COMPTIA-SECURITYX

CompTIA's CAS-005 A company wants to use a process to embed a sign of ownership covertly inside a proprietary document without adding any identifying attributes. Which of the following would be best to use as part of the process to support copyright protections of the document?

CompTIA's CAS-005 Which of the following utilizes policies that route packets to ensure only specific types of traffic are being sent to the correct destination based on application usage? E. VPC

CompTIA's CAS-005 An incident response team completed recovery from offline backup for several workstations. The workstations were subjected to a ransomware attack after users fell victim to a spear-phishing campaign, despite a robust training program. Which of the following questions should be considered during the lessons-learned phase to most likely reduce the risk of reoccurrence? (Choose two.) E. Which technical controls, if implemented, would provide defense when user training fails? F. Which user roles are most often targeted by spear phishing attacks?

CompTIA's CAS-005 Two companies that recently merged would like to unify application access between the companies, without initially merging internal authentication stores. Which of the following technical strategies would best meet this objective? E. ABAC

CompTIA's CAS-005 An analyst needs to evaluate all images and documents that are publicly shared on a website. Which of the following would be the best tool to evaluate the metadata of these files?

CompTIA's CAS-005 An organization's board of directors has asked the Chief Information Security Officer to build a third-party management program. Which of the following best explains a reason for this request?

CompTIA's CAS-005 A company is rewriting a vulnerable application and adding the mprotect() system call in multiple parts of the application's code that was being leveraged by a recent exploitation tool. Which of the following should be enabled to ensure the application can leverage the new system call against similar attacks in the future?

CompTIA's CAS-005 Which of the following items should be included when crafting a disaster recovery plan?

CompTIA's CAS-005 A web application server is running a legacy operating system with an unpatched RCE vulnerability. The server cannot be upgraded until the corresponding application code is changed. Which of the following compensating controls would best prevent successful exploitation?

CompTIA's CAS-005 Which of the following is the reason why security engineers often cannot upgrade the security of embedded facility automation systems?

CompTIA's CAS-005 A security analyst identified a vulnerable and deprecated runtime engine that Is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition?

CompTIA's CAS-005 A security architect wants to ensure a remote host's identity and decides that pinning the X.509 certificate to the device is the most effective solution. Which of the following must happen first?

CompTIA's CAS-005 A company hired a third-party consultant to run a cybersecurity incident simulation in order to identify security gaps and prepare stakeholders for a potential incident. Which of the following best describes this activity?

CompTIA's CAS-005 A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed. Data on this network must be protected at the same level of each clearance holder. The need to know must be verified by the data owner. Which of the following should the security officer do to meet these requirements?

CompTIA's CAS-005 A security team receives alerts regarding impossible travel and possible brute-force attacks after normal business hours. After reviewing more logs, the team determines that specific users were targeted and attempts were made to transfer data to an unknown site. Which of the following should the team do to help mitigate these issues?

CompTIA's CAS-005 A company recently acquired a SaaS company and performed a gap analysis. The results of the gap analysis Indicate security controls are absent throughout the SDLC and have led to several vulnerable production releases. Which of the following security tools best reduces the risk of vulnerable code being pushed to production in the future?

CompTIA's CAS-005 Which of the following is the best reason for obtaining file hashes from a confiscated laptop?

CompTIA's CAS-005 A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation. Which of the following metric groups would the analyst need to determine to get the overall scores? (Choose three.) E. Base F. Environmental G. Impact H. Attack vector

CompTIA's CAS-005 Which of the following describes how a risk assessment is performed when an organization has a critical vendor that provides multiple products?

CompTIA's CAS-005 A security engineer is performing a vulnerability management scan on multihomed Linux systems. The engineer notices that the vulnerability count is high due to the fact that each vulnerability is multiplied by the number of NICs on each system. Which of the following should the engineer do to deduplicate the vulnerabilities and to associate the vulnerabilities with a particular host?

CompTIA's CAS-005 Which of the following best describes a risk associated with using facial recognition to locally authenticate to a mobile device?

CompTIA's CAS-005 The principal security analyst for a global manufacturer is investigating a security incident related to abnormal behavior in the ICS network. A controller was restarted as part of the troubleshooting process, and the following issue was identified when the controller was restarted:SECURE BOOT FAILED:FIRMWARE MISMATCH EXPECTED UXFDC479 ACTUAL 0x79F31BDuring the investigation, this modified firmware version was identified on several other controllers at the site. The official vendor firmware versions do not have this checksum. Which of the following stages of the MITRE ATT&CK framework for ICS includes this technique?

CompTIA's CAS-005 A web service provider has just taken on a very large contract that comes with requirements that are currently not being implemented. In order to meet contractual requirements, the company must achieve the following thresholds:99.99% uptimeLoad time in 3 seconds -Response time = <1.0 seconds -Starting with the computing environment, which of the following should a security engineer recommend to best meet the requirements? (Choose three.) E. Lowering storage input/output F. Implementing RAID on the backup servers G. Utilizing redundant power for all developer workstations

CompTIA's CAS-005 An analyst is working to address a potential compromise of a corporate endpoint and discovers the attacker accessed a user's credentials. However, it is unclear if the system baseline was modified to achieve persistence. Which of the following would most likely support forensic activities in this scenario?

CompTIA's CAS-005 A company is decommissioning old servers and hard drives that contain sensitive data. Which of the following best protects against data leakage?

CompTIA's CAS-005 An engineer has had scaling issues with a web application hosted on premises and would like to move to a serverless architecture. Which of the following cloud benefits would be best to utilize for this project?

CompTIA's CAS-005 An organization needs to classify its systems and data in accordance with external requirements. Which of the following roles is best qualified to perform this task? E. Data steward

CompTIA's CAS-005 A company is developing an application that will be used to perform e-commerce transactions for a subscription-based service. The application must be able to use previously saved payment methods to perform recurring transactions. Which of the following is the most appropriate? E. Address space layout randomization

CompTIA's CAS-005 A security technician is trying to connect a remote site to the central office over a site-to-site VPN. The technician has verified the source and destination IP addresses are correct, but the technician is unable to get the remote site to connect. The following error message keeps repeating:An error has occurred during Phase 1 handshake. Deleting keys and retrying...Which of the following is most likely the reason the connection is failing?

CompTIA's CAS-005 A security analyst received the following finding from a cloud security assessment tool:Virtual Machine Data Disk is encrypted with the default encryption key.Because the organization hosts highly sensitive data files, regulations dictate it must be encrypted so It is unreadable to the CSP. Which of the following should be implemented to remediate the finding and meet the regulatory requirement? (Choose two.) E. File-level encryption with customer-provided keys F. Disk-level encryption with a cross-signed certificate