CAS-005 Exam Dumps - CompTIA SecurityX Certification Exam

The most likely driver for approving additional network security budget is that the audit revealed that the existing architecture contained security controls that could be easily bypassed. This indicates fundamental weaknesses in defense-in-depth and suggests that attackers could gain access to sensitive systems or data despite the presence of controls.

Option A (unused budgets) is not a strategic reason for approving security investment. Option B (compliance reports requested by customers) may influence investment in compliance initiatives, but it does not explain the need for an in-depth defense architecture. Option D (PCI DSS low score) is a compliance-specific issue but would not, on its own, drive a broad architectural budget approval unless PCI was the only focus.

Security audits often uncover systemic flaws—such as flat networks, insufficient segmentation, or single points of failure—that create the conditions for bypassing controls. Addressing these issues requires rearchitecting the environment, introducing layered defenses, and strengthening monitoring capabilities, all of which demand significant budget. Thus, option C aligns with the decision to invest in robust defense-in-depth strategies.

OpenSSH vulnerabilityispublic facingand has acritical CVSS of 9.2.

Exploitable SSH services can lead to direct server compromise.

Although Apache has a higher score, it's internal.

FromCAS-005, Domain 3: Vulnerability Management:

“Prioritize external vulnerabilities with high CVSS and exposed attack surfaces.”

The best step is to query user behavior analytics (UBA) data. SIEM alerts provide potential security events, but without additional context, they may lead to false positives. UBA solutions detect anomalies by comparing user activity against baselines of normal behavior, highlighting unusual login patterns, lateral movement, or privilege escalation.

Option A (password manager logs) focuses only on credential use and lacks behavioral insight. Option B (dark web monitoring) helps identify compromised accounts but does not investigate the internal incident. Option C (audit logs for privileged actions) is useful but narrow in scope—it only covers administrator accounts.

By correlating SIEM data with UBA, the engineer can validate whether the flagged activity indicates real malicious behavior or benign anomalies. CAS-005 emphasizes advanced analytics integration (UEBA/UBA) to strengthen investigation and reduce false positives, making Option D the most effective choice.

Tokenization replaces sensitive data elements with non-sensitive equivalents, called tokens, that can be used within the internal tests. The original data is stored securely and can be retrieved if necessary. This approach allows the software development team to work with data that appears realistic and valid without exposing the actual sensitive information.

Configuring data hashing (Option A) is not suitable for test data as ittransforms the data into a fixed-length value that is not usable in the same way as the original data. Replacing data with null records (Option C) is not useful as it does not provide valid data for testing. Data obfuscation (Option D) could be an alternative but might not meet the regulatory requirements as effectively as tokenization.

The application allows users to input URLs, which the application then fetches using requests.get(url). This functionality can be exploited if not properly validated, leading to potential security vulnerabilities such as Server-Side Request Forgery (SSRF).

Implementing a code scanner as part of the development pipeline can help identify insecure coding practices, such as unsanitized user inputs and improper handling of external requests. Code scanners analyze the source code for known vulnerabilities and coding errors, enabling developers to remediate issues before deployment.

The best description of the cyber threat to a central bank implementing strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin, is the risk of physical implants and tampering. Here’s why:

Supply Chain Security: The supply chain is a critical vector for hardware tampering and physical implants, which can compromise the integrity and security of hardware components before they reach the organization.

Targeted Attacks: Banks and financial institutions are high-value targets, making them susceptible to sophisticated attacks, including those involving physical implants that can be introduced during manufacturing or shipping processes.

Strict Mitigations: Implementing an allow list for specific countries aims to mitigate the risk of supply chain attacks by limiting the sources of hardware. However, the primary concern remains the introduction of malicious components through tampering.

The Subject Alternative Name (SAN) field in an X.509 certificate specifies additional hostnames, FQDNs, or IP addresses that the certificate will secure. To allow mutual TLS authentication for multiple hostnames and an IP address, these identities must be included in the SAN field.

Organizational Unit (B) is an informational attribute, not related to TLS authentication.

Extended Key Usage (C) defines purpose (e.g., serverAuth, clientAuth) but not hostnames.

“Certificate extension” (D) is a generic term; SAN is the specific required extension.

Collecting a large pool of behavioral observations requires handling vast datasets, which is the domain ofBig Data. Big Data technologies enable the storage, processing, and analysis of large-scale data (e.g., user behavior logs) to inform decisions, a key capability in security analytics.

Option A:Linear regression is a statistical method for modeling relationships, not collecting data.

Option B:Distributed consensus relates to agreement in distributed systems (e.g., blockchain), not data collection.

Option C:Big Data directly supports collecting and analyzing large datasets for insights, fitting the question perfectly.

Option D:Machine learning uses data to train models but relies on data being collected first, often via Big Data.