CompTIA CAS-005 Exam Practice Test Instant Access

Question 1

Embedded malware has been discovered in a popular PDF reader application and is currently being exploited in the wild. Because the supply chain was compromised, this malware is present in versions 10.0 through 10.3 of the software's official versions. The malware is not present in version 10.4.

Since the details around this malware are still emerging, the Chief Information Security Officer has asked the senior security analyst to collaborate with the IT asset inventory manager to find instances of the installed software in order to begin response activities. The asset inventory manager has asked an analyst to provide a regular expression that will identify the affected versions. The software installation entries are formatted as follows:

Reader 10.0

Reader 10.1

Reader 10.2

Reader 10.3

Reader 10.4

Which of the following regular expression entries will accurately identify all the affected versions?

AReader(*)[1][0].[0-4:

BReader[11[01X.f0-3'

CReader( )[1][0].[0-3:

DReader( )[1][0] X.[1-3:

Answer : C

Comprehensive and Detailed Step-by-Step

Understand the Question Requirements:

The goal is to use a regular expression (regex) to match software versions 10.0 through 10.3, but exclude version 10.4.

Review Regex Syntax:

[ ] indicates a character set (matches any one character in the set).

[0-3] matches any digit between 0 and 3.

\. escapes the period (.) so it matches a literal period instead of acting as a wildcard.

( ) groups parts of the regex together.

Analyze Each Option:

Option A: Reader(*)[1][0].[0-4:

Incorrect. The use of (*) is not valid syntax in this context and [0-4 is incomplete or misformatted.

Option B: Reader[11[01X.f0-3'

Incorrect. This is an invalid regex syntax, mixing character sets and mismatched brackets.

Option C: Reader( )[1][0].[0-3:

Correct. This regex is valid and matches 'Reader 10.0', 'Reader 10.1', 'Reader 10.2', and 'Reader 10.3' while excluding 'Reader 10.4'.

Breakdown:

Reader: Matches the text 'Reader'.

[1][0]: Matches '10' as a combination of two characters.

\.: Matches the literal period.

[0-3]: Matches any single digit between 0 and 3.

Option D: Reader( )[1][0] X.[1-3:

Incorrect. The syntax X.[1-3 is invalid, and this does not match the required versions.

Conclusion:

The regex in Option C correctly identifies all affected versions (10.0, 10.1, 10.2, 10.3) while excluding the unaffected version (10.4).

CompTIA Advanced Security Practitioner (CASP+) Study Guide, Chapter on Vulnerability Management.

CompTIA CASP+ Exam Objectives: 'Analyze risks associated with new vulnerabilities.'

Regular Expressions Documentation from CASP+ Official Reference Materials.

Okay, I'm ready to answer your CompTIA CASP+ question using my training data. Here's the question and answer in the requested format:

Question 2

An endpoint security engineer finds that a newly acquired company has a variety of non-standard applications running and no defined ownership for those applications. The engineer needs to find a solution that restricts malicious programs and software from running in that environment, while allowing the non-standard applications to function without interruption. Which of the following application control configurations should the engineer apply?

ADeny list

BAllow list

CAudit mode

DMAC list

Answer : C

Comprehensive and Detailed Step-by-Step

Option A: Deny list

Deny lists block specific applications or processes identified as malicious.

This approach is reactive and may inadvertently block the non-standard applications that are currently in use without proper ownership.

Option B: Allow list

Allow lists permit only pre-approved applications to run.

While secure, this approach requires defining all non-standard applications, which may disrupt operations in an environment where ownership is unclear.

Option C: Audit mode

Correct Answer.

Audit mode allows monitoring and logging of applications without enforcing restrictions.

This is ideal in environments with non-standard applications and undefined ownership because it enables the engineer to observe the environment and gradually implement control without interruption.

Audit mode provides critical visibility into the software landscape, ensuring that necessary applications remain functional.

Option D: MAC list

Mandatory Access Control (MAC) lists restrict access based on classification and clearance levels.

This does not align with application control objectives in this context.

CompTIA CASP+ Study Guide - Chapters on Endpoint Security and Application Control.

CASP+ Objective 2.4: Implement appropriate security controls for enterprise endpoints.

Question 3

A company is developing a new service product offering that will involve the Security Officer (CISO) researching the relevant compliance regulations. Which of the following best describes the CISO's action?

AData retention

BData classification

CDue diligence

DReference framework

Answer : C

Comprehensive and Detailed Step-by-Step

Option A: Data retention

Data retention refers to how long an organization retains its data to comply with legal, regulatory, or business requirements.

The CISO's action focuses on researching compliance regulations, not on retaining data.

Option B: Data classification

Data classification deals with organizing data based on sensitivity and importance. While important, this is unrelated to researching compliance regulations.

Option C: Due diligence

Correct Answer.

Due diligence involves investigating and verifying processes, regulations, or environments to ensure compliance with laws and standards.

The CISO researching compliance regulations aligns directly with the concept of due diligence.

This concept is foundational in the CASP+ syllabus under governance and legal compliance.

Option D: Reference framework

Reference frameworks provide templates for structuring security initiatives (e.g., ISO 27001 or NIST CSF).

While a framework may aid compliance, researching compliance regulations is a due diligence activity, not a reference framework application.

CompTIA CASP+ Study Guide (Current Edition) - Chapters on GRC and Legal Compliance.

CASP+ Objective 3.2: Integrate enterprise resilience.

Question 4

AData retention

BData classification

CDue diligence

DReference framework

Answer : C

Comprehensive and Detailed Step-by-Step

Option A: Data retention

Data retention refers to the policies and procedures surrounding how long data must be retained to meet regulatory, operational, or business requirements.

This does not describe the CISO's research into compliance regulations.

Option B: Data classification

Data classification involves categorizing data based on its sensitivity or importance (e.g., public, confidential, restricted).

While this is a critical process for compliance, it does not describe researching regulations.

Option C: Due diligence

Correct Answer.

Due diligence is the process of conducting thorough research and analysis to ensure that a company's operations comply with applicable laws, standards, and best practices.

The CISO's action of researching relevant compliance regulations directly aligns with due diligence responsibilities.

This concept is emphasized in the CASP+ objectives under governance, risk, and compliance (GRC), highlighting the need for security leaders to verify compliance requirements during product or service development.

Option D: Reference framework

A reference framework provides guidelines or standards, such as ISO 27001 or NIST frameworks, for structuring security programs.

While the CISO may use a framework during this process, the act of researching regulations is not equivalent to referencing a framework.

CompTIA CASP+ Study Guide (Current Edition) - Chapters on GRC and Legal Compliance.

CASP+ Objective 3.2: Integrate enterprise resilience.

Question 5

Which of the following is the security engineer most likely doing?

AAssessing log in activities using geolocation to tune impossible Travel rate alerts

BReporting on remote log-in activities to track team metrics

CThreat hunting for suspicious activity from an insider threat

DBaselining user behavior to support advanced analytics

Answer : A

In the given scenario, the security engineer is likely examining login activities and their associated geolocations. This type of analysis is aimed at identifying unusual login patterns that might indicate an impossible travel scenario. An impossible travel scenario is when a single user account logs in from geographically distant locations in a short time, which is physically impossible. By assessing login activities using geolocation, the engineer can tune alerts to identify and respond to potential security breaches more effectively.

Question 6

A security analyst is reviewing suspicious log-in activity and sees the following data in the SICM:

Which of the following is the most appropriate action for the analyst to take?

AUpdate the log configuration settings on the directory server that Is not being captured properly.

BHave the admin account owner change their password to avoid credential stuffing.

CBlock employees from logging in to applications that are not part of their business area.

Dimplement automation to disable accounts that nave been associated with high-risk activity.

Answer : D

The log-in activity indicates a security threat, particularly involving the ADMIN account with a high-risk failure status. This suggests that the account may be targeted by malicious activities such as credential stuffing or brute force attacks.

Updating log configuration settings (A) may help in better logging future activities but does not address the immediate threat.

Changing the admin account password (B) is a good practice but may not fully mitigate the ongoing threat if the account has already been compromised.

Blocking employees (C) from logging into non-business applications might help in reducing attack surfaces but doesn't directly address the compromised account issue.

Implementing automation to disable accounts associated with high-risk activities ensures an immediate response to the detected threat, preventing further unauthorized access and allowing time for thorough investigation and remediation.

CompTIA SecurityX guide on incident response and account management.

Best practices for handling compromised accounts.

Automation tools and techniques for security operations centers (SOCs).

Question 7

A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password Which of the following models should the company implement to bst solve this issue?

ARule based

BTime-based

CRole based

DContext-based

Answer : D

Context-based authentication enhances traditional security methods by incorporating additional layers of information about the user's current environment and behavior. This can include factors such as the user's location, the time of access, the device used, and the behavior patterns. It is particularly useful in preventing unauthorized access even if an attacker has obtained a valid password.

Rule-based (A) focuses on predefined rules and is less flexible in adapting to dynamic threats.

Time-based (B) authentication considers the time factor but doesn't provide comprehensive protection against stolen credentials.

Role-based (C) is more about access control based on the user's role within the organization rather than authenticating the user based on current context.

By implementing context-based authentication, the company can ensure that even if a password is compromised, the additional contextual factors required for access (which an attacker is unlikely to possess) provide a robust defense mechanism.

CompTIA SecurityX guide on authentication models and best practices.

NIST guidelines on authentication and identity proofing.

Analysis of multi-factor and adaptive authentication techniques.

CompTIA CAS-005 CompTIA SecurityX Certification Exam Practice Test