CAS-005 Exam Questions

authentication, and now the browser is prompting for credentials. Which of the following actions would best prevent the issue from reoccurring and reduce the likelihood of credenti...

A security engineer wants to enhance the security posture of end-user systems in a zero trust environment. Given the following requirements: - Reduce the ability for potentially co...

An organization with a remote workforce has a new client with the following requirements: - Consultants need to travel to the client site. - The company has proprietary information...

A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following: - An admi...

A company migrated a critical workload from its data center to the cloud. The workload uses a very large data set that requires computational-intensive data processing. The busines...

A security engineer is reviewing the SIEM logs after a server crashed. The following list of events represents the timeline of actions collected from the SIEM: Which of the followi...

A company that provides kiosk workstations wants to improve the workstations' security implementation. The company is concerned that attackers can take control of the workstations...

A security operation analyst is reviewing the following log entries for suspicious activity: Which of the following should the analyst do first?

After a cybersecurity incident, a security analyst was able to collect a binary that the attacker used on the compromised server. Then the analyst ran the following command: Which...

After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation. Whic...

An organization decides to move to a distributed workforce model. Several legacy systems exist on premises and cannot be migrated because of existing compliance requirements. Howev...

An organization recently acquired another company that is running a different EDR solution. A SOC analyst wants to automate the isolation of endpoints that are found to be compromi...

A company experienced a data breach, resulting in the disclosure of extremely sensitive data regarding a merger. As a regulated entity, the company must comply with reporting and d...

A systems administrator needs to identify new attacks that could be carried out against the environment. The administrator plans to proactively seek out and observe new attacks. Wh...

A company has a requirement in customer contracts that states applications must undergo external audits to identify vulnerabilities. Which of the following is the best action for t...

A company acquires a location with a large infrastructure of legacy devices. Because of the hardware's age and the legacy software's limitations, the OS cannot be upgraded, and the...

A software vendor provides routine functionality and security updates to its global customer base. The vendor would like to ensure distributed updates are authorized, originate fro...

A security engineer is performing threat modeling for an AI training architecture. The architecture implements a CI/CD pipeline to train a new AI model on a fixed schedule with liv...

Which of the following best describes the reason PQC implementation is important?

A hospital's requirements for remote third-party monitoring of the HVAC system include the following: - The vendor must be able to continuously monitor system health and respond ac...

A subcontractor develops safety critical avionics software for a major aircraft manufacturer. After an incident, a third-party investigator recommends the company begin to employ f...

A malicious actor exploited firmware vulnerabilities and used rootkits in an attack on an organization. After the organization recovered from the incident, an engineer needs to rec...

A company established a new process for business analysts to receive emails that contain links for purchase requests. The new process requires links to be submitted through new ema...

An organization recently migrated data to a new file management system. The architect decides to use a discretionary authorization model on the new system. Which of the following b...

A company implemented a NIDS and a NIPS on the most critical environments. Since this implementation, the company has been experiencing network connectivity issues. Which of the fo...

During a review of the email security solution, a security analyst collects the following information: Which of the following is the best way to improve the email security solution...

A company needs a highly secure method to transfer documents over an insecure network. The documents are highly sensitive, and the documents' encryption must be guaranteed even if...

A security engineer must integrate device attestation into user authentication and authorization workflows for mobile devices. Which of the following best meets the requirements?

A threat intelligence company's business objective is to allow customers to integrate data directly to different TIPs through an API. The following additional requirements must als...

After a penetration test on the internal network the following report was generated: Which of the following should be recommended to remediate the attack?

A water treatment plant uses specialized systems to control the balance of chemicals prior to adding them to the public water supply. The treatment plant has already isolated the s...

An endpoint security engineer finds that a newly acquired company has a variety of non-standard applications running and no defined ownership for those applications. The engineer n...

Embedded malware has been discovered in a popular PDF reader application and is currently being exploited in the wild. Because the supply chain was compromised, this malware is pre...

An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software depend...

An organization is implementing advanced security controls associated with the execution of software applications on corporate endpoints. The organization must implement a deny-all...

Operational technology often relies upon aging command, control, and telemetry subsystems that were created with the design assumption of:

Which of the following key management practices ensures that an encryption key is maintained within the organization?

An organization has been using self-managed encryption keys rather than the free keys managed by the cloud provider. The Chief Information Security Officer (CISO) reviews the month...

A company wants to protect a web-based application against application-layer attacks by monitoring the inputs, outputs, and internal state of the application. The solution must als...

A security officer performs due diligence activities before implementing a third-party solution into the enterprise environment. The security officer needs evidence from the third...

Source code snippets for two separate malware samples are shown below: Which of the following describes the most important observation about the two samples?

A security engineer wants to stay up-to-date on new detections that are released on a regular basis. The engineer's organization uses multiple tools rather than one specific vendor...

A company reduced its staff 60 days ago, and applications are now starting to fail. The security analyst is investigating to determine if there is malicious intent for the applicat...

A developer makes a small change to a resource allocation module on a popular social media website and causes a memory leak. During a peak utilization period, several web servers c...

As part of a security audit in the software development life cycle, a product manager must demonstrate and provide evidence of a complete representation of the code and modules use...

A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response. Which of the followi...

A Chief Information Security Officer is concerned about the operational impact of ransomware. In the event of a ransomware attack, the business requires the integrity of the data t...

Previously intercepted communications must remain secure even if a current encryption key is compromised in the future. Which of the following best supports this requirement?

A security engineer is assisting a DevOps team that has the following requirements for container images: - Ensure container images are hashed and use version controls. - Ensure con...

During a vulnerability assessment, a scan reveals the following finding: Windows Server 2016 Missing hotfix KB87728 - CVSS 3.1 Score: 8.1 [High] - Affected host 172.16.15.2 Later i...