PassLeader released the NEWEST CompTIA CAS-005 exam dumps recently! Both CAS-005 VCE dumps and CAS-005 PDF dumps are available on PassLeader, either CAS-005 VCE dumps or CAS-005 PDF dumps have the NEWEST CAS-005 exam questions in it, they will help you passing CompTIA CAS-005 exam easily! You can download the valid CAS-005 dumps VCE and PDF from PassLeader here:Â https://www.passleader.com/cas-005.html (432 Q&As Dumps –> 528 Q&As Dumps ~ Lab Simulations Available)
Also, previewing the NEWEST PassLeader CAS-005 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1KS3f2xY4YVwyvHzBkOruvJa_Q1WMRRlW
NEW QUESTION 383
While performing mandatory monthly patch updates on a production application server, the security analyst reports an instance of buffer overflow for a new application that was migrated to the cloud and is also publicly exposed. Security policy requires that only internal users have access to the application. Which of the following should the analyst implement to mitigate the issues reported? (Choose two.)
A.   Configure firewall rules to block all external traffic.
B.   Enable input validation for all fields.
C.   Enable automatic updates to be installed on all servers.
D.   Configure the security group to enable external traffic.
E.   Set up a DLP policy to alert for exfiltration on all application servers.
F.   Enable nightly vulnerability scans.
Answer: AB
Explanation:
– Configure firewall rules to block all external traffic:
Since the security policy requires that only internal users have access to the application, configuring firewall rules to block all external traffic ensures that the application is not exposed to unauthorized users on the internet. This mitigates unauthorized access risks.
– Enable input validation for all fields:
Buffer overflows often exploit improper or lack of input validation. Enabling strict input validation ensures that only properly formatted data is accepted, preventing malicious input designed to exploit vulnerabilities in the application.
NEW QUESTION 384
Which of the following best explain why organizations prefer to utilize code that is digitally signed? (Choose two.)
A.   It provides origin assurance.
B.   It verifies integrity.
C.   It provides increased confidentiality.
D.   It integrates with DRMs.
E.   It verifies the recipient’s identity.
F.   It ensures the code is free of malware.
Answer: AB
Explanation:
– It provides origin assurance:
Digital signatures ensure that the code comes from a verified and trusted source. By signing the code, the organization guarantees the origin of the software, assuring the recipient that it has been delivered by a legitimate party.
– It verifies integrity:
A digital signature also ensures that the code has not been altered or tampered with since it was signed. Any changes to the code after it has been signed would invalidate the signature, confirming that the integrity of the code has been preserved.
NEW QUESTION 385
A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data’s confidentiality is maintained in a dynamic, low-risk environment. Which of the following would best achieve this goal? (Choose two.)
A.   Install a SOAR on all endpoints.
B.   Hash all files.
C.   Install SIEM within a SOC.
D.   Encrypt all data and files at rest, in transit, and in use.
E.   Configure SOAR to monitor and intercept files and data leaving the network.
F.   Implement file integrity monitoring.
Answer: DF
Explanation:
– Encrypt all data and files at rest, in transit, and in use:
Encryption ensures that sensitive data is protected and its confidentiality is maintained. By encrypting data at all stages – whether stored (at rest), transmitted (in transit), or actively being processed (in use) – the company can significantly reduce the risk of unauthorized access or exposure, ensuring the confidentiality of highly sensitive data.
– Implement file integrity monitoring:
File Integrity Monitoring (FIM) ensures that files containing sensitive data are not altered without authorization. By monitoring changes to critical files, it helps detect tampering, modifications, or potential data breaches, adding an extra layer of security to sensitive information in a dynamic environment.
NEW QUESTION 386
An incident response team completed recovery from offline backup for several workstations. The workstations were subjected to a ransomware attack after users fell victim to a spear-phishing campaign, despite a robust training program. Which of the following questions should be considered during the lessons-learned phase to most likely reduce the risk of reoccurrence? (Choose two.)
A.   Are there opportunities for legal recourse against the originators of the spear-phishing campaign?
B.   What internal and external stakeholders need to be notified of the breach?
C.   Which methods can be implemented to increase speed of offline backup recovery?
D.   What measurable user behaviors were exhibited that contributed to the compromise?
E.   Which technical controls, if implemented, would provide defense when user training fails?
F.   Which user roles are most often targeted by spear phishing attacks?
Answer: DE
Explanation:
– What measurable user behaviors were exhibited that contributed to the compromise?
During the lessons-learned phase, it’s important to analyze the specific user behaviors that led to the successful spear-phishing attack, even after a robust training program. This could involve understanding patterns such as clicking on suspicious links, failing to verify emails, or not reporting unusual activity. By identifying these behaviors, the organization can target specific areas for improvement in training or behavior modification.
– Which technical controls, if implemented, would provide defense when user training fails?
Since users fell victim to the spear-phishing attack despite training, it’s critical to implement technical controls that can provide an additional layer of defense. This may include email filtering to block phishing attempts, multi-factor authentication (MFA), endpoint detection and response (EDR) tools, and sandboxing for suspicious attachments. These controls will help prevent or mitigate attacks when training alone is insufficient.
NEW QUESTION 387
A web service provider has just taken on a very large contract that comes with requirements that are currently not being implemented. In order to meet contractual requirements, the company must achieve the following thresholds:
– 99.99% uptime
– Load time in 3 seconds
– Response time = <1.0 seconds
Starting with the computing environment, which of the following should a security engineer recommend to best meet the requirements? (Choose three.)
A.   Installing a firewall at corporate headquarters.
B.   Deploying a content delivery network.
C.   Implementing server clusters.
D.   Employing bare-metal loading of applications.
E.   Lowering storage input/output.
F.   Implementing RAID on the backup servers.
G.   Utilizing redundant power for all developer workstations.
Answer: BCE
Explanation:
To meet the high uptime, load time, and response time requirements, the following recommendations would be most effective:
– Deploying a content delivery network (CDN):
A CDN can distribute content across multiple locations globally, reducing load times by serving content from the nearest edge server to the user.
– Implementing server clusters:
Server clusters can ensure high availability and load balancing, which is essential for maintaining 99.99% uptime and improving response times during high traffic periods.
– Lowering storage input/output (I/O):
Reducing storage I/O can improve performance by speeding up data access and enhancing the system’s ability to meet load time and response time requirements.
These solutions directly address the performance and availability metrics that are required for the contract. Other options like implementing RAID, using redundant power for workstations, or installing firewalls would not directly contribute to the high availability or performance requirements.
NEW QUESTION 388
A security analyst received the following finding from a cloud security assessment tool:
“Virtual Machine Data Disk is encrypted with the default encryption key.”
Because the organization hosts highly sensitive data files, regulations dictate it must be encrypted so It is unreadable to the CSP. Which of the following should be implemented to remediate the finding and meet the regulatory requirement? (Choose two.)
A.   Disk encryption with customer-provided keys.
B.   Disk encryption with keys from a third party.
C.   Row-level encryption with a key escrow.
D.   File-level encryption with cloud vendor-provided keys.
E.   File-level encryption with customer-provided keys.
F.   Disk-level encryption with a cross-signed certificate.
Answer: AE
Explanation:
To meet the regulatory requirement of ensuring that the data is unreadable to the cloud service provider (CSP), the best approach is to use customer-provided keys for encryption. This ensures that only the customer (organization) holds the keys to access the encrypted data, not the CSP.
– Disk encryption with customer-provided keys:
This ensures the encryption key for the virtual machine’s data disk is managed by the customer, preventing the CSP from having access to the data.
– File-level encryption with customer-provided keys:
If data needs to be encrypted at the file level, customer-provided keys can be used to ensure that the organization retains control over the encryption and decryption process.
NEW QUESTION 389
A security engineer would like to control configurations on mobile devices while fulfilling the following requirements:
– Support and control Apple and Android devices.
– The device must be corporate-owned.
Which of the following would enable the engineer to meet these requirements? (Choose two.)
A.   Create a group policy to lock down mobile devices.
B.   Update verbiage in the acceptable use policy for the internet.
C.   Implement an MDM solution.
D.   Implement a captive portal solution.
E.   Update policy to prohibit the use of BYOD devices.
F.   Implement a RADIUS solution.
Answer: CE
Explanation:
– Implement an MDM solution (Mobile Device Management):
An MDM solution is specifically designed to manage, monitor, and secure mobile devices. It allows organizations to enforce configuration policies, enforce encryption, restrict apps, and control access to corporate resources on both Apple and Android devices. This solution directly meets the requirement to support and control corporate-owned devices.
– Update policy to prohibit the use of BYOD devices:
By prohibiting the use of Bring Your Own Device (BYOD) devices, the organization ensures that only corporate-owned devices are used, fulfilling the requirement that the devices must be corporate-owned. This policy helps maintain control over the mobile devices within the organization’s environment.
NEW QUESTION 390
A help desk technician is troubleshooting an issue with an employee’s laptop that will not boot into its operating system. The employee reported the laptop had been stolen but then found it one day later. The employee has asked the technician for help recovering important data. The technician has identified the following:
– The laptop operating system was not configured with BitLocker.
– The hard drive has no hardware failures.
– Data is present and readable on the hard drive, although it appears to be illegible.
Which of the following is the most likely reason the technician is unable to retrieve legible data from the hard drive?
A.   The employee’s password was changed, and the new password needs to be used.
B.   The PKI certificate was revoked, and a new one must be installed.
C.   The hard drive experienced crypto-shredding.
D.   The technician is using the incorrect cipher to read the data.
Answer: C
Explanation:
Crypto-shredding is the most likely reason the technician is unable to retrieve legible data from the hard drive. Crypto-shredding occurs when the encryption keys used to access data are deleted or destroyed, making the data unreadable. In this case, it is possible that the hard drive was encrypted (either through BitLocker or another encryption method) and the keys were deleted after the laptop was stolen, rendering the data inaccessible and illegible without the correct keys.
NEW QUESTION 391
A security engineer reviews an after-action report from a previous security breach and notes a long lag time between detection and containment of a compromised account. The engineer suggests using SOAR to address this concern. Which of the following best explains the engineer’s goal?
A.   To prevent accounts from being compromised.
B.   To enable log correlation using machine learning.
C.   To orchestrate additional reporting for the security operations center.
D.   To prepare runbooks to automate future incident response.
Answer: D
Explanation:
SOAR (Security Orchestration, Automation, and Response) platforms help automate and standardize incident response processes through runbooks, reducing response time and improving containment efficiency during future breaches.
NEW QUESTION 392
A Chief Information Security Officer requests an action plan to remediate vulnerabilities. A security analyst reviews the output from a recent vulnerability scan and notices hundreds of unique vulnerabilities. The output includes the CVSS score, IP address, hostname, and the list of vulnerabilities. The analyst determines more information is needed in order to decide which vulnerabilities should be fixed immediately. Which of the following is the best source for this information?
A.   Third-party risk review.
B.   Business impact analysis.
C.   Incident response playbook.
D.   Crisis management plan.
Answer: B
Explanation:
A Business Impact Analysis (BIA) identifies the criticality of systems and the potential impact of their compromise. It helps prioritize which vulnerabilities to remediate first based on the business value and operational impact of the affected assets.
NEW QUESTION 393
A developer receives feedback about code quality and efficiency. The developer needs to identify and resolve the following coding issues before submitting the code changes for peer review:
– Indexing beyond arrays.
– Dereferencing null pointers.
– Potentially dangerous data type combos.
– Unreachable code.
– Non-portable constructs.
Which of the following would be most appropriate for the developer to use in this situation?
A.   Linting.
B.   SBoM.
C.   DAST.
D.   Branch protection.
E.   Software composition analysis.
Answer: A
Explanation:
Linting is a tool used to analyze code for potential errors, such as indexing beyond arrays, dereferencing null pointers, and detecting unreachable or non-portable code. It helps identify issues with code quality and efficiency early in the development process, making it the most appropriate tool for the developer in this scenario.
NEW QUESTION 394
Which of the following enables the meaningful manipulation of encrypted data when the processor does not know the encryption key?
A.   Simultaneous authentication of equals.
B.   Envelope encryption.
C.   Authenticated encryption with associated data.
D.   Homomorphic encryption.
Answer: D
Explanation:
Homomorphic encryption allows for the manipulation and computation of encrypted data without needing to decrypt it, meaning the processor does not require access to the encryption key. This enables meaningful operations on encrypted data while maintaining confidentiality.
NEW QUESTION 395
A security engineer is implementing security measures on new hardware in preparation for its launch. During the development phase, a risk related to protections at the UEFI level was found. Which of the following should the engineer recommend to reduce this risk?
A.   Configuring paravirtualization protection.
B.   Enabling Secure Boot.
C.   Installing cryptography at the operational system level.
D.   Implementing hardware root of trust.
Answer: B
Explanation:
Enabling Secure Boot at the UEFI level helps ensure that only trusted and signed operating system loaders and boot files can be executed on the hardware. This prevents unauthorized code, such as bootkits or rootkits, from loading during the boot process, significantly reducing risks at the UEFI level. Secure Boot is an essential measure to ensure the integrity of the system from the very start of the boot process.
NEW QUESTION 396
A development team must create a website to share indicators of compromise. The team wants to use APIs between industry peers to aid in configuring SIEM and SOAR. The team needs to create a free tier of service, and the senior developer insists on configuring rate limiting. Which of the following best describes the senior developer’s reasoning?
A.   To prevent password-spraying attacks on the services hosting the API.
B.   To limit the likelihood of resource exhaustion occurring on the API server.
C.   To address concerns the team has about API bandwidth utilization.
D.   To reduce attack surface exposure of the API endpoints connecting peers.
Answer: B
Explanation:
The senior developer wants to configure rate limiting to limit the likelihood of resource exhaustion on the API server. Rate limiting controls how many requests a client can make in a given time, helping prevent abuse or overload that could crash the service, especially important in a free-tier setup where excessive usage must be managed.
NEW QUESTION 397
A hotel chain wants to use point-of-sale systems to allow customers to check in and out of their rooms without employee assistance. These systems should limit access to a specific set of programs approved to run, with all other programs blocked. Which of the following should the company configure to best support this goal?
A.   Application control using a fresh image, with the applications fully configured as a baseline to build and block other applications from execution.
B.   A host-based intrusion detection system to monitor and block all suspicious activities if they occur on the systems.
C.   Anti-malware on these systems and only approved application file locations can be bypassed.
D.   Event logs to be collected from the systems for all security events and some custom application logs.
Answer: A
Explanation:
Application control using a baseline image ensures only pre-approved programs are allowed to run, effectively blocking all others. This is the best approach for restricting point-of-sale systems to specific functions and maintaining system integrity in an unattended environment.
NEW QUESTION 398
A hospital provides tablets to its medical staff to enable them to more quickly access and edit patients’ charts. The hospital wants to ensure that if a tablet is identified as lost or stolen and a remote command is issued, the risk of data loss can be mitigated within seconds. The tablets are configured as follows to meet hospital policy:
– Full disk encryption is enabled.
– “Always On” corporate VPN is enabled.
– eFuse-backed keystore is enabled/ready.
– Wi-Fi 6 is configured with SAE.
– Location services is disabled.
– Application allow list is unconfigured.
Assuming the hospital policy cannot be changed, which of the following is the best way to meet the hospital’s objective?
A.   Revoke the user VPN and Wi-Fi certificates.
B.   Cryptographically erase FDE volumes.
C.   Issue new MFA credentials to all users.
D.   Configure the application allow list.
Answer: B
Explanation:
Cryptographically erasing FDE (Full Disk Encryption) volumes is the most effective way to mitigate data loss within seconds. It renders the encrypted data inaccessible by destroying the encryption key, which can be done instantly and remotely, meeting the hospital’s objective without requiring changes to existing policy.
NEW QUESTION 399
An ISAC supplied recent threat intelligence information about pictures used on social media that provide reconnaissance of systems in use in secure facilities. In response, the Chief Information Security Officer (CISO) wants several configuration changes implemented via the MDM to ensure the following:
– Camera functions and location services are blocked for corporate mobile devices.
– All social media is blocked on the corporate and guest wireless networks.
Which of the following is the CISO practicing to safeguard against the threat?
A.   Adversary emulation.
B.   Operational security.
C.   Open-source intelligence.
D.   Social engineering.
Answer: B
Explanation:
The CISO is practicing Operational Security (OPSEC) by implementing controls that prevent the unintentional disclosure of sensitive information, such as system details visible in photos shared on social media. Blocking cameras, location services, and social media access helps maintain operational confidentiality.
NEW QUESTION 400
A company needs to define a new road map for improving secure coding practices in the software development life cycle and implementing better security standards. Which of the following is the best way for the company to achieve this goal?
A.   Performing a Software Assurance Maturity Model assessment and generating a road map as a final result.
B.   Conducting a threat-modeling exercise for the main applications and developing a road map based on the necessary security implementations.
C.   Developing a new road map, including secure coding best practices, based on the security area road map and annual goals defined by the Chief Information Security Officer.
D.   Using the best practices in the OWASP secure coding manual to define a new road map.
Answer: A
Explanation:
Performing a Software Assurance Maturity Model (SAMM) assessment provides a structured way to evaluate current secure software practices and generate a tailored improvement road map. It aligns well with the goal of enhancing secure coding practices and implementing better security standards across the SDLC.
NEW QUESTION 401
A company notices that cloud environment costs increased after using a new serverless solution based on API requests. Many invalid requests from unknown IPs were found, often within a short time. Which of the following solutions would most likely solve this issue, reduce cost, and improve security?
A.   Using digital certificates for known customers and performing API authorization through those certificates.
B.   Defining request rate limits and comparing new requests from unknown IPs with a list of known-malicious IPs.
C.   Setting authentication processes for the API requests as well as proper rate limits according to regular usage.
D.   Only allowing API requests coming from regions with known customers.
Answer: C
Explanation:
Implementing authentication for API requests ensures only legitimate users can access the service, while setting rate limits helps prevent abuse and controls costs associated with excessive or malicious traffic. This directly addresses both the security and cost concerns.
NEW QUESTION 402
A game developer wants to reach new markets and is advised by legal counsel to include specific age-related sign-up requirements. Which of the following best describes the legal counsel’s concerns?
A.   GDPR
B.   LGPD
C.   PCI DSS
D.   COPPA
Answer: D
Explanation:
The Children’s Online Privacy Protection Act (COPPA) requires online services, like games, to implement age-related sign-up requirements and obtain verifiable parental consent when collecting personal information from children under 13 in the U.S. This best aligns with the legal counsel’s concerns.
NEW QUESTION 403
A company wants to perform threat modeling on an internally developed, business-critical application. The Chief Information Security Officer (CISO) is most concerned that the application should maintain 99.999% availability and authorized users should only be able to gain access to data they are explicitly authorized to view. Which of the following threat-modeling frameworks directly addresses the CISO’s concerns about this system?
A.   CAPEC
B.   STRIDE
C.   ATT&CK
D.   TAXII
Answer: B
Explanation:
STRIDE is a threat-modeling framework that focuses on six key threat categories: Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege. This directly addresses the CISO’s concerns about ensuring high availability (99.999%) and restricting data access to only authorized users, making it the most suitable choice.
NEW QUESTION 404
A company designs policies and procedures for hardening containers deployed in the production environment. However, a security assessment reveals that deployed containers are not complying with the security baseline. Which of the following solutions best addresses this issue throughout early life-cycle stages?
A.   Installing endpoint agents on each container and setting them to report when configurations drift from the baseline.
B.   Finding hardened container images and enforcing them as the baseline for new deployments.
C.   Creating a pipeline to check the containers through security gates and validating the baseline controls before the final deployment.
D.   Running security assessments regularly and checking for the security baseline on containers already in production.
Answer: C
Explanation:
The best solution is to integrate security checks into the CI/CD pipeline, where containers are validated against the security baseline before deployment. This proactive approach ensures that containers are hardening properly during the early stages of development and deployment, reducing the risk of non-compliance with security policies and preventing issues from reaching the production environment.
NEW QUESTION 405
To prevent data breaches, security leaders at a company decide to expand user education to:
– Create a healthy security culture.
– Comply with regulatory requirements.
– Improve incident reporting.
Which of the following would best meet their objective?
A.   Performing a DoS attack.
B.   Scheduling regular penetration tests.
C.   Simulating a phishing campaign.
D.   Deploying fake ransomware.
Answer: C
Explanation:
Simulating a phishing campaign helps users recognize phishing attempts and enhances overall security awareness. It is a practical way to improve incident reporting and ensure that users understand common attack vectors. This directly supports creating a healthy security culture, complying with regulatory requirements related to security training, and improving the response to security incidents.
NEW QUESTION 406
Which of the following most likely explains the reason a security engineer replaced ECC with a lattice-based cryptographic technique?
A.   It is computationally efficient and provides perfect forward secrecy.
B.   It is more resilient to brute-force attacks than ECC.
C.   It supports ephemeral key exchange and digital signatures.
D.   It is currently considered a robust PQC technique.
E.   It enables processing on data while remaining in an encrypted state.
Answer: D
Explanation:
Lattice-based schemes, such as Learning With Errors (LWE) or Ring-LWE, are among the leading candidates in NIST’s post-quantum cryptography standardization process because their underlying hard problems resist known quantum-algorithm speedups. Replacing ECC with a lattice-based algorithm directly addresses the threat posed by future quantum computers, making it the preferred choice for long-term cryptographic agility.
NEW QUESTION 407
A company is migrating from company-owned phones to a BYOD strategy for mobile devices. The pilot program will start with the executive management team and be rolled out to the rest of the staff in phases. The company’s Chief Financial Officer loses a phone multiple times a year. Which of the following will most likely secure the data on the lost device?
A.   Require a VPN to be active to access company data.
B.   Set up different profiles based on the person’s risk.
C.   Remotely wipe the device.
D.   Require MFA to access company applications.
Answer: C
Explanation:
Remotely wiping a lost mobile device ensures that any company data or credentials stored locally are erased, preventing unauthorized access even if the phone falls into the wrong hands. This control directly addresses the risk of data exposure on a lost device.
NEW QUESTION 408
Company A acquired Company B. Both companies serve a user base in different geographic regions but now collectively serve a globally distributed user base. A security architect needs to design resilient monitoring systems with the following requirements:
– User data must remain on the systems of each respective company.
– Low latency is needed for all users regardless of company location and user location.
– Each company must have its own redundancy.
Which of the following practices are the most beneficial in meeting the requirements? (Choose two).
A.   Replicating each company’s system in the other company’s region.
B.   Adding additional resources in each company’s original region.
C.   Implementing a network load balancer.
D.   Deploying a reverse proxy.
E.   Utilizing an API gateway.
F.   Enabling automated vertical scaling.
Answer: BC
Explanation:
– Add resources in each original region:
Spinning up parallel monitoring nodes or services in each company’s home region ensures true redundancy without moving user data outside its home zone. If one region goes down, regional replicas pick up the load, and data locality remains intact.
– Use a network load balancer:
A global or multi-region network load balancer can route user or agent traffic to the nearest healthy endpoint. This minimizes latency for a globally distributed user base and provides failover across regions, while respecting the requirement that each company’s data stays on its own infrastructure.
NEW QUESTION 409
A SOC team receives notifications that align with playbook incidents. The team wants to analyze the potential threat actor’s TTPs. Which of the following will best assist the SOC team?
A.   D3FEND
B.   OWASP
C.   ATT&CK
D.   COPPA
E.   CAPEC
Answer: C
Explanation:
The MITRE ATT&CK framework is explicitly designed to catalog and map adversary Tactics, Techniques, and Procedures (TTPs). By correlating your SOC alerts with ATT&CK’s matrix, you can profile likely threat actors, anticipate their next moves, and tailor your detection and response strategies accordingly.
NEW QUESTION 410
After investigating a recent security incident, a SOC analyst is charged with creating a reference guide for the entire team to use. Which of the following should the analyst create to address future incidents?
A.   Root cause analysis.
B.   Communication plan.
C.   Runbook.
D.   Lessons learned.
Answer: C
Explanation:
A runbook is a step-by-step procedural guide that SOC analysts reference during live incidents. It documents the specific actions to take, such as how to triage alerts, gather forensic artifacts, escalate issues, and contain threats, ensuring consistency and speeding up response times across the team.
NEW QUESTION 411
A security architect is implementing a SOAR solution in an organization’s cloud production environment to support detection capabilities. Which of the following will be the most likely benefit?
A.   Improved security operations center performance.
B.   Automated firewall log collection tasks.
C.   Optimized cloud resource utilization.
D.   Increased risk visibility.
Answer: A
Explanation:
A SOAR platform streamlines and automates repetitive detection and response workflows, like alert triage, enrichment, and ticketing, freeing up analysts to focus on high-value tasks. This orchestration capability reduces mean time to acknowledge and respond, directly boosting overall SOC efficiency and performance.
NEW QUESTION 412
A cloud security architect has been tasked with finding a solution for hardening VMs. The solution must meet the following requirements:
– Data needs to be stored outside of the VMs.
– No unauthorized modifications to the VMs are allowed.
– If a change needs to be done, a new VM needs to be deployed.
Which of the following is the best solution?
A.   Immutable system.
B.   Data loss prevention.
C.   Storage area network.
D.   Baseline template.
Answer: A
Explanation:
An immutable infrastructure approach ensures that VM images are never altered in place. All state and data live externally (for example in object storage or managed databases), and any required change, be it patching or configuration, happens by building and rolling out a fresh VM image. This guarantees no unauthorized drift or in-place modification on running instances.
NEW QUESTION 413
After the latest risk assessment, the Chief Information Security Officer (CISO) decides to meet with the development and security teams to find a way to reduce the security task workload. The CISO would like to:
– Have a solution that uses an API to communicate with other security tools.
– Use the latest technology possible.
– Have the highest controls possible on the solution.
Which of following is the best option to meet these requirements?
A.   EDR
B.   CSP
C.   SOAR
D.   CASB
Answer: C
Explanation:
A SOAR platform is explicitly built to integrate via APIs with your existing security tools (EDR, SIEM, firewalls, ticketing systems, etc.), orchestrate automated workflows, and apply rich, customizable controls (playbooks, role-based access, audit logging). It’s also one of the newest “X as a Service” technologies in the market for reducing manual security tasks and streamlining incident response.
NEW QUESTION 414
A new, online file hosting service is being offered. The service has the following security requirements:
– Threats to customer data integrity and availability should be remediated first.
– The environment should be dynamic to match increasing customer demands.
– The solution should not interfere with customers’ ability to access their data at anytime.
– Security analysts should focus on high-risk items.
Which of the following would best satisfy the requirements?
A.   Expanding the use of IPS and NGFW devices throughout the environment.
B.   Increasing the number of analysts to identify risks that need remediation.
C.   Implementing a SOAR solution to address known threats.
D.   Integrating enterprise threat feeds in the existing SIEM.
Answer: C
Explanation:
A SOAR platform can automate the remediation of integrity, and availability-threats (e.g., known malware or misconfigurations) in real time without blocking user access, scale dynamically with your environment, and surface only high-risk incidents for analyst review, perfectly aligning with the stated requirements.
NEW QUESTION 415
A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field. Which of the following should the security team recommend first?
A.   Investigating a potential threat identified in logs related to the identity management system.
B.   Updating the identity management system to use discretionary access control.
C.   Beginning research on two-factor authentication to later introduce into the identity management system.
D.   Working with procurement and creating a requirements document to select a new IAM system/vendor.
Answer: D
Explanation:
Since the homegrown identity management system has already been flagged by an auditor as misaligned with industry best practices, and it must scale to handle dynamic, temporary user populations, the priority is to plan for a replacement that meets modern IAM standards (provisioning workflows, role-based access control, MFA support, audit logging, etc.). Starting with a clear requirements document ensures the new solution will address current gaps and support future needs.
NEW QUESTION 416
An IT department is currently working to implement an enterprise DLP solution. Due diligence and best practices must be followed in regard to mitigating risk. Which of the following ensures that authorized modifications are well planned and executed?
A.   Risk management.
B.   Network management.
C.   Configuration management.
D.   Change management.
Answer: D
Explanation:
Change management establishes a formal process for planning, approving, testing, scheduling, and documenting all authorized modifications. This ensures that deploying or updating the DLP solution follows controlled steps, reducing the risk of unplanned disruptions or misconfigurations.
NEW QUESTION 417
A software development company needs to mitigate third-party risks to its software supply chain. Which of the following techniques should the company use in the development environment to best meet this objective?
A.   Performing software composition analysis.
B.   Requiring multifactor authentication.
C.   Establishing coding standards and monitoring for compliance.
D.   Implementing a robust unit and regression-testing scheme.
Answer: A
Explanation:
Software Composition Analysis (SCA) tools inventory and continuously monitor all third-party and open-source components in your codebase, flagging known vulnerabilities and license issues before they make it into production. This directly addresses supply-chain risk by ensuring you know exactly which external libraries you’re using and whether they contain any security flaws.
NEW QUESTION 418
Based on a recent security audit, a company discovered the perimeter strategy is inadequate for its recent growth. To address this issue, the company is looking for a solution that includes the following requirements:
– Collapse of multiple network security technologies into a single footprint.
– Support for multiple VPNs with different security contexts.
– Support for application layer security (Layer 7 of the OSI Model).
Which of the following technologies would be the most appropriate solution given these requirements?
A.   NAT gateway.
B.   Reverse proxy.
C.   NGFW.
D.   NIDS.
Answer: C
Explanation:
A Next-Generation Firewall (NGFW) consolidates traditional firewall functions (stateful packet inspection, VPN termination) with advanced capabilities such as intrusion prevention, application-layer (L7) inspection, and support for multiple VPN contexts. This single-footprint device can host separate VPN tunnels with distinct security policies while enforcing deep-packet and application-level controls across all traffic.
NEW QUESTION 419
A security administrator has isolated a computer system because it was targeted by a ransomware attack. Which of the following should the security administrator do to recover from this attack in the most secure way?
A.   Check if file versioning is enabled and restore the files.
B.   Restore the system from a baseline snapshot.
C.   Determine if the encryption key can be recovered. If it can, restore the files.
D.   Seek approval from senior leadership to pay the ransom and unencrypt the files with the provided key.
Answer: B
Explanation:
Restoring from a known-good, immutable snapshot ensures you return the system to a clean, pre-infection state without any residual ransomware artifacts or potential backdoors. Snapshots are typically protected from tampering and provide a trusted recovery point, making this the most secure and reliable remediation method.
NEW QUESTION 420
A security manager has written an incident response playbook for insider attacks and is ready to begin testing it. Which of the following should the manager conduct to test the playbook?
A.   Automated vulnerability scanning.
B.   Centralized logging, data analytics, and visualization.
C.   Threat hunting.
D.   Threat emulation.
Answer: D
Explanation:
Threat emulation (also known as adversary or red-team simulation) involves deliberately mimicking insider tactics, techniques, and procedures to validate the playbook’s controls and procedures in a controlled exercise. This approach directly tests whether the detection, containment, and response steps work as designed against realistic insider behaviors.
NEW QUESTION 421
The Chief Security Officer (CSO) requested the security team implement technical controls that meet the following requirements:
– Monitors traffic to and from both local NAS and cloud-based file repositories.
– Prevents on-site staff who are accessing sensitive customer PII documents on file repositories from accidentally or deliberately sharing sensitive documents on personal SaaS solutions.
– Uses document attributes to reduce false positives.
– Is agentless and not installed on staff desktops or laptops.
Which of the following when installed and configured would best meet the CSO’s requirements? (Choose two.)
A.   DLP
B.   NGFW
C.   UTM
D.   UEBA
E.   CASB
F.   HIPS
Answer: AE
Explanation:
– DLP (Data Loss Prevention):
A network-based DLP solution can inspect traffic to and from on-prem NAS devices as well as cloud storage, using document fingerprinting and content-aware rules to reduce false positives without requiring agents on endpoints.
– CASB (Cloud Access Security Broker):
An agentless CASB sits inline (or via API) between users and cloud services – both sanctioned and unsanctioned – preventing uploads of sensitive PII to personal SaaS apps and enforcing attribute-based policies on documents in cloud repos.
NEW QUESTION 422
……
Welcome to choose PassLeader CAS-005 dumps for 100% passing CompTIA CAS-005 exam:Â https://www.passleader.com/cas-005.html (432 Q&As VCE Dumps and PDF Dumps –> 528 Q&As VCE Dumps and PDF Dumps ~ Lab Simulations Available)
Also, previewing the NEWEST PassLeader CAS-005 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1KS3f2xY4YVwyvHzBkOruvJa_Q1WMRRlW