CompTIA CAS-005 CompTIA SecurityX Certification Exam Practice Test

Answer : A

In the given scenario, the security engineer is likely examining login activities and their associated geolocations. This type of analysis is aimed at identifying unusual login patterns that might indicate an impossible travel scenario. An impossible travel scenario is when a single user account logs in from geographically distant locations in a short time, which is physically impossible. By assessing login activities using geolocation, the engineer can tune alerts to identify and respond to potential security breaches more effectively.

Answer : D

The log-in activity indicates a security threat, particularly involving the ADMIN account with a high-risk failure status. This suggests that the account may be targeted by malicious activities such as credential stuffing or brute force attacks.

Updating log configuration settings (A) may help in better logging future activities but does not address the immediate threat.

Changing the admin account password (B) is a good practice but may not fully mitigate the ongoing threat if the account has already been compromised.

Blocking employees (C) from logging into non-business applications might help in reducing attack surfaces but doesn't directly address the compromised account issue.

Implementing automation to disable accounts associated with high-risk activities ensures an immediate response to the detected threat, preventing further unauthorized access and allowing time for thorough investigation and remediation.

CompTIA SecurityX guide on incident response and account management.

Best practices for handling compromised accounts.

Automation tools and techniques for security operations centers (SOCs).

Answer : D

Context-based authentication enhances traditional security methods by incorporating additional layers of information about the user's current environment and behavior. This can include factors such as the user's location, the time of access, the device used, and the behavior patterns. It is particularly useful in preventing unauthorized access even if an attacker has obtained a valid password.

Rule-based (A) focuses on predefined rules and is less flexible in adapting to dynamic threats.

Time-based (B) authentication considers the time factor but doesn't provide comprehensive protection against stolen credentials.

Role-based (C) is more about access control based on the user's role within the organization rather than authenticating the user based on current context.

By implementing context-based authentication, the company can ensure that even if a password is compromised, the additional contextual factors required for access (which an attacker is unlikely to possess) provide a robust defense mechanism.

CompTIA SecurityX guide on authentication models and best practices.

NIST guidelines on authentication and identity proofing.

Analysis of multi-factor and adaptive authentication techniques.

Answer : C

Sinkholing, or DNS sinkholing, is a method used to redirect malicious traffic to a safe destination. This technique is often employed by security teams to prevent access to malicious domains by substituting a benign destination IP address.

In the given logs, users from the finance department are accessing www.bank.com and receiving HTTP status code 495. This status code is typically indicative of a client certificate error, which can occur if the DNS traffic is being manipulated or redirected incorrectly. The consistency in receiving the same HTTP status code across different users suggests a systematic issue rather than an isolated incident.

Recursive DNS resolution failure (A) would generally lead to inability to resolve DNS at all, not to a specific HTTP error.

DNS poisoning (B) could result in users being directed to malicious sites, but again, would likely result in a different set of errors or unusual activity.

Incorrect DNS setup (D) would likely cause broader resolution issues rather than targeted errors like the one seen here.

By reviewing the provided data, it is evident that the DNS traffic for www.bank.com is being rerouted improperly, resulting in consistent HTTP 495 errors for the finance department users. Hence, the most likely cause is that the DNS traffic is being sinkholed.

CompTIA SecurityX study materials on DNS security mechanisms.

Standard HTTP status codes and their implications.

Answer : B

The table shows detailed information about products, including location, chassis manufacturer, OS, application developer, and vendor. This type of information is typically assessed in a supply chain assessment to evaluate the security and reliability of components and services from different suppliers.

Why Supply Chain Assessment?

Component Evaluation: Assessing the origin and security of each component used in the products, including hardware, software, and third-party services.

Risk Management: Identifying potential risks associated with the supply chain, such as vulnerabilities in third-party components or insecure development practices.

Other types of assessments do not align with the detailed supplier and component information provided:

A . System: Focuses on individual system security, not the broader supply chain.

C . Quantitative: Focuses on numerical risk assessments, not supplier information.

D . Organizational: Focuses on internal organizational practices, not external suppliers.

CompTIA SecurityX Study Guide

NIST Special Publication 800-161, 'Supply Chain Risk Management Practices for Federal Information Systems and Organizations'

'Supply Chain Security Best Practices,' Gartner Research

Answer : D

The error message 'NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM' indicates that the web browser is rejecting the certificate because it uses a weak signature algorithm. This commonly happens with self-signed certificates, which often use outdated or insecure algorithms.

Why Discontinue Self-Signed Certificates?

Security Compliance: Modern browsers enforce strict security standards and may reject certificates that do not comply with these standards.

Trusted Certificates: Using certificates from a trusted Certificate Authority (CA) ensures compliance with security standards and is less likely to be flagged as insecure.

Weak Signature Algorithm: Self-signed certificates might use weak algorithms like MD5 or SHA-1, which are considered insecure.

Other options do not address the specific cause of the certificate error:

A . Rewriting legacy web functions: Does not address the certificate issue.

B . Disabling deprecated ciphers: Useful for improving security but not related to the certificate error.

C . Blocking non-essential ports: This is unrelated to the issue of certificate validation.

CompTIA SecurityX Study Guide

'Managing SSL/TLS Certificates,' OWASP

'Best Practices for Certificate Management,' NIST Special Publication 800-57

Answer : B

The table shows that the user 'SALES1' is consistently blocked despite having met the MFA requirements. The common factor in these blocked attempts is the source IP address (8.11.4.16) being identified as from Germany while the user is assigned to France. This discrepancy suggests that the network geolocation is being misidentified by the authentication server, causing legitimate access attempts to be blocked.

Why Network Geolocation Misidentification?

Geolocation Accuracy: Authentication systems often use IP geolocation to verify the location of access attempts. Incorrect geolocation data can lead to legitimate requests being denied if they appear to come from unexpected locations.

Security Policies: Company security policies might block access attempts from certain locations to prevent unauthorized access. If the geolocation is wrong, legitimate users can be inadvertently blocked.

Consistent Pattern: The user 'SALES1' from the IP address 8.11.4.16 is always blocked, indicating a consistent issue with geolocation.

Other options do not align with the pattern observed:

A . Bypass MFA requirements: MFA is satisfied, so bypassing MFA is not the issue.

C . Administrator access policy: This is about user access, not specific administrator access.

D . OTP codes: The user has satisfied MFA, so OTP code configuration is not the issue.

CompTIA SecurityX Study Guide

'Geolocation and Authentication,' NIST Special Publication 800-63B

'IP Geolocation Accuracy,' Cisco Documentation