Free CAS-005 Sample Questions — CompTIA SecurityX

Which of the following is a security concern for DNP3?

• A. Free-form messages require support
• B. Available function codes are not standardized
• C. Authentication is not allocated
• D. It is an open source protocol

A DNS forward lookup zone named comptia.org must: • Ensure the DNS is protected from on-path attacks. • Ensure zone transfers use mutual authentication and are authenticated and negotiated. Which of the following should the security architect configure to meet these requirements? (Choose two).

• A. Public keys
• B. Conditional forwarders
• C. Root hints
• D. DNSSEC
• E. CNAME records
• F. SRV records

A retail organization wants to properly test and verify its capabilities to detect and/or prevent specific TTPs as mapped to the MITRE ATTACK framework specific to APTs. Which of the following should be used by the organization to accomplish this goal?

• A. Tabletop exercise
• B. Penetration test
• C. Sandbox detonation
• D. Honeypot

A security engineer is performing a vulnerability management scan on multihomed Linux systems. The engineer notices that the vulnerability count is high due to the fact that each vulnerability is multiplied by the number of NICs on each system. Which of the following should the engineer do to deduplicate the vulnerabilities and to associate the vulnerabilities with a particular host?

• A. Use a SCAP scanner
• B. Deploy an agent
• C. Initiate a discovery scan
• D. Perform an Nmap scan

A systems administrator decides to take a programmatic approach in cataloging system resiliency to both new and existing attack patterns. Which of the following should the systems administrator use?

• A. OWASP
• B. ATT&CK
• C. STRIDE
• D. CAPEC

An organization’s senior security architect would like to develop cyberdefensive strategies based on standardized adversary techniques, tactics, and procedures commonly observed. Which of the following would best support this objective?

• A. OSINT analysis
• B. The Diamond Model of Intrusion Analysis
• C. MITRE ATT&CK
• D. Deepfake generation
• E. Closed-source intelligence reporting

A company migrating to a remote work model requires that company-owned devices connect to a VPN before logging in to the device itself. The VPN gateway requires that a specific key extension is deployed to the machine certificates in the internal PKI. Which of the following best explains this requirement?

• A. The certificate is an additional factor to meet regulatory MFA requirements for VPN access
• B. The VPN client selected the certificate with the correct key usage without user interaction
• C. The internal PKI certificate deployment allows for Wi-Fi connectivity before logging in to other systems
• D. The server connection uses SSL VPN, which uses certificates for secure communication

A security engineer is implementing security measures on new hardware in preparation for its launch. During the development phase, a risk related to protections at the UEFI level was found. Which of the following should the engineer recommend to reduce this risk?

• A. Configuring paravirtualization protection
• B. Enabling Secure Boot
• C. Installing cryptography at the operational system level
• D. Implementing hardware root of trust

An organization is developing an AI-enabled digital worker to help employees complete common tasks, such as template development, editing, research, and scheduling. As part of the AI workload, the organization wants to implement guardrails within the platform. Which of the following should the company do to secure the AI environment?

• A. Limit the platform's abilities to only non-sensitive functions
• B. Enhance the training model's effectiveness
• C. Grant the system the ability to self-govern
• D. Require end-user acknowledgement of organizational policies

Due to reports of malware targeting companies in the same industry, an organization wants to develop a comprehensive list of IoCs to determine if its systems might be affected in a similar attack. Which of the following would be best to use to develop this list?

• A. Simulators
• B. Sandbox detonation
• C. Antivirus
• D. Endpoint detection and response

A security administrator is performing a gap assessment against a specific OS benchmark. The benchmark requires the following configurations be applied to endpoints: • Full disk encryption • Host-based firewall • Time synchronization • Password policies • Application allow listing • Zero Trust application access Which of the following solutions best addresses the requirements? (Choose two.)

• A. MDM
• B. CASB
• C. SBoM
• D. SCAP
• E. SASE
• F. HIDS

A security team is responding to malicious activity and needs to determine the scope of impact. The malicious activity appears to affect a certain version of an application used by the organization. Which of the following actions best enables the team to determine the scope of impact?

• A. Performing a port scan
• B. Inspecting egress network traffic
• C. Reviewing the asset inventory
• D. Analyzing user behavior

A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment. Which of the following is the best solution?

• A. Limiting the tool to a specific coding language and tuning the rule set
• B. Configuring branch protection rules and dependency checks
• C. Using an application vulnerability scanner to identify coding flaws in production
• D. Performing updates on code libraries before code development

A security architect wants to prevent security impacts from input into data fields, such as the following: 'AND 1=1# Which of the following would best accomplish this objective?

• A. APIs
• B. Coding standards
• C. Base64 encoding
• D. Sandboxing

A security architect performs a baseline review on the SIEM. The findings indicate that multiple use cases are missing and coverage is limited for defense evasion techniques. Which of the following processes best describes what the architect should do?

• A. Implement a TIP on the internal network to facilitate the creation of a use case
• B. Perform a penetration test on critical devices and document IOCs for use cases
• C. Create a list of use cases based on Snort detection rules
• D. Use Sigma to build the logic of the use cases and testing on the SIEM

A company implements an AI model that handles sensitive and personally identifiable information. Which of the following threats is most likely the company's primary concern?

• A. Unsecured output handling
• B. Model theft
• C. Model poisoning
• D. Prompt injection

A global company’s Chief Financial Officer (CFO) receives a phone call from someone claiming to be the Chief Executive Officer (CEO). The caller claims to be stranded and in desperate need of money. The CFO is suspicious, but the caller’s voice sounds similar to the CEO’s. Which of the following best describes this type of attack?

• A. Smishing
• B. Deepfake
• C. Automated exploit generation
• D. Spear phishing

Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?

• A. Incomplete mathematical primitives
• B. No use cases to drive adoption
• C. Quantum computers not yet capable
• D. Insufficient coprocessor support

An organization is deploying a new data lake that will centralize records from several applications. During the design phase, the security architect identifies the following requirements: • The sensitivity levels of the data is different. • The data must be accessed through stateless API calls after authentication. • Different users will have access to different data sets. Which of the following should the architect implement to best meet these requirements?

• A. Directory services
• B. 802.1X with EAP-TLS
• C. OpenID Connect
• D. CASB

An organization currently has IDS, firewall, and DLP systems in place. The systems administrator needs to integrate the tools in the environment to reduce response time. Which of the following should the administrator use?

• A. SOAR
• B. CWPP
• C. XCCDF
• D. CMDB