CompTIA CompTIA Certifications CAS-005 Questions & Answers

• Question 51:

  A software development company needs to mitigate third-party risks to its software supply chain. Which of the following techniques should the company use in the development environment to best meet this objective?

  A. Performing software composition analysis

  B. Requiring multifactor authentication

  C. Establishing coding standards and monitoring for compliance

  D. Implementing a robust unit and regression-testing scheme

  Correct Answer: A

• Question 52:

  A company recently migrated its critical web application to a cloud provider's environment. As part of the company's risk management program, the company intends to conduct an external penetration test. According to the scope of work and the rules of engagement, the penetration tester will validate the web application's security and check for opportunities to expose sensitive company information in the newly migrated cloud environment. Which of the following should be the first consideration prior to engaging in the test?

  A. Prepare a redundant server to ensure the critical web application's availability during the test.

  B. Obtain agreement between the company and the cloud provider to conduct penetration testing.

  C. Ensure the latest patches and signatures are deployed on the web server.

  D. Create an NDA between the external penetration tester and the company.

  Correct Answer: B

  Obtain agreement between the company and the cloud provider to conduct penetration testing is the most critical first consideration. This ensures that the test is conducted legally and within the cloud provider's policies, preventing any potential violations or disruptions.

• Question 53:

  A recent batch of bug bounty findings indicates a systematic issue related to directory traversal. A security engineer needs to prevent flawed code from being deployed into production. Which of the following is the best mitigation strategy for the engineer?

  A. Setting up secure development training with a focus on filesystem access issues

  B. Implementing static code analysis testing into the CI/CD pipeline and blocking based on findings

  C. Using a software composition analysis tool to look for directory traversal issues in the application

  D. Developing a secure library for filesystem access and blocking builds that do not use the library

  E. Leveraging a dynamic application security testing tool to uncover issues related to directory traversal

  Correct Answer: B

• Question 54:

  An organization developed a containerized application. The organization wants to run the application in the cloud and automatically scale it based on demand. The security operations team would like to use container orchestration but does not want to assume patching responsibilities. Which of the following service models best meets these requirements?

  A. PaaS

  B. SaaS

  C. IaaS

  D. MaaS

  Correct Answer: A

• Question 55:

  A control systems analyst is reviewing the defensive posture of engineering workstations on the shop floor. Upon evaluation, the analyst makes the following observations:

  1.

  Unsupported, end-of-life operating systems were still prevalent on the shop floor.

  2.

  There are no security controls for systems with supported operating systems.

  3.

  There is little uniformity of installed software among the workstations.

  Which of the following would have the greatest impact on the attack surface?

  A. Deploy antivirus software to all of the workstations.

  B. Increase the level of monitoring on the workstations.

  C. Utilize network-based allow and block lists.

  D. Harden all of the engineering workstations using a common strategy.

  Correct Answer: D

• Question 56:

  After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst create to address future incidents?

  A. Root cause analysis

  B. Communication plan

  C. Runbook

  D. Lessons learned

  Correct Answer: C

• Question 57:

  A common industrial protocol has the following characteristics:

  1.

  Provides for no authentication/security

  2.

  Is often implemented in a client/server relationship

  3.

  Is implemented as either RTU or TCP/IP

  Which of the following is being described?

  A. Profinet

  B. Modbus

  C. Zigbee

  D. Z-Wave

  Correct Answer: B

• Question 58:

  IoCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming. Which of the following would be the most appropriate recommendation?

  A. FIM

  B. SASE

  C. UEBA

  D. CSPM

  E. EAP

  Correct Answer: C

  UEBA focuses on analyzing the behaviors of users and entities within the network to identify anomalies that may indicate security threats. Unlike signature-based detection, which relies on known patterns of malicious activity, UEBA uses machine learning and advanced analytics to detect deviations from normal behavior. This approach can identify new and unknown threats that do not match existing signatures, thus addressing the limitation of missing IoCs that signature-based systems might overlook

• Question 59:

  An application engineer is using the Swagger framework to leverage REST APIs to authenticate endpoints. The engineer is receiving HTTP 403 responses. Which of the following should the engineer do to correct this issue? (Choose two.)

  A. Obtain a security token.

  B. Obtain a public key.

  C. Leverage Kerberos for authentication

  D. Leverage OAuth for authentication.

  E. Leverage LDAP for authentication.

  F. Obtain a hash value.

  Correct Answer: AD

  Obtain a security token: HTTP 403 responses typically indicate that the request is authenticated but the user does not have the necessary permissions to access the endpoint. Obtaining a security token is a common method for authenticating

  requests. This token is usually required by the API to verify that the requestor has the proper access rights.

  Leverage OAuth for authentication: OAuth is a widely used authentication framework that allows an application to obtain limited access to user accounts on an HTTP service. It is commonly used for token- based authentication, and

  leveraging OAuth would help in obtaining the necessary tokens and permissions to access the API endpoints.

• Question 60:

  A company's software developers have indicated that the security team takes too long to perform application security tasks. A security analyst plans to improve the situation by implementing security into the SDLC. The developers have the following requirements:

  1.

  The solution must be able to initiate SQL injection and reflected XSS attacks.

  2.

  The solution must ensure the application is not susceptible to memory leaks.

  Which of the following should be implemented to meet these requirements? (Choose two.)

  A. Side-channel analysis

  B. Protocol scanner

  C. HTTP interceptor

  D. DAST

  E. Fuzz testing

  F. SAST

  G. SCAP

  Correct Answer: DF

  DAST (Dynamic Application Security Testing): DAST is a type of black-box testing that involves testing an application in its running state. It can initiate SQL injection and reflected XSS attacks by simulating these attacks against the live application to identify vulnerabilities. This meets the first requirement of initiating SQL injection and reflected XSS attacks. SAST (Static Application Security Testing): SAST is a type of white-box testing that involves analyzing the source code of an application. It can detect vulnerabilities related to memory management, such as memory leaks, by examining the code for issues that could lead to such problems. This meets the second requirement of ensuring the application is not susceptible to memory leaks.