CompTIA CompTIA Certifications CAS-005 Questions & Answers

• Question 191:

  HOTSPOT

  Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address. The company uses the following internal IP address ranges: 192.10.1.0/24 for the corporate site and 192.10.2.0/24 for the remote

  site. The Telco router interface uses the 192.10.5.0/30 IP range.

  Instructions: Click on the simulation button to refer to the Network Diagram for Company A.

  Click on Router 1, Router 2, and the Firewall to evaluate and configure each device.

  Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces.

  Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other servers on the corporate network.

  

  

  Hot Area:

  

  Correct Answer:

  

  We have traffic coming from two rogue IP addresses: 192.10.3.204 and 192.10.3.254 (both in the 192.10.30.0/24 subnet) going to IPs in the corporate site subnet (192.10.1.0/24) and the remote site subnet (192.10.2.0/24). We need to Deny (block) this traffic at the firewall by ticking the following two checkboxes:

  

• Question 192:

  HOTSPOT

  A product development team has submitted code snippets for review prior to release.

  INSTRUCTIONS

  Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

  If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

  Code Snippet 1

  

  Code Snippet 2

  

  Hot Area:

  

  Correct Answer:

  

  1:

  The potential vulnerability here is not about SQL injection but about the direct use of a user-provided userid without verifying whether the user is authorized to view or interact with the specified user ID, which leads to Insecure Direct Object

  References (IDOR).

  2:

  There is no evidence in the provided code of credentials being passed or an "authenticated" value being present or checked. The vulnerability here is not related to credential handling but to the execution of potentially unsafe commands.

• Question 193:

  An IT director is working on a solution to meet the challenge of remotely managing laptop devices and securely locking them down. The solution must meet the following requirements:

  1.

  Cut down on patch management.

  2.

  Make use of standard configurations.

  3.

  Allow for custom resource configurations.

  4.

  Provide access to the enterprise system from multiple types of devices.

  Which of the following would meet these requirements?

  A. MDM

  B. Emulator

  C. Hosted hypervisor

  D. VDI

  Correct Answer: D

  Cut down on patch management: With VDI, the virtual desktops are managed centrally. Patches and updates can be applied to the master image, which then gets propagated to all virtual desktops. This significantly reduces the complexity and workload of patch management. Standard configurations: VDI allows for the deployment of standardized desktop images, ensuring consistency across all user desktops. Allow for custom resource configurations: VDI can be configured to allocate different levels of resources (CPU, memory, storage) based on the needs of different users or groups. Provide access to the enterprise system from multiple types of devices: Users can access their virtual desktops from various devices, including laptops, tablets, and smartphones, as long as they have a network connection.

• Question 194:

  A security analyst received a report that a suspicious flash drive was picked up in the office's waiting area, located beyond the secured door. The analyst investigated the drive and found malware designed to harvest and transmit credentials. Security cameras in the area where the flash drive was discovered showed a vendor representative dropping the drive. Which of the following should the analyst recommend as an additional way to identify anyone who enters the building, in the event the camera system fails?

  A. Employee badge logs

  B. Phone call logs

  C. Vehicle registration logs

  D. Visitor logs

  Correct Answer: D

• Question 195:

  An IoT device implements an encryption module built within its SoC, where the asymmetric private key has been defined in a write-once read-many portion of the SoC hardware. Which of the following should the IoT manufacture do if the private key is compromised?

  A. Use over-the-air updates to replace the private key.

  B. Manufacture a new IoT device with a redesigned SoC.

  C. Replace the public portion of the IoT key on its servers.

  D. Release a patch for the SoC software.

  Correct Answer: B

  Manufacture a new IoT device with a redesigned SoC: Write-Once Read-Many (WORM) is specifically designed to adhere to the highest level of integrity. Once written, it cannot be replaced. As for the Private Key compromise, OTA updates and software patches don't work and replacing the public key does nothing. Your only option is to burn it to the ground and start again.