COMPTIA-SECURITYX

CompTIA's CAS-005 A security officer performs due diligence activities before implementing a third-party solution into the enterprise environment. The security officer needs evidence from the third party that a data subject access request handling process is in place. Which of the following is the security officer most likely seeking to maintain compliance? E. Reporting frameworks

CompTIA's CAS-005 An administrator needs to craft a single certificate-signing request for a web-server certificate. The server should be able to use the following identities to mutually authenticate other resources over TLS:• www.int.comptia.org• webserver01 .int.comptia.org• 10.5.100.10Which of the following certificate fields must be set properly to support this objective?

CompTIA's CAS-005 A compliance officer is facilitating a business impact analysis and wants business unit leaders to collect meaningful data. Several business unit leaders want more information about the types of data the officer needs. Which of the following data types would be the most beneficial for the compliance officer? (Choose two.) E. Contingency plans F. Critical processes

CompTIA's CAS-005 An ISAC supplied recent threat intelligence information about pictures used on social media that provide reconnaissance of systems in use in secure facilities. In response, the Chief Information Security Officer (CISO) wants several configuration changes implemented via the MDM to ensure the following:• Camera functions and location services are blocked for corporate mobile devices.• All social media is blocked on the corporate and guest wireless networks.Which of the following is the CISO practicing to safeguard against the threat?

CompTIA's CAS-005 A company needs to define a new road map for improving secure coding practices in the software development life cycle and implementing better security standards. Which of the following is the best way for the company to achieve this goal?

CompTIA's CAS-005 A company wants to modify its process to comply with privacy requirements after an incident involving PII data in a development environment. In order to perform functionality tests, the QA team still needs to use valid data in the specified format. Which of the following best addresses the risk without impacting the development life cycle?

CompTIA's CAS-005 A global organization is reviewing potential vendors to outsource a critical payroll function. Each vendor's plan includes using local resources in multiple regions to ensure compliance with all regulations. The organization's Chief Information Security Officer is conducting a risk assessment on the potential outsourcing vendors' subprocessors. Which of the following best explains the need for this risk assessment?

CompTIA's CAS-005 An organization plans to deploy new software. The project manager compiles a list of roles that will be involved in different phases of the deployment life cycle. Which of the following should the project manager use to track these roles?

CompTIA's CAS-005 An organization decides to move to a distributed workforce model. Several legacy systems exist on premises and cannot be migrated because of existing compliance requirements. However, all new systems are required to be cloud-based. Which of the following would best ensure network access security?

CompTIA's CAS-005 While reviewing recent incident reports a security officer discovers that several employees were contacted by the same individual who impersonated a recruiter. Which of the following best describes this type of correlation?

CompTIA's CAS-005 A security engineer is reviewing the following vulnerability scan report:Which of the following should the engineer prioritize for remediation?

CompTIA's CAS-005 A company notices that cloud environment costs increased after using a new serverless solution based on API requests. Many invalid requests from unknown IPs were found, often within a short time. Which of the following solutions would most likely solve this issue, reduce cost, and improve security?

CompTIA's CAS-005 A company reduced its staff 60 days ago, and applications are now starting to fail. The security analyst is investigating to determine if there is malicious intent for the application failures. The security analyst reviews the following logs:Which of the following is the most likely reason for the application failures?

CompTIA's CAS-005 Source code snippets for two separate malware samples are shown below:Which of the following describes the most important observation about the two samples?

CompTIA's CAS-005 A security analyst received a notification from a cloud service provider regarding an attack detected on a web server. The cloud service provider shared the following information about the attack:• The attack came from inside the network.• The attacking source IP was from the internal vulnerability scanners• The scanner is not configured to target the cloud servers.Which of the following actions should the security analyst take first?

CompTIA's CAS-005 A security analyst is reviewing a SIEM and generates the following report:Later, the incident response team notices an attack was executed on the VM001 host. Which of the following should the security analyst do to enhance the alerting process on the SIEM platform?

CompTIA's CAS-005 A security administrator is performing a gap assessment against a specific OS benchmark. The benchmark requires the following configurations be applied to endpoints:• Full disk encryption• Host-based firewall• Time synchronization• Password policies• Application allow listing• Zero Trust application accessWhich of the following solutions best addresses the requirements? (Choose two.) E. SASE F. HIDS

CompTIA's CAS-005 A security analyst is reviewing the following authentication logs:Which of the following should the analyst do first?

CompTIA's CAS-005 During a recent audit, a company's systems were assessed Given the following information:Which of the following is the best way to reduce the attack surface?

CompTIA's CAS-005 A global manufacturing company has an internal application that is critical to making products. This application cannot be updated and must be available in the production area. A security architect is implementing security for the application. Which of the following best describes the action the architect should take?

CompTIA's CAS-005 A company wants to perform threat modeling on an internally developed, business-critical application. The Chief Information Security Officer (CISO) is most concerned that the application should maintain 99.999% availability and authorized users should only be able to gain access to data they are explicitly authorized to view. Which of the following threat-modeling frameworks directly addresses the CISO’s concerns about this system?

CompTIA's CAS-005 A company's internal network is experiencing a security breach and the threat actor is still active Due to business requirements, users in this environment are allowed to utilize multiple machines at the same time. Given the following log snippet:Which of the following accounts should a security analyst disable to best contain the incident without impacting valid users?

CompTIA's CAS-005 A security team is responding to malicious activity and needs to determine the scope of impact. The malicious activity appears to affect a certain version of an application used by the organization. Which of the following actions best enables the team to determine the scope of impact?

CompTIA's CAS-005 An organization recently implemented a policy that requires all passwords to be rotated every 90 days. An administrator sees a large volume of failed sign-on logs from multiple servers that are often accessed by users. The administrator determines users are disconnecting from the RDP session but not logging off. Which of the following should the administrator do to prevent account lockouts?

CompTIA's CAS-005 A security review revealed that not all of the client proxy traffic is being captured. Which of the following architectural changes best enables the capture of traffic for analysis?

CompTIA's CAS-005 A security architect is onboarding a new EDR agent on servers that traditionally do not have internet access. In order for the agent to receive updates and report back to the management console, some changes must be made. Which of the following should the architect do to best accomplish this requirement? (Choose two.) E. Create a firewall rule to only allow traffic from the subnet to the internet to fully qualified names that are not identified as malicious by the firewall vendor F. Configure a proxy policy that blocks only lists of known-bad fully qualified domain names

CompTIA's CAS-005 Due to an infrastructure optimization plan, a company has moved from a unified architecture to a federated architecture divided by region. Long-term employees now have a better experience, but new employees are experiencing major performance issues when traveling between regions. The company is reviewing the following information:Which of the following is the most effective action to remediate the issue?

CompTIA's CAS-005 A company hosts a platform-as-a-service solution with a web-based front end, through which customers interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks. Which of the following most directly supports the administrator’s objective?

CompTIA's CAS-005 A security officer received several complaints from users about excessive MFA push notifications at night. The security team investigates and suspects malicious activities regarding user account authentication. Which of the following is the best way for the security officer to restrict MFA notifications?

CompTIA's CAS-005 A security analyst is troubleshooting the reason a specific user is having difficulty accessing company resources. The analyst reviews the following information:Which of the following is most likely the cause of the issue?