ExamGecko
Login
Home / CompTIA / CAS-005 / List of questions
Ask Question

CompTIA CAS-005 Practice Test - Questions Answers, Page 5

Add to Whishlist

List of questions

Question 41

Report Export Collapse

Users are experiencing a variety of issues when trying to access corporate resources examples include

* Connectivity issues between local computers and file servers within branch offices

* Inability to download corporate applications on mobile endpoints wtiilc working remotely

* Certificate errors when accessing internal web applications

Which of the following actions are the most relevant when troubleshooting the reported issues? (Select two).

Become a Premium Member for full access
  Unlock Premium Member

Question 42

Report Export Collapse

A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors Which of the following is the most relevant to the DevSecOps team's task'

Become a Premium Member for full access
  Unlock Premium Member

Question 43

Report Export Collapse

An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry Which of the following should the security analyst use to perform threat modeling?

Become a Premium Member for full access
  Unlock Premium Member

Question 44

Report Export Collapse

Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation. The analyst generates the following output:

CompTIA CAS-005 image Question 44 63875074218397843953856

Which of the following would the analyst most likely recommend?

Become a Premium Member for full access
  Unlock Premium Member

Question 45

Report Export Collapse

A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?

Become a Premium Member for full access
  Unlock Premium Member

Question 46

Report Export Collapse

A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries Which of the following should the organization most likely leverage to facilitate this activity? (Select two).

Become a Premium Member for full access
  Unlock Premium Member

Question 47

Report Export Collapse

An organization mat performs real-time financial processing is implementing a new backup solution Given the following business requirements?

* The backup solution must reduce the risk for potential backup compromise

* The backup solution must be resilient to a ransomware attack.

* The time to restore from backups is less important than the backup data integrity

* Multiple copies of production data must be maintained

Which of the following backup strategies best meets these requirement?

Become a Premium Member for full access
  Unlock Premium Member

Question 48

Report Export Collapse

During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server Given the following portion of the code:

CompTIA CAS-005 image Question 48 63875074218397843953856

Which of the following best describes this incident?

Become a Premium Member for full access
  Unlock Premium Member

Question 49

Report Export Collapse

A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution Which of the following most likely explains the choice to use a proxy-based CASB?

Become a Premium Member for full access
  Unlock Premium Member

Question 50

Report Export Collapse

A company's security policy states that any publicly available server must be patched within 12 hours after a patch is released A recent llS zero-day vulnerability was discovered that affects all versions of the Windows Server OS:

CompTIA CAS-005 image Question 50 63875074218413467389736

Which of the following hosts should a security analyst patch first once a patch is available?

Become a Premium Member for full access
  Unlock Premium Member
Total 198 questions
Go to page: of 20
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A global company's Chief Financial Officer (CFO) receives a phone call from someone claiming to be the Chief Executive Officer (CEO). The caller claims to be stranded and in desperate need of money. The CFO is suspicious, but the caller's voice sounds similar to the CEO's. Which of the following best describes this type of attack?
A security engineer must ensure that sensitive corporate information is not exposed if a company laptop is stolen. Which of the following actions best addresses this requirement?
Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?
Which of the following best describes the reason PQC preparation is important?
A company is preparing to move a new version of a web application to production. No issues were reported during security scanning or quality assurance in the CI/CD pipeline. Which of the following actions should the company take next?
A cloud engineer wants to configure mail security protocols to support email authenticity and enable the flow of email security information to a third-party platform for further analysis. Which of the following must be configured to achieve these requirements? (Select two).
An external threat actor attacks public infrastructure providers. In response to the attack and during follow-up activities, various providers share information obtained during response efforts. After the attack, energy sector companies share their status and response data: Company SIEM UEBA DLP ISAC Member TIP Integration Time to Detect Time to Respond 1 Yes No Yes Yes Yes 10 minutes 20 minutes 2 Yes Yes Yes Yes No 20 minutes 40 minutes 3 Yes Yes No No Yes 12 minutes 24 minutes Which of the following is the most important issue to address to defend against future attacks?
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?
An auditor is reviewing the logs from a web application to determine the source of an incident. The web application architecture includes an internet-accessible application load balancer, a number of web servers in a private subnet, application servers, and one database server in a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets: Web server logs: 192.168.1.10 - - [24/Oct/2020 11:24:34 +05:00] 'GET /bin/bash' HTTP/1.1' 200 453 Safari/536.36 192.168.1.10 - - [24/Oct/2020 11:24:35 +05:00] 'GET / HTTP/1.1' 200 453 Safari/536.36 Application server logs: 24/Oct/2020 11:24:34 +05:00 - 192.168.2.11 - request does not match a known local user. Querying DB 24/Oct/2020 11:24:35 +05:00 - 192.168.2.12 - root path. Begin processing Database server logs: 24/Oct/2020 11:24:34 +05:00 [Warning] 'option read_buffer_size1 unassigned value 0 adjusted to 2048 24/Oct/2020 11:24:35 +05:00 [Warning] CA certificate ca.pem is self-signed. Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?
Which of the following are risks associated with vendor lock-in? (Select two).