Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-005

Free CompTIA CAS-005 Exam Questions

A web application server is running a legacy operating system with an unpatched RCE vulnerability. The server cannot be upgraded until the corresponding application code is changed.
Which of the following compensating controls would best prevent successful exploitation?

  1. Segmentation
  2. CASB
  3. HIPS
  4. UEBA

Answer(s): A

Explanation:

Segmentation is a compensating control that helps mitigate risks by isolating critical systems or vulnerable systems from the rest of the network. In this case, the web application server running a legacy operating system with an unpatched remote code execution (RCE) vulnerability can be isolated through network segmentation. This limits the potential for attackers to exploit the vulnerability by restricting access to the server and preventing lateral movement within the network. By segmenting the server, the attack surface is reduced, and the risk of successful exploitation is minimized until the system can be properly patched.



Which of the following is the reason why security engineers often cannot upgrade the security of embedded facility automation systems?

  1. They are constrained by available compute.
  2. They lack x86-64 processors.
  3. They lack EEPROM.
  4. They are not logic-bearing devices.

Answer(s): A

Explanation:

Embedded facility automation systems, such as those used for controlling HVAC, lighting, or security, are often constrained by limited computational resources. These systems are designed to be low-cost and energy- efficient, which means they typically have limited processing power, memory, and storage capacity. As a result, security engineers often face difficulties when trying to upgrade or implement additional security measures, such as more sophisticated encryption or security patches, because these systems lack the necessary compute resources to handle such upgrades.



A security analyst identified a vulnerable and deprecated runtime engine that Is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month.
Which of the following controls would best mitigate the risk without interrupting the service during the transition?

  1. Shutting down the systems until the code is ready
  2. Uninstalling the impacted runtime engine
  3. Selectively blocking traffic on the affected port
  4. Configuring IPS and WAF with signatures

Answer(s): D

Explanation:

To mitigate the risk of the vulnerable and deprecated runtime engine while the developers transition to a more modern environment, configuring an Intrusion Prevention System (IPS) and a Web Application Firewall (WAF) with appropriate signatures would provide protection without disrupting the service. These security controls can help detect and block known exploits targeting the vulnerable runtime engine. By applying these measures, the application can continue running while minimizing the risk of exploitation from external threats.



A security architect wants to ensure a remote host's identity and decides that pinning the X.509 certificate to the device is the most effective solution.
Which of the following must happen first?

  1. Use Distinguished Encoding Rules (DER) for the certificate.
  2. Extract the private key from the certificate.
  3. Use an out-of-band method to obtain the certificate.
  4. Compare the retrieved certificate with the embedded certificate.

Answer(s): C

Explanation:

When implementing certificate pinning, the first step is to securely obtain the remote host's X.509 certificate through an out-of-band method. This ensures that the certificate is trusted and verified outside of the regular communication channel (e.g., via a secure channel or pre-distribution), preventing any potential man-in-the- middle attacks. Once the certificate is securely obtained and verified, it can then be pinned to the device so that future connections to that host will only be accepted if the certificate matches the pinned one.



A company hired a third-party consultant to run a cybersecurity incident simulation in order to identify security gaps and prepare stakeholders for a potential incident.
Which of the following best describes this activity?

  1. Tabletop exercise
  2. Walk-through review
  3. Lessons learned
  4. Business impact analysis

Answer(s): A

Explanation:

A tabletop exercise is a discussion-based simulation where key stakeholders, including management and technical teams, gather to walk through a hypothetical cybersecurity incident. The goal is to identify security gaps, assess response strategies, and prepare for real-world incidents. During this exercise, participants typically discuss their roles and decisions in handling the incident, but no actual systems are impacted.



Viewing page 10 of 72



Post your Comments and Discuss CompTIA CAS-005 exam prep with other Community members:

CAS-005 Exam Discussions & Posts