Cisco®
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
Scrum
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-005

Free CAS-005 Exam Braindumps (page: 4)

Page 4 of 82
PDF with 324 Questions

A security analyst is investigating a possible insider threat incident that involves the use of an unauthorized USB from a shared account to exfiltrate data. The event did not create an alert. The analyst has confirmed the USB hardware ID is not on the device allow list, but has not yet confirmed the owner of the USB device.
Which of the following actions should the analyst take next?

  1. Classify the incident as a false positive.
  2. Classify the incident as a false negative.
  3. Classify the incident as a true positive.
  4. Classify the incident as a true negative.

Answer(s): B

Explanation:

A false negative occurs when a threat or security event happens but fails to trigger an alert, leading to undetected malicious activity. In this case, the security analyst has confirmed that an unauthorized USB device was used, which violates policy. However, since the event did not generate an alert despite being an unauthorized action, it indicates a failure in the detection system to identify the threat.



Which of the following security features do email signatures provide?

  1. Non-repudiation
  2. Body encryption
  3. Code signing
  4. Sender authentication
  5. Chain of custody

Answer(s): A

Explanation:

Email signatures, often implemented using digital signatures, provide non-repudiation by verifying the identity of the sender and ensuring that the email has not been tampered with during transit. Non-repudiation means the sender cannot deny having sent the email because the digital signature is uniquely tied to the sender's private key.



A software development company wants to ensure that users can confirm the software is legitimate when installing it.
Which of the following is the best way for the company to achieve this security objective?

  1. Code signing
  2. Non-repudiation
  3. Key escrow
  4. Private keys

Answer(s): A

Explanation:

Code signing is the process of digitally signing software or executables using a cryptographic certificate. This ensures that users can verify the authenticity of the software and confirm it has not been altered or tampered with since it was signed. It provides assurance that the software is legitimate and originates from the claimed source, addressing the company's security objective.



While performing mandatory monthly patch updates on a production application server, the security analyst reports an instance of buffer overflow for a new application that was migrated to the cloud and is also publicly exposed. Security policy requires that only internal users have access to the application.
Which of the following should the analyst implement to mitigate the issues reported? (Choose two.)

  1. Configure firewall rules to block all external traffic.
  2. Enable input validation for all fields.
  3. Enable automatic updates to be installed on all servers.
  4. Configure the security group to enable external traffic.
  5. Set up a DLP policy to alert for exfiltration on all application servers.
  6. Enable nightly vulnerability scans.

Answer(s): A,B

Explanation:

Configure firewall rules to block all external traffic: Since the security policy requires that only internal users have access to the application, configuring firewall rules to block all external traffic ensures that the application is not exposed to unauthorized users on the internet. This mitigates unauthorized access risks.
Enable input validation for all fields: Buffer overflows often exploit improper or lack of input validation. Enabling strict input validation ensures that only properly formatted data is accepted, preventing malicious input designed to exploit vulnerabilities in the application.






Post your Comments and Discuss CompTIA CAS-005 exam with other Community members:

CAS-005 Exam Discussions & Posts