Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-005

Free CompTIA CAS-005 Exam Questions (page: 11)

Page 11 of 72
PDF with 352 Questions

A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed. Data on this network must be protected at the same level of each clearance holder. The need to know must be verified by the data owner.
Which of the following should the security officer do to meet these requirements?

  1. Create a rule to authorize personnel only from certain IPs to access the files.
  2. Assign labels to the files and require formal access authorization.
  3. Assign attributes to each file and allow authorized users to share the files.
  4. Assign roles to users and authorize access to files based on the roles.

Answer(s): B

Explanation:

To meet the requirement of ensuring that data is protected at the clearance level of each personnel member and that access is based on the need to know, labeling the files according to their classification level is an effective method. Labels indicate the sensitivity of the data and ensure that only individuals with the appropriate clearance and need-to-know access are authorized to view or modify the files.
By requiring formal access authorization from the data owner, the security officer ensures that access is explicitly verified before any personnel can access data at a given classification level.



A security team receives alerts regarding impossible travel and possible brute-force attacks after normal business hours. After reviewing more logs, the team determines that specific users were targeted and attempts were made to transfer data to an unknown site.
Which of the following should the team do to help mitigate these issues?

  1. Create a firewall rule to prevent those users from accessing sensitive data.
  2. Restrict uploading activity to only authorized sites.
  3. Enable packet captures to continue to run for the source and destination related to the file transfer.
  4. Disable login activity for those users after business hours.

Answer(s): B

Explanation:

The security team has identified that certain users are being targeted by what appears to be impossible travel and brute-force attacks, followed by attempts to transfer data to an unknown site. To mitigate this, the best approach is to restrict uploading activity to only authorized sites. This ensures that even if the attackers gain access to the user accounts, they will not be able to exfiltrate data to unknown or unauthorized locations.
This control directly addresses the data exfiltration risk by preventing unauthorized file uploads, regardless of whether the attacker successfully compromises user credentials.



A company recently acquired a SaaS company and performed a gap analysis. The results of the gap analysis Indicate security controls are absent throughout the SDLC and have led to several vulnerable production releases.
Which of the following security tools best reduces the risk of vulnerable code being pushed to production in the future?

  1. Static application security testing
  2. Regression testing
  3. Code signing
  4. Sandboxing

Answer(s): A

Explanation:

Static application security testing (SAST) is the best tool for identifying security vulnerabilities in code early in the Software Development Life Cycle (SDLC). SAST tools analyze source code or binaries for vulnerabilities without executing the program, allowing teams to catch and address security issues before the code is pushed to production. This aligns with reducing the risk of vulnerable code being released.



Which of the following is the best reason for obtaining file hashes from a confiscated laptop?

  1. To prevent metadata tampering on each file
  2. To later validate the integrity of each file
  3. To generate unique identifiers for each file
  4. To preserve the chain of custody of files

Answer(s): B

Explanation:

Obtaining file hashes from a confiscated laptop is primarily done to ensure that the integrity of each file can be validated later. By generating a hash of each file, investigators can later compare the hash values to ensure that no files have been altered or tampered with during the investigation process. This helps confirm that the files remain unchanged from the time they were seized.



A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation.
Which of the following metric groups would the analyst need to determine to get the overall scores? (Choose three.)

  1. Temporal
  2. Availability
  3. Integrity
  4. Confidentiality
  5. Base
  6. Environmental

  7. Impact
  8. Attack vector

Answer(s): A,E,F

Explanation:

To calculate the overall CVSS (Common Vulnerability Scoring System) score, an analyst needs to determine three metric groups:
Base: This group captures the intrinsic characteristics of a vulnerability that are constant over time and across environments, such as exploitability and impact.
Temporal: This group considers the current state of the vulnerability, such as how easily it can be exploited at the moment or whether mitigation is available.
Environmental: This group takes into account the specific environment where the vulnerability exists,

adjusting the score based on factors such as security controls in place or the importance of the affected system.



Viewing page 11 of 72



Post your Comments and Discuss CompTIA CAS-005 exam prep with other Community members:

CAS-005 Exam Discussions & Posts