CompTIA CAS-005 CompTIA SecurityX Certification Exam Online Training
CompTIA CAS-005 Online Training
The questions for CAS-005 were last updated at Feb 20,2025.
- Exam Code: CAS-005
- Exam Name: CompTIA SecurityX Certification Exam
- Certification Provider: CompTIA
- Latest update: Feb 20,2025
A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic .
Which of the following should the analyst use to determine whether the requests are malicious?
- A . User-agent string
- B . Byte length of the request
- C . Web application headers
- D . HTML encoding field
A user reports application access issues to the help desk.
The help desk reviews the logs for the user
Which of the following is most likely The reason for the issue?
- A . The user inadvertently tripped the impossible travel security rule in the SSO system.
- B . A threat actor has compromised the user’s account and attempted to lop, m
- C . The user is not allowed to access the human resources system outside of business hours
- D . The user did not attempt to connect from an approved subnet
A company wants to invest in research capabilities with the goal to operationalize the research output .
Which of the following is the best option for a security architect to recommend?
- A . Dark web monitoring
- B . Threat intelligence platform
- C . Honeypots
- D . Continuous adversary emulation
A security configure is building a solution to disable weak CBC configuration for remote access connections lo Linux systems .
Which of the following should the security engineer modify?
- A . The /etc/openssl.conf file, updating the virtual site parameter
- B . The /etc/nsswith.conf file, updating the name server
- C . The /etc/hosts file, updating the IP parameter
- D . The /etc/etc/sshd, configure file updating the ciphers
A software company deployed a new application based on its internal code repository Several customers are reporting anti-malware alerts on workstations used to test the application.
Which of the following is the most likely cause of the alerts?
- A . Misconfigured code commit
- B . Unsecure bundled libraries
- C . Invalid code signing certificate
- D . Data leakage
A security engineer wants to reduce the attack surface of a public-facing containerized application.
Which of the following will best reduce the application’s privilege escalation attack surface?
- A . Implementing the following commands in the Dockerfile: RUN echo user:x:1000:1000iuser:/home/user:/dew/null > /ete/passwd
- B . Installing an EDR on the container’s host with reporting configured to log to a centralized SIFM and Implementing the following alerting rules TF PBOCESS_USEB=rooC ALERT_TYPE=critical
- C . Designing a muiticontainer solution, with one set of containers that runs the mam application, and another set oi containers that perform automatic remediation by replacing compromised containers or disabling compromised accounts
- D . Running the container in an isolated network and placing a load balancer in a public-facing network. Adding the following ACL to the load balancer: PZRKZI HTTES from 0-0.0.0.0/0 pert 443
A systems engineer is configuring a system baseline for servers that will provide email services.
As part of the architecture design, the engineer needs to improve performance of the systems by using an access vector cache, facilitating mandatory access control and protecting against:
• Unauthorized reading and modification of data and programs
• Bypassing application security mechanisms
• Privilege escalation
• interference with other processes
Which of the following is the most appropriate for the engineer to deploy?
- A . SELinux
- B . Privileged access management
- C . Self-encrypting disks
- D . NIPS
A global manufacturing company has an internal application mat is critical to making products This application cannot be updated and must Be available in the production area A security architect is implementing security for the application .
Which of the following best describes the action the architect should take-?
- A . Disallow wireless access to the application.
- B . Deploy Intrusion detection capabilities using a network tap
- C . Create an acceptable use policy for the use of the application
- D . Create a separate network for users who need access to the application
The identity and access management team is sending logs to the SIEM for continuous monitoring. The deployed log collector is forwarding logs to the SIEM. However, only false positive alerts are being generated .
Which of the following is the most likely reason for the inaccurate alerts?
- A . The compute resources are insufficient to support the SIEM
- B . The SIEM indexes are 100 large
- C . The data is not being properly parsed
- D . The retention policy is not property configured
The identity and access management team is sending logs to the SIEM for continuous monitoring. The deployed log collector is forwarding logs to the SIEM. However, only false positive alerts are being generated .
Which of the following is the most likely reason for the inaccurate alerts?
- A . The compute resources are insufficient to support the SIEM
- B . The SIEM indexes are 100 large
- C . The data is not being properly parsed
- D . The retention policy is not property configured
Latest CAS-005 Dumps Valid Version with 117 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
