Special Summer Sale Limited Time Flat 70% Discount offer - Ends in 0d 00h 00m 00s - Coupon code: 70spcl

CompTIA CAS-005 CompTIA SecurityX Certification Exam Exam Practice Test

Page: 1 / 19
Total 187 questions

CompTIA SecurityX Certification Exam Questions and Answers

Question 1

Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

Options:

A.

Securing data transfer between hospitals

B.

Providing for non-repudiation of data

C.

Reducing liability from identity theft

D.

Protecting privacy while supporting portability

Question 2

A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not normally send traffic to those sites. The technician will define this threat as:

Options:

A.

A decrypting RSA using an obsolete and weakened encryption attack.

B.

A zero-day attack.

C.

An advanced persistent threat.

D.

An on-path attack.

Question 3

After several companies in the financial industry were affected by a similar incident, they shared information about threat intelligence and the malware used for exploitation. Which of the following should the companies do to best indicate whether the attacks are being conducted by the same actor?

Options:

A.

Apply code stylometry.

B.

Look for common IOCs.

C.

Use IOC extractions.

D.

Leverage malware detonation.

Question 4

A systems engineer is configuring SSO for a business that will be using SaaS applications for its remote-only workforce. Privileged actions in SaaS applications must be allowed only from corporate mobile devices that meet minimum security requirements, but BYOD must also be permitted for other activity. Which of the following would best meet this objective?

Options:

A.

Block any connections from outside the business's network security boundary.

B.

Install machine certificates on corporate devices and perform checks against the clients.

C.

Configure device attestations and continuous authorization controls.

D.

Deploy application protection policies using a corporate, cloud-based MDM solution.

Question 5

A security analyst is reviewing the following log:

Question # 5

Which of the following possible events should the security analyst investigate further?

Options:

A.

A macro that was prevented from running

B.

A text file containing passwords that were leaked

C.

A malicious file that was run in this environment

D.

A PDF that exposed sensitive information improperly

Question 6

A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin. Which of the following best describes the cyberthreat to the bank?

Options:

A.

Ability to obtain components during wartime

B.

Fragility and other availability attacks

C.

Physical Implants and tampering

D.

Non-conformance to accepted manufacturing standards

Question 7

A security officer received several complaints from users about excessive MPA push notifications at night The security team investigates and suspects malicious activities regardinguser account authentication Which of the following is the best way for the security officer to restrict MI~A notifications''

Options:

A.

Provisioning FID02 devices

B.

Deploying a text message based on MFA

C.

Enabling OTP via email

D.

Configuring prompt-driven MFA

Question 8

A company that uses several cloud applications wants to properly identify:

    All the devices potentially affected by a given vulnerability.

    All the internal servers utilizing the same physical switch.

    The number of endpoints using a particular operating system.Which of the following is the best way to meet the requirements?

Options:

A.

SBoM

B.

CASB

C.

GRC

D.

CMDB

Question 9

A cloud engineer needs to identify appropriate solutions to:

• Provide secure access to internal and external cloud resources.

• Eliminate split-tunnel traffic flows.

• Enable identity and access management capabilities.

Which of the following solutions arc the most appropriate? (Select two).

Options:

A.

Federation

B.

Microsegmentation

C.

CASB

D.

PAM

E.

SD-WAN

F.

SASE

Question 10

A security engineer needs 10 secure the OT environment based on me following requirements

• Isolate the OT network segment

• Restrict Internet access.

• Apply security updates two workstations

• Provide remote access to third-party vendors

Which of the following design strategies should the engineer implement to best meet these requirements?

Options:

A.

Deploy a jump box on the third party network to access the OT environment and provide updates using a physical delivery method on the workstations

B.

Implement a bastion host in the OT network with security tools in place to monitor access and use a dedicated update server for the workstations.

C.

Enable outbound internet access on the OT firewall to any destination IP address and use the centralized update server for the workstations

D.

Create a staging environment on the OT network for the third-party vendor to access and enable automatic updates on the workstations.

Question 11

A company's SICM Is continuously reporting false positives and false negatives The security operations team has Implemented configuration changes to troubleshoot possible reporting errors Which of the following sources of information best supports the required analysts process? (Select two).

Options:

A.

Third-party reports and logs

B.

Trends

C.

Dashboards

D.

Alert failures

E.

Network traffic summaries

F.

Manual review processes

Question 12

Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment. Which of the following actions should be taken to address this requirement?

Options:

A.

Isolating the historian server for connections only from The SCADA environment

B.

Publishing the C$ share from SCADA to the enterprise

C.

Deploying a screened subnet between 11 and SCADA

D.

Adding the business workstations to the SCADA domain

Question 13

An external SaaS solution user reports a bug associated with the role-based access control module. This bug allows users to bypass system logic associated with client segmentation in the multitenant deployment model. When assessing the bug report, the developer finds that the same bug was previously identified and addressed in an earlier release. The developer then determines the bug was reintroduced when an existing software component was integrated from a prior version of the platform. Which of the following is the best way to prevent this scenario?

Options:

A.

Regression testing

B.

Code signing

C.

Automated test and retest

D.

User acceptance testing

E.

Software composition analysis

Question 14

Question # 14

Which of the following is the security engineer most likely doing?

Options:

A.

Assessing log in activities using geolocation to tune impossible Travel rate alerts

B.

Reporting on remote log-in activities to track team metrics

C.

Threat hunting for suspicious activity from an insider threat

D.

Baselining user behavior to support advanced analytics

Question 15

A security architect must make sure that the least number of services as possible is exposed in order to limit an adversary's ability to access the systems. Which of the following should the architect do first?

Options:

A.

Enforce Secure Boot.

B.

Perform attack surface reduction.

C.

Disable third-party integrations.

D.

Limit access to the systems.

Question 16

A company receives several complaints from customers regarding its website. An engineer implements a parser for the web server logs that generates the following output:

Question # 16

which of the following should the company implement to best resolve the issue?

Options:

A.

IDS

B.

CDN

C.

WAF

D.

NAC

Question 17

An auditor is reviewing the logs from a web application to determine the source of an incident. The web application architecture includes an internet-accessible application load balancer, a number of web servers in a private subnet, application servers, and one database server in a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:

Web server logs:

192.168.1.10 - - [24/Oct/2020 11:24:34 +05:00] "GET /bin/bash" HTTP/1.1" 200 453 Safari/536.36

192.168.1.10 - - [24/Oct/2020 11:24:35 +05:00] "GET / HTTP/1.1" 200 453 Safari/536.36

Application server logs:

24/Oct/2020 11:24:34 +05:00 - 192.168.2.11 - request does not match a known local user. Querying DB

24/Oct/2020 11:24:35 +05:00 - 192.168.2.12 - root path. Begin processing

Database server logs:

24/Oct/2020 11:24:34 +05:00 [Warning] 'option read_buffer_size1 unassigned value 0 adjusted to 2048

24/Oct/2020 11:24:35 +05:00 [Warning] CA certificate ca.pem is self-signed.

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

Options:

A.

Enable the X-Forwarded-For header at the load balancer.

B.

Install a software-based HIDS on the application servers.

C.

Install a certificate signed by a trusted CA.

D.

Use stored procedures on the database server.

E.

Store the value of the $_SERVER['REMOTE_ADDR'] received by the web servers.

Question 18

A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response. Which of the following should the team do to best accomplish this goal?

Options:

A.

Integrate a file-monitoring tool with the SIEM.

B.

Change the log solution and integrate it with the existing SIEM.

C.

Implement a central logging server, allowing only log ingestion.

D.

Rotate and back up logs every 24 hours, encrypting the backups.

Question 19

An organization wants to manage specialized endpoints and needs a solution that provides the ability to

* Centrally manage configurations

* Push policies.

• Remotely wipe devices

• Maintain asset inventory

Which of the following should the organization do to best meet these requirements?

Options:

A.

Use a configuration management database

B.

Implement a mobile device management solution.

C.

Configure contextual policy management

D.

Deploy a software asset manager

Question 20

Which of the following AI concerns is most adequately addressed by input sanitation?

Options:

A.

Model inversion

B.

Prompt Injection

C.

Data poisoning

D.

Non-explainable model

Question 21

Which of the following supports the process of collecting a large pool of behavioral observations to inform decision-making?

Options:

A.

Linear regression

B.

Distributed consensus

C.

Big Data

D.

Machine learning

Question 22

A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password Which of the following models should the company implement to b«st solve this issue?

Options:

A.

Rule based

B.

Time-based

C.

Role based

D.

Context-based

Question 23

A financial services organization is using Al lo fully automate the process of deciding client loan rates Which of the following should the organization be most concerned about from a privacy perspective?

Options:

A.

Model explainability

B.

Credential Theft

C.

Possible prompt Injections

D.

Exposure to social engineering

Question 24

A systems administrator works with engineers to process and address vulnerabilities as a result of continuous scanning activities. The primary challenge faced by the administrator is differentiating between valid and invalid findings. Which of the following would the systems administrator most likely verify is properly configured?

Options:

A.

Report retention time

B.

Scanning credentials

C.

Exploit definitions

D.

Testing cadence

Question 25

A user submits a help desk ticket stating then account does not authenticate sometimes. An analyst reviews the following logs for the user:

Which of the following best explains the reason the user's access is being denied?

Options:

A.

incorrectly typed password

B.

Time-based access restrictions

C.

Account compromise

D.

Invalid user-to-device bindings

Question 26

A company wants to modify its process to comply with privacy requirements after an incident involving PII data in a development environment. In order to perform functionality tests, the QA team still needs to use valid data in the specified format. Which of the following best addresses the risk without impacting the development life cycle?

Options:

A.

Encrypting the data before moving into the QA environment

B.

Truncating the data to make it not personally identifiable

C.

Using a large language model to generate synthetic data

D.

Utilizing tokenization for sensitive fields

Question 27

An IPSec solution is being deployed. The configuration files for both the VPN

concentrator and the AAA server are shown in the diagram.

Complete the configuration files to meet the following requirements:

• The EAP method must use mutual certificate-based authentication (With

issued client certificates).

• The IKEv2 Cipher suite must be configured to the MOST secure

authenticated mode of operation,

• The secret must contain at least one uppercase character, one lowercase

character, one numeric character, and one special character, and it must

meet a minimum length requirement of eight characters,

INSTRUCTIONS

Click on the AAA server and VPN concentrator to complete the configuration.

Fill in the appropriate fields and make selections from the drop-down menus.

Question # 27

VPN Concentrator:

Question # 27

AAA Server:

Question # 27

Options:

Question 28

Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network A network engineer observes the following:

• Users should be redirected to the captive portal.

• The Motive portal runs Tl. S 1 2

• Newer browser versions encounter security errors that cannot be bypassed

• Certain websites cause unexpected re directs

Which of the following mow likely explains this behavior?

Options:

A.

The TLS ciphers supported by the captive portal ate deprecated

B.

Employment of the HSTS setting is proliferating rapidly.

C.

Allowed traffic rules are causing the NIPS to drop legitimate traffic

D.

An attacker is redirecting supplicants to an evil twin WLAN.

Question 29

A global organization wants to manage all endpoint and user telemetry. The organization also needs to differentiate this data based on which office it is correlated to. Which of the following strategies best aligns with this goal?

Options:

A.

Sensor placement

B.

Data labeling

C.

Continuous monitoring

D.

Centralized logging

Question 30

A security configure is building a solution to disable weak CBC configuration for remote access connections lo Linux systems. Which of the following should the security engineer modify?

Options:

A.

The /etc/openssl.conf file, updating the virtual site parameter

B.

The /etc/nsswith.conf file, updating the name server

C.

The /etc/hosts file, updating the IP parameter

D.

The /etc/etc/sshd, configure file updating the ciphers

Question 31

A building camera is remotely accessed and disabled from the remote console application during off-hours. A security analyst reviews the following logs:

Question # 31

Which of the following actions should the analyst take to best mitigate the threat?

Options:

A.

Implement WAF protection for the web application.

B.

Upgrade the firmware on the camera.

C.

Only allow connections from approved IPs.

D.

Block IP 104.18.16.29 on the firewall.

Question 32

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

Code Snippet 1

Question # 32

Code Snippet 2

Question # 32

Vulnerability 1:

SQL injection

Cross-site request forgery

Server-side request forgery

Indirect object reference

Cross-site scripting

Fix 1:

Perform input sanitization of the userid field.

Perform output encoding of queryResponse,

Ensure usex:ia belongs to logged-in user.

Inspect URLS and disallow arbitrary requests.

Implement anti-forgery tokens.

Vulnerability 2

1) Denial of service

2) Command injection

3) SQL injection

4) Authorization bypass

5) Credentials passed via GET

Fix 2

A) Implement prepared statements and bind

variables.

B) Remove the serve_forever instruction.

C) Prevent the "authenticated" value from being overridden by a GET parameter.

D) HTTP POST should be used for sensitive parameters.

E) Perform input sanitization of the userid field.

Options:

Question 33

PKI can be used to support security requirements in the change management process. Which of the following capabilities does PKI provide for messages?

Options:

A.

Non-repudiation

B.

Confidentiality

C.

Delivery receipts

D.

Attestation

Question 34

An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability. Which of the following components provides the best foundation to achieve this goal?

Options:

A.

SASE

B.

CMDB

C.

SBoM

D.

SLM

Question 35

After remote desktop capabilities were deployed in the environment, various vulnerabilities were noticed.

• Exfiltration of intellectual property

• Unencrypted files

• Weak user passwords

Which of the following is the best way to mitigate these vulnerabilities? (Select two).

Options:

A.

Implementing data loss prevention

B.

Deploying file integrity monitoring

C.

Restricting access to critical file services only

D.

Deploying directory-based group policies

E.

Enabling modem authentication that supports MFA

F.

Implementing a version control system

G.

Implementing a CMDB platform

Question 36

An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted. Which of the following attack vectors does this registry address?

Options:

A.

Supply chain attack B. Cipher substitution attack C. Side-channel analysis D. On-path attack E. Pass-the-hash attack

Question 37

A security operations engineer needs to prevent inadvertent data disclosure when encrypted SSDs are reused within an enterprise. Which of the following is the most secure way to achieve this goal?

Options:

A.

Executing a script that deletes and overwrites all data on the SSD three times

B.

Wiping the SSD through degaussing

C.

Securely deleting the encryption keys used by the SSD

D.

Writing non-zero, random data to all cells of the SSD

Question 38

A threat hunter is identifying potentially malicious activity associated with an APT. When the threat hunter runs queries against the SIEM platform with a date range of 60 to 90 days ago, the involved account seems to be typically most active in the evenings. When the threat hunter reruns the same query with a date range of 5 to 30 days ago, the account appears to be most active in the early morning. Which of the following techniques is the threat hunter using to better understand the data?

Options:

A.

TTP-based inquiries

B.

User behavior analytics

C.

Adversary emulation

D.

OSINT analysis activities

Question 39

Company A and Company D ate merging Company A's compliance reports indicate branch protections are not in place A security analyst needs to ensure that potential threats to the software development life cycle are addressed. Which of the following should me analyst cons

Options:

A.

If developers are unable to promote to production

B.

If DAST code is being stored to a single code repository

C.

If DAST scans are routinely scheduled

D.

If role-based training is deployed

Question 40

An organization is developing a disaster recovery plan that requires data to be backed up and available ata moment's notice. Which of the following should the organization consider first to address this requirement?

Options:

A.

Implement a change management plan to ensure systems are using the appropriate versions.

B.

Hire additional on-call staff to be deployed if an event occurs.

C.

Design an appropriate warm site for business continuity.

D.

Identify critical business processes and determine associated software and hardware requirements.

Question 41

An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry Which of the following should the security analyst use to perform threat modeling?

Options:

A.

ATT&CK

B.

OWASP

C.

CAPEC

D.

STRIDE

Question 42

A security analyst reviews the following report:

Question # 42

Which of the following assessments is the analyst performing?

Options:

A.

System

B.

Supply chain

C.

Quantitative

D.

Organizational

Question 43

A security analyst is reviewing the following vulnerability assessment report:

192.168.1.5, Host = Server1, CVSS 7.5, Web Server, Remotely Executable = Yes, Exploit = Yes

205.1.3.5, Host = Server2, CVSS 6.5, Bind Server, Remotely Executable = Yes, Exploit = POC

207.1.5.7, Host = Server3, CVSS 5.5, Email Server, Remotely Executable = Yes, Exploit = Yes

192.168.1.6, Host = Server4, CVSS 9.8, Domain Controller, Remotely Executable = Yes, Exploit = Yes

Which of the following should be patched first to minimize attacks against internet-facing hosts?

Options:

A.

Server1

B.

Server2

C.

Server3

D.

Server4

Question 44

A security analyst is performing a review of a web application. During testing as a standard user, the following error log appears:

Error Message in Database Connection

Connection to host USA-WebApp-Database failed

Database "Prod-DB01" not found

Table "CustomerInfo" not found

Please retry your request later

Which of the following best describes the analyst’s findings and a potential mitigation technique?

Options:

A.

The findings indicate unsecure references. All potential user input needs to be properly sanitized.

B.

The findings indicate unsecure protocols. All cookies should be marked as HttpOnly.

C.

The findings indicate information disclosure. The displayed error message should be modified.

D.

The findings indicate a SQL injection. The database needs to be upgraded.

Question 45

A security analyst received a report that an internal web page is down after a company-wide update to the web browser Given the following error message:

Question # 45

Which of the following is the b«« way to fix this issue?

Options:

A.

Rewriting any legacy web functions

B.

Disabling all deprecated ciphers

C.

Blocking all non-essential pons

D.

Discontinuing the use of self-signed certificates

Question 46

Which of the following best explains the business requirement a healthcare provider fulfills by encrypting patient data at rest?

Options:

A.

Securing data transfer between hospitals

B.

Providing for non-repudiation data

C.

Reducing liability from identity theft

D.

Protecting privacy while supporting portability.

Question 47

An organization is implementing advanced security controls associated with the execution of software applications on corporate endpoints. The organization must implement a deny-all, permit-by-exception approach to software authorization for all systems regardless of OS. Which of the following should be implemented to meet these requirements?

Options:

A.

SELinux

B.

MDM

C.

XDR

D.

Block list

E.

Atomic execution

Question 48

A company that uses containers to run its applications is required to identify vulnerabilities on every container image in a private repository The security team needs to be able to quickly evaluate whether to respond to a given vulnerability Which of the following, will allow the security team to achieve the objective with the last effort?

Options:

A.

SAST scan reports

B.

Centralized SBoM

C.

CIS benchmark compliance reports

D.

Credentialed vulnerability scan

Question 49

Embedded malware has been discovered in a popular PDF reader application and is currently being exploited in the wild. Because the supply chain was compromised, this malware is present in versions 10.0 through 10.3 of the software's official versions. The malware is not present in version 10.4.

Since the details around this malware are still emerging, the Chief Information Security Officer has asked the senior security analyst to collaborate with the IT asset inventory manager to find instances of the installed software in order to begin response activities. The asset inventory manager has asked an analyst to provide a regular expression that will identify the affected versions. The software installation entries are formatted as follows:

Reader 10.0

Reader 10.1

Reader 10.2

Reader 10.3

Reader 10.4

Which of the following regular expression entries will accurately identify all the affected versions?

Options:

A.

Reader(*)[1][0].[0-4:

B.

Reader[11[01X.f0-3'

C.

Reader( )[1][0].[0-3:

D.

Reader( )[1][0] X.[1-3:

Question 50

A cybersecurity architect is reviewing the detection and monitoring capabilities for a global company that recently made multiple acquisitions. The architect discovers that the acquired companies use different vendors for detection and monitoring The architect's goal is to:

• Create a collection of use cases to help detect known threats

• Include those use cases in a centralized library for use across all of the companies

Which of the following is the best way to achieve this goal?

Options:

A.

Sigma rules

B.

Ariel Query Language

C.

UBA rules and use cases

D.

TAXII/STIX library

Question 51

During a recentsecurity event, access from thenon-production environment to the production environmentenabledunauthorized usersto:

    Installunapproved software

    Makeunplanned configuration changes

During theinvestigation, the following findings were identified:

    Several new users were added in bulkby theIAM team

    Additionalfirewalls and routerswere recently added

    Vulnerability assessmentshave been disabled formore than 30 days

    Theapplication allow listhas not been modified intwo weeks

    Logs were unavailablefor various types of traffic

    Endpoints have not been patchedinover ten days

Which of the following actions would most likely need to be taken toensure proper monitoring?(Select two)

Options:

A.

Disable bulk user creationsby the IAM team

B.

Extend log retention for all security and network devices to180 daysfor all traffic

C.

Review the application allow listdaily

D.

Routinely update allendpoints and network devicesas soon as new patches/hot fixes are available

E.

Ensure allnetwork and security devicesare sending relevant data to theSIEM

F.

Configure firewall rules toonly allow production-to-non-productiontraffic

Question 52

After a penetration test on the internal network, the following report was generated:

Attack Target Result

Compromised host ADMIN01S.CORP.LOCAL Successful

Hash collected KRBTGT.CORP.LOCAL Successful

Hash collected SQLSV.CORP.LOCAL Successful

Pass the hash SQLSV.CORP.LOCAL Failed

Domain control CORP.LOCAL Successful

Which of the following should be recommended to remediate the attack?

Options:

A.

Deleting SQLSV

B.

Reimaging ADMIN01S

C.

Rotating KRBTGT password

D.

Resetting the local domain

Question 53

A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?

Options:

A.

Deploying a VPN to prevent remote locations from accessing server VLANs

B.

Configuring a SASb solution to restrict users to server communication

C.

Implementing microsegmentation on the server VLANs

D.

installing a firewall and making it the network core

Question 54

A Chief Information Security Officer is concerned about the operational impact of ransomware. In the event of a ransomware attack, the business requires the integrity of the data to remain intact and an RPO of less than one hour. Which of the following storage strategies best satisfies the business requirements?

Options:

A.

Full disk encryption

B.

Remote journaling

C.

Immutable

D.

RAID 10

Question 55

A company’s internal network is experiencing a security breach, and the threat actor is still active. Due to business requirements, users in this environment are allowed to utilize multiple machines at the same time. Given the following log snippet:

Question # 55

Which of the following accounts should a security analyst disable to best contain the incident without impacting valid users?

Options:

A.

user-a

B.

user-b

C.

user-c

D.

user-d

Question 56

A security administrator needs to automate alerting. The server generates structured log files that need to be parsed to determine whether an alarm has been triggered Given the following code function:

Question # 56

Which of the following is most likely the log input that the code will parse?

A)

Question # 56

B)

Question # 56

C)

Question # 56

D)

Question # 56

Options:

A.

Option A

B.

Option B

C.

Option C

D.

Option D

Page: 1 / 19
Total 187 questions