Cisco®
Oracle
CompTIA
Checkpoint
ISC
EC-Council
EXIN
Fortinet
ITIL®
Juniper
Microsoft
VMware
Avaya
SAP
Google
Salesforce
Amazon
Palo Alto Networks
ISC2
Splunk®
All Vendors
  2. Home
  3. Exams
  4. CompTIA
  5. CAS-005

Free CompTIA CAS-005 Exam Questions (page: 9)

Page 9 of 72
PDF with 352 Questions

An analyst needs to evaluate all images and documents that are publicly shared on a website.
Which of the following would be the best tool to evaluate the metadata of these files?

  1. OllyDbg
  2. ExifTool
  3. Volatility
  4. Ghidra

Answer(s): B

Explanation:

ExifTool is a powerful tool for reading, writing, and editing metadata in various types of files, including images and documents. It can extract metadata such as the creation date, software used, author information, GPS coordinates, and more, which can be useful for evaluating the characteristics of publicly shared files.



An organization has deployed a cloud-based application that provides virtual event services globally to clients. During a typical event, thousands of users access various entry pages within a short period of time. The entry pages include sponsor-related content that is relatively static and is pulled from a database.
When the first major event occurs, users report poor response time on the entry pages.
Which of the following features is the most appropriate for the company to implement?

  1. Horizontal scalability
  2. Vertical scalability
  3. Containerization
  4. Static code analysis
  5. Caching

Answer(s): E

Explanation:

Since the entry pages contain sponsor-related content that is relatively static and pulled from a database, implementing caching would be the most appropriate solution. Caching stores frequently accessed data in a location that is faster to access than querying the database repeatedly. This reduces the load on the database and improves response times for users, especially during high-traffic events. By caching the static content (like sponsor information), the application can serve those pages faster and handle large numbers of users more efficiently.



An organization's board of directors has asked the Chief Information Security Officer to build a third-party management program.
Which of the following best explains a reason for this request?

  1. Risk transference
  2. Supply chain visibility
  3. Support availability
  4. Vulnerability management

Answer(s): B

Explanation:

A third-party management program is typically designed to manage the risks associated with external vendors, partners, or service providers. One of the key goals of such a program is to ensure supply chain visibility. This means the organization wants to understand and manage the risks posed by third parties in its supply chain, including security risks, compliance issues, and the overall integrity of its external relationships.
By implementing a third-party management program, the organization can monitor and assess the security posture of its vendors, ensuring that they align with the company's risk management practices and that the supply chain remains secure.



A company is rewriting a vulnerable application and adding the mprotect() system call in multiple parts of the application's code that was being leveraged by a recent exploitation tool.
Which of the following should be enabled to ensure the application can leverage the new system call against similar attacks in the future?

  1. TPM
  2. Secure boot
  3. NX bit
  4. HSM

Answer(s): C

Explanation:

The NX bit (No eXecute bit) is a security feature that marks certain areas of memory as non-executable. This prevents code from being run in those areas, which is a common technique used in modern operating systems to protect against buffer overflow and other exploits.
When the application leverages the mprotect() system call, it can mark memory regions as non-executable, making it more difficult for attackers to execute injected malicious code. By enabling the NX bit, the system enforces that no code can be executed from areas that should only contain data, preventing certain types of exploits.



Which of the following items should be included when crafting a disaster recovery plan?

  1. Redundancy
  2. Testing exercises
  3. Autoscaling
  4. Competitor locations

Answer(s): B

Explanation:

Testing exercises are a critical component of a disaster recovery (DR) plan because they ensure that the plan works effectively in a real-world scenario. Testing allows organizations to validate their recovery procedures, identify potential gaps, and make improvements before an actual disaster occurs. It helps ensure that all team members are familiar with their roles and that the recovery process can be executed smoothly.



Viewing page 9 of 72



Post your Comments and Discuss CompTIA CAS-005 exam prep with other Community members:

CAS-005 Exam Discussions & Posts