CAS-005Free trialFree trial

By comptia
Aug, 2025

Verified

25Q per page

Question 1

A security engineer is reviewing event logs because an employee successfully connected a personal Windows laptop to the corporate network, which is against company policy. Company policy allows all Windows 10 and 11 laptops to connect to the system as long as the MDM agent installed by IT is running. Only compliant devices can connect, and the logic in the system to evaluate compliant laptops is as follows:
Which of the following most likely occurred when the employee connected a personally owned Windows laptop and was allowed on the network?

Image 1
  • A: The agent was not running on the laptop, which triggered a false positive.
  • B: The OS was a valid version, but the MDM agent was not installed, triggering a true positive.
  • C: The OS was running a Windows version below 10 and triggered a false negative.
  • D: The OS version was higher than 11, and the MDM agent was running, triggering a true negative.

Question 2

Which of the following security features do email signatures provide?

  • A: Non-repudiation
  • B: Body encryption
  • C: Code signing
  • D: Sender authentication
  • E: Chain of custody

Question 3

An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability. Which of the following components provides the best foundation to achieve this goal?

  • A: SASE
  • B: CMDB
  • C: SBoM
  • D: SIEM

Question 4

Which of the following best explains why AI output could be inaccurate?

  • A: Model poisoning
  • B: Social engineering
  • C: Output handling
  • D: Prompt injections

Question 5

The security team is receiving escalated support tickets stating that one of the company's publicly available websites is not loading as expected. Given the following observations:

Image 1

Which of the following is most likely the root cause?

  • A: A certificate signed by a global root certification authority has expired.
  • B: A protocol mismatch error is expected to occur when using outdated browsers.
  • C: One certificate is being bound to multiple websites on the same server.
  • D: Subject alternative names were not used appropriately for subdomains.

Question 6

A software development company wants to ensure that users can confirm the software is legitimate when installing it. Which of the following is the best way for the company to achieve this security objective?

  • A: Code signing
  • B: Non-repudiation
  • C: Key escrow
  • D: Private keys

Question 7

A company's SIEM is designed to associate the company’s asset inventory with user events. Given the following report:

Image 1

Which of the following should a security engineer investigate first as part of a log audit?

  • A: An endpoint that is not submitting any logs
  • B: Potential activity indicating an attacker moving laterally in the network
  • C: A misconfigured syslog server creating false negatives
  • D: Unauthorized usage attempts of the administrator account

Question 8

While performing mandatory monthly patch updates on a production application server, the security analyst reports an instance of buffer overflow for a new application that was migrated to the cloud and is also publicly exposed. Security policy requires that only internal users have access to the application. Which of the following should the analyst implement to mitigate the issues reported? (Choose two.)

  • A: Configure firewall rules to block all external traffic.
  • B: Enable input validation for all fields.
  • C: Enable automatic updates to be installed on all servers.
  • D: Configure the security group to enable external traffic.
  • E: Set up a DLP policy to alert for exfiltration on all application servers.
  • F: Enable nightly vulnerability scans.

Question 9

PKI can be used to support security requirements in the change management process. Which of the following capabilities does PKI provide for messages?

  • A: Non-repudiation
  • B: Confidentiality
  • C: Delivery receipts
  • D: Attestation

Question 10

Several unlabeled documents in a cloud document repository contain cardholder information. Which of the following configuration changes should be made to the DLP system to correctly label these documents in the future?

  • A: Digital rights management
  • B: Network traffic decryption
  • C: Regular expressions
  • D: Watermarking

Question 11

A systems administrator at a web-hosting provider has been tasked with renewing the public certificates of all customer sites. Which of the following would best support multiple domain names while minimizing the amount of certificates needed?

  • A: OCSP
  • B: CRL
  • C: SAND. CA

Question 12

Which of the following best explain why organizations prefer to utilize code that is digitally signed? (Choose two.)

  • A: It provides origin assurance.
  • B: It verifies integrity.
  • C: It provides increased confidentiality.
  • D: It integrates with DRMs.
  • E: It verifies the recipient's identity.
  • F: It ensures the code is free of malware.

Question 13

A user reports application access issues to the help desk. The help desk reviews the logs for the user:

Image 1

Which of the following is most likely the reason for the issue?

  • A: The user inadvertently tripped the geoblock rule in NGFW.
  • B: A threat actor has compromised the user's account and attempted to log in.
  • C: The user is not allowed to access the human resources system outside of business hours.
  • D: The user did not attempt to connect from an approved subnet.

Question 14

A security engineer receives reports through the organization's bug bounty program about remote code execution in a specific component in a custom application. Management wants to properly secure the component and proactively avoid similar issues. Which of the following is the best approach to uncover additional vulnerable paths in the application?

  • A: Leverage an exploitation framework to uncover vulnerabilities.
  • B: Use fuzz testing to uncover potential vulnerabilities in the application.
  • C: Utilize a software composition analysis tool to report known vulnerabilities.
  • D: Reverse engineer the application to look for vulnerable code paths.
  • E: Analyze the use of an HTTP intercepting proxy to dynamically uncover issues.

Question 15

An ISAC supplied recent threat intelligence information about pictures used on social media that provide reconnaissance of systems in use in secure facilities. In response, the Chief Information Security Officer (CISO) wants several configuration changes implemented via the MDM to ensure the following:

• Camera functions and location services are blocked for corporate mobile devices.
• All social media is blocked on the corporate and guest wireless networks.

Which of the following is the CISO practicing to safeguard against the threat?

  • A: Adversary emulation
  • B: Operational security
  • C: Open-source intelligence
  • D: Social engineering

Question 16

A security technician is investigating a system that tracks inventory via a batch update each night. The technician is concerned that the system poses a risk to the business, as errors are occasionally generated and reported inventory appears incorrect. The following output log is provided:

Image 1

The technician reviews the output of the batch job and discovers that the inventory was never less than zero, and the final inventory was 100 rather than 60. Which of the following should the technician do to resolve this issue?

  • A: Ensure that the application is using memory-safe functions to prevent integer overflows.
  • B: Recommend thread-safe processes in the code to eliminate race conditions.
  • C: Require the developers to include exception handlers to accommodate out-of-bounds results.
  • D: Move the batch processing from client side to server side to remove client processing inconsistencies.

Question 17

While reviewing recent incident reports a security officer discovers that several employees were contacted by the same individual who impersonated a recruiter. Which of the following best describes this type of correlation?

  • A: Spear-phishing campaign
  • B: Threat modeling
  • C: Red-team assessment
  • D: Attack pattern analysis

Question 18

A programmer is reviewing the following proprietary piece of code that was identified as a vulnerability due to users being authenticated when they provide incorrect credentials:

Image 1

Which of the following should the programmer implement to remediate the code vulnerability?

  • A: Salted hashing via the proprietary SHASH function
  • B: Input validation in the first two lines of code
  • C: Atomic execution of subroutines
  • D: TOCTOU remediation in SET USERACL
  • E: Database connection over encrypted channels

Question 19

Source code snippets for two separate malware samples are shown below:

Image 1

Which of the following describes the most important observation about the two samples?

  • A: Telemetry is first buffered and then transmitted in paranoid mode
  • B: The samples were probably written by the same developer.
  • C: Both samples use IP connectivity for command and control
  • D: Sample 1 is the target agent while Sample 2 is the C2 server.

Question 20

A security administrator is performing a gap assessment against a specific OS benchmark. The benchmark requires the following configurations be applied to endpoints:

• Full disk encryption
• Host-based firewall
• Time synchronization
• Password policies
• Application allow listing
• Zero Trust application access

Which of the following solutions best addresses the requirements? (Choose two.)

  • A: MDM
  • B: CASB
  • C: SBoM
  • D: SCAP
  • E: SASE
  • F: HIDS

That’s the end of your free questions

You’ve reached the preview limit for CAS-005

Consider upgrading to gain full access!

Page 1 of 4 • Questions 1-25 of 98
1234

Free preview mode

Enjoy the free questions and consider upgrading to gain full access!