CAS-005 Exam Dumps - CompTIA SecurityX Certification Exam

The Subject Alternative Name (SAN) field in an X.509 certificate specifies additional hostnames, FQDNs, or IP addresses that the certificate will secure. To allow mutual TLS authentication for multiple hostnames and an IP address, these identities must be included in the SAN field.

Organizational Unit (B) is an informational attribute, not related to TLS authentication.

Extended Key Usage (C) defines purpose (e.g., serverAuth, clientAuth) but not hostnames.

“Certificate extension” (D) is a generic term; SAN is the specific required extension.

A computer screen shot of a diagram Description automatically generated

A screenshot of a computer error Description automatically generated

The table shows that the user " SALES1 " is consistently blocked despite having met the MFA requirements. The common factor in these blocked attempts is the source IP address (8.11.4.16) being identified as from Germany while the user is assigned to France. This discrepancy suggests that the network geolocation is being misidentified by the authentication server, causing legitimate access attempts to be blocked.

Why Network Geolocation Misidentification?

Geolocation Accuracy: Authentication systems often use IP geolocation to verify the location of access attempts. Incorrect geolocation data can lead to legitimate requests being denied if they appear to come from unexpected locations.

Security Policies: Company security policies might block access attempts from certain locations to prevent unauthorized access. If the geolocation is wrong, legitimate users can be inadvertently blocked.

Consistent Pattern: The user " SALES1 " from the IP address 8.11.4.16 is always blocked, indicating a consistent issue with geolocation.

Other options do not align with the pattern observed:

A. Bypass MFA requirements: MFA is satisfied, so bypassing MFA is not the issue.

C. Administrator access policy: This is about user access, not specific administrator access.

D. OTP codes: The user has satisfied MFA, so OTP code configuration is not the issue.

The requirements for archiving data and immutable backups directly align with legal hold compliance (E) and ransomware resilience (F).

Legal hold compliance ensures that organizations can retain data in a tamper-proof manner when required for litigation, regulatory mandates, or audits. Immutable backups satisfy this by preventing unauthorized changes or deletion, ensuring evidence and records are preserved.

Ransomware resilience is also a key factor. Immutable backups allow recovery from ransomware attacks, as attackers cannot encrypt or delete data stored in read-only or write-once media. This reduces downtime and supports business continuity.

Options A (crypto-export), B (supply chain), C (device attestation), and D (quality assurance) do not relate directly to data archiving or immutable storage.

CAS-005 stresses aligning security controls with business continuity and compliance requirements. By focusing on legal and ransomware-related considerations, the organization ensures both regulatory and operational resilience.

OWIN23 is running Windows 7, which is a legacy operating system. Many EDR solutions no longer provide full support for outdated operating systems like Windows 7, which has reached its end of life and is no longer receiving security updates from Microsoft. This makes such systems more vulnerable to infections and attacks, including remote access Trojans (RATs).

A. OWIN23 uses a legacy version of Windows that is not supported by the EDR: This is the most probable cause because the lack of support means that the EDR solution may not fully protect or monitor this system, making it an easy target for infections.

B. LN002 was not supported by the EDR solution and propagates the RAT: While LN002 is unmanaged, it is less likely to propagate the RAT to OWIN23 directly without an established vector.

C. The EDR has an unknown vulnerability that was exploited by the attacker: This is possible but less likely than the lack of support for an outdated OS.

D. OWIN29 spreads the malware through other hosts in the network: While this could happen, the status indicates OWIN29 is in a bypass mode, which might limit its interactions but does not directly explain the infection on OWIN23.

Public Key Infrastructure (PKI) supports change management by securing messages (e.g., approvals, updates).Non-repudiation, provided via digital signatures, ensures a sender cannot deny sending a message, critical for auditability in change processes.

Option A:Correct—PKI’s digital signatures ensure non-repudiation.

Option B:Confidentiality (via encryption) is a PKI feature but less tied to change management’s focus on accountability.

Option C:Delivery receipts are not aPKI function; they’re protocol-specific (e.g., SMTP).

Option D:Attestation relates to verifying attributes, not a direct PKI message capability.

Based on the log provided, the most concerning event that should be investigated further is the presence of a text file containing passwords that were leaked. Here ' s why:

Sensitive Information Exposure: A text file containing passwords represents a significant security risk, as it indicates that sensitive credentials have been exposed in plain text, potentially leading to unauthorized access.

Immediate Threat: Password leaks can lead to immediate exploitation by attackers, compromising user accounts and sensitive data. This requires urgent investi