Free CompTIA CAS-005 Übungsprüfungen

CompTIA CAS-005 Übungsprüfungen

Zuletzt aktualisiert am 24.04.2025
  • Prüfungscode: CAS-005
  • Prüfungsname: CompTIA SecurityX Certification Exam
  • Zertifizierungsanbieter: CompTIA
  • Zuletzt aktualisiert am: 24.04.2025
Question #1

Which of the following AI concerns is most adequately addressed by input sanitation?

  • A . Model inversion
  • B . Prompt Injection
  • C . Data poisoning
  • D . Non-explainable model

Lösung einblenden Lösung ausblenden

Question #2

Developers have been creating and managing cryptographic material on their personal laptops fix use in production environment. A security engineer needs to initiate a more secure process.

Which of the following is the best strategy for the engineer to use?

  • A . Disabling the BIOS and moving to UEFI
  • B . Managing secrets on the vTPM hardware
  • C . Employing shielding lo prevent LMI
  • D . Managing key material on a HSM

Lösung einblenden Lösung ausblenden

Question #3

A systems engineer is configuring a system baseline for servers that will provide email services.

As part of the architecture design, the engineer needs to improve performance of the systems by using an access vector cache, facilitating mandatory access control and protecting against:

• Unauthorized reading and modification of data and programs

• Bypassing application security mechanisms

• Privilege escalation

• interference with other processes

Which of the following is the most appropriate for the engineer to deploy?

  • A . SELinux
  • B . Privileged access management
  • C . Self-encrypting disks
  • D . NIPS

Lösung einblenden Lösung ausblenden

Question #4

Users are willing passwords on paper because of the number of passwords needed in an environment.

Which of the following solutions is the best way to manage this situation and decrease risks?

  • A . Increasing password complexity to require 31 least 16 characters
  • B . implementing an SSO solution and integrating with applications
  • C . Requiring users to use an open-source password manager
  • D . Implementing an MFA solution to avoid reliance only on passwords

Lösung einblenden Lösung ausblenden

Question #5

After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation.

Which of the following would the company most likely do to decrease this type of risk?

  • A . Improve firewall rules to avoid access to those platforms.
  • B . Implement a cloud-access security broker
  • C . Create SIEM rules to raise alerts for access to those platforms
  • D . Deploy an internet proxy that filters certain domains

Lösung einblenden Lösung ausblenden

Question #6

A developer needs to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module.

Which of the following is the most appropriate technique?

  • A . Key splitting
  • B . Key escrow
  • C . Key rotation
  • D . Key encryption
  • E . Key stretching

Lösung einblenden Lösung ausblenden

Question #7

A systems administrator wants to use existing resources to automate reporting from disparate security appliances that do not currently communicate.

Which of the following is the best way to meet this objective?

  • A . Configuring an API Integration to aggregate the different data sets
  • B . Combining back-end application storage into a single, relational database
  • C . Purchasing and deploying commercial off the shelf aggregation software
  • D . Migrating application usage logs to on-premises storage

Lösung einblenden Lösung ausblenden

Question #8

A cybersecurity architect is reviewing the detection and monitoring capabilities for a global company that recently made multiple acquisitions. The architect discovers that the acquired companies use different vendors for detection and monitoring.

The architect’s goal is to:

• Create a collection of use cases to help detect known threats

• Include those use cases in a centralized library for use across all of the companies

Which of the following is the best way to achieve this goal?

  • A . Sigma rules
  • B . Ariel Query Language
  • C . UBA rules and use cases
  • D . TAXII/STIX library

Lösung einblenden Lösung ausblenden

Question #9

A systems administrator wants to introduce a newly released feature for an internal application. The administrate docs not want to test the feature in the production environment.

Which of the following locations is the best place to test the new feature?

  • A . Staging environment
  • B . Testing environment
  • C . CI/CO pipeline
  • D . Development environment

Lösung einblenden Lösung ausblenden

Question #10

An incident response team is analyzing malware and observes the following:

• Does not execute in a sandbox

• No network loCs

• No publicly known hash match

• No process injection method detected

Which of the following should the team do next to proceed with further analysis?

  • A . Use an online vims analysis tool to analyze the sample
  • B . Check for an anti-virtualization code in the sample
  • C . Utilize a new deployed machine to run the sample.
  • D . Search oilier internal sources for a new sample.

Lösung einblenden Lösung ausblenden

Next Questions