CompTIA CAS-005 Practice Exams
Last updated on Apr 01,2025- Exam Code: CAS-005
- Exam Name: CompTIA SecurityX Certification Exam
- Certification Provider: CompTIA
- Latest update: Apr 01,2025
Users are willing passwords on paper because of the number of passwords needed in an environment.
Which of the following solutions is the best way to manage this situation and decrease risks?
- A . Increasing password complexity to require 31 least 16 characters
- B . implementing an SSO solution and integrating with applications
- C . Requiring users to use an open-source password manager
- D . Implementing an MFA solution to avoid reliance only on passwords
Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation.
The analyst generates the following output:
Which of the following would the analyst most likely recommend?
- A . Installing appropriate EDR tools to block pass-the-hash attempts
- B . Adding additional time to software development to perform fuzz testing
- C . Removing hard coded credentials from the source code
- D . Not allowing users to change their local passwords
A security architect is establishing requirements to design resilience in un enterprise system trial will be extended to other physical locations.
The system must
• Be survivable to one environmental catastrophe
• Re recoverable within 24 hours of critical loss of availability
• Be resilient to active exploitation of one site-to-site VPN solution
- A . Load-balance connection attempts and data Ingress at internet gateways
- B . Allocate fully redundant and geographically distributed standby sites.
- C . Employ layering of routers from diverse vendors
- D . Lease space to establish cold sites throughout other countries
- E . Use orchestration to procure, provision, and transfer application workloads lo cloud services
- F . Implement full weekly backups to be stored off-site for each of the company’s sites
A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors Which of the following is the most relevant to the DevSecOps team’s task’
- A . Static application security testing
- B . Software composition analysis
- C . Runtime application self-protection
- D . Web application vulnerability scanning
A company updates its cloud-based services by saving infrastructure code in a remote repository. The code is automatically deployed into the development environment every time the code is saved lo the repository The developers express concern that the deployment often fails, citing minor code issues and occasional security control check failures in the development environment.
Which of the following should a security engineer recommend to reduce the deployment failures? (Select two).
- A . Software composition analysis
- B . Pre-commit code linting
- C . Repository branch protection
- D . Automated regression testing
- E . Code submit authorization workflow
- F . Pipeline compliance scanning
A security professional is investigating a trend in vulnerability findings for newly deployed cloud systems.
Given the following output:
Which of the following actions would address the root cause of this issue?
- A . Automating the patching system to update base Images
- B . Recompiling the affected programs with the most current patches
- C . Disabling unused/unneeded ports on all servers
- D . Deploying a WAF with virtual patching upstream of the affected systems
Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network
A network engineer observes the following:
• Users should be redirected to the captive portal.
• The Motive portal runs Tl. S 1 2
• Newer browser versions encounter security errors that cannot be bypassed
• Certain websites cause unexpected re directs
Which of the following mow likely explains this behavior?
- A . The TLS ciphers supported by the captive portal ate deprecated
- B . Employment of the HSTS setting is proliferating rapidly.
- C . Allowed traffic rules are causing the NIPS to drop legitimate traffic
- D . An attacker is redirecting supplicants to an evil twin WLAN.
A software development team requires valid data for internal tests. Company regulations, however do not allow the use of this data in cleartext.
Which of the following solutions best meet these requirements?
- A . Configuring data hashing
- B . Deploying tokenization
- C . Replacing data with null record
- D . Implementing data obfuscation
A company lined an email service provider called my-email.com to deliver company emails. The
company stalled having several issues during the migration.
A security engineer is troubleshooting and observes the following configuration snippet:
Which of the following should the security engineer modify to fix the issue? (Select two).
- A . The email CNAME record must be changed to a type A record pointing to 192.168.111
- B . The TXT record must be Changed to "v=dmarc ip4:192.168.1.10 include:my-email.com -all"
- C . The srvo1 A record must be changed to a type CNAME record pointing to the email server
- D . The email CNAME record must be changed to a type A record pointing to 192.168.1.10
- E . The TXT record must be changed to "v=dkim ip4:l92.168.1.11 include my-email.com -ell"
- F . The TXT record must be Changed to "v=dkim ip4:192.168.1.10 include:email-all"
- G . The srv01 A record must be changed to a type CNAME record pointing to the web01 server
After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation.
Which of the following would the company most likely do to decrease this type of risk?
- A . Improve firewall rules to avoid access to those platforms.
- B . Implement a cloud-access security broker
- C . Create SIEM rules to raise alerts for access to those platforms
- D . Deploy an internet proxy that filters certain domains