Summer Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: ecus65

CompTIA CAS-005 - CompTIA SecurityX Certification Exam

Page: 5 / 7
Total 219 questions

A malware researcher has discovered a credential stealer is looking at a specific memory register to harvest passwords that will be used later for lateral movement in corporate networks. The malware is using TCP 4444 to communicate with other workstations. The lateral movement would be best mitigated by:

A.

Configuring the CPU's NX bit

B.

Enabling a host firewall

C.

Enabling an edge firewall

D.

Enforcing all systems to use UEFI

E.

Enabling ASLR on the Active Directory server

Operational technology often relies upon aging command, control, and telemetry subsystems that were created with the design assumption of:

A.

operating in an isolated/disconnected system.

B.

communicating over distributed environments

C.

untrustworthy users and systems being present.

D.

an available EtherneVIP network stack for flexibility.

E.

anticipated eavesdropping from malicious actors.

A user reports application access issues to the help desk. The help desk reviews the logs for the user:

Which of the following is most likely the reason for the issue?

A.

The user inadvertently tripped the geoblock rule in NGFW.

B.

A threat actor has compromised the user's account and attempted to log in.

C.

The user is not allowed to access the human resources system outside of business hours.

D.

The user did not attempt to connect from an approved subnet.

An auditor is reviewing the logs from a web application to determine the source of an incident. The web application architecture includes an internet-accessible application load balancer, a number of web servers in a private subnet, application servers, and one database server in a tiered configuration. The application load balancer cannot store the logs. The following are sample log snippets:

Web server logs:

192.168.1.10 - - [24/Oct/2020 11:24:34 +05:00] "GET /bin/bash" HTTP/1.1" 200 453 Safari/536.36

192.168.1.10 - - [24/Oct/2020 11:24:35 +05:00] "GET / HTTP/1.1" 200 453 Safari/536.36

Application server logs:

24/Oct/2020 11:24:34 +05:00 - 192.168.2.11 - request does not match a known local user. Querying DB

24/Oct/2020 11:24:35 +05:00 - 192.168.2.12 - root path. Begin processing

Database server logs:

24/Oct/2020 11:24:34 +05:00 [Warning] 'option read_buffer_size1 unassigned value 0 adjusted to 2048

24/Oct/2020 11:24:35 +05:00 [Warning] CA certificate ca.pem is self-signed.

Which of the following should the auditor recommend to ensure future incidents can be traced back to the sources?

A.

Enable the X-Forwarded-For header at the load balancer.

B.

Install a software-based HIDS on the application servers.

C.

Install a certificate signed by a trusted CA.

D.

Use stored procedures on the database server.

E.

Store the value of the $_SERVER['REMOTE_ADDR'] received by the web servers.

A security analyst is reviewingsuspicious log-in activity and sees the following data in the SICM:

Which of the following is the most appropriate action for the analyst to take?

A.

Update the log configuration settings on the directory server that Is not being captured properly.

B.

Have the admin account owner change their password to avoid credential stuffing.

C.

Block employees from logging in to applications that are not part of their business area.

D.

implement automation to disable accounts that nave been associated with high-risk activity.

A company wants to protect against the most common attacks and rapidly integrate with different programming languages. Which of the following technologies is most likely to meet this need?

A.

RASP

B.

Cloud-based IDE

C.

DAST

D.

NIPS

An organization plans to deploy new software. The project manager compiles a list of roles that will be involved in different phases of the deployment life cycle. Which of the following should the project manager use to track these roles?

A.

CMDB

B.

Recall tree

C.

ITIL

D.

RACI matrix

A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors Which of the following is the most relevant to the DevSecOps team's task'

A.

Static application security testing

B.

Software composition analysis

C.

Runtime application self-protection

D.

Web application vulnerability scanning

An organization found a significant vulnerability associated with a commonly used package in a variety of operating systems. The organization develops a registry of software dependencies to facilitate incident response activities. As part of the registry, the organization creates hashes of packages that have been formally vetted. Which of the following attack vectors does this registry address?

A.

Supply chain attack B. Cipher substitution attack C. Side-channel analysis D. On-path attack E. Pass-the-hash attack

A security team determines that the most significant risks within the pipeline are:

• Unauthorized code changes

• The current inability to perform independent verification of software modules

Which of the following best addresses these concerns?

A.

Code signing

B.

Digital signatures

C.

Non-repudiation

D.

Lightweight cryptography