CAS-005 Exam Questions

Engineers are unable to control pumps at Site A from Site В when the SCADA controller at Site A experiences an outage. A security analyst must provide a secure solution that ensure...

As part of a new software development method, a program manager requires that unit tests be written for all code before being promoted to production. The program manager wants to e...

A security engineer must implement controls to limit access between developer endpoints and a cloud provider bucket for data storage. Developers routinely save sensitive files to t...

A systems administrator decides to take a programmatic approach in cataloging system resiliency to both new and existing attack patterns. Which of the following should the systems...

A security engineer is reviewing logs and summarizes the following: - The target host communicates to an external IP address over HTTPS. - The external IP address was not categoriz...

An engineer must configure signing and encryption support for internal corporate email services. The Chief Information Security Officer wants a solution that is capable of monitori...

An organization recently hired a third party to audit the information security controls present in the environment. After reviewing the audit findings, the Chief Information Securi...

After a recent outage, a software engineering company performed an audit of its development processes. The audit findings include the following: - The use of local branches were no...

Which of the following includes best practices for validating perimeter firewall configurations?

A security architect is troubleshooting an issue with an OIDC implementation. The architect reviews the following configuration and errors: Error: Invalid authentication request co...

A security analyst must perform a security review on a static application. The application mostly contains publicly available open-source modules. The analyst reviews the following...

A company SIEM collects information about the log sources. Given the following report information: Which of the following actions should a security engineer take to enhance the sec...

Which of the following explains why an organization should carefully consider whether to use AI to automate processes that interact with healthcare data?

A security engineer is troubleshooting an outage of a site-to-site VPN between New York City and Atlanta. The tunnel is configured with a pre-shared key on two VPN concentrators. T...

A government agency implements a configuration that disables cellular network access on government-issued devices while roaming internationally. The agency issues mobile hotspots a...

A security manager at a local hospital wants to secure patient medical records. The manager needs to: - Choose an access control model that clearly defines who has access to sensit...

An organization recently experienced a security incident due to an exterior door in a busy area getting stuck open. The organization launches a security campaign focused on the mot...

After a leak of important documents, a company decides to implement a data protection program to avoid similar incidents in the future. Which of the following should the company do...

An organization is developing an in-house software platform to support capital planning and reporting functions. In addition to role-based access controls and auditing/logging capa...

A threat intelligence company's business objective is to allow customers to integrate data directly to different TIPs through an API. The company would like to address as many of t...

A company's Chief Information Security Officer learns that the senior leadership team is traveling to a country accused of attempting to steal intellectual property saved on laptop...

An organization would like to increase the effectiveness of its incident response process across its multiplatform environment. A security engineer needs to implement the improveme...

A company sells a security appliance assembled from globally sourced hardware and software components. Installing the security appliance requires enabling administrative permission...

An organization is deploying a new data lake that will centralize records from several applications. During the design phase, the security architect identifies the following requir...