify all instances of the affected application versions within the organization. By knowing which systems are running the vulnerable versions, the team can assess the full scope of the impact, determine which systems might be compromised, and prioritize them for further investigation and remediation.
Performing a port scan (Option A) might help identify open ports but does not provide specific information about the application versions. Inspecting egress network traffic (Option B) and analyzing user behavior (Option D) are important steps in the incident response process but do not directly identify which versions of the application are affected.
CompTIA Security+ Study Guide
NIST SP 800-61 Rev. 2, 'Computer Security Incident Handling Guide'
CIS Controls, 'Control 1: Inventory and Control of Hardware Assets' and 'Control 2: Inventory and Control of Software Assets'
Related questions
Export
If you didn't receive an email within 5 minutes, you should submit a support request to [email protected].
|
BASIC - 1 Month
$
3
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PLUS - 2 Months
$
10
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
PRO - 6 Months
$
20
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
|
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Full latest questions
No CAPTCHA
New Updates
Export to VPLUS
Export to PDF - All questions
Team support
Selling illegal goods, money scams etc.
Serious attack on a group.
Harassing an individual (including doxing)
Threatening or glorifying violence or serious harm, including self-harm
Nudity/Sexual content
Sexually explicit or suggestive imagery or writing involving minors
Sexually explicit or suggestive imagery or writing involving non-consenting adults or non-humans
Reusing content without attribution (link and blockquotes)
Not in English or has very bad formatting, grammar, and spelling
Author's credential is offensive, spam, or impersonation
Ex. Illegal content, incomplete question...
Question