CompTIA CompTIA Certifications CAS-005 Questions & Answers

• Question 31:

  A risk assessment determined that company data was leaked to the general public during a migration. Which of the following best explains the root cause of this issue?

  A. Incomplete firewall rules between the CSP and on-premises infrastructure

  B. Insufficient logging of cloud activities to company SIEM

  C. Failure to implement full disk encryption to on-premises data storage

  D. Misconfiguration of access controls on cloud storage containers

  Correct Answer: D

  During a migration, data is often moved to cloud storage containers. If these containers are not properly configured, they may be accessible to the public or unauthorized users, leading to data leaks. Misconfigurations such as setting permissions to public or not restricting access appropriately are common causes of data breaches in cloud environments.

• Question 32:

  Recently, two large engineering companies in the same line of business decided to approach cyberthreats in a united way. Which of the following best describes this unified approach?

  A. NDA

  B. ISA

  C. SLA

  D. MOU

  Correct Answer: D

  Given the scenario of two large engineering companies joining forces to address cyberthreats in a united way, the most fitting description of their approach is a Memorandum of Understanding (MOU). This document formalizes their agreement to cooperate on cybersecurity matters, outlining their shared objectives, responsibilities, and possibly the methods they will use to collaborate effectively in combating cyber threats.

• Question 33:

  A security analyst is reviewing suspicious emails that were forwarded by users. Which of the following is the best method for the analyst to use when reviewing attachments that came with these emails?

  A. Reverse engineering

  B. Protocol analysis

  C. Sandboxing

  D. Fuzz testing

  E. Steganography

  Correct Answer: C

  The most effective method for a security analyst to review suspicious email attachments is to use sandboxing. This approach allows the attachments to be executed in a safe, isolated environment, making it possible to observe any malicious activities without risking the integrity of the actual systems. Sandboxing offers a comprehensive and efficient way to analyze potentially harmful content in email attachments.

• Question 34:

  The Chief Information Security Officer (CISO) is working with a new company and needs a legal document to ensure all parties understand their roles during an assessment. Which of the following should the CISO have each party sign?

  A. SLA

  B. ISA

  C. Permissions and access

  D. Rules of engagement

  Correct Answer: D

  The Rules of Engagement (ROE) document is essential for ensuring all parties understand their roles, responsibilities, and limitations during an assessment. It provides a clear framework that helps prevent legal and operational misunderstandings, making it the most appropriate choice for the CISO to have each party sign in this scenario.

• Question 35:

  A security officer at an organization that makes and sells digital artwork must ensure the integrity of the artwork can be maintained. Which of the following are the best ways for the security officer to accomplish this task? (Choose two.)

  A. Hashing

  B. ECC

  C. IPSec

  D. Tokenization

  E. Watermarking

  F. Print blocking

  Correct Answer: AE

  Implementing hashing and watermarking provides a comprehensive approach to maintaining the integrity of digital artwork. Hashing allows for verification of file integrity through checksums, while watermarking embeds ownership and authenticity information directly into the artwork, deterring unauthorized use and providing proof of ownership. Together, these measures help protect the organization's digital assets and ensure that customers receive genuine and unaltered digital artwork.

• Question 36:

  Which of the following industrial protocols is most likely to be found in public utility applications, such as water or electric?

  A. CIP

  B. Zigbee

  C. Modbus

  D. DNP3

  Correct Answer: D

  DNP3 (Distributed Network Protocol 3) is specifically designed for use in SCADA (Supervisory Control and Data Acquisition) systems, which are commonly employed in public utility sectors such as water and electric utilities. DNP3 is known for its robustness in handling communication over long distances and in noisy environments typical of utility operations. It supports features essential for reliable and secure communication, including time synchronization, data integrity checks, and error recovery mechanisms. These capabilities make DNP3 highly suitable for monitoring and controlling remote devices and systems critical to public utilities.

• Question 37:

  A security engineer evaluates the overall security of a custom mobile gaming application and notices that developers are bringing in a large number of open-source packages without appropriate patch management. Which of the following would the engineer most likely recommend for uncovering known vulnerabilities in the packages?

  A. Leverage an exploitation framework to uncover vulnerabilities.

  B. Use fuzz testing to uncover potential vulnerabilities in the application.

  C. Utilize a software composition analysis tool to report known vulnerabilities.

  D. Reverse engineer the application to look for vulnerable code paths.

  E. Analyze the use of an HTTP intercepting proxy to dynamically uncover issues.

  Correct Answer: C

• Question 38:

  A commercial OSINT provider utilizes and reviews data from various sources of publicly available information. The provider is transitioning the subscription service to a model that limit's the scope of available data based on subscription tier. Which of the following approaches would best ensure subscribers are only granted access to data associated with their tier? (Choose two.)

  A. Storing collected data on separate physical media per tier

  B. Controlling access to data based on the role of users

  C. Employing attribute-based access control

  D. Implementing a behavior-based IDS positioned at the storage network gateway

  E. Establishing a classification and labeling scheme

  F. Implementing a mandatory access control scheme

  Correct Answer: BE

• Question 39:

  Following a Log4j outbreak, several network appliances were not managed and remained undetected despite an application inventory system being in place. Which of the following solutions should the security director recommend to best understand the composition of applications on unmanaged devices?

  A. Protocol analyzer

  B. Package monitoring

  C. Software bill of materials

  D. Fuzz testing

  Correct Answer: C

  A Software Bill of Materials (SBOM) provides a comprehensive inventory of software components and libraries used in an application or device. It lists out all the dependencies and their versions, which is crucial for understanding the composition of applications, especially on unmanaged devices. In the context of the Log4j outbreak, having an SBOM would allow the security team to identify if any vulnerable versions of Log4j or other vulnerable software components are present on the unmanaged devices. This helps in assessing and mitigating risks associated with known vulnerabilities.

• Question 40:

  A company is rewriting a vulnerable application and adding the mprotect() system call in multiple parts of the application's code that was being leveraged by a recent exploitation tool. Which of the following should be enabled to ensure the application can leverage the new system call against similar attacks in the future?

  A. TPM

  B. Secure boot

  C. NX bit

  D. HSM

  Correct Answer: C

  Enabling the NX bit ensures that the rewritten application can effectively use the mprotect() system call to manage memory execution permissions, thereby strengthening its defenses against exploitation tools that attempt to execute code from unauthorized memory regions. This approach aligns with best practices in modern application security to mitigate memory-based vulnerabilities