PassLeader released the NEWEST CompTIA CAS-005 exam dumps recently! Both CAS-005 VCE dumps and CAS-005 PDF dumps are available on PassLeader, either CAS-005 VCE dumps or CAS-005 PDF dumps have the NEWEST CAS-005 exam questions in it, they will help you passing CompTIA CAS-005 exam easily! You can download the valid CAS-005 dumps VCE and PDF from PassLeader here: https://www.passleader.com/cas-005.html (528 Q&As Dumps ~ Lab Simulations Available)
Also, previewing the NEWEST PassLeader CAS-005 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1KS3f2xY4YVwyvHzBkOruvJa_Q1WMRRlW
NEW QUESTION 474
A security administrator wants to detect a potential forged sender claim in the envelope of an email. Which of the following should the security administrator implement? (Choose two).
A. MX record.
B. DMARC.
C. SPF.
D. DNSSEC.
E. S/MIME.
F. TLS.
Answer: BC
Explanation:
– SPF (Sender Policy Framework):
Validates the envelope sender (MAIL FROM) by checking that the sending IP is authorized in the domain’s SPF record, detecting forged return‐path addresses.
– DMARC (Domain-based Message Authentication, Reporting & Conformance):
Builds on SPF (and DKIM) to enforce alignment between the authenticated envelope sender and the “From:” header, providing policy enforcement and reporting on any failures.
NEW QUESTION 475
The management team at a company with a large, aging server environment is conducting a server risk assessment in order to create a replacement strategy. The replacement strategy will be based upon the likelihood a server will fail, regardless of the criticality of the application running on a particular server. Which of the following should be used to prioritize the server replacements?
A. SLE
B. MTTR
C. TCO
D. MTBF
E. MSA
Answer: D
Explanation:
MTBF measures the average operational time between inherent failures of a system. By comparing MTBF values across your aging servers, you can rank them by their projected failure rates, allowing to prioritize replacement based solely on the likelihood of failure, independent of application criticality.
NEW QUESTION 476
A company created an external application for its customers. A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization. Which of the following actions would best resolve the issue? (Choose two.)
A. Conduct input sanitization.
B. Deploy a SIEM.
C. Use containers.
D. Patch the OS.
E. Deploy a WAF.
F. Deploy a reverse proxy.
G. Deploy an IDS.
Answer: AE
Explanation:
– Conduct input sanitization:
The primary safeguard against LDAP injection is to validate and cleanse all user-supplied inputs before they’re incorporated into LDAP queries. By enforcing strict whitelists (allowing only expected characters or patterns) and escaping or rejecting any special LDAP-filter metacharacters, you eliminate the injection vectors at the source.
– Deploy a WAF:
While you’re remediating the code, a properly configured Web Application Firewall can provide an additional layer of defense by detecting and blocking known LDAP injection payloads (e.g., *)(uid=*))(|(uid=*) in incoming requests. This helps mitigate exploitation risk in the short term and serves as a compensating control until the application is fully secured.
NEW QUESTION 477
Due to reports of malware targeting companies in the same industry, an organization wants to develop a comprehensive list of IoCs to determine if its systems might be affected in a similar attack. Which of the following would be best to use to develop this list?
A. Simulators.
B. Sandbox detonation.
C. Antivirus.
D. Endpoint detection and response.
Answer: B
Explanation:
By detonating threat samples in a sandbox environment, you can safely execute the malware and extract a full spectrum of indicators of compromise – file and payload hashes, dropped filenames and registry keys, network IOCs (domains, IPs, URLs), mutex names, and more. These artifacts form a comprehensive IoC list you can then feed into your monitoring tools (EDR, SIEM, firewalls) to hunt for and block any matching activity across your environment.
NEW QUESTION 478
Which of the following is a security concern for DNP3?
A. Free-form messages require support.
B. Available function codes are not standardized.
C. Authentication is not allocated.
D. It is an open source protocol.
Answer: C
Explanation:
Original DNP3 lacks built-in authentication for its messages, making it vulnerable to spoofing and replay attacks. Secure extensions (Secure DNP3) add cryptographic authentication, but legacy deployments without these extensions remain at risk.
NEW QUESTION 479
A security administrator needs to develop a remediation plan to address a large number of vulnerability scan results. Which of the following should the administrator use to determine the vulnerabilities that should be addressed first?
A. CPE
B. CCE
C. CVSS
D. CVE
Answer: C
Explanation:
The Common Vulnerability Scoring System (CVSS) provides a standardized severity score for each vulnerability, reflecting its potential impact and exploitability. By sorting your scan results by CVSS score, focusing first on the highest-severity (e.g., critical and high) issues, you ensure your remediation plan targets the most dangerous vulnerabilities before lower-risk ones.
NEW QUESTION 480
An organization’s senior security architect would like to develop cyberdefensive strategies based on standardized adversary techniques, tactics, and procedures commonly observed. Which of the following would best support this objective?
A. OSINT analysis.
B. The Diamond Model of Intrusion Analysis.
C. MITRE ATT&CK.
D. Deepfake generation.
E. Closed-source intelligence reporting.
Answer: C
Explanation:
The MITRE ATT&CK framework provides a comprehensive, standardized taxonomy of adversary tactics, techniques, and procedures (TTPs) observed across real-world incidents. By mapping threats to ATT&CK, security teams can develop targeted defensive strategies, gap analyses, and threat-informed detection and response playbooks based on documented attacker behavior.
NEW QUESTION 481
A company is looking for a solution to hide data stored in databases. The solution must meet the following requirements:
– Be efficient at protecting the production environment.
– Not require any change to the application.
– Act at the presentation layer.
Which of the following techniques should be used?
A. Masking.
B. Steganography.
C. Algorithmic.
D. Random substitution.
Answer: A
Explanation:
Dynamic data masking works at the presentation layer, sitting between your database and application – and transforms sensitive fields (for example, showing “J*** S****” instead of “John Smith”) without altering the underlying data or touching the application code. This approach efficiently protects production systems, requires no changes to the application, and enforces masking policies in real time.
NEW QUESTION 482
A software developer is working on a piece of code required by a new software package. The code should use a protocol to verify the validity of a remote identity. Which of the following should the developer implement in the code?
A. RSA
B. OCSP
C. HSTS
D. CRL
Answer: B
Explanation:
The Online Certificate Status Protocol (OCSP) lets your application query a trusted responder in real time to confirm that a peer’s X.509 certificate hasn’t been revoked. Embedding OCSP checking in your TLS/SSL handshake ensures the remote identity you connect to remains valid without needing to download and parse full CRLs.
NEW QUESTION 483
Which of the following is record-level encryption commonly used to do?
A. Protect database fields.
B. Protect individual files.
C. Encrypt individual packets.
D. Encrypt the master boot record.
Answer: A
Explanation:
Record-level encryption (also called field- or cell-level encryption) encrypts specific columns or records within a database, ensuring that sensitive fields (e.g., credit card numbers, SSNs) remain protected even if the broader database is accessed or compromised.
NEW QUESTION 484
A system of globally distributed certificate servers connected to HSMs provide certificate security services for a publicly available PKI. These services include OCSP, certificate revocation list issuance, and certificate signing/issuance. The HSMs are all physical devices. All other servers are virtualized. Each global site has a network load balancer, and the sites are configured to load balance between sites. Users report occasional but persistent log-on failures to different PKI-enabled websites. There is no apparent pattern to the failures. Some OCSP responses must be signed by the HSM. Each HSM is connected to a physical server containing multiple VMs for the local site with CAT 6e network cable. The backplane connecting the VMs is fiber based. Which of the following would best reduce the OCSP response time in order to rule out the connection between the certificate server and HSM as a cause of the user-reported issues?
A. Virtualize the HSMs and convert the virtualized servers to physical systems.
B. Replace the copper-based network infrastructure with fiber.
C. Shorten the time the duration certificates are valid to 72 hours and implement ACME.
D. Reduce the number of global sites while increasing the number of HSMs.
Answer: C
Explanation:
Shortening the certificate validity period and implementing ACME reduces reliance on OCSP by enabling more frequent automated certificate issuance and renewal, thereby decreasing OCSP query load and response times. This approach helps rule out HSM-to-certificate server connection delays as the cause of user log-on failures.
NEW QUESTION 485
An administrator brings the company’s fleet of mobile devices into its PKI in order to align device WLAN NAC configurations with existing workstations and laptops. Thousands of devices need to be reconfigured in a cost-effective, time-efficient, and secure manner. Which of the following actions best achieve this goal? (Choose two.)
A. Using the existing MDM solution to integrate with directory services for authentication and enrollment.
B. Deploying netAuth extended key usage certificate templates.
C. Deploying serverAuth extended key usage certificate templates.
D. Deploying clientAuth extended key usage certificate templates.
E. Configuring SCEP on the CA with an OTP for bulk device enrollment.
F. Submitting a CSR to the CA to obtain a single certificate that can be used across all devices.
Answer: AE
Explanation:
Using the existing MDM solution integrated with directory services automates authentication and enrollment, making the process scalable, secure, and cost-effective. Configuring SCEP with a one-time password enables secure bulk enrollment of many devices efficiently.
NEW QUESTION 486
The ISAC for the retail industry recently released a report regarding social engineering tactics in which small groups create distractions for employees while other malicious individuals install advanced card skimmers on the payment systems. The Chief Information Security Officer (CISO) thinks that security awareness training, technical control implementations, and governance already in place is adequate to protect from this threat. The board would like to test these controls. Which of the following should the CISO recommend?
A. Dark web monitoring.
B. Adversary emulation engagement.
C. Supply chain risk consultation.
D. Tabletop exercises.
Answer: B
Explanation:
Adversary emulation engagement involves simulating realistic attack scenarios, including social engineering tactics, to test the effectiveness of existing security controls and employee response in a controlled environment.
NEW QUESTION 487
In a recent audit, several critical legacy systems, which are externally exposed so that a specific vendor can manage them remotely, were identified. These systems must remain available to the vendor for the next six months. A security team segmented the network so these systems can only communicate with internal resources. Which of the following actions would be most appropriate to restore the vendor’s access to manage these systems?
A. Disable all connections to the systems, and implement a backup solution to capture the needed data to send to the vendor on a weekly basis.
B. Create a VPN connection and set up firewall rules so only specific connections are allowed to those systems.
C. Disable external connections to those systems for the next six months.
D. Isolate the critical systems so they can only be remotely managed from the internet.
Answer: B
Explanation:
Creating a VPN connection with firewall rules restricts vendor access to only authorized connections, maintaining security while restoring necessary remote management capability.
NEW QUESTION 488
A company plans to deploy a new online application that provides video training for its customers. As part of the design, the application must be:
– Fast for all users.
– Available for users worldwide.
– Protected against attacks.
Which of the following are the best components the company should use to meet these requirements? (Choose two.)
A. WAF
B. IPS
C. CDN
D. SASE
E. VPN
F. CASB
Answer: AC
Explanation:
A Web Application Firewall (WAF) protects the application from attacks such as injection and cross-site scripting. A Content Delivery Network (CDN) improves performance and availability by caching content closer to users worldwide.
NEW QUESTION 489
A company must meet the following security requirements when implementing controls in order to be compliant with government policy:
– Access to the system document repository must be MFA enabled.
– Ongoing risk monitoring must be displayed on a system dashboard.
– Staff must receive email notifications about periodic tasks.
Which of the following best meets all of these requirements?
A. Implementing a GRC tool.
B. Configuring a privileged access management system.
C. Launching a vulnerability management program.
D. Creating a risk register.
Answer: A
Explanation:
A Governance, Risk, and Compliance (GRC) tool integrates multifactor authentication for access control, provides dashboards for ongoing risk monitoring, and supports automated email notifications, fulfilling all specified requirements.
NEW QUESTION 490
A company detects suspicious activity associated with inbound connections. Security detection tools are unable to categorize this activity. Which of the following is the best solution to help the company overcome this challenge?
A. Implement an interactive honeypot.
B. Map network traffic to known IoCs.
C. Monitor the dark web.
D. Implement UEBA.
Answer: A
Explanation:
An interactive honeypot can actively engage with suspicious inbound connections, capturing detailed attacker behavior and tactics, which helps identify and categorize unknown or ambiguous threats more effectively.
NEW QUESTION 491
After discovering that an employee is using a personal laptop to access highly confidential data, a systems administrator must secure the company’s data. Which of the following capabilities best addresses this situation?
A. OCSP stapling.
B. CASB.
C. SOAR.
D. Conditional access.
E. Package monitoring.
Answer: D
Explanation:
Conditional access enforces policies that control device and user access to sensitive data, ensuring only compliant and authorized devices can connect, thereby securing company data when personal laptops attempt access.
NEW QUESTION 492
An organization is increasing its focus on training that addresses new social engineering and phishing attacks. Which of the following is the organization most concerned about?
A. Meeting existing regulatory compliance.
B. Overreliance on AI support bots.
C. Generative AI tools increasing the quality of exploits.
D. Differential analysis using AI models.
Answer: C
Explanation:
The organization is concerned that generative AI tools can increase the quality and sophistication of phishing and social engineering attacks, making them harder to detect and more convincing to victims.
NEW QUESTION 493
A systems administrator is working with clients to verify email-based services are performing properly. The administrator wants to have the email server digitally sign outbound emails using the organization’s private key. Which of the following should the systems administrator configure?
A. SPF
B. DKIM
C. DMARC
D. TLS
Answer: B
Explanation:
DKIM (DomainKeys Identified Mail) uses a private key to digitally sign outbound emails, allowing recipients to verify the authenticity of the sender using the corresponding public key published in DNS.
NEW QUESTION 494
A security engineer is developing a solution to meet the following requirements:
– All endpoints should be able to establish telemetry with a SIEM.
– All endpoints should be able to be integrated into the XDR platform.
– SOC services should be able to monitor the XDR platform.
Which of the following should the security engineer implement to meet the requirements? (Choose two.)
A. EDR.
B. HIDS.
C. Web application firewall.
D. Central logging.
E. Host-based firewall.
F. TPM.
Answer: AD
Explanation:
– EDR provides endpoint telemetry and integrates with an XDR platform for extended detection and response.
– Central logging ensures telemetry is forwarded to the SIEM, enabling SOC services to monitor the XDR platform effectively.
NEW QUESTION 495
A security engineer needs to create multiple servers in a company’s private cloud. The servers should have a virtual network infrastructure that supports connectivity, as well as security configurations applied using predefined templates. Which of the following is the best option for the security engineer to consider for the deployment?
A. Installing a container orchestration solution locally, configuring the infrastructure, and cloning the solution.
B. Creating templates on the cloud provider marketplace and modeling the solution using those templates.
C. Using Terraform to implement an infrastructure as code model with the existing private cloud solution.
D. Integrating the cloud provider API to the CI/CD pipeline model used by the company.
Answer: C
Explanation:
Using Terraform allows the security engineer to implement Infrastructure as Code, enabling consistent creation of servers, virtual networking, and security configurations from predefined templates within the private cloud. This ensures repeatability, scalability, and security compliance.
NEW QUESTION 496
A company is planning to migrate all of its on-site-hosted applications to a public cloud provider. Which of the following is the best way to reduce the scope of security-relevant work that the company must address after the applications have been migrated to the cloud?
A. Adopting cloud-native security solutions.
B. Using a microservices architecture.
C. Performing a lift-and-shift cloud migration.
D. Implementing serverless cloud services.
Answer: D
Explanation:
Implementing serverless cloud services shifts most of the infrastructure management and security responsibilities (such as patching, scaling, and OS hardening) to the cloud provider. This significantly reduces the company’s security workload after migration.
NEW QUESTION 497
A security architect must implement security controls in a software development life cycle for an internally developed application. The architect must identify the components that were used to create the application. Which of the following should the security architect use to meet this requirement?
A. A/B test.
B. SAST.
C. IAST.
D. SBoM.
Answer: D
Explanation:
A Software Bill of Materials (SBoM) provides a detailed inventory of all components, libraries, and dependencies used in an application. This allows the security architect to track and manage risks associated with the software supply chain throughout the development life cycle.
NEW QUESTION 498
A security analyst collects the logs from the web server that is associated with a security incident. The analyst finds the following entry in the logs:
SELECT user FROM Customers WHERE userID = “SRequest(userID)”
Which of the following will prevent this incident from reoccurring?
A. URL encoding.
B. Query parameterization.
C. Data sanitization.
D. SQL output encoding.
Answer: B
Explanation:
Query parameterization ensures that user input is treated strictly as data, not as executable SQL code. This prevents SQL injection attacks like the one shown in the log entry, thereby eliminating the vulnerability that led to the incident.
NEW QUESTION 499
A company implements an AI model that handles sensitive and personally identifiable information. Which of the following threats is most likely the company’s primary concern?
A. Unsecured output handling.
B. Model theft.
C. Model poisoning.
D. Prompt injection.
Answer: A
Explanation:
Since the AI model processes sensitive and personally identifiable information, the primary concern is unsecured output handling, which could expose confidential data if not properly protected or sanitized.
NEW QUESTION 500
An engineer is designing a wireless access solution that must comply with the IEEE-specified security requirements for the 802.1X protocol. The engineer wants to streamline access by removing the need to provide a WPA2 PSK and domain credentials each time for access. Which of the following actions best meet this requirement? (Choose two.)
A. Issuing client authentication certificates to devices.
B. Issuing a separate 32-bit key to wireless supplicants.
C. Configuring RADIUS with EAP-TLS.
D. Using a geofence over the facility and enforcing it for access.
E. Configuring RADIUS with EAP-PEAP.
F. Configuring RADIUS with EAP-FAST.
Answer: AC
Explanation:
– Issuing client authentication certificates enables certificate-based authentication, removing the need for users to enter PSKs or credentials repeatedly.
– Configuring RADIUS with EAP-TLS leverages those certificates within the 802.1X framework, providing strong, standards-based authentication that meets IEEE security requirements.
NEW QUESTION 501
An organization must provide access to its internal system data. The organization requires that this access complies with the following:
– Access must be automated.
– Data confidentiality must be preserved.
– Access must be authenticated.
– Data must be preprocessed before it is retrieved.
Which of the following actions should the organization take to meet these requirements?
A. Configure a reverse proxy to protect the data.
B. Implement an on-demand VPN connection.
C. Deploy an API gateway protected with access tokens.
D. Continually publish all relevant data to a CDN.
Answer: C
Explanation:
An API gateway protected with access tokens enables automated and authenticated access while preserving confidentiality. It also supports preprocessing and transformation of data before delivery, fulfilling all the organization’s requirements.
NEW QUESTION 502
Following a security incident, a company decides to improve its device management. The company establishes the following requirements for the new process:
– EOL devices must be properly replaced in a timely manner.
– Accurate, detailed information about the devices must be available in a centralized repository.
Which of the following should the company do to meet these requirements? (Choose two.)
A. Configure agent-based vulnerability scanning tools.
B. Implement an asset management life cycle.
C. Switch to a BYOD policy.
D. Transition to a virtual desktop infrastructure.
E. Establish a quality assurance program.
F. Maintain a configuration management database.
Answer: BF
Explanation:
– Implementing an asset management life cycle ensures EOL devices are tracked and replaced in a timely manner.
– Maintaining a configuration management database (CMDB) provides a centralized repository with accurate and detailed device information.
NEW QUESTION 503
A security engineer needs to remediate a SWEET32 vulnerability in an OpenSSH-based application and review existing configurations. Which of the following should the security engineer do? (Choose two.)
A. disable Twofish algorithms
B. cat /etc/sshd/ssh_config | grep “HMAC”
C. disable RSA algorithms
D. cat /etc/sshd/ssh_config | grep “PermitRootLogin”
E. disable 3DES algorithms
F. cat /etc/sshd/ssh_config | grep “Ciphers”
Answer: EF
Explanation:
– SWEET32 exploits the 64-bit block size of 3DES, so disabling 3DES algorithms mitigates the vulnerability.
– Reviewing the Ciphers configuration in ssh_config ensures only secure ciphers are enabled, confirming 3DES is removed and stronger algorithms are enforced.
NEW QUESTION 504
A DevOps engineer sets up a CI/CD pipeline to deploy application container images in the Kubernetes production environment. The security engineer wants to prevent the deployment of unsecured images. Which of the following security solutions should the engineer use in the pipeline to meet this objective?
A. Vulnerability scanning.
B. Static code analysis.
C. Trusted attestation.
D. Private repository.
Answer: C
Explanation:
Trusted attestation ensures that only container images meeting defined security and integrity requirements are allowed in the pipeline. This prevents the deployment of unsecured or tampered images into the Kubernetes production environment.
NEW QUESTION 505
In order to follow new regulations, the Chief Information Security Officer plans to use a defense-in-depth approach for a perimeter network. Which of the following protections would best achieve this goal?
A. SAST, DAST, IAST.
B. NGFW, IPS, EDR.
C. SASE, IDS, SAST.
D. CASB, DLP, EDR.
Answer: B
Explanation:
A defense-in-depth approach for a perimeter network is best achieved with layered network and endpoint protections. NGFW provides advanced firewall capabilities, IPS detects and blocks network intrusions, and EDR extends protection to endpoints, creating a comprehensive security posture.
NEW QUESTION 506
During an incident response activity, the response team collected some artifacts from a compromised server, but the following information is missing:
– Source of the malicious files.
– Initial attack vector.
– Lateral movement activities.
The next step in the playbook is to reconstruct a timeline. Which of the following best supports this effort?
A. Executing decompilation of binary files.
B. Analyzing all network routes and connections.
C. Performing primary memory analysis.
D. Collecting operational system logs and storage disk data.
Answer: D
Explanation:
Collecting operating system logs and storage disk data provides historical records of file creation, modifications, user activity, and system events. These artifacts are essential for reconstructing a detailed timeline of the attack, including the source of malicious files, initial entry, and lateral movement.
NEW QUESTION 507
A security architect performs a baseline review on the SIEM. The findings indicate that multiple use cases are missing and coverage is limited for defense evasion techniques. Which of the following processes best describes what the architect should do?
A. Implement a TIP on the internal network to facilitate the creation of a use case.
B. Perform a penetration test on critical devices and document IOCs for use cases.
C. Create a list of use cases based on Snort detection rules.
D. Use Sigma to build the logic of the use cases and testing on the SIEM.
Answer: D
Explanation:
Sigma is a vendor-agnostic detection rule format that allows building and testing SIEM use cases efficiently. Using Sigma ensures broader coverage, including defense evasion techniques, and provides a standardized approach for detection logic.
NEW QUESTION 508
A company needs to quickly assess whether software deployed across the company’s global corporate network contains specific software libraries. Which of the following best enables the company’s SOC to respond quickly when such an assessment is required?
A. Maintaining SAST/DAST reports on a server with access restricted to SOC staff.
B. Contractually requiring all software vendors to attest to third-party risk mitigations.
C. Requiring all suppliers and internal developers to implement a thorough SBoM.
D. Implementing a GRC tool to maintain a list of all software vendors and internal developers.
Answer: C
Explanation:
A Software Bill of Materials (SBoM) provides an inventory of all libraries and components in deployed software. Maintaining SBoMs allows the SOC to quickly identify affected systems when a vulnerable library is discovered, enabling a rapid and accurate response.
NEW QUESTION 509
During a recent security event, access from the non-production environment to the production environment enabled unauthorized users to install unapproved software and make unplanned configuration changes. During an investigation, the following findings are identified:
– Several new users were added in bulk by the IAM team.
– Additional firewall and routers were recently added to the network.
– Vulnerability assessments have been disabled for all devices for more than 30 days.
– The application allow list has not been modified in more than two weeks.
– Logs were unavailable for various types of traffic.
– Endpoints have not been patched in more than ten days.
Which of the following actions would most likely need to be taken to ensure proper monitoring is in place within the organization? (Choose two.)
A. Disable bulk user creations by the IAM team.
B. Extend log retention for all security and network devices for 180 days for all traffic.
C. Review the application allow list on a daily basis to make sure it is properly configured.
D. Routinely update all endpoints and network devices as soon as new patches/hot fixes are available.
E. Ensure all network and security devices are sending relevant data to the SIEM.
F. Configure rules on all firewalls to only allow traffic from the production environment to the non-production environment.
Answer: BE
Explanation:
– Extending log retention ensures visibility into security and network activities for proper monitoring and forensic investigations.
– Ensuring all network and security devices send relevant data to the SIEM provides centralized monitoring and alerting, enabling the SOC to detect unauthorized access or misconfigurations.
NEW QUESTION 510
An organization purchased a new manufacturing facility and the security administrator needs to:
– Implement security monitoring.
– Protect any non-traditional device(s)/network(s).
– Ensure no downtime for critical systems.
Which of the following strategies best meets these requirements?
A. Configuring honeypots in the internal network to capture malicious activity.
B. Analyzing system behavior and responding to any increase in activity.
C. Applying updates and patches soon after they have been released.
D. Observing the environment and proactively addressing any malicious activity.
Answer: D
Explanation:
Observing the environment and proactively addressing malicious activity provides continuous monitoring for non-traditional devices and networks while avoiding downtime for critical systems. This strategy aligns with OT/ICS environments where availability is crucial and active measures must not disrupt operations.
NEW QUESTION 511
Engineers are unable to control pumps at Site A from Site В when the SCADA controller at Site A experiences an outage. A security analyst must provide a secure solution that ensures Site A pumps can be controlled by a SCADA controller at Site В if a similar outage occurs again. Which of the following represents the most cost-effective solution?
A. Procure direct fiber connectivity between Site A and Site В and limit its use to the critical SCADA controller traffic only.
B. Install backup SCADA controllers at each site, isolate them from the ОТ network, and assign these backup controllers as high-availability pairs.
C. Isolate the ОТ environment by providing an air-gapped network segment. Place the SCADA controller for each site in this network segment to minimize outages.
D. Configure VPN concentrators inside the ОТ network segments at Site A and Site В and allow the controllers to act as secondary devices for the other site’s pumps across this encrypted tunnel.
Answer: D
Explanation:
Configuring VPN concentrators inside the OT network segments allows secure, encrypted communication between Site A and Site B. This setup enables each SCADA controller to act as a backup for the other site’s pumps during outages, while being cost-effective compared to dedicated fiber or deploying redundant controllers.
NEW QUESTION 512
As part of a new software development method, a program manager requires that unit tests be written for all code before being promoted to production. The program manager wants to ensure that requirements can be tested and approved. Any security concerns should also be addressed prior to code deployment. Which of the following is an additional benefit of this new requirement?
A. Dynamic analysis.
B. Integration testing.
C. Software composition analysis.
D. Input fuzzing.
Answer: B
Explanation:
Requiring unit tests before promotion supports integration testing, as validated units can be reliably combined and tested together. This ensures that requirements are verifiable and that security concerns are addressed earlier in the development cycle.
NEW QUESTION 513
A security engineer must implement controls to limit access between developer endpoints and a cloud provider bucket for data storage. Developers routinely save sensitive files to the bucket as part of their projects. The security engineer must reduce the risk of unintended data exposure. Which of the following is the most appropriate control to implement?
A. Require server-side encryption using a KMS in the cloud provider.
B. Implement context-aware reauthentication to the local system.
C. Deploy an ACL on the virtual private cloud to avoid public access.
D. Restrict HTTP POST and PUT traffic to specific URLs at the proxy.
Answer: C
Explanation:
Applying an ACL on the virtual private cloud to restrict bucket access ensures that sensitive files are not exposed publicly. This limits access to only authorized endpoints, reducing the risk of unintended data exposure while still allowing developers to use the storage securely.
NEW QUESTION 514
A systems administrator decides to take a programmatic approach in cataloging system resiliency to both new and existing attack patterns. Which of the following should the systems administrator use?
A. OWASP
B. ATT&CK
C. STRIDE
D. CAPEC
Answer: B
Explanation:
MITRE ATT&CK provides a programmatic framework of adversary tactics, techniques, and procedures. It enables cataloging system resiliency against known attack patterns, supporting structured testing and gap analysis.
NEW QUESTION 515
A security engineer is reviewing logs and summarizes the following:
– The target host communicates to an external IP address over HTTPS.
– The external IP address was not categorized as malicious.
– The company has a deep packet inspection system that supports HTTPS traffic.
– The attack uses a known command-and-control tool to beacon from an affected host.
Which of the following techniques did the attacker most likely use?
A. Redirection.
B. Custom BOF.
C. EDR evasion.
D. Steganography.
Answer: C
Explanation:
The attacker used EDR evasion by tunneling command-and-control traffic over HTTPS to a non-malicious IP. This hides the beaconing within legitimate encrypted traffic, bypassing detection even with deep packet inspection in place.
NEW QUESTION 516
An engineer must configure signing and encryption support for internal corporate email services. The Chief Information Security Officer wants a solution that is capable of monitoring suspicious email behavior. Which of the following should the engineer configure or deploy first? (Choose two.)
A. AAA/RADIUS server.
B. Third-party CSR signing authority.
C. TLS 1.3 support.
D. Smart card support.
E. Certificate templates.
F. Key escrow services.
Answer: EF
Explanation:
– Certificate templates allow consistent issuance of certificates for signing and encrypting corporate emails.
– Key escrow services ensure recovery and monitoring of encryption keys, enabling investigation of suspicious email behavior while supporting encryption requirements.
NEW QUESTION 517
After a recent outage, a software engineering company performed an audit of its development processes. The audit findings include the following:
– The use of local branches were not enforced for software development.
– Two-person review was not required for merges with production pipelines.
– There was a lack of pre-production pipelines and insufficient bake times between stages.
Which of the following changes would best improve the company’s practices?
A. Regression testing.
B. Architecture and integration review.
C. Formal specification and verification.
D. Coding standards and linting.
Answer: B
Explanation:
Architecture and integration review enforces structured development workflows, including branch management, peer reviews, and proper pre-production pipelines. This directly addresses the audit findings and improves software reliability and security.
NEW QUESTION 518
Which of the following explains why an organization should carefully consider whether to use AI to automate processes that interact with healthcare data?
A. The model may be susceptible to AI pipeline injections.
B. The model may be susceptible to information disclosure.
C. The model may be susceptible to social engineering.
D. The model may be susceptible to model inversion.
Answer: B
Explanation:
Healthcare data involves sensitive and regulated information. Using AI to automate processes with such data raises the primary concern of information disclosure, where private medical records or personally identifiable information could be exposed if the model or its handling of data is not properly secured.
NEW QUESTION 519
A security manager at a local hospital wants to secure patient medical records. The manager needs to:
– Choose an access control model that clearly defines who has access to sensitive information.
– Prevent those who enter new patient information from specifying who has access to this data.
Which of the following access control models is the best way to ensure the lowest risk of granting unintentional access?
A. Rule-based.
B. Attribute-based.
C. Mandatory.
D. Discretionary.
Answer: C
Explanation:
Mandatory Access Control (MAC) enforces centrally defined policies that determine access to sensitive data, such as medical records. It prevents users who create or enter new data from assigning permissions, thereby reducing the risk of unintentional or improper access.
NEW QUESTION 520
An organization is developing an in-house software platform to support capital planning and reporting functions. In addition to role-based access controls and auditing/logging capabilities, the product manager must include requirements associated with archiving data and immutable backups. Which of the following organizational considerations are most likely associated with this requirement? (Choose two.)
A. Crypto-export management controls.
B. Supply chain weaknesses.
C. Device attestation.
D. Quality assurance.
E. Legal hold compliance.
F. Ransomware resilience.
Answer: EF
Explanation:
– Legal hold compliance requires data archiving and immutability to preserve records for regulatory or legal purposes.
– Ransomware resilience is achieved through immutable backups, which protect data integrity by preventing unauthorized alteration or deletion.
NEW QUESTION 521
……
Welcome to choose PassLeader CAS-005 dumps for 100% passing CompTIA CAS-005 exam: https://www.passleader.com/cas-005.html (528 Q&As VCE Dumps and PDF Dumps ~ Lab Simulations Available)
Also, previewing the NEWEST PassLeader CAS-005 dumps online for free on Google Drive: https://drive.google.com/drive/folders/1KS3f2xY4YVwyvHzBkOruvJa_Q1WMRRlW