• Home
  • Articles
  • Real CompTIA CAS-005 Exam Questions Study Guide [Q23-Q42]

Real CompTIA CAS-005 Exam Questions Study Guide [Q23-Q42]

Share

Real CompTIA CAS-005 Exam Questions Study Guide

Updated and Accurate CAS-005 Questions for passing the exam Quickly

NEW QUESTION # 23
An organization is required to
* Respond to internal and external inquiries in a timely manner
* Provide transparency.
* Comply with regulatory requirements
The organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?

  • A. Outsourcing the handling of necessary regulatory filing to an external consultant
  • B. Developing communication templates that have been vetted by internal and external counsel
  • C. Conducting lessons-learned activities and integrating observations into the crisis management plan
  • D. Integrating automated response mechanisms into the data subject access request process

Answer: B

Explanation:
Preparing communication templates that have been vetted by both internal and external counsel ensures that the organization can respond quickly and effectively to internal and external inquiries, comply with regulatory requirements, and provide transparency in the event of a breach.
Why Communication Templates?
* Timely Response: Pre-prepared templates ensure that responses are ready to be deployed quickly, reducing response time.
* Regulatory Compliance: Templates vetted by counsel ensure that all communications meet legal and regulatory requirements.
* Consistent Messaging: Ensures that all responses are consistent, clear, and accurate, maintaining the organization's credibility.
* Crisis Management: Pre-prepared templates are a critical component of a broader crisis management plan, ensuring that all stakeholders are informed appropriately.
Other options, while useful, do not provide the same level of preparedness and compliance:
* A. Outsourcing to an external consultant: This may delay response times and lose internal control over the communication.
* B. Integrating automated response mechanisms: Useful for efficiency but not for ensuring compliant and vetted responses.
* D. Conducting lessons-learned activities: Important for improving processes but does not provide immediate preparedness for communication.
References:
* CompTIA SecurityX Study Guide
* NIST Special Publication 800-61 Revision 2, "Computer Security Incident Handling Guide"
* ISO/IEC 27002:2013, "Information technology - Security techniques - Code of practice for information security controls"


NEW QUESTION # 24
An organization wants to implement a platform to better identify which specific assets are affected by a given vulnerability. Which of the following components provides the best foundation to achieve this goal?

  • A. CMDB
  • B. SLM
  • C. SBoM
  • D. SASE

Answer: A

Explanation:
A Configuration Management Database (CMDB) provides the best foundation for identifying which specific assets are affected by a given vulnerability. A CMDB maintains detailed information about the IT environment, including hardware, software, configurations, and relationships between assets. This comprehensive view allows organizations to quickly identify and address vulnerabilities affecting specific assets.
References:
* CompTIA SecurityX Study Guide: Discusses the role of CMDBs in asset management and vulnerability identification.
* ITIL (Information Technology Infrastructure Library) Framework: Recommends the use of CMDBs for effective configuration and asset management.
* "Configuration Management Best Practices" by Bob Aiello and Leslie Sachs: Covers the importance of
* CMDBs in managing IT assets and addressing vulnerabilities.


NEW QUESTION # 25
A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:

Which of the following is the most appropriate action for the analyst to take?

  • A. implement automation to disable accounts that nave been associated with high-risk activity.
  • B. Have the admin account owner change their password to avoid credential stuffing.
  • C. Block employees from logging in to applications that are not part of their business area.
  • D. Update the log configuration settings on the directory server that Is not being captured properly.

Answer: A

Explanation:
The log-in activity indicates a security threat, particularly involving the ADMIN account with a high-risk failure status. This suggests that the account may be targeted by malicious activities such as credential stuffing or brute force attacks.
* Updating log configuration settings (A) may help in better logging future activities but does not
* address the immediate threat.
* Changing the admin account password (B) is a good practice but may not fully mitigate the ongoing threat if the account has already been compromised.
* Blocking employees (C) from logging into non-business applications might help in reducing attack surfaces but doesn't directly address the compromised account issue.
Implementing automation to disable accounts associated with high-risk activities ensures an immediate response to the detected threat, preventing further unauthorized access and allowing time for thorough investigation and remediation.
References:
* CompTIA SecurityX guide on incident response and account management.
* Best practices for handling compromised accounts.
* Automation tools and techniques for security operations centers (SOCs).


NEW QUESTION # 26
A security engineer needs to review the configurations of several devices on the network to meet the following requirements:
* The PostgreSQL server must only allow connectivity in the 10.1.2.0/24 subnet.
* The SSH daemon on the database server must be configured to listen
to port 4022.
* The SSH daemon must only accept connections from a Single
workstation.
* All host-based firewalls must be disabled on all workstations.
* All devices must have the latest updates from within the past eight
days.
* All HDDs must be configured to secure data at rest.
* Cleartext services are not allowed.
* All devices must be hardened when possible.
Instructions:
Click on the various workstations and network devices to review the posture assessment results. Remediate any possible issues or indicate that no issue is found.
Click on Server A to review output data. Select commands in the appropriate tab to remediate connectivity problems to the pOSTGREsql DATABASE VIA ssh

WAP A

PC A

Laptop A

Switch A

Switch B:

Laptop B

PC B

PC C

Server A




Answer:

Explanation:
See the Explanation below for the solution.
Explanation:
WAP A: No issue found. The WAP A is configured correctly and meets the requirements.
PC A = Enable host-based firewall to block all traffic
This option will turn off the host-based firewall and allow all traffic to pass through. This will comply with the requirement and also improve the connectivity of PC A to other devices on the network. However, this option will also reduce the security of PC A and make it more vulnerable to attacks. Therefore, it is recommended to use other security measures, such as antivirus, encryption, and password complexity, to protect PC A from potential threats.
Laptop A: Patch management
This option will install the updates that are available for Laptop A and ensure that it has the most recent security patches and bug fixes. This will comply with the requirement and also improve the performance and stability of Laptop A. However, this option may also require a reboot of Laptop A and some downtime during the update process. Therefore, it is recommended to backup any important data and close any open applications before applying the updates.
Switch A: No issue found. The Switch A is configured correctly and meets the requirements.
Switch B: No issue found. The Switch B is configured correctly and meets the requirements.
Laptop B: Disable unneeded services
This option will stop and disable the telnet service that is using port 23 on Laptop B. Telnet is a cleartext service that transmits data in plain text over the network, which exposes it to eavesdropping, interception, and modification by attackers. By disabling the telnet service, you will comply with the requirement and also improve the security of Laptop B. However, this option may also affect the functionality of Laptop B if it needs to use telnet for remote administration or other purposes. Therefore, it is recommended to use a secure alternative to telnet, such as SSH or HTTPS, that encrypts the data in transit.
PC B: Enable disk encryption
This option will encrypt the HDD of PC B using a tool such as BitLocker or VeraCrypt. Disk encryption is a technique that protects data at rest by converting it into an unreadable format that can only be decrypted with a valid key or password. By enabling disk encryption, you will comply with the requirement and also improve the confidentiality and integrity of PC B's data. However, this option may also affect the performance and usability of PC B, as it requires additional processing time and user authentication to access the encrypted data. Therefore, it is recommended to backup any important data and choose a strong key or password before encrypting the disk.
PC C: Disable unneeded services
This option will stop and disable the SSH daemon that is using port 22 on PC C. SSH is a secure service that allows remote access and command execution over an encrypted channel. However, port 22 is the default and well-known port for SSH, which makes it a common target for brute-force attacks and port scanning. By disabling the SSH daemon on port 22, you will comply with the requirement and also improve the security of PC C. However, this option may also affect the functionality of PC C if it needs to use SSH for remote administration or other purposes. Therefore, it is recommended to enable the SSH daemon on a different port, such as 4022, by editing the configuration file using the following command:
sudo nano /etc/ssh/sshd_config
Server A. Need to select the following:
A black and white screen with white text Description automatically generated


NEW QUESTION # 27
An engineering team determines the cost to mitigate certain risks is higher than the asset values The team must ensure the risks are prioritized appropriately. Which of the following is the best way to address the issue?

  • A. Data labeling
  • B. Vulnerability assessments
  • C. Branch protection
  • D. Purchasing insurance

Answer: D

Explanation:
When the cost to mitigate certain risks is higher than the asset values, the best approach is to purchase insurance. This method allows the company to transfer the risk to an insurance provider, ensuring that financial losses are covered in the event of an incident. This approach is cost-effective and ensures that risks are prioritized appropriately without overspending on mitigation efforts.
References:
* CompTIA SecurityX Study Guide: Discusses risk management strategies, including risk transfer through insurance.
* NIST Risk Management Framework (RMF): Highlights the use of insurance as a risk mitigation strategy.
* "Information Security Risk Assessment Toolkit" by Mark Talabis and Jason Martin: Covers risk management practices, including the benefits of purchasing insurance.


NEW QUESTION # 28
A company that relies on an COL system must keep it operating until a new solution is available Which of the following is the most secure way to meet this goal?

  • A. Restricting system access to perform necessary maintenance by the IT team
  • B. Placing the system in a screened subnet and blocking access from internal resources
  • C. Enforcing strong credentials and improving monitoring capabilities
  • D. Isolating the system and enforcing firewall rules to allow access to only required endpoints

Answer: D

Explanation:
To ensure the most secure way of keeping a legacy system (COL) operating until a new solution is available, isolating the system and enforcing strict firewall rules is the best approach. This method minimizes the attack surface by restricting access to only the necessary endpoints, thereby reducing the risk of unauthorized access and potential security breaches. Isolating the system ensures that it is not exposed to the broader network, while firewall rules control the traffic that can reach the system, providing a secure environment until a replacement is implemented.
References:
* CompTIA SecurityX Study Guide: Recommends network isolation and firewall rules as effective measures for securing legacy systems.
* NIST Special Publication 800-82, "Guide to Industrial Control Systems (ICS) Security": Advises on isolating critical systems and using firewalls to control access.
* "Network Security Assessment" by Chris McNab: Discusses techniques for isolating systems and enforcing firewall rules to protect vulnerable or legacy systems.
By isolating the system and implementing strict firewall controls, the organization can maintain the necessary operations securely while working on deploying a new solution.


NEW QUESTION # 29
A security engineer needs 10 secure the OT environment based on me following requirements
* Isolate the OT network segment
* Restrict Internet access.
* Apply security updates two workstations
* Provide remote access to third-party vendors
Which of the following design strategies should the engineer implement to best meet these requirements?

  • A. Create a staging environment on the OT network for the third-party vendor to access and enable automatic updates on the workstations.
  • B. Deploy a jump box on the third party network to access the OT environment and provide updates using a physical delivery method on the workstations
  • C. Implement a bastion host in the OT network with security tools in place to monitor access and use a dedicated update server for the workstations.
  • D. Enable outbound internet access on the OT firewall to any destination IP address and use the centralized update server for the workstations

Answer: C

Explanation:
To secure the Operational Technology (OT) environment based on the given requirements, the best approach is to implement a bastion host in the OT network. The bastion host serves as a secure entry point for remote access, allowing third-party vendors to connect while being monitored by security tools. Using a dedicated update server for workstations ensures that security updates are applied in a controlled manner without direct internet access.
References:
* CompTIA SecurityX Study Guide: Recommends the use of bastion hosts and dedicated update servers for securing OT environments.
* NIST Special Publication 800-82, "Guide to Industrial Control Systems (ICS) Security": Advises on isolating OT networks and using secure remote access methods.
* "Industrial Network Security" by Eric D. Knapp and Joel Thomas Langill: Discusses strategies for securing OT networks, including the use of bastion hosts and update servers.


NEW QUESTION # 30
A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries Which of the following should the organization most likely leverage to facilitate this activity? (Select two).

  • A. STIX
  • B. YAKA
  • C. TAXII
  • D. CWPP
  • E. JTAG
  • F. ATTACK

Answer: A,C

Explanation:
* D. STIX (Structured Threat Information eXpression): STIX is a standardized language for representing threat information in a structured and machine-readable format. It facilitates the sharing of threat intelligence by ensuring that data is consistent and can be easily understood by all parties involved.
* E. TAXII (Trusted Automated eXchange of Indicator Information): TAXII is a transport mechanism that enables the sharing of cyber threat information over a secure and trusted network. It works in conjunction with STIX to automate the exchange of threat intelligence among organizations.
Other options:
* A. CWPP (Cloud Workload Protection Platform): This focuses on securing cloud workloads and is not directly related to threat intelligence sharing.
* B. YARA: YARA is used for malware research and identifying patterns in files, but it is not a platform for sharing threat intelligence.
* C. ATT&CK: This is a knowledge base of adversary tactics and techniques but does not facilitate the sharing of threat intelligence data.
* F. JTAG: JTAG is a standard for testing and debugging integrated circuits, not related to threat intelligence.
References:
* CompTIA Security+ Study Guide
* "STIX and TAXII: The Backbone of Threat Intelligence Sharing" by MITRE
* NIST SP 800-150, "Guide to Cyber Threat Information Sharing"


NEW QUESTION # 31
A network engineer must ensure that always-on VPN access is enabled Curt restricted to company assets Which of the following best describes what the engineer needs to do''

  • A. Generate device certificates using the specific template settings needed
  • B. Modify signing certificates in order to support IKE version 2
  • C. Add the VPN hostname as a SAN entry on the root certificate
  • D. Create a wildcard certificate for connections from public networks

Answer: A

Explanation:
To ensure always-on VPN access is enabled and restricted to company assets, the network engineer needs to generate device certificates using the specific template settings required for the company's VPN solution.
These certificates ensure that only authorized devices can establish a VPN connection.
Why Device Certificates are Necessary:
* Authentication: Device certificates authenticate company assets, ensuring that only authorized devices can access the VPN.
* Security: Certificates provide a higher level of security compared to username and password combinations, reducing the risk of unauthorized access.
* Compliance: Certificates help in meeting security policies and compliance requirements by ensuring that only managed devices can connect to the corporate network.
Other options do not provide the same level of control and security for always-on VPN access:
* B. Modify signing certificates for IKE version 2: While important for VPN protocols, it does not address device-specific authentication.
* C. Create a wildcard certificate: This is not suitable for device-specific authentication and could introduce security risks.
* D. Add the VPN hostname as a SAN entry: This is more related to certificate management and does not ensure device-specific authentication.
References:
* CompTIA SecurityX Study Guide
* "Device Certificates for VPN Access," Cisco Documentation
* NIST Special Publication 800-77, "Guide to IPsec VPNs"


NEW QUESTION # 32
A hospital provides tablets to its medical staff to enable them to more quickly access and edit patients' charts.
The hospital wants to ensure that if a tablet is Identified as lost or stolen and a remote command is issued, the risk of data loss can be mitigated within seconds. The tablets are configured as follows to meet hospital policy
* Full disk encryption is enabled
* "Always On" corporate VPN is enabled
* ef-use-backed keystore is enabled'ready.
* Wi-Fi 6 is configured with SAE.
* Location services is disabled.
*Application allow list is configured

  • A. Performing cryptographic obfuscation
  • B. Returning on the device's solid-state media to zero
  • C. Using geolocation to find the device
  • D. Configuring the application allow list to only per mil emergency calls
  • E. Revoking the user certificates used for VPN and Wi-Fi access

Answer: B

Explanation:
To mitigate the risk of data loss on a lost or stolen tablet quickly, the most effective strategy is to return the device's solid-state media to zero, which effectively erases all data on the device. Here's why:
* Immediate Data Erasure: Returning the solid-state media to zero ensures that all data is wiped instantly, mitigating the risk of data loss if the device is lost or stolen.
* Full Disk Encryption: Even though the tablets are already encrypted, physically erasing the data
* ensures that no residual data can be accessed if someone attempts to bypass encryption.
* Compliance and Security: This method adheres to best practices for data security and compliance, ensuring that sensitive patient data cannot be accessed by unauthorized parties.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-88: Guidelines for Media Sanitization
* ISO/IEC 27002:2013 - Information Security Management


NEW QUESTION # 33
Which of the following best explains the importance of determining organization risk appetite when operating with a constrained budget?

  • A. Budgetary pressure drives risk mitigation planning in all companies
  • B. Risk appetite directly influences which breaches are disclosed publicly
  • C. Risk appetite directly impacts acceptance of high-impact low-likelihood events.
  • D. Organizational risk appetite varies from organization to organization

Answer: C

Explanation:
Risk appetite is the amount of risk an organization is willing to accept to achieve its objectives. When operating with a constrained budget, understanding the organization's risk appetite is crucial because:
* It helps prioritize security investments based on the level of risk the organization is willing to tolerate.
* High-impact, low-likelihood events may be deemed acceptable if they fall within the organization's risk appetite, allowing for budget allocation to other critical areas.
* Properly understanding and defining risk appetite ensures that limited resources are used effectively to manage risks that align with the organization's strategic goals.
References:
* CompTIA Security+ Study Guide
* NIST Risk Management Framework (RMF) guidelines
* ISO 31000, "Risk Management - Guidelines"


NEW QUESTION # 34
Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network A network engineer observes the following:
* Users should be redirected to the captive portal.
* The Motive portal runs Tl. S 1 2
* Newer browser versions encounter security errors that cannot be bypassed
* Certain websites cause unexpected re directs
Which of the following mow likely explains this behavior?

  • A. Employment of the HSTS setting is proliferating rapidly.
  • B. The TLS ciphers supported by the captive portal ate deprecated
  • C. Allowed traffic rules are causing the NIPS to drop legitimate traffic
  • D. An attacker is redirecting supplicants to an evil twin WLAN.

Answer: B

Explanation:
The most likely explanation for the issues encountered with the captive portal is that the TLS ciphers supported by the captive portal are deprecated. Here's why:
* TLS Cipher Suites: Modern browsers are continuously updated to support the latest security standards and often drop support for deprecated and insecure cipher suites. If the captive portal uses outdated TLS ciphers, newer browsers may refuse to connect, causing security errors.
* HSTS and Browser Security: Browsers with HTTP Strict Transport Security (HSTS) enabled will not allow connections to sites with weak security configurations. Deprecated TLS ciphers would cause these browsers to block the connection.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-52: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations
* OWASP Transport Layer Protection Cheat Sheet
By updating the TLS ciphers to modern, supported ones, the security engineer can ensure compatibility with newer browser versions and resolve the connectivity issues reported by users.


NEW QUESTION # 35
After remote desktop capabilities were deployed in the environment, various vulnerabilities were noticed.
* Exfiltration of intellectual property
* Unencrypted files
* Weak user passwords
Which of the following is the best way to mitigate these vulnerabilities? (Select two).

  • A. Implementing a version control system
  • B. Enabling modem authentication that supports MFA
  • C. Restricting access to critical file services only
  • D. Deploying file integrity monitoring
  • E. Deploying directory-based group policies
  • F. Implementing data loss prevention
  • G. Implementing a CMDB platform

Answer: B,F

Explanation:
To mitigate the identified vulnerabilities, the following solutions are most appropriate:
* A. Implementing data loss prevention (DLP): DLP solutions help prevent the unauthorized transfer of data outside the organization. This directly addresses the exfiltration of intellectual property by monitoring, detecting, and blocking sensitive data transfers.
* E. Enabling modern authentication that supports Multi-Factor Authentication (MFA): This significantly enhances security by requiring additional verification methods beyond just passwords. It addresses the issue of weak user passwords by making it much harder for unauthorized users to gain access, even if they obtain the password.
Other options, while useful in specific contexts, do not address all the vulnerabilities mentioned:
* B. Deploying file integrity monitoring helps detect changes to files but does not prevent data exfiltration or address weak passwords.
* C. Restricting access to critical file services improves security but is not comprehensive enough to mitigate all identified vulnerabilities.
* D. Deploying directory-based group policies can enforce security policies but might not directly prevent data exfiltration or ensure strong authentication.
* F. Implementing a version control system helps manage changes to files but is not a security measure for preventing the identified vulnerabilities.
* G. Implementing a CMDB platform (Configuration Management Database) helps manage IT assets but does not address the specific security issues mentioned.
References:
* CompTIA Security+ Study Guide
* NIST SP 800-53 Rev. 5, "Security and Privacy Controls for Information Systems and Organizations"
* CIS Controls, "Control 13: Data Protection" and "Control 16: Account Monitoring and Control"


NEW QUESTION # 36
A senior security engineer flags me following log file snippet as hawing likely facilitated an attacker's lateral movement in a recent breach:

Which of the following solutions, if implemented, would mitigate the nsk of this issue reoccurnnp?

  • A. Disabling DNS zone transfers
  • B. Restricting DNS traffic to UDP'W
  • C. Implementing DNS masking on internal servers
  • D. Permitting only clients from internal networks to query DNS

Answer: A

Explanation:
The log snippet indicates a DNS AXFR (zone transfer) request, which can be exploited by attackers to gather detailed information about an internal network's infrastructure. Disabling DNS zone transfers is the best solution to mitigate this risk. Zone transfers should generally be restricted to authorized secondary DNS servers and not be publicly accessible, as they can reveal sensitive network information that facilitates lateral movement during an attack.
References:
* CompTIA SecurityX Study Guide: Discusses the importance of securing DNS configurations, including restricting zone transfers.
* NIST Special Publication 800-81, "Secure Domain Name System (DNS) Deployment Guide":
Recommends restricting or disabling DNS zone transfers to prevent information leakage.


NEW QUESTION # 37
A security analyst is troubleshooting the reason a specific user is having difficulty accessing company resources The analyst reviews the following information:

Which of the following is most likely the cause of the issue?

  • A. The local network access has been configured to bypass MFA requirements.
  • B. A network geolocation is being misidentified by the authentication server
  • C. Administrator access from an alternate location is blocked by company policy
  • D. Several users have not configured their mobile devices to receive OTP codes

Answer: B

Explanation:
The table shows that the user "SALES1" is consistently blocked despite having met the MFA requirements.
The common factor in these blocked attempts is the source IP address (8.11.4.16) being identified as from Germany while the user is assigned to France. This discrepancy suggests that the network geolocation is being misidentified by the authentication server, causing legitimate access attempts to be blocked.
Why Network Geolocation Misidentification?
* Geolocation Accuracy: Authentication systems often use IP geolocation to verify the location of access attempts. Incorrect geolocation data can lead to legitimate requests being denied if they appear to come from unexpected locations.
* Security Policies: Company security policies might block access attempts from certain locations to prevent unauthorized access. If the geolocation is wrong, legitimate users can be inadvertently blocked.
* Consistent Pattern: The user "SALES1" from the IP address 8.11.4.16 is always blocked, indicating a consistent issue with geolocation.
Other options do not align with the pattern observed:
* A. Bypass MFA requirements: MFA is satisfied, so bypassing MFA is not the issue.
* C. Administrator access policy: This is about user access, not specific administrator access.
* D. OTP codes: The user has satisfied MFA, so OTP code configuration is not the issue.
References:
* CompTIA SecurityX Study Guide
* "Geolocation and Authentication," NIST Special Publication 800-63B
* "IP Geolocation Accuracy," Cisco Documentation


NEW QUESTION # 38
A news organization wants to implement workflows that allow users to request that untruthful data be retraced and scrubbed from online publications to comply with the right to be forgotten Which of the following regulations is the organization most likely trying to address'

  • A. CCPA
  • B. DORA
  • C. GDPR
  • D. COPPA

Answer: C

Explanation:
The General Data Protection Regulation (GDPR) is the regulation most likely being addressed by the news organization. GDPR includes provisions for the "right to be forgotten," which allows individuals to request the deletion of personal data that is no longer necessary for the purposes for which it was collected. This regulation aims to protect the privacy and personal data of individuals within the European Union.
References:
* CompTIA SecurityX Study Guide: Covers GDPR and its requirements, including the right to be forgotten.
* GDPR official documentation: Details the rights of individuals, including data erasure and the right to be forgotten.
* "GDPR: A Practical Guide to the General Data Protection Regulation" by IT Governance Privacy Team:
Provides a comprehensive overview of GDPR compliance, including workflows for data deletion requests.


NEW QUESTION # 39
A user submits a help desk ticket stating then account does not authenticate sometimes. An analyst reviews the following logs for the user:
Which of the following best explains the reason the user's access is being denied?

  • A. Time-based access restrictions
  • B. incorrectly typed password
  • C. Invalid user-to-device bindings
  • D. Account compromise

Answer: A

Explanation:
The logs reviewed for the user indicate that access is being denied due to time-based access restrictions. These restrictions are commonly implemented to limit access to systems during specific hours to enhance security. If a user attempts to authenticate outside of the allowed time window, access will be denied. This measure helps prevent unauthorized access during non-business hours, reducing the risk of security incidents.
References:
* CompTIA SecurityX Study Guide: Covers various access control methods, including time-based restrictions, as a means of enhancing security.
* NIST Special Publication 800-53, "Security and Privacy Controls for Information Systems and Organizations": Recommends the use of time-based access restrictions as part of access control policies.
* "Access Control and Identity Management" by Mike Chapple and Aaron French: Discusses the implementation and benefits of time-based access restrictions.


NEW QUESTION # 40
The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep.
Which of the following solutions are the best ways to mitigate this issue? (Select two).
Setting different access controls defined by business area

  • A. Performing periodic access reviews
  • B. Establishing a mandatory vacation policy
  • C. Implementing a role-based access policy
  • D. Requiring periodic job rotation
  • E. Designing a least-needed privilege policy

Answer: A,C

Explanation:
To mitigate the issue of excessive permissions and privilege creep, the best solutions are:
* Implementing a Role-Based Access Policy:
* Role-Based Access Control (RBAC): This policy ensures that access permissions are granted based on the user's role within the organization, aligning with the principle of least privilege.
Users are only granted access necessary for their role, reducing the risk of excessive permissions.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations
* Performing Periodic Access Reviews:
* Regular Audits: Periodic access reviews help identify and rectify instances of privilege creep by ensuring that users' access permissions are appropriate for their current roles. These reviews can highlight unnecessary or outdated permissions, allowing for timely adjustments.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* ISO/IEC 27001:2013 - Information Security Management


NEW QUESTION # 41
You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.
The company's hardening guidelines indicate the following:
There should be one primary server or service per device.
Only default ports should be used.
Non-secure protocols should be disabled.
INSTRUCTIONS
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.
For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:
The IP address of the device
The primary server or service of the device (Note that each IP should by associated with one service/port only) The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines) If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:
See explanation below.
Explanation:
10.1.45.65 SFTP Server Disable 8080
10.1.45.66 Email Server Disable 415 and 443
10.1.45.67 Web Server Disable 21, 80
10.1.45.68 UTM Appliance Disable 21


NEW QUESTION # 42
......

Prepare Important Exam with CAS-005 Exam Dumps: https://certkingdom.preppdf.com/CompTIA/CAS-005-prepaway-exam-dumps.html

Related Articles

more
CompTIA CAS-005 Certification Practice Exam