A news organization wants to implement workflows that allow users to request that untruthful data be retraced and scrubbed from online publications to comply with the right to be forgotten.
Which of the following regulations is the organization most likely trying to address'
A. GDPR
B. COPPA
C. CCPA
D. DORA
Correct Answer: A
The General Data Protection Regulation (GDPR) is the regulation most likely being addressed by the news organization. GDPR includes provisions for the "right to be forgotten," which allows individuals to request the deletion of personal data
that is no longer necessary for the purposes for which it was collected. This regulation aims to protect the privacy and personal data of individuals within the European Union.
References:
CompTIA SecurityX Study Guide: Covers GDPR and its requirements, including the right to be forgotten.
GDPR official documentation: Details the rights of individuals, including data erasure and the right to be forgotten.
"GDPR: A Practical Guide to the General Data Protection Regulation" by IT Governance Privacy Team: Provides a comprehensive overview of GDPR compliance, including workflows for data deletion requests.
Question 82:
Third parties notified a company's security team about vulnerabilities in the company's application. The security team determined these vulnerabilities were previously disclosed in third-party libraries.
Which of the following solutions best addresses the reported vulnerabilities?
A. Using laC to include the newest dependencies
B. Creating a bug bounty program
C. Implementing a continuous security assessment program
D. Integrating a SASI tool as part of the pipeline
Correct Answer: D
The best solution to address reported vulnerabilities in third-party libraries is integrating a Static Application Security Testing (SAST) tool as part of the development pipeline. Here's why:
Early Detection: SAST tools analyze source code for vulnerabilities before the code is compiled. This allows developers to identify and fix security issues early in the development process. Continuous Security: By integrating SAST tools into
the CI/CD pipeline, the organization ensures continuous security assessment of the codebase, including third-party libraries, with each code commit and build. Comprehensive Analysis:
SAST tools provide a detailed analysis of the code, identifying potential vulnerabilities in both proprietary code and third-party dependencies, ensuring that known issues in libraries are addressed promptly.
Question 83:
A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform
This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries
Which of the following should the organization most likely leverage to facilitate this activity? (Select two).
A. CWPP
B. YAKA
C. ATTACK
D. STIX
E. TAXII
F. JTAG
Correct Answer: DE
D. STIX (Structured Threat Information eXpression): STIX is a standardized language for representing threat information in a structured and machine-readable format. It facilitates the sharing of threat intelligence by ensuring that data is
consistent and can be easily understood by all parties involved. E. TAXII (Trusted Automated eXchange of Indicator Information): TAXII is a transport mechanism that enables the sharing of cyber threat information over a secure and trusted
network. It works in conjunction with STIX to automate the exchange of threat intelligence among organizations.
Other options:
A. CWPP (Cloud Workload Protection Platform): This focuses on securing cloud workloads and is not directly related to threat intelligence sharing. B. YARA: YARA is used for malware research and identifying patterns in files, but it is not a
platform for sharing threat intelligence. C. ATTandCK: This is a knowledge base of adversary tactics and techniques but does not facilitate the sharing of threat intelligence data. F. JTAG: JTAG is a standard for testing and debugging integrated
circuits, not related to threat intelligence.
References:
CompTIA Security+ Study Guide
"STIX and TAXII: The Backbone of Threat Intelligence Sharing" by MITRE NIST SP 800-150, "Guide to Cyber Threat Information Sharing"
Question 84:
A security administrator needs to automate alerting. The server generates structured log files that need to be parsed to determine whether an alarm has been triggered Given the following code function:
Which of the following is most likely the log input that the code will parse?
A. ["error_log] ["system_1"] ["InAlarmState": True]
B. <"error_log"><"system_1">
C. error_log;
-system_1:
InAlarmState: True
D. {"error_log": {"system_1": {"InAlarmState": True}}}
Correct Answer: A
The code function provided in the question seems to be designed to parse JSON formatted logs to check for an alarm state. Option A is a JSON format that matches the structure likely expected by the code. The presence of the "error_log"
and "InAlarmState" keys suggests that this is the correct input format.
Reference: CompTIA SecurityX Study Guide, Chapter on Log Management and Automation, Section on Parsing Structured Logs.
Question 85:
A security analyst is troubleshooting the reason a specific user is having difficulty accessing company resources The analyst reviews the following information:
Which of the following is most likely the cause of the issue?
A. The local network access has been configured to bypass MFA requirements.
B. A network geolocation is being misidentified by the authentication server
C. Administrator access from an alternate location is blocked by company policy
D. Several users have not configured their mobile devices to receive OTP codes
Correct Answer: B
The table shows that the user "SALES1" is consistently blocked despite having met the MFA requirements. The common factor in these blocked attempts is the source IP address (8.11.4.16) being identified as from Germany while the user is
assigned to France. This discrepancy suggests that the network geolocation is being misidentified by the authentication server, causing legitimate access attempts to be blocked.
Why Network Geolocation Misidentification?
Geolocation Accuracy: Authentication systems often use IP geolocation to verify the location of access attempts. Incorrect geolocation data can lead to legitimate requests being denied if they appear to come from unexpected locations.
Security Policies: Company security policies might block access attempts from certain locations to prevent unauthorized access. If the geolocation is wrong, legitimate users can be inadvertently blocked. Consistent Pattern: The user
"SALES1" from the IP address 8.11.4.16 is always blocked, indicating a consistent issue with geolocation. Other options do not align with the pattern observed:
A. Bypass MFA requirements: MFA is satisfied, so bypassing MFA is not the issue. C. Administrator access policy: This is about user access, not specific administrator access.
D. OTP codes: The user has satisfied MFA, so OTP code configuration is not the issue.
References:
CompTIA SecurityX Study Guide
"Geolocation and Authentication," NIST Special Publication 800-63B "IP Geolocation Accuracy," Cisco Documentation
Question 86:
Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process.
Which of the following is the best strategy for the engineer to use?
A. Disabling the BIOS and moving to UEFI
B. Managing secrets on the vTPM hardware
C. Employing shielding lo prevent LMI
D. Managing key material on a HSM
Correct Answer: D
The best strategy for securely managing cryptographic material is to use a Hardware Security Module (HSM). Here's why:
Security and Integrity: HSMs are specialized hardware devices designed to protect and manage digital keys. They provide high levels of physical and logical security, ensuring that cryptographic material is well protected against tampering
and unauthorized access.
Centralized Key Management: Using HSMs allows for centralized management of cryptographic keys, reducing the risks associated with decentralized and potentially insecure key storage practices, such as on personal laptops. Compliance
and Best Practices: HSMs comply with various industry standards and regulations (such as FIPS 140-2) for secure key management. This ensures that the organization adheres to best practices and meets compliance requirements.
Question 87:
A security architect is establishing requirements to design resilience in un enterprise system trial will be extended to other physical locations.
The system must:
1.
Be survivable to one environmental catastrophe
2.
Re recoverable within 24 hours of critical loss of availability
3.
Be resilient to active exploitation of one site-to-site VPN solution
Which of the following actions should the architect take to meet these requirements? (Choose two)
A. Load-balance connection attempts and data Ingress at internet gateways
B. Allocate fully redundant and geographically distributed standby sites.
C. Employ layering of routers from diverse vendors
D. Lease space to establish cold sites throughout other countries
E. Use orchestration to procure, provision, and transfer application workloads lo cloud services
F. Implement full weekly backups to be stored off-site for each of the company's sites
Correct Answer: BE
To design resilience in an enterprise system that can survive environmental catastrophes, recover within 24 hours, and be resilient to active exploitation, the best strategy is to allocate fully redundant and geographically distributed standby sites. Here's why: Geographical Redundancy: Having geographically distributed standby sites ensures that if one site is affected by an environmental catastrophe, the other sites can take over, providing continuity of operations. Full Redundancy: Fully redundant sites mean that all critical systems and data are replicated, enabling quick recovery in the event of a critical loss of availability. Resilience to Exploitation: Distributing resources across multiple sites reduces the risk of a single point of failure and increases resilience against targeted attacks.
Question 88:
A security operations engineer needs to prevent inadvertent data disclosure when encrypted SSDs are reused within an enterprise.
Which of the following is the most secure way to achieve this goal?
A. Executing a script that deletes and overwrites all data on the SSD three times
B. Wiping the SSD through degaussing
C. Securely deleting the encryption keys used by the SSD
D. Writing non-zero, random data to all cells of the SSD
Correct Answer: C
The most secure way to prevent inadvertent data disclosure when encrypted SSDs are reused is to securely delete the encryption keys used by the SSD. Without the encryption keys, the data on the SSD remains encrypted and is effectively
unreadable, rendering any residual data useless. This method is more reliable and efficient than overwriting data multiple times or using other physical destruction methods.
References:
CompTIA SecurityX Study Guide: Highlights the importance of managing encryption keys and securely deleting them to protect data. NIST Special Publication 800-88, "Guidelines for Media Sanitization":
Recommends cryptographic erasure as a secure method for sanitizing encrypted storage devices.
Question 89:
A software company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application
Which of the following is the most likely cause of the alerts?
A. Misconfigured code commit
B. Unsecure bundled libraries
C. Invalid code signing certificate
D. Data leakage
Correct Answer: B
The most likely cause of the anti-malware alerts on customer workstations is unsecure bundled libraries. When developing and deploying new applications, it is common for developers to use third-party libraries. If these libraries are not
properly vetted for security, they can introduce vulnerabilities or malicious code.
Why Unsecure Bundled Libraries?
Third-Party Risks: Using libraries that are not secure can lead to malware infections if the libraries contain malicious code or vulnerabilities. Code Dependencies: Libraries may have dependencies that are not secure, leading to potential
security risks.
Common Issue: This is a frequent issue in software development where libraries are used for convenience but not properly vetted for security. Other options, while relevant, are less likely to cause widespread anti-malware alerts:
A. Misconfigured code commit: Could lead to issues but less likely to trigger anti- malware alerts.
C. Invalid code signing certificate: Would lead to trust issues but not typically anti- malware alerts.
D. Data leakage: Relevant for privacy concerns but not directly related to anti- malware alerts. References: CompTIA SecurityX Study Guide "Securing Open Source Libraries," OWASP "Managing Third-Party Software Security Risks," Gartner Research
Question 90:
A company hosts a platform-as-a-service solution with a web-based front end, through which customer interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks.
Which of the following most directly supports the administrator's objective'
A. improving security dashboard visualization on SIEM
B. Rotating API access and authorization keys every two months
C. Implementing application toad balancing and cross-region availability
D. Creating WAF policies for relevant programming languages
Correct Answer: D
The best way to prevent application-focused attacks for a platform-as-a- service solution with a web-based front end is to create Web Application Firewall (WAF) policies for relevant programming languages. Here's why:
Application-Focused Attack Prevention: WAFs are designed to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. They help prevent attacks such as SQL injection, cross-site scripting
(XSS), and other application-layer attacks.
Customizable Rules: WAF policies can be tailored to the specific programming languages and frameworks used by the web application, providing targeted protection based on known vulnerabilities and attack patterns. Real-Time Protection:
WAFs provide real-time protection, blocking malicious requests before they reach the application, thereby enhancing the security posture of the platform.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-005 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.
