An incident response team completed recovery from offline backup for several workstations. The workstations were subjected to a ransomware attack after users fell victim to a spear-phishing campaign, despite a robust training program. Which of the following questions should be considered during the lessons-learned phase to most likely reduce the risk of reoccurrence? (Choose two.)
A. Are there opportunities for legal recourse against the originators of the spear-phishing campaign?
B. What internal and external stakeholders need to be notified of the breach?
C. Which methods can be implemented to increase speed of offline backup recovery?
D. What measurable user behaviors were exhibited that contributed to the compromise?
E. Which technical controls, if implemented, would provide defense when user training fails?
F. Which user roles are most often targeted by spear phishing attacks?
A security analyst is conducting an investigation regarding a potential insider threat. An unauthorized USB device might have been used to exfiltrate proprietary data from a Linux system.
Which of the following options would identify the IoCs and provide the appropriate response?
A. Review the network logs and update the firewall rules.
B. Review the operating system logs and update the DLP rules.
C. Review the vulnerability logs and update the IDS rules.
D. Obtain the device ID using dmesg and update the portable storage inventory.
An analyst determined that the current process for manually handling phishing attacks within the company is ineffective. The analyst is developing a new process to ensure phishing attempts are handled internally in an appropriate and timely manner. One of the analyst's requirements is that a blocklist be updated automatically when phishing attempts are identified. Which of the following would help satisfy this requirement?
A. SOAR
B. MSSP
C. Containerization
D. Virtualization
E. MDR deployment
The following messages are displayed when a VPN client is attempting to connect to an OpenVPN server:
OpenSSL: error: 140760FC:SSL routines: SSL23_GET_CLIENT_HELLO: unknown protocol' TLS_ERROR: BIO read tls_read_plaintext error' TLS_ERROR: TLS object->incoming plaintext read error'
TLS_ERROR: TLS handshake failed'
SIGUSR1 [soft, tls_error] received, client_instance restarting'
Which of the following best explains the cause of these messages?
A. The client is attempting to establish an unencrypted connection with the server.
B. The server is unreachable to the client and a connection cannot be established.
C. The client is using LibreSSL libraries while the server is using OpenSSL libraries.
D. A TLS version mismatch exists between the client and the server.
An organization needs to disable TLS 1.0 on a retail website. Which of the following best explains the reason for this action?
A. Payment card industry compliance requires the change.
B. Digital certificates are dependent on a newer protocol.
C. Most browser manufacturers are ending legacy support.
D. The application software no longer supports TLS 1.0.
Employees are receiving certificate errors when visiting secure internet websites. A help desk technician reviews a sample of the certificates from various external websites and determines that an internal certificate with the name of the company's proxy is present in the middle of the certificate chain. The help desk technician escalates the issue to the security team. Which of the following should the security team do next to resolve this issue?
A. Renew and redeploy the intermediate CA certificate.
B. Contact the external websites about updating their certificates.
C. Use Wireshark to analyze network traffic for potential malicious activities.
D. Add the affected websites to the proxy's allow list.
A security engineer is implementing DLP. Which of the following should the security engineer include in the overall DLP strategy?
A. Tokenization
B. Network traffic analysis
C. Data classification
D. Multifactor authentication
A company would like to move its payment card data to a cloud provider. Which of the following solutions will best protect account numbers from unauthorized disclosure?
A. Storing the data in an encoded file
B. Implementing database encryption at rest
C. Only storing tokenized card data
D. Implementing data field masking
A company uses a CSP to provide a front end for its new payment system offering. The new offering is currently certified as PCI compliant. In order for the integrated solution to be compliant, the customer:
A. must also be PCI compliant, because the risk is transferred to the provider.
B. still needs to perform its own PCI assessment of the provider's managed serverless service.
C. needs to perform a penetration test of the cloud provider's environment.
D. must ensure in-scope systems for the new offering are also PCI compliant.
A security technician is trying to connect a remote site to the central office over a site-to-site VPN. The technician has verified the source and destination IP addresses are correct, but the technician is unable to get the remote site to connect. The following error message keeps repeating:
An error has occurred during Phase 1 handshake. Deleting keys and retrying...
Which of the following is most likely the reason the connection is failing?
A. The IKE hashing algorithm uses different key lengths on each VPN device.
B. The IPSec settings allow more than one cipher suite on both devices.
C. The Diffie-Hellman group on both sides matches but is a legacy group.
D. The remote VPN is attempting to connect with a protocol other than SSL/TLS.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-005 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.