Free Preparation Discussions
MENU
CompTIA CAS-005 Exam Questions
- Topic 1: Governance, Risk, and Compliance: This section of the exam measures the skills of CompTIA security architects that cover the implementation of governance components based on organizational security requirements, including developing policies, procedures, and standards. Candidates will learn about managing security programs, including awareness training on phishing and social engineering.
- Topic 2: Security Architecture: This domain focuses on analyzing requirements to design resilient systems, including the configuration of firewalls and intrusion detection systems.
- Topic 3: Security Engineering: This section measures the skills of CompTIA security architects that involve troubleshooting common issues related to identity and access management (IAM) components within an enterprise environment. Candidates will analyze requirements to enhance endpoint and server security while implementing hardware security technologies. This domain also emphasizes the importance of advanced cryptographic concepts in securing systems.
- Topic 4: Security Operations: This domain is designed for CompTIA security architects and covers analyzing data to support monitoring and response activities, as well as assessing vulnerabilities and recommending solutions to reduce attack surfaces. Candidates will apply threat-hunting techniques and utilize threat intelligence concepts to enhance operational security.
Free CompTIA CAS-005 Exam Actual Questions
Note: Premium Questions for CAS-005 were last updated On Apr. 16, 2025 (see below)
A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?
The best solution to harden a three-tier environment (web, database, and application servers) is to implement microsegmentation on the server VLANs. Here's why:
Enhanced Security: Microsegmentation creates granular security zones within the data center, allowing for more precise control over east-west traffic between servers. This helps prevent lateral movement by attackers who may gain access to one part of the network.
Isolation of Tiers: By segmenting the web, database, and application servers, the organization can apply specific security policies and controls to each segment, reducing the risk of cross-tier attacks.
Compliance and Best Practices: Microsegmentation aligns with best practices for network security and helps meet compliance requirements by ensuring that sensitive data and systems are properly isolated and protected.
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-125: Guide to Security for Full Virtualization Technologies
CIS Controls: Control 12 - Boundary Defense
An analyst reviews a SIEM and generates the following report:
Only HOST002 is authorized for internet traffic. Which of the following statements is accurate?
Comprehensive and Detailed
Understanding the Security Event:
HOST002 is the only device authorized for internet traffic. However, the SIEM logs show that VM002 is making network connections to web.corp.local.
This indicates unauthorized access, which could be a sign of lateral movement or network infection.
This is a red flag for potential malware, unauthorized software, or a compromised host.
Why Option D is Correct:
Unusual network traffic patterns are often an indicator of a compromised system.
VM002 should not be communicating externally, but it is.
This suggests a possible breach or malware infection attempting to communicate with a command-and-control (C2) server.
Why Other Options Are Incorrect:
A (Misconfiguration): While a misconfiguration could explain the unauthorized connections, the pattern of activity suggests something more malicious.
B (Security incident on HOST002): The issue is not with HOST002. The suspicious activity is from VM002.
C (False positives): The repeated pattern of unauthorized connections makes false positives unlikely.
CompTIA SecurityX CAS-005 Official Study Guide: Chapter on SIEM & Incident Analysis
MITRE ATT&CK Tactics: Lateral Movement & Network-based Attacks
A developer makes a small change to a resource allocation module on a popular social media website and causes a memory leak. During a peak utilization period, several web servers crash, causing the website to go offline. Which of the following testing techniques is the most efficient way to prevent this from reoccurring?
Comprehensive and Detailed Step-by-Step
Regression testing ensures that new changes do not break existing functionality. It would have identified the memory leak before deployment, preventing downtime.
Which of the following key management practices ensures that an encryption key is maintained within the organization?
Comprehensive and Detailed Step by Step
Understanding the Scenario: The question is about ensuring that an organization retains control over its encryption keys. It focuses on different key storage and management methods.
Analyzing the Answer Choices:
A . Encrypting using a key stored in an on-premises hardware security module (HSM): This is the best option for maintaining complete control over encryption keys. An HSM is a dedicated, tamper-resistant hardware device specifically designed for secure key storage and cryptographic operations. Storing keys on-premises within an HSM ensures the organization has exclusive access.
B . Encrypting using server-side encryption capabilities provided by the cloud provider: With server-side encryption, the cloud provider typically manages the encryption keys. This means the organization is relinquishing some control over the keys.
C . Encrypting using encryption and key storage systems provided by the cloud provider: Similar to option B, using cloud-provider-managed key storage systems means the organization doesn't have full, exclusive control over the keys.
D . Encrypting using a key escrow process for storage of the encryption key: Key escrow involves entrusting a third party with a copy of the encryption key. This introduces a potential security risk, as the organization no longer has sole control over the key. Also, the key is not maintained within the organization.
Why A is the Correct Answer:
Control: On-premises HSMs provide the highest level of control over encryption keys. The organization has physical and logical control over the HSM and the keys stored within it.
Security: HSMs are designed to be tamper-resistant and protect keys from unauthorized access, even if the surrounding systems are compromised.
Compliance: In some industries, regulatory requirements may mandate that organizations maintain direct control over their encryption keys. On-premises HSMs can help meet these requirements.
CASP+ Relevance: HSMs, key management, and data encryption are fundamental topics in CASP+. The exam emphasizes understanding the security implications of different key management approaches.
Elaboration on Key Management Principles:
Key Lifecycle Management: Proper key management involves managing the entire lifecycle of a key, from generation and storage to rotation and destruction.
Separation of Duties: It's generally a good practice to separate the roles of key management and data encryption to enhance security.
Access Control: Strict access controls should be in place to limit who can access and use encryption keys.
In conclusion, using an on-premises HSM for key storage is the best way to ensure that an organization maintains control over its encryption keys. It provides the highest level of security and control, aligning with best practices in cryptography and key management as emphasized in the CASP+ exam objectives.
A security analyst reviews the following report:
Which of the following assessments is the analyst performing?
The table shows detailed information about products, including location, chassis manufacturer, OS, application developer, and vendor. This type of information is typically assessed in a supply chain assessment to evaluate the security and reliability of components and services from different suppliers.
Why Supply Chain Assessment?
Component Evaluation: Assessing the origin and security of each component used in the products, including hardware, software, and third-party services.
Risk Management: Identifying potential risks associated with the supply chain, such as vulnerabilities in third-party components or insecure development practices.
Other types of assessments do not align with the detailed supplier and component information provided:
A . System: Focuses on individual system security, not the broader supply chain.
C . Quantitative: Focuses on numerical risk assessments, not supplier information.
D . Organizational: Focuses on internal organizational practices, not external suppliers.
CompTIA SecurityX Study Guide
NIST Special Publication 800-161, 'Supply Chain Risk Management Practices for Federal Information Systems and Organizations'
'Supply Chain Security Best Practices,' Gartner Research
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Millie
2 days agoLouis
1 months agoJacqueline
2 months agoMaryann
3 months agoNobuko
3 months agoOzell
4 months agoSanda
4 months agoViola
4 months agoPortia
5 months agoKristel
5 months agoBrandon
5 months agoLouvenia
5 months ago