CompTIA CAS-005 Exam Dumps

 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 34 6d be 66 00 00 00 00 00 00 00 00 e0 00 0f 03 0b 01 05 00 00 70 00 00 00 10 00 00 00 d0 00 00 70 4c 01 00 00 e0 00 00 00 50 01 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 01 00 00 02 00 00 00 00 00 00 03 00 00 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 Attempts to run the code in a sandbox produce no results. Which of the following should the malware analyst do next to further analyze the malware and discover useful IoCs?

 A.Convert the hex-encoded sample to binary and attempt to decompile it. 
B.Run the encoded sample through an online vulnerability tool and check for any matches. 
C.Pad the beginning and end of the sample with binary executables and attempt to execute it. 
D.Use a disassembler on the unencoded snippet to convert from binary to ASCII text. 

Answer: A

 A company plans to deploy a new online application that provides video training for its customers. As part of the design, the application must be: Fast for all users Available for users worldwide Protected against attacks Which of the following are the best components the company should use to meet these requirements? (Select two). 

A.WAF 
B.IPS 
C.CDN 
D.SASE 
E.VPN 
F.CASB 

Answer: A,C

 A developer receives feedback about code quality and efficiency. The developer needs to identify and resolve the following coding issues before submitting the code changes for peer review: Indexing beyond arrays Dereferencing null pointers Potentially dangerous data type combinations Unreachable code Non-portable constructs Which of the following would be most appropriate for the developer to use in this situation? 

A. Linting 
B. SBoM 
C. DAST 
D. Branch protection 
E. Software composition analysis 

Answer: A

 A company discovers intellectual property data on commonly known collaboration web applications that allow the use of slide templates. The systems administrator is reviewing the configurations of each tool to determine how to prevent this issue. The following security solutions are deployed: CASB SASE WAF EDR Firewall IDS SIEM DLP endpoints Which of the following should the administrator do to address the issue? 

A. Enable blocking for all WAF policies. 
B. Enforce a policy to block unauthorized web applications within CASB. 
C. Create an alert within the SIEM for outgoing network traffic to the suspected website. 
D. Configure DLP endpoints to block sensitive data to removable storage. 

Answer: B

 A nation-state actor is exposed for attacking large corporations by establishing persistence in smaller companies that are likely to be acquired by these large corporations. The actor then provisions user accounts in the companies for use post-acquisition. Before an upcoming acquisition, a security officer conducts threat modeling with this attack vector. Which of the following practices is the best way to investigate this threat? 

A. Restricting internet traffic originating from countries in which the nation-state actor is known to operate 
B. Comparing all existing credentials to personnel and services 
C. Auditing vendors to mitigate supply chain risk during the acquisition 
D. Placing a hold on all information about corporate interest in acquisitions 

Answer: B

A security engineer wants to enhance the security posture of end-user systems in a Zero Trust environment. Given the following requirements: . Reduce the ability for potentially compromised endpoints to contact command-and-control infrastructure. . Track the requests that the malware makes to the IPs. . Avoid the download of additional payloads. Which of the following should the engineer deploy to meet these requirements? 

A. DNS sinkholing 
B. Browser isolation 
C. Zone transfer protection 
D. HIDS 

Answer: A

 In order to follow new regulations, the Chief Information Security Officer plans to use a defense-indepth approach for a perimeter network. Which of the following protections would best achieve this goal? 

A. SAST, DAST, IAST 
B. NGFW, IPS, EDR 
C. SASE, IDS, SAST 
D. CASB, DLP, EDR 

Answer: B

During a security review for the CI/CD process, a security engineer discovers the following information in a testing repository from the company: Which of the following options is the best countermeasure to prevent this issue in the future?

 A. Performing an application penetration test over the testing environment before moving to production 
B. Changing the repository technology to avoid inclusion of confidential information 
C. Automating the upload process of code to the repository and improving the software development life cycle 
D. Using a secrets management platform to share and manage confidential information 

Answer: D

Which of the following are the best ways to mitigate the threats that are the highest priority? (Select two). 

A. Isolate network systems using Zero Trust architecture with microsegmentation and SD-WAN 
B. Scan all systems and source code with access to sensitive data for vulnerabilities. 
C. Implement a cloud access security broker and place it in blocking mode to prevent information exfiltration. 
D. Apply data labeling to all sensitive information within the environment with special attention to payroll information. 
E. Institute a technical approval process that requires multiple parties to sign off on mass payroll changes. 

Answer: A,E

 A security engineer needs to remediate a SWEET32 vulnerability in an OpenSSH-based application and review existing configurations. Which of the following should the security engineer do? (Select two.) 

 A. Disable Twofish algorithms 
B. cat /etc/ashd/ash_config | grep "HMAC" 
C. Disable RSA algorithms 
D. cat /etc/sshd/ssh_config | grep "PermitRootLogin" 
E. Disable 3DES algorithms 
F. cat /etc/sshd/ssh_config | grep "Ciphers" 

Answer: E,F

 An organization wants to implement a secure cloud architecture across all instances. Given the following requirements: Establish a standard network template. Deployments must be consistent. Security policies must be able to be changed at scale. Which of the following technologies meets these requirements? 

A. Serverless deployment model 
B. Container orchestration 
C. Infrastructure as code 
D. CLI cloud administration 
E. API gateway 

Answer: C

 A security operations analyst is reviewing network traffic baselines for nightly database backups. Given the following information: Which of the following should the security analyst do next? 

A. Consult with a network engineer to determine the impact of bandwidth usage 
B. Quarantine PRDDB01 and then alert the database engineers 
C. Refer to the incident response playbook for the proper response 
D. Review all the network logs for further data exfiltration 

Answer: D

A security engineer is developing a solution to meet the following requirements: All endpoints should be able to establish telemetry with a SIEM. All endpoints should be able to be integrated into the XDR platform. SOC services should be able to monitor the XDR platform. Which of the following should the security engineer implement to meet the requirements? (Select Two.) 

A. EDR 
B. HIDS 
C. Web application firewall 
D. Central logging 
E. Host-based firewall 
F. TPM 

Answer: A,D

 An administrator reviews the following log and determines the root cause of a site-to-site tunnel failure: Which of the following actions should the administrator take to most effectively correct the failure? 

 A. Enable perfect forward secrecy on the remote peer. 
B. Update the cipher suites configured for use on the server side. 
C. Add a new subnet as a permitted initiator. 
D. Disable IKE version 1 and run IKE version 2. 

Answer: C

An application requires the storage of PII. A systems engineer needs to implement a solution that uses an external device for key management. Which of the following is the best solution? 

 A. TPM 
B. SBoM 
C. vTPM 
D. HSM 

Answer: D

An incident response analyst finds the following content inside of a log file that was collected from a compromised server: .2308464678 ... whoami ..... su2032829%72%322/// ...... /etc/passwd .... 2087031731467478432 ... $6490/./ ..< XML ?........nty. Which of the following is the best action to prevent future compromise? 

A. Blocking the processing of external files by forwarding them to another server for processing 
B. Implementing an allow list for all text boxes throughout the web application 
C. Filtering inserted characters for all user inputs and allowing only ASCII characters 
D. Improving file-parsing capabilities to stop external entities from executing commands 

Answer: D

 An organization recently experienced a security incident due to an exterior door in a busy area getting stuck open. The organization launches a security campaign focused on the motto, "See Something, Say Something." Which of the following best describes what the organization wants to educate employees about? 

A. Situational awareness 
B. Phishing 
C. Social engineering 
D. Tailgating 

Answer: A

 A company implements an Al model that handles sensitive and personally identifiable information. Which of the following threats is most likely the company's primary concern? 

A. Unsecured output handling 
B. Model theft 
C. Model poisoning 
D. Prompt injection 

Answer: A

A cybersecurity architect seeks to improve vulnerability management and orchestrate a large number of vulnerability checks. Key constraints include: . There are 512 containerized microservices. . Vulnerability data is sourced from multiple scanners. . CIS baselines must be enforced. . Scan activity must be scheduled. Which of the following automation workflows best meets this objective? 

A. Employing an endpoint data collection system 
B. Deploying an XCCDF scanner 
C. Utilizing CVSS reports for SOC analysts 
D. Using a repository scanner to enforce laC security 

Answer: B

 Which of the following most likely explains the reason a security engineer replaced ECC with a lattice-based cryptographic technique? 

A. It is computationally efficient and provides perfect forward secrecy. 
B. It is more resilient to brute-force attacks than ECC. 
C. It supports ephemeral key exchange and digital signatures. 
D. It is currently considered a robust PQC technique. 
E. It enables processing on data while remaining in an encrypted state. 

Answer: D

A security analyst is performing threat modeling for a new AI chatbot. The AI chatbot will be rolled out to help customers develop configuration information within the company's SaaS offering. Which of the following issues would require involvement from the company's internal legal team? 

A. An internal user finds a way to use prompt injection to disregard guardrails. 
B. A DoS vulnerability exists that could impact all customers who use the chatbot. 
C. A bug bounty of an exploitable model inversion vulnerability is submitted. 
D. User consent is not being collected before training models on customer data. 
E. An access control issue is allowing the model to be poisoned with incorrect information. 

Answer: D

 A company developed a new solution that needs to track any changes to the data, and the changes need to be quickly identified. If any changes are attempted without prior approval, multiple events must be triggered, such as: Raising alerts Blocking the unapproved changes Quickly removing access to the data Which of the following solutions best meets these requirements? 

A. Tracking all application logs, integrating them to the existing SIEM, flagging any changes, and making them visible on security dashboards 
B. Implementing a file integrity monitoring tool and integrating it via orchestration and automation with other security tools 
C. Introducing more granular access controls and allowing read-only access for non-privileged users 
D. Configuring CASB rules, making access to the data available only to authorized personnel 

Answer: B

 A security engineer reviews an after action report from a previous security breach and notes a long lag time between detection and containment of a compromised account. The engineer suggests using SOAR to address this concern. Which of the following best explains the engineer's goal? 

A. To prevent accounts from being compromised 
B. To enable log correlation using machine learning 
C. To orchestrate additional reporting for the security operations center 
D. To prepare runbooks to automate future incident response 

Answer: D

 During an incident response activity, the response team collected some artifacts from a compromised server, but the following information is missing: Source of the malicious files Initial attack vector Lateral movement activities The next step in the playbook is to reconstruct a timeline. Which of the following best supports this effort? 

A. Executing decompilation of binary files 
B. Analyzing all network routes and connections 
C. Performing primary memory analysis 
D. Collecting operational system logs and storage disk data 

Answer: D