CompTIA SecurityX CAS-005 Free Dumps (Part 2, Q41-Q80) Are Available to Help You Check the CAS-005 Dumps (V12.02)

1. A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors.

Which of the following is the most relevant to the DevSecOps team's task'

A. Static application security testing

B. Software composition analysis

C. Runtime application self-protection

D. Web application vulnerability scanning

2. An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry.

Which of the following should the security analyst use to perform threat modeling?

3. Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation.

The analyst generates the following output:

Which of the following would the analyst most likely recommend?

4. A company wants to install a three-tier approach to separate the web. database, and application servers.

A security administrator must harden the environment which of the following is the best solution?

5. A security architect wants to develop abase line of security configurations These configurations automatically will be utilized machine is created.

Which of the following technologies should the security architect deploy to accomplish this goal?

6. A company updates its cloud-based services by saving infrastructure code in a remote repository. The code is automatically deployed into the development environment every time the code is saved lo the repository The developers express concern that the deployment often fails, citing minor code issues and occasional security control check failures in the development environment.

Which of the following should a security engineer recommend to reduce the deployment failures? (Select two).

A. Software composition analysis

B. Pre-commit code linting

C. Repository branch protection

D. Automated regression testing

E. Code submit authorization workflow

F. Pipeline compliance scanning

7. A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries.

Which of the following should the organization most likely leverage to facilitate this activity? (Select two).

A. CWPP

B. YAKA

C. ATTACK

D. STIX

E. TAXII

F. JTAG

8. An organization mat performs real-time financial processing is implementing a new backup solution.

Given the following business requirements?

* The backup solution must reduce the risk for potential backup compromise

* The backup solution must be resilient to a ransomware attack.

* The time to restore from backups is less important than the backup data integrity

* Multiple copies of production data must be maintained

Which of the following backup strategies best meets these requirement?

A. Creating a secondary, immutable storage array and updating it with live data on a continuous basis

B. Utilizing two connected storage arrays and ensuring the arrays constantly sync

C. Enabling remote journaling on the databases to ensure real-time transactions are mirrored

D. Setting up antitempering on the databases to ensure data cannot be changed unintentionally

9. During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server.

Given the following portion of the code:

Which of the following best describes this incident?

A. XSRF attack

B. Command injection

C. Stored XSS

D. SQL injection

10. A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution.

Which of the following most likely explains the choice to use a proxy-based CASB?

11. A company's security policy states that any publicly available server must be patched within 12 hours after a patch is released.

A recent llS zero-day vulnerability was discovered that affects all versions of the Windows Server OS:

Which of the following hosts should a security analyst patch first once a patch is available?

12. A security review revealed that not all of the client proxy traffic is being captured.

Which of the following architectural changes best enables the capture of traffic for analysis?

13. A company is having issues with its vulnerability management program New devices/lPs are added

and dropped regularly, making the vulnerability report inconsistent.

Which of the following actions should the company lake to most likely improve the vulnerability management process'

14. A security analyst Detected unusual network traffic related to program updating processes The analyst collected artifacts from compromised user workstations. The discovered artifacts were binary files with the same name as existing, valid binaries but. with different hashes which of the following solutions would most likely prevent this situation from reoccurring?

A. Improving patching processes

B. Implementing digital signature

C. Performing manual updates via USB ports

D. Allowing only dies from internal sources

15. A company isolated its OT systems from other areas of the corporate network These systems are required to report usage information over the internet to the vendor.

Which oi the following best reduces the risk of compromise or sabotage' (Select two).

A. Implementing allow lists

B. Monitoring network behavior

C. Encrypting data at rest

D. Performing boot Integrity checks

E. Executing daily health checks

F. Implementing a site-to-site IPSec VPN

16. A security engineer wants to reduce the attack surface of a public-facing containerized application.

Which of the following will best reduce the application's privilege escalation attack surface?

A. Implementing the following commands in the Dockerfile: RUN echo user: x: 1000: 1000iuser: /home/user: /dew/null > /ete/passwd

B. Installing an EDR on the container's host with reporting configured to log to a centralized SIFM and Implementing the following alerting rules TF PBOCESS_USEB=rooC ALERT_TYPE=critical

C. Designing a muiticontainer solution, with one set of containers that runs the mam application, and another set oi containers that perform automatic remediation by replacing compromised containers or disabling compromised accounts

D. Running the container in an isolated network and placing a load balancer in a public-facing network. Adding the following ACL to the load balancer: PZRKZI HTTES from 0-0.0.0.0/0 pert 443

17. A compliance officer is reviewing the data sovereignty laws in several countries where the organization has no presence.

Which of the following is the most likely reason for reviewing these laws?

A. The organization is performing due diligence of potential tax issues.

B. The organization has been subject to legal proceedings in countries where it has a presence.

C. The organization is concerned with new regulatory enforcement in other countries

D. The organization has suffered brand reputation damage from incorrect media coverage

18. A security analyst wants to use lessons learned from a poor incident response to reduce dwell lime in the future The analyst is using the following data points

Which of the following would the analyst most likely recommend?

A. Adjusting the SIEM to alert on attempts to visit phishing sites

B. Allowing TRACE method traffic to enable better log correlation

C. Enabling alerting on all suspicious administrator behavior

D. utilizing allow lists on the WAF for all users using GFT methods

19. A security analyst received a notification from a cloud service provider regarding an attack detected on a web server.

The cloud service provider shared the following information about the attack:

• The attack came from inside the network.

• The attacking source IP was from the internal vulnerability scanners.

• The scanner is not configured to target the cloud servers.

Which of the following actions should the security analyst take first?

A. Create an allow list for the vulnerability scanner IPs m order to avoid false positives

B. Configure the scan policy to avoid targeting an out-of-scope host

C. Set network behavior analysis rules

D. Quarantine the scanner sensor to perform a forensic analysis

20. A company's SICM Is continuously reporting false positives and false negatives The security operations team has Implemented configuration changes to troubleshoot possible reporting errors.

Which of the following sources of information best supports the required analysts process? (Select two).

A. Third-party reports and logs

B. Trends

C. Dashboards

D. Alert failures

E. Network traffic summaries

F. Manual review processes

21. A security analyst needs to ensure email domains that send phishing attempts without previous communications are not delivered to mailboxes.

The following email headers are being reviewed

Which of the following is the best action for the security analyst to take?

A. Block messages from hr-saas.com because it is not a recognized domain.

B. Reroute all messages with unusual security warning notices to the IT administrator

C. Quarantine all messages with sales-mail.com in the email header

D. Block vendor com for repeated attempts to send suspicious messages

22. A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP.

Which of the following is me b»« way to reduce the risk oi reoccurrence?

23. A company receives reports about misconfigurations and vulnerabilities in a third-party hardware device that is part of its released products.

Which of the following solutions is the best way for the company to identify possible issues at an earlier stage?

A. Performing vulnerability tests on each device delivered by the providers

B. Performing regular red-team exercises on the vendor production line

C. Implementing a monitoring process for the integration between the application and the vendor appliance

D. Implementing a proper supply chain risk management program

24. Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

25. A user submits a help desk ticket stating then account does not authenticate sometimes. An analyst reviews the following logs for the user:

Which of the following best explains the reason the user's access is being denied?

26. A systems administrator works with engineers to process and address vulnerabilities as a result of continuous scanning activities. The primary challenge faced by the administrator is differentiating between valid and invalid findings.

Which of the following would the systems administrator most likely verify is properly configured?

27. A company that relies on an COL system must keep it operating until a new solution is available.

Which of the following is the most secure way to meet this goal?

28. A user reports application access issues to the help desk.

The help desk reviews the logs for the user

Which of the following is most likely The reason for the issue?

29. An organization wants to manage specialized endpoints and needs a solution that provides the ability to

* Centrally manage configurations

* Push policies.

• Remotely wipe devices

• Maintain asset inventory

Which of the following should the organization do to best meet these requirements?

30. A company plans to implement a research facility with Intellectual property data that should be protected

The following is the security diagram proposed by the security architect

Which of the following security architect models is illustrated by the diagram?

31. A financial services organization is using Al lo fully automate the process of deciding client loan rates.

Which of the following should the organization be most concerned about from a privacy perspective?

32. A company wants to use loT devices to manage and monitor thermostats at all facilities The thermostats must receive vendor security updates and limit access to other devices within the organization.

Which of the following best addresses the company's requirements''

33. An engineering team determines the cost to mitigate certain risks is higher than the asset values. The team must ensure the risks are prioritized appropriately.

Which of the following is the best way to address the issue?

34. Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole.

Which of the following is the best way to achieve this goal? (Select two).

Implementing DLP controls preventing sensitive data from leaving Company B's network

A. Documenting third-party connections used by Company B

B. Reviewing the privacy policies currently adopted by Company B

C. Requiring data sensitivity labeling tor all files shared with Company B

D. Forcing a password reset requiring more stringent passwords for users on Company B's network

E. Performing an architectural review of Company B's network

35. A secuntv administrator is performing a gap assessment against a specific OS benchmark.

The benchmark requires the following configurations be applied to endpomts:

• Full disk encryption * Host-based firewall

• Time synchronization * Password policies

• Application allow listing * Zero Trust application access

Which of the following solutions best addresses the requirements? (Select two).

36. After an incident response exercise, a security administrator reviews the following table:

Which of the following should the administrator do to beat support rapid incident response in the future?

A. Automate alerting to IT support for phone system outages.

B. Enable dashboards for service status monitoring

C. Send emails for failed log-In attempts on the public website

D. Configure automated Isolation of human resources systems

37. Company A and Company D ate merging Company A's compliance reports indicate branch protections are not in place A security analyst needs to ensure that potential threats to the software development life cycle are addressed.

Which of the following should me analyst cons<der when completing this basic?

A. If developers are unable to promote to production

B. If DAST code is being stored to a single code repository

C. If DAST scans are routinely scheduled

D. If role-based training is deployed

38. A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic.

Which of the following should the analyst use to determine whether the requests are malicious?

39. An organization is required to

* Respond to internal and external inquiries in a timely manner

* Provide transparency.

* Comply with regulatory requirements

The organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future.

Which of the following is the best way for the organization to prepare?

A. Outsourcing the handling of necessary regulatory filing to an external consultant

B. Integrating automated response mechanisms into the data subject access request process

C. Developing communication templates that have been vetted by internal and external counsel

D. Conducting lessons-learned activities and integrating observations into the crisis management plan

40. A security analyst is reviewing the following event timeline from an COR solution:

Which of the following most likely has occurred and needs to be fixed?