Winter Sale Special Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: v4s65

CAS-005 Exam Dumps - CompTIA SecurityX Certification Exam

Question # 4

Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network A network engineer observes the following:

• Users should be redirected to the captive portal.

• The Motive portal runs Tl. S 1 2

• Newer browser versions encounter security errors that cannot be bypassed

• Certain websites cause unexpected re directs

Which of the following mow likely explains this behavior?

A.

The TLS ciphers supported by the captive portal ate deprecated

B.

Employment of the HSTS setting is proliferating rapidly.

C.

Allowed traffic rules are causing the NIPS to drop legitimate traffic

D.

An attacker is redirecting supplicants to an evil twin WLAN.

Full Access
Question # 5

A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin. Which of the following best describes the cyberthreat to the bank?

A.

Ability to obtain components during wartime

B.

Fragility and other availability attacks

C.

Physical Implants and tampering

D.

Non-conformance to accepted manufacturing standards

Full Access
Question # 6

An IPSec solution is being deployed. The configuration files for both the VPN

concentrator and the AAA server are shown in the diagram.

Complete the configuration files to meet the following requirements:

• The EAP method must use mutual certificate-based authentication (With

issued client certificates).

• The IKEv2 Cipher suite must be configured to the MOST secure

authenticated mode of operation,

• The secret must contain at least one uppercase character, one lowercase

character, one numeric character, and one special character, and it must

meet a minimum length requirement of eight characters,

INSTRUCTIONS

Click on the AAA server and VPN concentrator to complete the configuration.

Fill in the appropriate fields and make selections from the drop-down menus.

VPN Concentrator:

AAA Server:

Full Access
Question # 7

A vulnerability can on a web server identified the following:

Which of the following actions would most likely eliminate on path decryption attacks? (Select two).

A.

Disallowing cipher suites that use ephemeral modes of operation for key agreement

B.

Removing support for CBC-based key exchange and signing algorithms

C.

Adding TLS_ECDHE_ECDSA_WITH_AE3_256_GCMS_HA256

D.

Implementing HIPS rules to identify and block BEAST attack attempts

E.

Restricting cipher suites to only allow TLS_RSA_WITH_AES_128_CBC_SHA

F.

Increasing the key length to 256 for TLS_RSA_WITH_AES_128_CBC_SHA

Full Access
Question # 8

While reviewing recent modem reports, a security officer discovers that several employees were contacted by the same individual who impersonated a recruiter. Which of the following best describes this type of correlation?

A.

Spear-phishing campaign

B.

Threat modeling

C.

Red team assessment

D.

Attack pattern analysis

Full Access
Question # 9

A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors Which of the following is the most relevant to the DevSecOps team's task'

A.

Static application security testing

B.

Software composition analysis

C.

Runtime application self-protection

D.

Web application vulnerability scanning

Full Access
Question # 10

A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:

Which of the following is the most appropriate action for the analyst to take?

A.

Update the log configuration settings on the directory server that Is not being captured properly.

B.

Have the admin account owner change their password to avoid credential stuffing.

C.

Block employees from logging in to applications that are not part of their business area.

D.

implement automation to disable accounts that nave been associated with high-risk activity.

Full Access
Question # 11

Users are experiencing a variety of issues when trying to access corporate resources examples include

• Connectivity issues between local computers and file servers within branch offices

• Inability to download corporate applications on mobile endpoints wtiilc working remotely

• Certificate errors when accessing internal web applications

Which of the following actions are the most relevant when troubleshooting the reported issues? (Select two).

A.

Review VPN throughput

B.

Check IPS rules

C.

Restore static content on lite CDN.

D.

Enable secure authentication using NAC

E.

Implement advanced WAF rules.

F.

Validate MDM asset compliance

Full Access
Question # 12

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

Code Snippet 1

Code Snippet 2

Vulnerability 1:

    SQL injection

    Cross-site request forgery

    Server-side request forgery

    Indirect object reference

    Cross-site scripting

Fix 1:

    Perform input sanitization of the userid field.

    Perform output encoding of queryResponse,

    Ensure usex:ia belongs to logged-in user.

    Inspect URLS and disallow arbitrary requests.

    Implement anti-forgery tokens.

Vulnerability 2

1) Denial of service

2) Command injection

3) SQL injection

4) Authorization bypass

5) Credentials passed via GET

Fix 2

A) Implement prepared statements and bind

variables.

B) Remove the serve_forever instruction.

C) Prevent the "authenticated" value from being overridden by a GET parameter.

D) HTTP POST should be used for sensitive parameters.

E) Perform input sanitization of the userid field.

Full Access
Question # 13

A company updates its cloud-based services by saving infrastructure code in a remote repository. The code is automatically deployed into the development environment every time the code is saved lo the repository The developers express concern that the deployment often fails, citing minor code issues and occasional security control check failures in the development environment Which of the following should a security engineer recommend to reduce the deployment failures? (Select two).

A.

Software composition analysis

B.

Pre-commit code linting

C.

Repository branch protection

D.

Automated regression testing

E.

Code submit authorization workflow

F.

Pipeline compliance scanning

Full Access
Question # 14

A security analyst is reviewing the following log:

Which of the following possible events should the security analyst investigate further?

A.

A macro that was prevented from running

B.

A text file containing passwords that were leaked

C.

A malicious file that was run in this environment

D.

A PDF that exposed sensitive information improperly

Full Access
Question # 15

A company that uses containers to run its applications is required to identify vulnerabilities on every container image in a private repository The security team needs to be able to quickly evaluate whether to respond to a given vulnerability Which of the following, will allow the security team to achieve the objective with the last effort?

A.

SAST scan reports

B.

Centralized SBoM

C.

CIS benchmark compliance reports

D.

Credentialed vulnerability scan

Full Access
Question # 16

An organization is planning for disaster recovery and continuity of operations, and has noted the following relevant findings:

1. A natural disaster may disrupt operations at Site A, which would then cause an evacuation. Users are

unable to log into the domain from-their workstations after relocating to Site B.

2. A natural disaster may disrupt operations at Site A, which would then cause the pump room at Site B

to become inoperable.

3. A natural disaster may disrupt operations at Site A, which would then cause unreliable internet

connectivity at Site B due to route flapping.

INSTRUCTIONS

Match each relevant finding to the affected host by clicking on the host name and selecting the appropriate number.

For findings 1 and 2, select the items that should be replicated to Site B. For finding 3, select the item requiring configuration changes, then select the appropriate corrective action from the drop-down menu.

Full Access
Question # 17

A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries Which of the following should the organization most likely leverage to facilitate this activity? (Select two).

A.

CWPP

B.

YAKA

C.

ATTACK

D.

STIX

E.

TAXII

F.

JTAG

Full Access
Question # 18

All organization is concerned about insider threats from employees who have individual access to encrypted material. Which of the following techniques best addresses this issue?

A.

SSO with MFA

B.

Sating and hashing

C.

Account federation with hardware tokens

D.

SAE

E.

Key splitting

Full Access
Question # 19

A software company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application Which of the following is the most likely cause of the alerts?

A.

Misconfigured code commit

B.

Unsecure bundled libraries

C.

Invalid code signing certificate

D.

Data leakage

Full Access
Question # 20

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host.

After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simul-ation, please click the Reset All button.

Full Access
Question # 21

Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment. Which of the following actions should be taken to address this requirement?

A.

Isolating the historian server for connections only from The SCADA environment

B.

Publishing the C$ share from SCADA to the enterprise

C.

Deploying a screened subnet between 11 and SCADA

D.

Adding the business workstations to the SCADA domain

Full Access
Question # 22

A security operations engineer needs to prevent inadvertent data disclosure when encrypted SSDs are reused within an enterprise. Which of the following is the most secure way to achieve this goal?

A.

Executing a script that deletes and overwrites all data on the SSD three times

B.

Wiping the SSD through degaussing

C.

Securely deleting the encryption keys used by the SSD

D.

Writing non-zero, random data to all cells of the SSD

Full Access
Question # 23

A security analyst received a notification from a cloud service provider regarding an attack detected on a web server The cloud service provider shared the following information about the attack:

• The attack came from inside the network.

• The attacking source IP was from the internal vulnerability scanners.

• The scanner is not configured to target the cloud servers.

Which of the following actions should the security analyst take first?

A.

Create an allow list for the vulnerability scanner IPs m order to avoid false positives

B.

Configure the scan policy to avoid targeting an out-of-scope host

C.

Set network behavior analysis rules

D.

Quarantine the scanner sensor to perform a forensic analysis

Full Access
Question # 24

A financial services organization is using Al lo fully automate the process of deciding client loan rates Which of the following should the organization be most concerned about from a privacy perspective?

A.

Model explainability

B.

Credential Theft

C.

Possible prompt Injections

D.

Exposure to social engineering

Full Access
Question # 25

A security team is responding to malicious activity and needs to determine the scope of impact the malicious activity appears to affect certain version of an application used by the organization Which of the following actions best enables the team to determine the scope of Impact?

A.

Performing a port scan

B.

Inspecting egress network traffic

C.

Reviewing the asset inventory

D.

Analyzing user behavior

Full Access
Question # 26

An organization is implementing Zero Trust architecture A systems administrator must increase the effectiveness of the organization's context-aware access system. Which of the following is the best way to improve the effectiveness of the system?

A.

Secure zone architecture

B.

Always-on VPN

C.

Accurate asset inventory

D.

Microsegmentation

Full Access
Question # 27

A systems administrator works with engineers to process and address vulnerabilities as a result of continuous scanning activities. The primary challenge faced by the administrator is differentiating between valid and invalid findings. Which of the following would the systems administrator most likely verify is properly configured?

A.

Report retention time

B.

Scanning credentials

C.

Exploit definitions

D.

Testing cadence

Full Access
Question # 28

A company plans to implement a research facility with Intellectual property data that should be protected The following is the security diagram proposed by the security architect

Which of the following security architect models is illustrated by the diagram?

A.

Identity and access management model

B.

Agent based security model

C.

Perimeter protection security model

D.

Zero Trust security model

Full Access
Question # 29

A user submits a help desk ticket stating then account does not authenticate sometimes. An analyst reviews the following logs for the user:

Which of the following best explains the reason the user's access is being denied?

A.

incorrectly typed password

B.

Time-based access restrictions

C.

Account compromise

D.

Invalid user-to-device bindings

Full Access
Question # 30

After an incident occurred, a team reported during the lessons-learned review that the team.

* Lost important Information for further analysis.

* Did not utilize the chain of communication

* Did not follow the right steps for a proper response

Which of the following solutions is the best way to address these findinds?

A.

Requesting budget for better forensic tools to Improve technical capabilities for Incident response operations

B.

Building playbooks for different scenarios and performing regular table-top exercises

C.

Requiring professional incident response certifications tor each new team member

D.

Publishing the incident response policy and enforcing it as part of the security awareness program

Full Access
Question # 31

A user reports application access issues to the help desk. The help desk reviews the logs for the user

Which of the following is most likely The reason for the issue?

A.

The user inadvertently tripped the impossible travel security rule in the SSO system.

B.

A threat actor has compromised the user's account and attempted to lop, m

C.

The user is not allowed to access the human resources system outside of business hours

D.

The user did not attempt to connect from an approved subnet

Full Access
Question # 32

During a security assessment using an CDR solution, a security engineer generates the following report about the assets in me system:

After five days, the EDR console reports an infection on the host 0WIN23 by a remote access Trojan Which of the following is the most probable cause of the infection?

A.

OW1N23 uses a legacy version of Windows that is not supported by the EDR

B.

LN002 was not supported by the EDR solution and propagates the RAT

C.

The EDR has an unknown vulnerability that was exploited by the attacker.

D.

0W1N29 spreads the malware through other hosts in the network

Full Access
Question # 33

An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability. Which of the following components provides the best foundation to achieve this goal?

A.

SASE

B.

CMDB

C.

SBoM

D.

SLM

Full Access
Question # 34

A systems engineer is configuring a system baseline for servers that will provide email services. As part of the architecture design, the engineer needs to improve performance of the systems by using an access vector cache, facilitating mandatory access control and protecting against:

• Unauthorized reading and modification of data and programs

• Bypassing application security mechanisms

• Privilege escalation

• interference with other processes

Which of the following is the most appropriate for the engineer to deploy?

A.

SELinux

B.

Privileged access management

C.

Self-encrypting disks

D.

NIPS

Full Access
Question # 35

A cybersecurity architect is reviewing the detection and monitoring capabilities for a global company that recently made multiple acquisitions. The architect discovers that the acquired companies use different vendors for detection and monitoring The architect's goal is to:

• Create a collection of use cases to help detect known threats

• Include those use cases in a centralized library for use across all of the companies

Which of the following is the best way to achieve this goal?

A.

Sigma rules

B.

Ariel Query Language

C.

UBA rules and use cases

D.

TAXII/STIX library

Full Access