CompTIA
Checkpoint
ISC
HP
Dell
EC-Council
EXIN
Fortinet
ITIL®
Juniper
PMI
Microsoft
VMware
Avaya
Google
Salesforce
Amazon
Palo Alto Networks
Certiport
ISC2
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-005

Free CAS-005 Exam Braindumps (page: 8)

Page 7 of 20
PDF with 74 Questions

A systems administrator is working with the SOC to identify potential intrusions associated with ransomware. The SOC wants the systems administrator to perform network-level analysis to identify outbound traffic from any infected machines. Which of the following is the most appropriate action for the systems administrator to take?

  1. Monitor for IoCs associated with C&C communications.
  2. Tune alerts to Identify changes to administrative groups.
  3. Review NetFlow logs for unexpected increases in egress traffic.
  4. Perform binary hash comparisons to identify infected devices.

Answer(s): C

Explanation:

When investigating potential ransomware infections, one of the key indicators of compromise (IoC) is abnormal outbound traffic, especially if the ransomware is attempting to communicate with a command and control (C&C) server to receive further instructions or send exfiltrated data.

Reviewing NetFlow logs is an effective way to identify unusual outbound traffic patterns, particularly unexpected increases in egress traffic that might indicate infected machines attempting to connect to external servers. NetFlow logs provide insight into the volume, destination, and origin of traffic, helping to identify anomalous or suspicious communications typically associated with ransomware activity.



A retail organization wants to properly test and verify its capabilities to detect and/or prevent specific TTPs as mapped to the MITRE ATTACK framework specific to APTs. Which of the following should be used by the organization to accomplish this goal?

  1. Tabletop exercise
  2. Penetration test
  3. Sandbox detonation
  4. Honeypot

Answer(s): B

Explanation:

A penetration test is the most appropriate method to test and verify an organization's capabilities to detect and prevent specific Tactics, Techniques, and Procedures (TTPs) as mapped to the MITRE ATT&CK framework. During a penetration test, ethical hackers simulate real-world attacks, attempting to exploit vulnerabilities and execute the TTPs associated with advanced persistent threats (APTs). This allows the organization to evaluate its detection mechanisms, security controls, and response capabilities in a controlled environment.



IoCs were missed during a recent security incident due to the reliance on a signature-based detection platform. A security engineer must recommend a solution that can be implemented to address this shortcoming. Which of the following would be the most appropriate recommendation?

  1. FIM
  2. SASE
  3. UEBA
  4. CSPM
  5. EAP

Answer(s): C

Explanation:

UEBA (User and Entity Behavior Analytics) is a security solution that uses machine learning and advanced analytics to detect anomalies based on the behavior of users and entities within a network. Unlike signature-based detection, which relies on known indicators of compromise (IoCs), UEBA can identify suspicious activity by recognizing deviations from established behavior patterns, which is especially useful for detecting advanced threats and insider attacks that might evade traditional signature-based methods.



A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data's confidentiality is maintained in a dynamic, low-risk environment. Which of the following would best achieve this goal? (Choose two.)

  1. Install a SOAR on all endpoints.
  2. Hash all files.
  3. Install SIEM within a SO
  4. Encrypt all data and files at rest, in transit, and in use.
  5. Configure SOAR to monitor and intercept files and data leaving the network.
  6. Implement file integrity monitoring.

Answer(s): D,F

Explanation:

Encrypt all data and files at rest, in transit, and in use: Encryption ensures that sensitive data is protected and its confidentiality is maintained. By encrypting data at all stages—whether stored (at rest), transmitted (in transit), or actively being processed (in use)—the company can significantly reduce the risk of unauthorized access or exposure, ensuring the confidentiality of highly sensitive data.

Implement file integrity monitoring: File Integrity Monitoring (FIM) ensures that files containing sensitive data are not altered without authorization. By monitoring changes to critical files, it helps detect tampering, modifications, or potential data breaches, adding an extra layer of security to sensitive information in a dynamic environment.






Post your Comments and Discuss CompTIA CAS-005 exam with other Community members:

CAS-005 Discussions & Posts