CAS-005 Dumps Updated – Choose DumpsBase CAS-005 Dumps (V9.02) to Prepare for Your CompTIA SecurityX Certification Exam

1. A security analyst is reviewing the following authentication logs:

Which of the following should the analyst do first?

2. Which of the following AI concerns is most adequately addressed by input sanitation?

A. Model inversion

B. Prompt Injection

C. Data poisoning

D. Non-explainable model

3. A systems administrator wants to introduce a newly released feature for an internal application. The administrate docs not want to test the feature in the production environment.

Which of the following locations is the best place to test the new feature?

4. A cybersecurity architect is reviewing the detection and monitoring capabilities for a global company that recently made multiple acquisitions. The architect discovers that the acquired companies use different vendors for detection and monitoring.

The architect's goal is to:

• Create a collection of use cases to help detect known threats

• Include those use cases in a centralized library for use across all of the companies

Which of the following is the best way to achieve this goal?

5. After an incident occurred, a team reported during the lessons-learned review that the team.

* Lost important Information for further analysis.

* Did not utilize the chain of communication

* Did not follow the right steps for a proper response

Which of the following solutions is the best way to address these findinds?

6. After remote desktop capabilities were deployed in the environment, various vulnerabilities were noticed.

• Exfiltration of intellectual property

• Unencrypted files

• Weak user passwords

Which of the following is the best way to mitigate these vulnerabilities? (Select two).

A. Implementing data loss prevention

B. Deploying file integrity monitoring

C. Restricting access to critical file services only

D. Deploying directory-based group policies

E. Enabling modem authentication that supports MFA

F. Implementing a version control system

G. Implementing a CMDB platform

7. A systems engineer is configuring a system baseline for servers that will provide email services.

As part of the architecture design, the engineer needs to improve performance of the systems by using an access vector cache, facilitating mandatory access control and protecting against:

• Unauthorized reading and modification of data and programs

• Bypassing application security mechanisms

• Privilege escalation

• interference with other processes

Which of the following is the most appropriate for the engineer to deploy?

8. A company lined an email service provider called my-email.com to deliver company emails. The

company stalled having several issues during the migration.

A security engineer is troubleshooting and observes the following configuration snippet:

Which of the following should the security engineer modify to fix the issue? (Select two).

9. Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment.

Which of the following actions should be taken to address this requirement?

10. All organization is concerned about insider threats from employees who have individual access to encrypted material.

Which of the following techniques best addresses this issue?

11. A vulnerability can on a web server identified the following:

Which of the following actions would most likely eliminate on path decryption attacks? (Select two).

12. The identity and access management team is sending logs to the SIEM for continuous monitoring.

The deployed log collector is forwarding logs to the SIEM. However, only false positive alerts are being generated.

Which of the following is the most likely reason for the inaccurate alerts?

13. An incident response team is analyzing malware and observes the following:

• Does not execute in a sandbox

• No network loCs

• No publicly known hash match

• No process injection method detected

Which of the following should the team do next to proceed with further analysis?

14. Which of the following best explains the importance of determining organization risk appetite when operating with a constrained budget?

15. Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process.

Which of the following is the best strategy for the engineer to use?

16. Users are willing passwords on paper because of the number of passwords needed in an environment.

Which of the following solutions is the best way to manage this situation and decrease risks?

17. The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep.

Which of the following solutions are the best ways to mitigate this issue? (Select two). Setting different access controls defined by business area

18. A security architect is establishing requirements to design resilience in un enterprise system trial will be extended to other physical locations.

The system must

• Be survivable to one environmental catastrophe

• Re recoverable within 24 hours of critical loss of availability

• Be resilient to active exploitation of one site-to-site VPN solution

19. Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network

A network engineer observes the following:

• Users should be redirected to the captive portal.

• The Motive portal runs Tl. S 1 2

• Newer browser versions encounter security errors that cannot be bypassed

• Certain websites cause unexpected re directs

Which of the following mow likely explains this behavior?

20. A security configure is building a solution to disable weak CBC configuration for remote access connections lo Linux systems.

Which of the following should the security engineer modify?

21. A security team is responding to malicious activity and needs to determine the scope of impact the malicious activity appears to affect certain version of an application used by the organization.

Which of the following actions best enables the team to determine the scope of Impact?

22. A software development team requires valid data for internal tests. Company regulations, however do not allow the use of this data in cleartext.

Which of the following solutions best meet these requirements?

23. An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform.

Which of the following should the company do to secure the Al environment?

24. A hospital provides tablets to its medical staff to enable them to more quickly access and edit patients' charts. The hospital wants to ensure that if a tablet is Identified as lost or stolen and a remote command is issued, the risk of data loss can be mitigated within seconds.

The tablets are configured as follows to meet hospital policy

• Full disk encryption is enabled

• "Always On" corporate VPN is enabled

• ef-use-backed keystore is enabled'ready.

• Wi-Fi 6 is configured with SAE.

• Location services is disabled. •Application allow list is configured

25. A company hosts a platform-as-a-service solution with a web-based front end, through which customer interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks.

Which of the following most directly supports the administrator's objective'

26. A security analyst is reviewing the following log:

Which of the following possible events should the security analyst investigate further?

27. A systems administrator wants to use existing resources to automate reporting from disparate security appliances that do not currently communicate.

Which of the following is the best way to meet this objective?

28. A developer needs to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module.

Which of the following is the most appropriate technique?

29. A company receives several complaints from customers regarding its website.

An engineer implements a parser for the web server logs that generates the following output:

Which of the following should the company implement to best resolve the issue?

A. IDS

B. CDN

C. WAF

D. NAC

30. A security officer received several complaints from users about excessive MPA push notifications at night The security team investigates and suspects malicious activities regarding user account authentication.

Which of the following is the best way for the security officer to restrict MI~A notifications''

A. Provisioning FID02 devices

B. Deploying a text message based on MFA

C. Enabling OTP via email

D. Configuring prompt-driven MFA

31. A security professional is investigating a trend in vulnerability findings for newly deployed cloud systems.

Given the following output:

Which of the following actions would address the root cause of this issue?

A. Automating the patching system to update base Images

B. Recompiling the affected programs with the most current patches

C. Disabling unused/unneeded ports on all servers

D. Deploying a WAF with virtual patching upstream of the affected systems

32. Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?

A. Incomplete mathematical primitives

B. No use cases to drive adoption

C. Quantum computers not yet capable

D. insufficient coprocessor support

33. After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation.

Which of the following would the company most likely do to decrease this type of risk?

A. Improve firewall rules to avoid access to those platforms.

B. Implement a cloud-access security broker

C. Create SIEM rules to raise alerts for access to those platforms

D. Deploy an internet proxy that filters certain domains

34. An organization wants to create a threat model to identity vulnerabilities in its infrastructure.

Which of the following, should be prioritized first?

35. A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin.

Which of the following best describes the cyberthreat to the bank?

36. Third parties notified a company's security team about vulnerabilities in the company's application.

The security team determined these vulnerabilities were previously disclosed in third-party libraries.

Which of the following solutions best addresses the reported vulnerabilities?

37. While reviewing recent modem reports, a security officer discovers that several employees were contacted by the same individual who impersonated a recruiter.

Which of the following best describes this type of correlation?

38. During a security assessment using an CDR solution, a security engineer generates the following report about the assets in me system:

After five days, the EDR console reports an infection on the host 0WIN23 by a remote access Trojan Which of the following is the most probable cause of the infection?

A. OW1N23 uses a legacy version of Windows that is not supported by the EDR

B. LN002 was not supported by the EDR solution and propagates the RAT

C. The EDR has an unknown vulnerability that was exploited by the attacker.

D. 0W1N29 spreads the malware through other hosts in the network

39. Emails that the marketing department is sending to customers are pomp to the customers' spam folders. The security team is investigating the issue and discovers that the certificates used by the email server were reissued, but DNS records had not been updated.

Which of the following should the security team update in order to fix this issue? (Select three.)

A. DMARC

B. SPF

C. DKIM

D. DNSSEC

E. SASC

F. SAN

G. SOA

H. MX

40. Users are experiencing a variety of issues when trying to access corporate resources examples include

• Connectivity issues between local computers and file servers within branch offices

• Inability to download corporate applications on mobile endpoints wtiilc working remotely

• Certificate errors when accessing internal web applications

Which of the following actions are the most relevant when troubleshooting the reported issues? (Select two).

A. Review VPN throughput

B. Check IPS rules

C. Restore static content on lite CDN.

D. Enable secure authentication using NAC

E. Implement advanced WAF rules.

F. Validate MDM asset compliance

41. A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors Which of the following is the most relevant to the DevSecOps team's task'

A. Static application security testing

B. Software composition analysis

C. Runtime application self-protection

D. Web application vulnerability scanning

42. An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry.

Which of the following should the security analyst use to perform threat modeling?

43. Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation.

The analyst generates the following output:

Which of the following would the analyst most likely recommend?

44. A company wants to install a three-tier approach to separate the web. database, and application servers.

A security administrator must harden the environment which of the following is the best solution?

45. A security architect wants to develop a baseline of security configurations These configurations automatically will be utilized machine is created.

Which of the following technologies should the security architect deploy to accomplish this goal?

46. A company updates its cloud-based services by saving infrastructure code in a remote repository. The code is automatically deployed into the development environment every time the code is saved lo the repository The developers express concern that the deployment often fails, citing minor code issues and occasional security control check failures in the development environment.

Which of the following should a security engineer recommend to reduce the deployment failures? (Select two).

A. Software composition analysis

B. Pre-commit code linting

C. Repository branch protection

D. Automated regression testing

E. Code submit authorization workflow

F. Pipeline compliance scanning

47. A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries.

Which of the following should the organization most likely leverage to facilitate this activity? (Select two).

A. CWPP

B. YAKA

C. ATTACK

D. STIX

E. TAXII

F. JTAG

48. An organization mat performs real-time financial processing is implementing a new backup solution.

Given the following business requirements?

* The backup solution must reduce the risk for potential backup compromise

* The backup solution must be resilient to a ransomware attack.

* The time to restore from backups is less important than the backup data integrity

* Multiple copies of production data must be maintained

Which of the following backup strategies best meets these requirement?

A. Creating a secondary, immutable storage array and updating it with live data on a continuous basis

B. Utilizing two connected storage arrays and ensuring the arrays constantly sync

C. Enabling remote journaling on the databases to ensure real-time transactions are mirrored

D. Setting up antitempering on the databases to ensure data cannot be changed unintentionally

49. During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server.

Given the following portion of the code:

Which of the following best describes this incident?

A. XSRF attack

B. Command injection

C. Stored XSS

D. SQL injection

50. A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution.

Which of the following most likely explains the choice to use a proxy-based CASB?