Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-005

Free CompTIA CAS-005 Exam Questions (page: 7)

Page 7 of 72
PDF with 352 Questions

A retail organization wants to properly test and verify its capabilities to detect and/or prevent specific TTPs as mapped to the MITRE ATTACK framework specific to APTs.
Which of the following should be used by the organization to accomplish this goal?

  1. Tabletop exercise
  2. Penetration test
  3. Sandbox detonation
  4. Honeypot

Answer(s): B

Explanation:

A penetration test is the most appropriate method to test and verify an organization's capabilities to detect and prevent specific Tactics, Techniques, and Procedures (TTPs) as mapped to the MITRE ATT&CK framework.
During a penetration test, ethical hackers simulate real-world attacks, attempting to exploit vulnerabilities and execute the TTPs associated with advanced persistent threats (APTs). This allows the organization to evaluate its detection mechanisms, security controls, and response capabilities in a controlled environment.



IoCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming.
Which of the following would be the most appropriate recommendation?

  1. FIM
  2. SASE
  3. UEBA
  4. CSPM
  5. EAP

Answer(s): C

Explanation:

UEBA (User and Entity Behavior Analytics) is a security solution that uses machine learning and advanced analytics to detect anomalies based on the behavior of users and entities within a network. Unlike signature- based detection, which relies on known indicators of compromise (IoCs), UEBA can identify suspicious activity by recognizing deviations from established behavior patterns, which is especially useful for detecting advanced threats and insider attacks that might evade traditional signature-based methods.



A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data's confidentiality is maintained in a dynamic, low-risk environment.
Which of the following would best achieve this goal? (Choose two.)

  1. Install a SOAR on all endpoints.
  2. Hash all files.
  3. Install SIEM within a SO
  4. Encrypt all data and files at rest, in transit, and in use.
  5. Configure SOAR to monitor and intercept files and data leaving the network.
  6. Implement file integrity monitoring.

Answer(s): D,F

Explanation:

Encrypt all data and files at rest, in transit, and in use: Encryption ensures that sensitive data is protected and its confidentiality is maintained. By encrypting data at all stages--whether stored (at rest), transmitted (in transit), or actively being processed (in use)--the company can significantly reduce the risk of unauthorized access or exposure, ensuring the confidentiality of highly sensitive data.
Implement file integrity monitoring: File Integrity Monitoring (FIM) ensures that files containing sensitive data are not altered without authorization. By monitoring changes to critical files, it helps detect tampering, modifications, or potential data breaches, adding an extra layer of security to sensitive information in a dynamic environment.



An organization wants to implement an access control system based on its data classification policy that includes the following data types:

Confidential

Restricted

Internal

Public Flag for Review

The access control system should support SSO federation to map users into groups. Each group should only access systems that process and store data at the classification assigned to the group.
Which of the following should the organization implement to enforce its requirements with a minimal impact to systems and resources?

  1. A tagging strategy in which all resources are assigned a tag based on the data classification type, and a system that enforces attribute-based access control
  2. Role-based access control that maps data types to internal roles, which are defined in the human resources department's source of truth system
  3. Network microsegmentation based on data types, and a network access control system enforcing mandatory access control based on the user principal
  4. A rule-based access control strategy enforced by the SSO system with rules managed by the internal LDAP and applied on a per-system basis

Answer(s): A

Explanation:

Tagging strategy: All resources (e.g., systems, files, databases) can be assigned tags based on their classification type (Confidential, Restricted, Internal, Public Flag for Review). This allows the access control system to easily associate resources with their respective data classifications without needing significant changes to the underlying systems.
Attribute-based access control (ABAC): ABAC allows access control decisions to be based on attributes (such as user group, resource tags, or data classification). By using ABAC, the system can enforce rules dynamically, allowing users in specific groups (mapped through SSO federation) to only access resources that match their assigned data classification.



A security analyst was monitoring the networks of a group of companies. The analyst identified several periods of concentrated, coordinated activity by unknown actors. The activity repeated at regular intervals and affected all the companies. Minor hardware outages that correlated with the same times as the discovered activity escalated in severity.
Which of the following threat actors was most likely involved?

  1. An organized crime collective running a ransomware campaign
  2. A group of politically motivated hackers
  3. Disgruntled employees who were recently terminated
  4. An advanced persistent threat financed by a nation-state

Answer(s): D

Explanation:

The described activity - concentrated, coordinated attacks that happen at regular intervals and affect multiple companies - suggests the involvement of an advanced persistent threat (APT). APTs are often well-funded and organized, typically backed by nation-states. They focus on long-term, stealthy campaigns to achieve strategic goals, which might include espionage or disruption.
The fact that the attacks correlate with minor hardware outages and increasing severity indicates a well- planned and ongoing attack that escalates over time, a hallmark of nation-state-backed APTs. These attackers often have the resources, skill, and persistence to operate over extended periods without detection, making them a likely candidate for this type of activity.



Viewing page 7 of 72



Post your Comments and Discuss CompTIA CAS-005 exam prep with other Community members:

CAS-005 Exam Discussions & Posts