CAS-005 Exam Questions

After an increase in adversarial activity, a company wants to implement security measures to mitigate the risk of a threat actor using compromised accounts to mask unauthorized act...

Which of the following best describes the advantage of homomorphic encryption when compared to other encryption methodologies?

A systems administrator needs to address risks associated with corporate brand impersonation via email. The systems administrator wants a method that permits recipient servers to v...

An organization receives OSINT reports about an increase in ransomware targeting fileshares at peer companies. The organization wants to deploy hardening policies to its servers an...

A security engineer is reviewing the following piece of code for an internally developed web application that allows employees to manipulate documents from a number of internal ser...

During DAST scanning, applications are consistently reporting code defects in open-source libraries that were used to build web applications. Most of the code defects are from usin...

During a security assessment, a penetration tester executed the following attack: The tester then shared the results with the security analyst. Which of the following should the an...

A company currently uses manual processes to regularly address incidents occurring outside of working hours. Hiring or implementing a SOC is not an option because of budget limitat...

A security architect is implementing more restrictive policies to improve secure coding practices. Which of the following solutions are the best ways to improve the security coding...

A Chief Information Security Officer assigns a team to create malicious communications for a social engineering campaign. The purpose of this campaign is to determine the number of...

A security architect is onboarding a new EDR agent on servers that traditionally do not have internet access. In order for the agent to receive updates and report back to the manag...

While investigating an email server that crashed, an analyst reviews the following log files: Which of the following is most likely the root cause?

Incident responders determine that a company email server was the first compromised machine in an attack. The server was infected by malware. The following are abbreviated headers...

An engineer wants to automate several tasks by running commands daily on a UNIX server. The engineer only has built-in default tools available. Which of the following should the en...

After an organization met with its ISAC, the organization decided to test the resiliency of its security controls against a small number of advanced threat actors. Which of the fol...

A small number but steady series of attempts to breach the network has been occurring over a long period of time. During an investigation, a SOC analyst finds that traffic is exiti...

A security analyst detects a possible RAT infection on a computer in the internal network. After reviewing the details of the alert, the analyst identifies the initial vector of th...

A social media company wants to change encryption ciphers after identifying weaknesses in the implementation of the existing ciphers. The company needs the new ciphers to meet the...

A security operations analyst is reviewing network traffic baselines for nightly database backups. Given the following information: Which of the following should the security analy...

While performing threat-hunting functions, an analyst is using the Diamond Model of Intrusion Analysis. The analyst identifies the likely adversary, the infrastructure involved, an...

An organization plans to deploy new software. The project manager compiles a list of roles that will be involved in different phases of the deployment life cycle. Which of the foll...

A security engineer added a new server to the company email cluster. The server has a new external IP address associated with it. After a few days, the service desk started receivi...

Due to an infrastructure optimization plan, a company has moved from a unified architecture to a federated architecture divided by region. Long-term employees now have a better exp...

Which of the following best explains why AI output could be inaccurate?

A large organization deployed a generative AI platform for its global user population to use. Based on feedback received during beta testing, engineers have identified issues with...

A company discovers intellectual property data on commonly known collaboration web applications that allow the use of slide templates. The systems administrator is reviewing the co...

A security audit of a company's application finds that customer account passwords are manually set and never expire. The company wants to fix the password issue on a minimal budget...

A security team receives an escalated support ticket for a user who is unable to access specific corporate resources. The following configurations exist in the corporation: - A dev...

A web application server that provides services to hybrid modern and legacy financial applications recently underwent a scheduled upgrade to update common libraries, including Open...

A cloud engineer wants to configure mail security protocols to support email authenticity and enable the flow of email security information to a third-party platform for further an...

A company is concerned about the security of customer data. The IT department has configured all web applications with appropriate access controls to restrict to only authorized us...

A company must manage the remediation of several vulnerabilities. To do so, a security engineer assesses how software is used in the organization and finds the following: Which of...

An organization determined its preparedness for a ransomware attack is inadequate. A security administrator is working on ways to improve and monitor the organization's response to...

A nation-state actor is exposed for attacking large corporations by establishing persistence in smaller companies that are likely to be acquired by these large corporations. The ac...

A company updates its cloud-based services by saving infrastructure code in a remote repository. The code is automatically deployed into the development environment every time the...

A security administrator is reviewing the following code snippet from a website component: A review of the inc.tmp file shows the following: Which of the following is most likely t...

An organization has several systems deployed in a public cloud and wants to confirm that when data retention periods are reached, the data is properly disposed of. Which of the fol...

A company is preparing to move a new version of a web application to production. No major issues were reported during security scanning or quality assurance in the CI/CD pipeline....

A security researcher tells a company that one of its solutions is vulnerable to buffer overflow, leading to a malicious coding execution. Which of the following is the best way to...

A pharmaceutical company acquired a growing startup. The pharmaceutical company has a comprehensive OT stack, while the startup allows employees to install IoT devices without over...

A Chief Information Security Officer (CISO) is developing a third-party risk management program and wants to establish an order of preference for solicitation and acceptance of aud...

A security engineer is reviewing the results of an annual penetration test. The report lists one of the results as "critical severity" on several domain-joined workstations: SSL/TL...

A company needs to increase the maturity level for the cybersecurity department's governance structure. To achieve this goal, the company wants to implement a set of controls that...

A company implements a live, video-based facial recognition system. A SOC analyst is concerned about unexpected phrases used by a user during an interaction. However, after the use...

A systems administrator needs to improve the security assurance in a company's cloud storage environment. The administrator determines that the best approach is to identify whether...

A vulnerability scan on a web server identified the following: Which of the following actions would most likely eliminate on-path decryption attacks? (Choose two.)

A security analyst is reviewing a SIEM and generates the following report: Later, the incident response team notices an attack was executed on the VM001 host. Which of the followin...

A company is adopting microservice architecture in order to quickly remediate vulnerabilities and deploy to production. All of the microservices run on the same Linux platform. Sig...

A company needs to create a design that facilitates monitoring and alerting over the identity and access management surface. A primary design consideration should be the existence...

During an audit at an organization, auditors find that developers are able to promote code to production. The auditors request a full review of all production changes. Which of the...