CAS-005 Exam Questions

A company needs to define a new road map for improving secure coding practices in the software development life cycle and implementing better security standards. Which of the follo...

A company notices that cloud environment costs increased after using a new serverless solution based on API requests. Many invalid requests from unknown IPs were found, often withi...

A game developer wants to reach new markets and is advised by legal counsel to include specific age-related sign-up requirements. Which of the following best describes the legal co...

A company that operates in different countries has local email infrastructure for each of its business units. A breach occurred in which email communications were intercepted betwe...

A company wants to perform threat modeling on an internally developed, business-critical application. The Chief Information Security Officer (CISO) is most concerned that the appli...

A company designs policies and procedures for hardening containers deployed in the production environment. However, a security assessment reveals that deployed containers are not c...

To prevent data breaches, security leaders at a company decide to expand user education to: - Create a healthy security culture. - Comply with regulatory requirements - Improve inc...

Which of the following most likely explains the reason a security engineer replaced ECC with a lattice-based cryptographic technique?

An administrator reviews the following log and determines the root cause of a site-to-site tunnel failure: Which of the following actions should the administrator take to most effe...

An external threat actor attacks public infrastructure providers. In response to the attack and during follow-up activities, various providers share information obtained during res...

A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the res...

Company A acquired Company B. Both companies serve a user base in different geographic regions but now collectively serve a globally distributed user base. A security architect nee...

A SOC team receives notifications that align with playbook incidents. The team wants to analyze the potential threat actor's TTPs. Which of the following will best assist the SOC t...

After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst creat...

A DNS forward lookup zone named comptia.org must: - Ensure the DNS is protected from on-path attacks. - Ensure zone transfers use mutual authentication and are authenticated and ne...

A security architect is implementing a SOAR solution in an organization's cloud production environment to support detection capabilities. Which of the following will be the most li...

A cloud security architect has been tasked with finding a solution for hardening VMs. The solution must meet the following requirements: - Data needs to be stored outside of the VM...

After the latest risk assessment, the Chief Information Security Officer (CISO) decides to meet with the development and security teams to find a way to reduce the security task wo...

A new, online file hosting service is being offered. The service has the following security requirements: - Threats to customer data integrity and availability should be remediated...

A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need t...

Due to budget constraints, an organization created a policy that only permits vulnerabilities rated high and critical according to CVSS to be fixed or mitigated. A security analyst...

An IT department is currently working to implement an enterprise DLP solution. Due diligence and best practices must be followed in regard to mitigating risk. Which of the followin...

A security architect wants to prevent security impacts from input into data fields, such as the following: 'AND 1=1# Which of the following would best accomplish this objective?

A software development company needs to mitigate third-party risks to its software supply chain. Which of the following techniques should the company use in the development environ...

Based on a recent security audit, a company discovered the perimeter strategy is inadequate for its recent growth. To address this issue, the company is looking for a solution that...

A security administrator has isolated a computer system because it was targeted by a ransomware attack. Which of the following should the security administrator do to recover from...

A security manager has written an incident response playbook for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the pla...

The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements: - Monitors traffic to and from both local NAS and cl...

A security engineer needs to select the architecture for a cloud database that will protect an organization's sensitive data. The engineer has a choice between a single-tenant or a...

The information security manager at a 24-hour manufacturing facility is reviewing a contract for potential risks to the organization. The contract pertains to the support of printe...

A penetration tester discovers a condition that causes unexpected behavior in a web application. This results in the dump of the interpreter's debugging information, which includes...

A security architect is analyzing an old application that is not covered for maintenance anymore because the software company is no longer in business. Which of the following techn...

To bring digital evidence in a court of law, the evidence must be:

A cloud security architect has been tasked with selecting the appropriate solution given the following: - The solution must allow the lowest RTO possible. - The solution must have...

A security analyst wants to keep track of all outbound web connections from workstations. The analyst's company uses an on-premises web filtering solution that forwards the outboun...

A security team is creating tickets to track the progress of remediation. Which of the following is used to specify the due dates for high- and critical-priority findings?

An organization developed an incident response plan. Which of the following would be best to assess the effectiveness of the plan?

A few security incidents involving user authentication issues occurred recently. The security team needs to implement technical controls that ensure: - User accounts are difficult...

An organization is looking to establish more robust security measures by implementing PKI. Which of the following should the security analyst implement when considering mutual auth...

A security consultant has been asked to recommend best practices for preserving digital evidence. Which of the following can be used to show the evidence has not been tampered with...

A cyberanalyst has been tasked with recovering PDF files from a provided image file. Which of the following is the best file-carving tool for PDF recovery?

An organization handles sensitive information that must be displayed on call center technicians' screens to verify the identities of remote callers. The technicians use three rando...

A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is abl...

A security engineer is creating a single CSR for the following web server hostnames: wwwint.internal home.internal Which of the following would meet the requirement?

A security architect examines a section of code and discovers the following: char username[20] char password[20] gets(username) checkUserExists(username) Which of the following cha...

A security manager is creating a connection between two networks that process data at different classification levels. The main goal of this connection is to pass data from the hig...

A security consultant has been asked to identify a simple, secure solution for a small business with a single access point. A single SSID and no guest access will be used. The cust...

A security team is concerned with attacks that are taking advantage of return-oriented programming against the company's public-facing applications. Which of the following should t...

A third-party organization has implemented a system that allows it to analyze customers' data and deliver analysis results without being able to see the raw data. Which of the foll...

A cloud security engineer is setting up a cloud-hosted WAF. The engineer needs to implement a solution to protect the multiple websites the organization hosts. The organization web...