CompTIA CAS-005 Exam Practice Test Instant Access

Question 1

A developer makes a small change to a resource allocation module on a popular social media website and causes a memory leak. During a peak utilization period, several web servers crash, causing the website to go offline. Which of the following testing techniques is the most efficient way to prevent this from reoccurring?

ALoad

BSmoke

CRegression

DCanary

Answer : C

Comprehensive and Detailed Step-by-Step

Regression testing ensures that new changes do not break existing functionality. It would have identified the memory leak before deployment, preventing downtime.

Question 2

A company reduced its staff 60 days ago, and applications are now starting to fail. The security analyst is investigating to determine if there is malicious intent for the application failures. The security analyst reviews the following logs:

Mar 5 22:09:50 akj3 sshd[21502]: Success login for userOl from 192.168.2.5

Mar 5 22:10:00 akj3 sshd[21502]: Failed login for userID from 192.168.2.5

Which of the following is the most likely reason for the application failures?

AThe user's account was set as a service account.

BThe user's home directory was deleted.

CThe user does not have sudo access.

DThe root password has been changed.

Answer : B

Comprehensive and Detailed Step-by-Step

When an employee leaves a company, their home directory might be deleted along with their account, leading to application failures if the directory contained configuration files, dependencies, or system scripts.

Question 3

A security engineer wants to stay up-to-date on new detections that are released on a regular basis. The engineer's organization uses multiple tools rather than one specific vendor security stack. Which of the following rule-based languages is the most appropriate to use as a baseline for detection rules with the multiple security tool setup?

ASigma

BYARA

CSnort

DRita

Answer : A

Comprehensive and Detailed Step-by-Step

Sigma (A) is a rule-based detection language that is vendor-agnostic, meaning it can be used across different SIEM (Security Information and Event Management) tools. Unlike YARA (B), which focuses on file-based detection, Sigma provides a standardized way to create rules that work across various security platforms.

Question 4

Source code snippets for two separate malware samples are shown below:

Sample 1:

knockEmDown(String e) {

if(target.isAccessed()) {

target.toShell(e);

System.out.printIn(e.toString());

c2.sendTelemetry(target.hostname.toString + " is " + e.toString());

} else {

target.close();

}

Sample 2:

targetSys(address a) {

if(address.islpv4()) {

address.connect(1337);

address.keepAlive("paranoid");

String status = knockEmDown(address.current);

remote.sendC2(address.current + " is " + status);

} else {

throw Exception e;

}

Which of the following describes the most important observation about the two samples?

ATelemetry is first buffered and then transmitted in paranoid mode.

BThe samples were probably written by the same developer.

CBoth samples use IP connectivity for command and control.

DSample 1 is the target agent while Sample 2 is the C2 server.

Answer : B

Comprehensive and Detailed Step-by-Step

Both samples share similar function names, variable naming styles, and logic flow, indicating that they were likely written by the same developer. This is a key observation in malware attribution, as cyber threat analysts often look for unique coding styles to link malware to specific threat actors.

The presence of C2 (Command and Control) communication in both samples supports this theory, as attackers often reuse parts of their own malware code across different attacks.

Question 5

A security officer performs due diligence activities before implementing a third-party solution into the enterprise environment. The security officer needs evidence from the third party that a data subject access request handling process is in place. Which of the following is the security officer most likely seeking to maintain compliance?

AInformation security standards

BE-discovery requirements

CPrivacy regulations

DCertification requirements

EReporting frameworks

Answer : C

Comprehensive and Detailed Step-by-Step

Privacy regulations (C), such as GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act), require companies to provide data subject access request (DSAR) handling processes. A DSAR allows individuals to request details about their personal data stored by a company and request modifications or deletions.

Information security standards (A) focus on overall security controls, while e-discovery requirements (B) relate to legal investigations rather than ongoing compliance.

Question 6

A company wants to protect against the most common attacks and rapidly integrate with different programming languages. Which of the following technologies is most likely to meet this need?

ARASP

BCloud-based IDE

CDAST

DNIPS

Answer : A

Comprehensive and Detailed Step-by-Step

Runtime Application Self-Protection (RASP) (A) monitors and protects applications in real time by detecting and blocking attacks as they occur. Unlike traditional security solutions, RASP is integrated into the application itself, meaning it works regardless of the programming language used. It effectively mitigates common vulnerabilities such as SQL injection, XSS, and buffer overflows.

Dynamic Application Security Testing (DAST) (C) is a passive scanning approach that may not prevent attacks in real-time, while Network Intrusion Prevention Systems (NIPS) (D) focuses on network traffic, not application-layer security.

Question 7

An organization has been using self-managed encryption keys rather than the free keys managed by the cloud provider. The Chief Information Security Officer (CISO) reviews the monthly bill and realizes the self-managed keys are more costly than anticipated. Which of the following should the CISO recommend to reduce costs while maintaining a strong security posture?

AUtilize an on-premises HSM to locally manage keys.

BAdjust the configuration for cloud provider keys on data that is classified as public.

CBegin using cloud-managed keys on all new resources deployed in the cloud.

DExtend the key rotation period to one year so that the cloud provider can use cached keys.

Answer : B

Comprehensive and Detailed Step by Step

Understanding the Scenario: The organization is using customer-managed encryption keys in the cloud, which is more expensive than using the cloud provider's free managed keys. The CISO needs to find a way to reduce costs without significantly weakening the security posture.

Analyzing the Answer Choices:

A . Utilize an on-premises HSM to locally manage keys: While on-premises HSMs offer strong security, they introduce additional costs and complexity (procurement, maintenance, etc.). This option is unlikely to reduce costs compared to cloud-based key management.

B . Adjust the configuration for cloud provider keys on data that is classified as public: This is the most practical and cost-effective approach. Data classified as public doesn't require the same level of protection as sensitive data. Using the cloud provider's free managed keys for public data can significantly reduce costs without compromising security, as the data is intended to be publicly accessible anyway.

C . Begin using cloud-managed keys on all new resources deployed in the cloud: While this would reduce costs, it's a broad approach that doesn't consider the sensitivity of the data. Applying cloud-managed keys to sensitive data might not be acceptable from a security standpoint.

D . Extend the key rotation period to one year so that the cloud provider can use cached keys: Extending the key rotation period weakens security. Frequent key rotation is a security best practice to limit the impact of a potential key compromise.

Why B is the Correct Answer:

Risk-Based Approach: Using cloud-provider-managed keys for public data is a reasonable risk-based decision. Public data, by definition, is not confidential.

Cost Optimization: This directly addresses the CISO's concern about cost, as cloud-provider-managed keys are often free or significantly cheaper.

Security Balance: It maintains a strong security posture for sensitive data by continuing to use customer-managed keys where appropriate, while optimizing costs for less sensitive data.

CASP+ Relevance: This approach demonstrates an understanding of risk management, data classification, and cost-benefit analysis in security decision-making, all of which are important topics in CASP+.

Elaboration on Data Classification:

Data Classification Policy: Organizations should have a clear data classification policy that defines different levels of data sensitivity (e.g., public, internal, confidential, restricted).

Security Controls Based on Classification: Security controls, including encryption key management, should be applied based on the data's classification level.

Cost-Benefit Analysis: Data classification helps organizations make informed decisions about where to invest in stronger security controls and where cost optimization is acceptable.

In conclusion, adjusting the configuration to use cloud-provider-managed keys for data classified as public is the most effective way to reduce costs while maintaining a strong security posture. It's a practical, risk-based approach that aligns with data classification principles and cost-benefit considerations, all of which are important concepts covered in the CASP+ exam objectives.

CompTIA CAS-005 CompTIA SecurityX Certification Exam Practice Test