CompTIA CAS-005 CompTIA SecurityX Certification Exam Practice Test

Answer : B

The table shows that the user 'SALES1' is consistently blocked despite having met the MFA requirements. The common factor in these blocked attempts is the source IP address (8.11.4.16) being identified as from Germany while the user is assigned to France. This discrepancy suggests that the network geolocation is being misidentified by the authentication server, causing legitimate access attempts to be blocked.

Why Network Geolocation Misidentification?

Geolocation Accuracy: Authentication systems often use IP geolocation to verify the location of access attempts. Incorrect geolocation data can lead to legitimate requests being denied if they appear to come from unexpected locations.

Security Policies: Company security policies might block access attempts from certain locations to prevent unauthorized access. If the geolocation is wrong, legitimate users can be inadvertently blocked.

Consistent Pattern: The user 'SALES1' from the IP address 8.11.4.16 is always blocked, indicating a consistent issue with geolocation.

Other options do not align with the pattern observed:

A . Bypass MFA requirements: MFA is satisfied, so bypassing MFA is not the issue.

C . Administrator access policy: This is about user access, not specific administrator access.

D . OTP codes: The user has satisfied MFA, so OTP code configuration is not the issue.

CompTIA SecurityX Study Guide

'Geolocation and Authentication,' NIST Special Publication 800-63B

'IP Geolocation Accuracy,' Cisco Documentation

Answer : D

To meet the requirements of only allowing internally signed applications, preventing unauthorized software installations, and logging attempts to run unauthorized software, configuring application control with blocked hashes and enterprise-trusted root certificates is the best solution. This approach ensures that only applications signed by trusted certificates are allowed to execute, while all other attempts are blocked and logged. It effectively prevents unauthorized software installations by restricting execution to pre-approved applications.

CompTIA SecurityX Study Guide: Describes application control mechanisms and the use of trusted certificates to enforce security policies.

NIST Special Publication 800-53, 'Security and Privacy Controls for Information Systems and Organizations': Recommends application whitelisting and execution control for securing endpoints.

'The Application Security Handbook' by Mark Dowd, John McDonald, and Justin Schuh: Covers best practices for implementing application control and managing trusted certificates

Answer : C

The most secure way to prevent inadvertent data disclosure when encrypted SSDs are reused is to securely delete the encryption keys used by the SSD. Without the encryption keys, the data on the SSD remains encrypted and is effectively unreadable, rendering any residual data useless. This method is more reliable and efficient than overwriting data multiple times or using other physical destruction methods.

CompTIA SecurityX Study Guide: Highlights the importance of managing encryption keys and securely deleting them to protect data.

NIST Special Publication 800-88, 'Guidelines for Media Sanitization': Recommends cryptographic erasure as a secure method for sanitizing encrypted storage devices.

Answer : A

The log snippet indicates a DNS AXFR (zone transfer) request, which can be exploited by attackers to gather detailed information about an internal network's infrastructure. Disabling DNS zone transfers is the best solution to mitigate this risk. Zone transfers should generally be restricted to authorized secondary DNS servers and not be publicly accessible, as they can reveal sensitive network information that facilitates lateral movement during an attack.

CompTIA SecurityX Study Guide: Discusses the importance of securing DNS configurations, including restricting zone transfers.

NIST Special Publication 800-81, 'Secure Domain Name System (DNS) Deployment Guide': Recommends restricting or disabling DNS zone transfers to prevent information leakage.

Answer : B

The most likely cause of the anti-malware alerts on customer workstations is unsecure bundled libraries. When developing and deploying new applications, it is common for developers to use third-party libraries. If these libraries are not properly vetted for security, they can introduce vulnerabilities or malicious code.

Why Unsecure Bundled Libraries?

Third-Party Risks: Using libraries that are not secure can lead to malware infections if the libraries contain malicious code or vulnerabilities.

Code Dependencies: Libraries may have dependencies that are not secure, leading to potential security risks.

Common Issue: This is a frequent issue in software development where libraries are used for convenience but not properly vetted for security.

Other options, while relevant, are less likely to cause widespread anti-malware alerts:

A . Misconfigured code commit: Could lead to issues but less likely to trigger anti-malware alerts.

C . Invalid code signing certificate: Would lead to trust issues but not typically anti-malware alerts.

D . Data leakage: Relevant for privacy concerns but not directly related to anti-malware alerts.

CompTIA SecurityX Study Guide

'Securing Open Source Libraries,' OWASP

'Managing Third-Party Software Security Risks,' Gartner Research

Answer : D

Creating a separate network for users who need access to the application is the best action to secure an internal application that is critical to the production area and cannot be updated.

Why Separate Network?

Network Segmentation: Isolates the critical application from the rest of the network, reducing the risk of compromise and limiting the potential impact of any security incidents.

Controlled Access: Ensures that only authorized users have access to the application, enhancing security and reducing the attack surface.

Minimized Risk: Segmentation helps in protecting the application from vulnerabilities that could be exploited from other parts of the network.

Other options, while beneficial, do not provide the same level of security for a critical application:

A . Disallow wireless access: Useful but does not provide comprehensive protection.

B . Deploy intrusion detection capabilities using a network tap: Enhances monitoring but does not provide the same level of isolation and control.

C . Create an acceptable use policy: Important for governance but does not provide technical security controls.

CompTIA SecurityX Study Guide

NIST Special Publication 800-125, 'Guide to Security for Full Virtualization Technologies'

'Network Segmentation Best Practices,' Cisco Documentation

Answer : B

To meet the requirements of centrally managing configurations, pushing policies, remotely wiping devices, and maintaining an asset inventory, the best solution is to implement a Mobile Device Management (MDM) solution.

MDM Capabilities:

Central Management: MDM allows administrators to manage the configurations of all devices from a central console.

Policy Enforcement: MDM solutions enable the push of security policies and updates to ensure compliance across all managed devices.

Remote Wipe: In case a device is lost or stolen, MDM provides the capability to remotely wipe the device to protect sensitive data.

Asset Inventory: MDM maintains an up-to-date inventory of all managed devices, including their configurations and installed applications.

Other options do not provide the same comprehensive capabilities required for managing specialized endpoints.

CompTIA SecurityX Study Guide

NIST Special Publication 800-124 Revision 1, 'Guidelines for Managing the Security of Mobile Devices in the Enterprise'

'Mobile Device Management Overview,' Gartner Research