QUESTION: 51

Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?

At the individual product level
Through the selection of a random product
Using a third-party audit report
By choosing a major product

Answer(s): A

Explanation:

A risk assessment should be performed at the individual product level when an organization has a critical vendor providing multiple products. This approach ensures that each product is evaluated for its specific risks, vulnerabilities, and impact on the organization. By assessing each product separately, the organization can identify and prioritize the risks associated with each product rather than making assumptions based on a single product or a general overview.

Show Answer Next Question

QUESTION: 52

A security engineer is performing a vulnerability management scan on multihomed Linux systems. The engineer notices that the vulnerability count is high due to the fact that each vulnerability is multiplied by the number of NICs on each system.
Which of the following should the engineer do to deduplicate the vulnerabilities and to associate the vulnerabilities with a particular host?

Use a SCAP scanner.
Deploy an agent.
Initiate a discovery scan.
Perform an Nmap scan.

Answer(s): B

Explanation:

Deploying an agent on the systems will allow for more accurate and centralized vulnerability management. The agent can deduplicate vulnerabilities by associating them with a specific host, regardless of how many network interface cards (NICs) the system has. This helps eliminate the issue of vulnerabilities being counted multiple times for each NIC. Agents can also collect data from the system more accurately and ensure that vulnerabilities are tied to the correct host.

Show Answer Next Question

QUESTION: 53

Which of the following best describes a risk associated with using facial recognition to locally authenticate to a mobile device?

Data remanence
Deepfake
Metadata scraping
Biometric impersonation

Answer(s): D

Explanation:

Biometric impersonation refers to the risk of someone using a photo, video, or other methods to spoof or trick a facial recognition system into authenticating them as the legitimate user. This is a significant concern with facial recognition used for local authentication on mobile devices, as attackers might exploit this vulnerability to gain unauthorized access. Other options such as "deepfake" could be a method used in biometric impersonation, but the best description of the risk is biometric impersonation itself.

Show Answer Next Question

QUESTION: 54

The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:

SECURE BOOT FAILED:
FIRMWARE MISMATCH EXPECTED UXFDC479 ACTUAL 0x79F31B

During the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum.
Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?

Evasion
Persistence
Collection
Lateral movement

Answer(s): B

Explanation:

The technique described in the scenario, where modified firmware with an altered checksum is found on multiple controllers, aligns with the Persistence stage of the MITRE ATT&CK framework for ICS (Industrial Control Systems). Persistence involves ensuring that an adversary can maintain access to a system even after reboots, credential changes, or other defensive measures. The manipulation of firmware is a classic method used by attackers to ensure that they can maintain control over a system or device across reboots or resets, which is a key characteristic of the Persistence stage.

Show Answer Next Question

QUESTION: 55

A web service provider has just taken on a very large contract that comes with requirements that are currently not being implemented. In order to meet contractual requirements, the company must achieve the following thresholds:

99.99% uptime

Load time in 3 seconds

Response time = <1.0 seconds

Starting with the computing environment, which of the following should a security engineer recommend to best meet the requirements? (Choose three.)

Installing a firewall at corporate headquarters
Deploying a content delivery network
Implementing server clusters
Employing bare-metal loading of applications
Lowering storage input/output
Implementing RAID on the backup servers
Utilizing redundant power for all developer workstations

Answer(s): B,C,E

Explanation:

To meet the high uptime, load time, and response time requirements, the following recommendations would be most effective:
Deploying a content delivery network (CDN): A CDN can distribute content across multiple locations globally, reducing load times by serving content from the nearest edge server to the user.
Implementing server clusters: Server clusters can ensure high availability and load balancing, which is essential for maintaining 99.99% uptime and improving response times during high traffic periods.
Lowering storage input/output (I/O): Reducing storage I/O can improve performance by speeding up data access and enhancing the system's ability to meet load time and response time requirements.
These solutions directly address the performance and availability metrics that are required for the contract.
Other options like implementing RAID, using redundant power for workstations, or installing firewalls would not directly contribute to the high availability or performance requirements.

Show Answer Next Question

Free CompTIA CAS-005 Exam Questions (page: 12)

QUESTION: 51

Explanation:

QUESTION: 52

Explanation:

QUESTION: 53

Explanation:

QUESTION: 54

Explanation:

QUESTION: 55

Explanation:

CAS-005 Exam Discussions & Posts