Exam2pass
0 items Sign In or Register
  • Home
  • IT Exams
  • Guarantee
  • FAQs
  • Reviews
  • Contact Us
  • Demo
Exam2pass > CompTIA > CompTIA Certifications > CAS-005 > CAS-005 Online Practice Questions and Answers

CAS-005 Online Practice Questions and Answers

Questions 4

A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?

A. Deploying a VPN to prevent remote locations from accessing server VLANs

B. Configuring a SASb solution to restrict users to server communication

C. Implementing microsegmentation on the server VLANs

D. installing a firewall and making it the network core

Buy Now

Correct Answer: C

The best solution to harden a three-tier environment (web, database, and application servers) is to implement microsegmentation on the server VLANs. Here's why:

Enhanced Security: Microsegmentation creates granular security zones within the data center, allowing for more precise control over east-west traffic between servers. This helps prevent lateral movement by attackers who may gain access

to one part of the network.

Isolation of Tiers: By segmenting the web, database, and application servers, the organization can apply specific security policies and controls to each segment, reducing the risk of cross-tier attacks. Compliance and Best Practices:

Microsegmentation aligns with best practices for network security and helps meet compliance requirements by ensuring that sensitive data and systems are properly isolated and protected.

Questions 5

The identity and access management team is sending logs to the SIEM for continuous monitoring. The deployed log collector is forwarding logs to the SIEM. However, only false positive alerts are being generated.

Which of the following is the most likely reason for the inaccurate alerts?

A. The compute resources are insufficient to support the SIEM

B. The SIEM indexes are 100 large

C. The data is not being properly parsed

D. The retention policy is not property configured

Buy Now

Correct Answer: C

Proper parsing of data is crucial for the SIEM to accurately interpret and analyze the logs being forwarded by the log collector. If the data is not parsed correctly, the SIEM may misinterpret the logs, leading to false positives and inaccurate alerts. Ensuring that the log data is correctly parsed allows the SIEM to correlate and analyze the logs effectively, which is essential for accurate alerting and monitoring.

Questions 6

An organization mat performs real-time financial processing is implementing a new backup solution Given the following business requirements?

1.

The backup solution must reduce the risk for potential backup compromise

2.

The backup solution must be resilient to a ransomware attack.

3.

The time to restore from backups is less important than the backup data integrity

4.

Multiple copies of production data must be maintained

Which of the following backup strategies best meets these requirement?

A. Creating a secondary, immutable storage array and updating it with live data on a continuous basis

B. Utilizing two connected storage arrays and ensuring the arrays constantly sync

C. Enabling remote journaling on the databases to ensure real-time transactions are mirrored

D. Setting up antitempering on the databases to ensure data cannot be changed unintentionally

Buy Now

Correct Answer: A

A. Creating a secondary, immutable storage array and updating it with live data on a continuous basis: An immutable storage array ensures that data, once written, cannot be altered or deleted. This greatly reduces the risk of backup

compromise and provides resilience against ransomware attacks, as the ransomware cannot modify or delete the backup data. Maintaining multiple copies of production data with an immutable storage solution ensures data integrity and

compliance with the requirement for multiple copies.

Other options:

B. Utilizing two connected storage arrays and ensuring the arrays constantly sync:

While this ensures data redundancy, it does not provide protection against ransomware attacks, as both arrays could be compromised simultaneously. C. Enabling remote journaling on the databases: This ensures real-time transaction

mirroring but does not address the requirement for reducing the risk of backup compromise or resilience to ransomware.

D. Setting up anti-tampering on the databases: While this helps ensure data integrity, it does not provide a comprehensive backup solution that meets all the specified requirements.

References:

CompTIA Security+ Study Guide

NIST SP 800-209, "Security Guidelines for Storage Infrastructure" "Immutable Backup Architecture" by Veeam

Questions 7

A security analyst is reviewing the following log:

Which of the following possible events should the security analyst investigate further?

A. A macro that was prevented from running

B. A text file containing passwords that were leaked

C. A malicious file that was run in this environment

D. A PDF that exposed sensitive information improperly

Buy Now

Correct Answer: B

Based on the log provided, the most concerning event that should be investigated further is the presence of a text file containing passwords that were leaked. Here's why:

Sensitive Information Exposure: A text file containing passwords represents a significant security risk, as it indicates that sensitive credentials have been exposed in plain text, potentially leading to unauthorized access. Immediate Threat:

Password leaks can lead to immediate exploitation by attackers, compromising user accounts and sensitive data. This requires urgent investi

Questions 8

A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic.

Which of the following should the analyst use to determine whether the requests are malicious?

A. User-agent string

B. Byte length of the request

C. Web application headers

D. HTML encoding field

Buy Now

Correct Answer: A

The user-agent string can provide valuable information to distinguish between legitimate and bot-related traffic. It contains details about the browser, device, and sometimes the operating system of the client making the request.

Why Use User-Agent String?

Identify Patterns: User-agent strings can help identify patterns that are typical of bots or legitimate users.

Block Malicious Bots: Many bots use known user-agent strings, and identifying these can help block malicious requests.

Anomalies Detection: Anomalous user-agent strings can indicate spoofing attempts or malicious activity.

Other options provide useful information but may not be as effective for initial determination of the nature of the request:

B. Byte length of the request: This can indicate anomalies but does not provide detailed information about the client.

C. Web application headers: While useful, they may not provide enough distinction between legitimate and bot traffic.

D. HTML encoding field: This is not typically used for identifying the nature of the request.

References:

CompTIA SecurityX Study Guide

"User-Agent Analysis for Security," OWASP

NIST Special Publication 800-94, "Guide to Intrusion Detection and Prevention Systems (IDPS)"

Questions 9

Third parties notified a company's security team about vulnerabilities in the company's application. The security team determined these vulnerabilities were previously disclosed in third-party libraries.

Which of the following solutions best addresses the reported vulnerabilities?

A. Using laC to include the newest dependencies

B. Creating a bug bounty program

C. Implementing a continuous security assessment program

D. Integrating a SASI tool as part of the pipeline

Buy Now

Correct Answer: D

The best solution to address reported vulnerabilities in third-party libraries is integrating a Static Application Security Testing (SAST) tool as part of the development pipeline. Here's why:

Early Detection: SAST tools analyze source code for vulnerabilities before the code is compiled. This allows developers to identify and fix security issues early in the development process. Continuous Security: By integrating SAST tools into

the CI/CD pipeline, the organization ensures continuous security assessment of the codebase, including third-party libraries, with each code commit and build. Comprehensive Analysis:

SAST tools provide a detailed analysis of the code, identifying potential vulnerabilities in both proprietary code and third-party dependencies, ensuring that known issues in libraries are addressed promptly.

Questions 10

A company lined an email service provider called my-email.com to deliver company emails. The company stalled having several issues during the migration. A security engineer is troubleshooting and observes the following configuration snippet:

Which of the following should the security engineer modify to fix the issue? (Select two).

A. The email CNAME record must be changed to a type A record pointing to 192.168.111

B. The TXT record must be Changed to "v=dmarc ip4:192.168.1.10 include:my-email.com - all"

C. The srvo1 A record must be changed to a type CNAME record pointing to the email server

D. The email CNAME record must be changed to a type A record pointing to 192.168.1.10

E. The TXT record must be changed to "v=dkim ip4:l92.168.1.11 include my-email.com - ell"

F. The TXT record must be Changed to "v=dkim ip4:192.168.1.10 include:email-all"

G. The srv01 A record must be changed to a type CNAME record pointing to the web01 server

Buy Now

Correct Answer: BD

The security engineer should modify the following to fix the email migration issues:

Email CNAME Record: The email CNAME record must be changed to a type A record pointing to 192.168.1.10. This is because CNAME records should not be used where an IP address (A record) is required. Changing it to an A record

ensures direct pointing to the correct IP.

TXT Record for DMARC: The TXT record must be changed to "v=dmarc ip4:192.168.1.10 include

com -all". This ensures proper configuration of DMARC (Domain-based Message Authentication, Reporting and Conformance) to include the correct IP address and the email service provider domain.

uk.co.certification.simulator.questionpool.PList@492af720 References:

Questions 11

A common industrial protocol has the following characteristics:

1.

Provides for no authentication/security

2.

Is often implemented in a client/server relationship

3.

Is implemented as either RTU or TCP/IP

Which of the following is being described?

A. Profinet

B. Modbus

C. Zigbee

D. Z-Wave

Buy Now

Correct Answer: B

Questions 12

A company uses a CSP to provide a front end for its new payment system offering. The new offering is currently certified as PCI compliant. In order for the integrated solution to be compliant, the customer:

A. must also be PCI compliant, because the risk is transferred to the provider.

B. still needs to perform its own PCI assessment of the provider's managed serverless service.

C. needs to perform a penetration test of the cloud provider's environment.

D. must ensure in-scope systems for the new offering are also PCI compliant.

Buy Now

Correct Answer: D

Questions 13

A security engineer has learned that terminated employees' accounts are not being disabled. The termination dates are updated automatically in the human resources information system software by the appropriate human resources staff. Which of the following would best reduce risks to the organization?

A. Exporting reports from the system on a weekly basis to disable terminated employees' accounts

B. Granting permission to human resources staff to mark terminated employees' accounts as disabled

C. Configuring allowed login times for all staff to only work during business hours

D. Automating a process to disable the accounts by integrating Active Directory and human resources information systems

Buy Now

Correct Answer: D

Automating the process to disable terminated employees' accounts by integrating Active Directory (or any other authentication system) with the human resources information system (HRIS) is the best approach to reduce risks to the organization. By automating this process, the organization ensures that accounts are disabled promptly and consistently whenever an employee's termination date is updated in the HRIS. This reduces the window of opportunity for terminated employees to retain access to systems and sensitive information after leaving the organization.

Exam Code: CAS-005
Exam Name: CompTIA SecurityX
Last Update: May 27, 2026
Questions: 406

PDF (Q&A)

$45.99
ADD TO CART

VCE

$49.99
ADD TO CART

PDF + VCE

$59.99
ADD TO CART

Exam2Pass----The Most Reliable Exam Preparation Assistance

There are tens of thousands of certification exam dumps provided on the internet. And how to choose the most reliable one among them is the first problem one certification candidate should face. Exam2Pass provide a shot cut to pass the exam and get the certification. If you need help on any questions or any Exam2Pass exam PDF and VCE simulators, customer support team is ready to help at any time when required.

Home | Guarantee & Policy |  Privacy & Policy |  Terms & Conditions |  How to buy |  FAQs |  About Us |  Contact Us |  Demo |  Reviews

2026 Copyright @ exam2pass.com All trademarks are the property of their respective vendors. We are not associated with any of them.