Free Preparation Discussions
MENU
CompTIA CAS-005 Exam Questions
- Topic 1: Governance, Risk, and Compliance: This section of the exam measures the skills of CompTIA security architects that cover the implementation of governance components based on organizational security requirements, including developing policies, procedures, and standards. Candidates will learn about managing security programs, including awareness training on phishing and social engineering.
- Topic 2: Security Architecture: This domain focuses on analyzing requirements to design resilient systems, including the configuration of firewalls and intrusion detection systems.
- Topic 3: Security Engineering: This section measures the skills of CompTIA security architects that involve troubleshooting common issues related to identity and access management (IAM) components within an enterprise environment. Candidates will analyze requirements to enhance endpoint and server security while implementing hardware security technologies. This domain also emphasizes the importance of advanced cryptographic concepts in securing systems.
- Topic 4: Security Operations: This domain is designed for CompTIA security architects and covers analyzing data to support monitoring and response activities, as well as assessing vulnerabilities and recommending solutions to reduce attack surfaces. Candidates will apply threat-hunting techniques and utilize threat intelligence concepts to enhance operational security.
Free CompTIA CAS-005 Exam Actual Questions
Note: Premium Questions for CAS-005 were last updated On Jun. 18, 2025 (see below)
[Security Architecture]
A security analyst Detected unusual network traffic related to program updating processes The analyst collected artifacts from compromised user workstations. The discovered artifacts were binary files with the same name as existing, valid binaries but. with different hashes which of the following solutions would most likely prevent this situation from reoccurring?
Implementing digital signatures ensures the integrity and authenticity of software binaries. When a binary is digitally signed, any tampering with the file (e.g., replacing it with amalicious version) would invalidate the signature. This allows systems to verify the origin and integrity of binaries before execution, preventing the execution of unauthorized or compromised binaries.
A . Improving patching processes: While important, this does not directly address the issue of verifying the integrity of binaries.
B . Implementing digital signatures: This ensures that only valid, untampered binaries are executed, preventing attackers from substituting legitimate binaries with malicious ones.
C . Performing manual updates via USB ports: This is not practical and does not scale well, especially in large environments.
D . Allowing only files from internal sources: This reduces the risk but does not provide a mechanism to verify the integrity of binaries.
CompTIA Security+ Study Guide
NIST SP 800-57, 'Recommendation for Key Management'
OWASP (Open Web Application Security Project) guidelines on code signing
[Security Architecture]
An organization is prioritizing efforts to remediate or mitigate risks identified during the latest assessment. For one of the risks, a full remediation was not possible, but the organization was able to successfully apply mitigations to reduce the likelihood of the impact. Which of the following should the organization perform next?
After applying mitigations that reduce the likelihood of a risk's impact, the next step is toassess the residual risk---the risk that remains after controls are implemented. This ensures the organization understands if the mitigation is sufficient or if further action is needed, aligning with risk management best practices.
Option A:Correct---residual risk assessment is the logical next step to evaluate the effectiveness of mitigations.
Option B:Updating the threat model might follow but isn't immediate; residual risk comes first.
Option C:Moving to the next risk skips evaluating the current mitigation's success.
Option D:Recalculating impact magnitude is part of residual risk assessment but isn't the full process.
A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?
The best solution to harden a three-tier environment (web, database, and application servers) is to implement microsegmentation on the server VLANs. Here's why:
Enhanced Security: Microsegmentation creates granular security zones within the data center, allowing for more precise control over east-west traffic between servers. This helps prevent lateral movement by attackers who may gain access to one part of the network.
Isolation of Tiers: By segmenting the web, database, and application servers, the organization can apply specific security policies and controls to each segment, reducing the risk of cross-tier attacks.
Compliance and Best Practices: Microsegmentation aligns with best practices for network security and helps meet compliance requirements by ensuring that sensitive data and systems are properly isolated and protected.
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-125: Guide to Security for Full Virtualization Technologies
CIS Controls: Control 12 - Boundary Defense
An analyst reviews a SIEM and generates the following report:
Only HOST002 is authorized for internet traffic. Which of the following statements is accurate?
Comprehensive and Detailed
Understanding the Security Event:
HOST002 is the only device authorized for internet traffic. However, the SIEM logs show that VM002 is making network connections to web.corp.local.
This indicates unauthorized access, which could be a sign of lateral movement or network infection.
This is a red flag for potential malware, unauthorized software, or a compromised host.
Why Option D is Correct:
Unusual network traffic patterns are often an indicator of a compromised system.
VM002 should not be communicating externally, but it is.
This suggests a possible breach or malware infection attempting to communicate with a command-and-control (C2) server.
Why Other Options Are Incorrect:
A (Misconfiguration): While a misconfiguration could explain the unauthorized connections, the pattern of activity suggests something more malicious.
B (Security incident on HOST002): The issue is not with HOST002. The suspicious activity is from VM002.
C (False positives): The repeated pattern of unauthorized connections makes false positives unlikely.
CompTIA SecurityX CAS-005 Official Study Guide: Chapter on SIEM & Incident Analysis
MITRE ATT&CK Tactics: Lateral Movement & Network-based Attacks
A developer makes a small change to a resource allocation module on a popular social media website and causes a memory leak. During a peak utilization period, several web servers crash, causing the website to go offline. Which of the following testing techniques is the most efficient way to prevent this from reoccurring?
Comprehensive and Detailed Step-by-Step
Regression testing ensures that new changes do not break existing functionality. It would have identified the memory leak before deployment, preventing downtime.
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Stanford
12 days agoRessie
1 months agoMillie
2 months agoLouis
3 months agoJacqueline
4 months agoMaryann
5 months agoNobuko
5 months agoOzell
6 months agoSanda
6 months agoViola
6 months agoPortia
7 months agoKristel
7 months agoBrandon
7 months agoLouvenia
7 months ago