CAS-005 Exam Dumps - CompTIA SecurityX Certification Exam

Searching for workable clues to ace the CompTIA CAS-005 Exam? You’re on the right place! ExamCert has realistic, trusted and authentic exam prep tools to help you achieve your desired credential. ExamCert’s CAS-005 PDF Study Guide, Testing Engine and Exam Dumps follow a reliable exam preparation strategy, providing you the most relevant and updated study material that is crafted in an easy to learn format of questions and answers. ExamCert’s study tools aim at simplifying all complex and confusing concepts of the exam and introduce you to the real exam scenario and practice it with the help of its testing engine and real exam dumps

Go to page:

<< First
Prev
2
3
4
5
6
7
8
9
10
11
Next
Last >>

Question # 49

A security engineer receives the following findings from a recent security audit:

â€¢ Data should be protected based on user permissions and roles.

â€¢ User action tracking should be implemented across the network.

â€¢ Digital identities should be validated across the data access workflow.

Which of the following is the first action the engineer should take to address the findings?

Implement continuous and context-based authentication and authorization

Use an enhanced user credential provisioning workflow and data monitoring tools

Improve federation services for digital identities and data access

Deploy OpenID Connect for API authentication

Full Access

Question # 50

Acompany must build and deploy security standards for all servers in its on-premises and cloud environments based on hardening guidelines. Which of the following solutions most likely meets the requirements?

Develop a security baseline to integrate with the vulnerability scanning platform to alert about any server not aligned with the new security standards.

Create baseline images for each OS in use, following security standards, and integrate the images into the patching and deployment solution.

Build all new images from scratch, installing only needed applications and modules in accordance with the new security standards.

Run a script during server deployment to remove all the unnecessary applications as part of provisioning.

Full Access

Question # 51

As part of a security audit in the software development life cycle, a product manager must demonstrate and provide evidence of a complete representation of the code and modules used within the production-deployed application prior to the build. Which of the following best provides the required evidence?

Software composition analysis

Runtime application inspection

Static application security testing

Interactive application security testing

Full Access

Question # 52

Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process. Which of thefollowing is the best strategy for the engineer to use?

Disabling the BIOS and moving to UEFI

Managing secrets on the vTPM hardware

Employing shielding lo prevent LMI

Managing key material on a HSM

Full Access

Question # 53

A news organization wants to implement workflows that allow users to request that untruthful data be retraced and scrubbed from online publications to comply with the right to be forgotten Which of the following regulations is the organization most likely trying to address '

GDPR

COPPA

CCPA

DORA

Full Access

Question # 54

A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?

Dark web monitoring

Threat intelligence platform

Honeypots

Continuous adversary emulation

Full Access

Question # 55

An organization is implementing advanced security controls associated with the execution of software applications on corporate endpoints. The organization must implement a deny-all, permit-by-exception approach to software authorization for all systems regardless of OS. Which of the following should be implemented to meet these requirements?

SELinux

MDM

XDR

Block list

Atomic execution

Full Access

Answer:

Explanation:

Step by Step Explanation:

Understanding the Scenario: The organization wants a strict application control policy: deny all software execution by default and only allow specifically authorized applications. This must be enforced across all operating systems. It is implied that they mean an Allow list, but Block List is the only reasonable answer.

Analyzing the Answer Choices:

A. SELinux (Security-Enhanced Linux): SELinux is a security module for the Linux kernel that provides Mandatory Access Control (MAC). While it can enforce application control, it ' s specific to Linux and doesn ' t meet the " regardless of OS " requirement.

[Reference: SELinux is a powerful tool often covered in CASP+ material, but its OS-specific nature makes it unsuitable here., B. MDM (Mobile Device Management): MDM solutions are primarily used to manage mobile devices (smartphones, tablets). While some MDM solutions offer application control features, they are not designed for comprehensive application control across all OS types (including desktops)., Reference: MDM is relevant to CASP+ in the context of mobile security, but it's not the best fit for this cross-platform application control requirement., C. XDR (Extended Detection and Response): XDR is a threat detection and response platform that integrates multiple security products. While important for security, it's not designed to enforce application controlpolicies., Reference: XDR is a key component of modern security architectures and is covered in CASP+, but its focus is threat detection, not preventative application control., D. Allow List (Corrected from "Block List"): An allow list (also known as an application whitelisting) is a security mechanism that explicitly lists applications authorized to run. All other applications are blocked by default. This directly aligns with the "deny-all, permit-by-exception" approach., Reference: Allow lists (whitelisting) are a fundamental security control emphasized in CASP+. They are a core component of application control strategies., E. Atomic execution: This is not a recognized security control or term related to application control., Why D (Corrected to Allow List) is the Correct Answer:, An allow list perfectly implements the required security policy. By defining a list of approved applications, the organization ensures that only those applications can execute., This approach is effective across different operating systems, as long as the OS has a mechanism to implement application allow lists (most modern OSs do)., CASP+ Relevance: Allow listing is a critical security control discussed in CASP+ as a method to reduce the attack surface, prevent malware execution, and enhance endpoint security., Implementation Considerations (Elaboration based on CASP+ principles):, Creating the Allow List: This requires careful planning and inventorying of all necessary applications., Enforcement Mechanisms: Different OSs have different tools for enforcing application control policies. Windows has AppLocker, macOS has its own mechanisms, and various third-party endpoint security solutions also provide this functionality., Updating the Allow List: A process must be in place to add new applications to the allow list when needed, ensuring proper vetting and authorization., Exceptions: There might be a need for exceptions for certain users or systems, requiring careful consideration and management., In conclusion, an allow list (application whitelisting) is the most appropriate solution to implement a "deny-all, permit-by-exception" application control policy across all operating systems. It's a powerful security control aligned with the principles of least privilege and is a core concept covered in the CASP+ exam objectives. It is implied that the question was intended to be Allow List, but as written, Block List is the only reasonable answer., , , , , ]

Question # 56

An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted. Which of the following attack vectors does this registry address?

Supply chain attack B. Cipher substitution attack C. Side-channel analysis D. On-path attack E. Pass-the-hash attack

Full Access

Answer:

Explanation:

Step by Step Explanation:

Understanding the Scenario: The question describes a proactive security measure where an organization maintains a registry of software dependencies and their corresponding hashes. This registry is used to verify the integrity of software packages.

Analyzing the Answer Choices:

A. Supply chain attack: This type of attack involves compromising the software supply chain by injecting malicious code into legitimate software packages.

[Reference: CASP+ objectives often emphasize supply chain security due to its growing importance. The scenario directly relates to this type of attack, as the registry helps ensure that software packages haven't been tampered with during the supply chain process., B. Cipher substitution attack: This is a cryptographic attack focused on replacing ciphertext with a different ciphertext to deduce the key. It's not relevant to the scenario., C. Side-channel analysis: This attack involves gathering information from the physical implementation of a system (e.g., timing, power consumption) rather than exploiting the algorithm itself. It's not applicable here., D. On-path attack (formerly man-in-the-middle): This attack involves intercepting and potentially altering communication between two parties. While important, it's not theprimary focus of the registry., E. Pass-the-hash attack: This attack involves using a stolen hash of a user's password to authenticate without needing the actual password. It's unrelated to software package integrity., Why A is the Correct Answer:, A supply chain attack is exactly what the organization is trying to mitigate. By creating a registry of known-good software packages and their hashes, they can verify that the packages they are using are legitimate and haven't been altered., If an attacker were to compromise a software package in the supply chain, the hash of the altered package would not match the hash in the organization's registry. This would immediately alert the organization to a potential compromise., CASP+ Relevance: This aligns with the CASP+ exam objectives, which emphasize the importance of risk management, threat intelligence, and implementing security controls to address various attack vectors, including supply chain risks., How the Registry Works (Elaboration based on CASP+principles):, Hashing: When a package is vetted, a cryptographic hash function (like SHA-256) is used to generate a unique "fingerprint" (the hash) of the package's contents., Verification: Before installing or using a package, its hash is calculated and compared to the hash stored in the registry. A match confirms the package's integrity. A mismatch indicates tampering., Incident Response: If a vulnerability is discovered in a commonly used package, the registry helps the organization quickly identify which systems are affected based on the dependency list and the stored hashes., In conclusion, maintaining a registry of software dependencies with hashes is a crucial security control that directly addresses the threat of supply chain attacks by ensuring the integrity and authenticity of software packages. The use of hash functions for verification is a common practice in security and is emphasized in the CASP+ material., , , , , ]

Go to page: