Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
Access CAS-005 Dumps Premium Version
(250 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 62/82
A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following:
An administrator's account was hijacked and used on several Autonomous System Numbers within 30 minutes.
All administrators use named accounts that require multifactor authentication.
Single sign-on is used for all company applications.
Which of the following should the security architect do to mitigate the issue?
An administrator's account was hijacked and used on several Autonomous System Numbers within 30 minutes.
All administrators use named accounts that require multifactor authentication.
Single sign-on is used for all company applications.
Which of the following should the security architect do to mitigate the issue?
Correct Answer: B
Comprehensive and Detailed
The hijacked administrator account was used across multiple ASNs (indicating different network locations) in a short time, despite MFA and SSO. This suggests a stolen session or token misuse. Let's analyze:
A . Token theft detection with lockouts: Useful for detecting stolen SSO tokens, but it's reactive and may not prevent initial misuse across networks.
B . Context-based authentication: This adds real-time checks (e.g., geolocation, IP changes) to verify login attempts. Given the rapid ASN changes, this proactively mitigates the issue by challenging suspicious logins, aligning with CAS-005's focus on adaptive security.
C . Decentralize accounts: This removes SSO, increasing complexity and weakening MFA enforcement, which isn't practical or secure.
D . Biometric authentication: While strong, it doesn't address the network-hopping behavior and may not integrate easily with SSO.
The hijacked administrator account was used across multiple ASNs (indicating different network locations) in a short time, despite MFA and SSO. This suggests a stolen session or token misuse. Let's analyze:
A . Token theft detection with lockouts: Useful for detecting stolen SSO tokens, but it's reactive and may not prevent initial misuse across networks.
B . Context-based authentication: This adds real-time checks (e.g., geolocation, IP changes) to verify login attempts. Given the rapid ASN changes, this proactively mitigates the issue by challenging suspicious logins, aligning with CAS-005's focus on adaptive security.
C . Decentralize accounts: This removes SSO, increasing complexity and weakening MFA enforcement, which isn't practical or secure.
D . Biometric authentication: While strong, it doesn't address the network-hopping behavior and may not integrate easily with SSO.
- Question List (82q)
- Question 1: A company recently experienced an incident in which an advan...
- Question 2: An organization is looking for gaps in its detection capabil...
- Question 3: A company migrating to a remote work model requires that com...
- Question 4: A user submits a help desk ticket stating then account does ...
- Question 5: A security analyst reviews the following report: (Exhibit) W...
- Question 6: A security configure is building a solution to disable weak ...
- Question 7: A security officer performs due diligence activities before ...
- Question 8: SIMULATION You are a security analyst tasked with interpreti...
- Question 9: Developers have been creating and managing cryptographic mat...
- Question 10: A company wants to invest in research capabilities with the ...
- Question 11: A security team is responding to malicious activity and need...
- Question 12: Which of the following best describes the challenges associa...
- Question 13: A financial technology firm works collaboratively with busin...
- Question 14: Emails that the marketing department is sending to customers...
- Question 15: Which of the following are risks associated with vendor lock...
- Question 16: Recent repents indicate that a software tool is being exploi...
- Question 17: After remote desktop capabilities were deployed in the envir...
- Question 18: During a vulnerability assessment, a scan reveals the follow...
- Question 19: A software company deployed a new application based on its i...
- Question 20: A security officer received several complaints from users ab...
- Question 21: A security architect is establishing requirements to design ...
- Question 22: A security analyst is performing a review of a web applicati...
- Question 23: An organization currently has IDS, firewall, and DLP systems...
- Question 24: A software development team requires valid data for internal...
- Question 25: An organization recently implemented a new email DLP solutio...
- Question 26: A company wants to modify its process to comply with privacy...
- Question 27: Which of the following AI concerns is most adequately addres...
- Question 28: Which of the following best explains the importance of deter...
- Question 29: A security analyst is reviewing the following event timeline...
- Question 30: A security review revealed that not all of the client proxy ...
- Question 31: A company was recently infected by malware. During the root ...
- Question 32: A company's SIEM is designed to associate the company's asse...
- Question 33: A company wants to implement hardware security key authentic...
- Question 34: Company A acquired Company B and needs to determine how the ...
- Question 35: A company wants to install a three-tier approach to separate...
- Question 36: An organization is developing on Al-enabled digital worker t...
- Question 37: A company detects suspicious activity associated with extern...
- Question 38: A company updates its cloud-based services by saving infrast...
- Question 39: During a forensic review of a cybersecurity incident, a secu...
- Question 40: A company's help desk is experiencing a large number of call...
- Question 41: An organization is required to * Respond to internal and ext...
- Question 42: A security engineer performed a code scan that resulted in m...
- Question 43: An organization mat performs real-time financial processing ...
- Question 44: Previously intercepted communications must remain secure eve...
- Question 45: SIMULATION During the course of normal SOC operations, three...
- Question 46: As part of a security audit in the software development life...
- Question 47: Operational technology often relies upon aging command, cont...
- Question 48: A company receives several complaints from customers regardi...
- Question 49: A company hosts a platform-as-a-service solution with a web-...
- Question 50: An organization has been using self-managed encryption keys ...
- Question 51: Which of the following supports the process of collecting a ...
- Question 52: An organization wants to manage specialized endpoints and ne...
- Question 53: After an incident response exercise, a security administrato...
- Question 54: A security engineer wants to reduce the attack surface of a ...
- Question 55: A security architect must make sure that the least number of...
- Question 56: Which of the following best describes the challenges associa...
- Question 57: A senior security engineer flags the following log file snip...
- Question 58: Asecuntv administrator is performing a gap assessment agains...
- Question 59: A systems administrator wants to introduce a newly released ...
- Question 60: An organization found a significant vulnerability associated...
- Question 61: A building camera is remotely accessed and disabled from the...
- Question 62: A security architect is mitigating a vulnerability that prev...
- Question 63: Users are experiencing a variety of issues when trying to ac...
- Question 64: A security engineer is assisting a DevOps team that has the ...
- Question 65: A threat hunter is identifying potentially malicious activit...
- Question 66: Due to locality and budget constraints, an organization's sa...
- Question 67: A software company deployed a new application based on its i...
- Question 68: After several companies in the financial industry were affec...
- Question 69: Which of the following best describes the reason PQC prepara...
- Question 70: A hospital provides tablets to its medical staff to enable t...
- Question 71: The material finding from a recent compliance audit indicate...
- Question 72: A compliance officer is facilitating a business impact analy...
- Question 73: A global manufacturing company has an internal application m...
- Question 74: SIMULATION A security engineer needs to review the configura...
- Question 75: An analyst has prepared several possible solutions to a succ...
- Question 76: (Exhibit)
- Question 77: SIMULATION You are tasked with integrating a new B2B client ...
- Question 78: During a periodic internal audit, a company identifies a few...
- Question 79: A security engineer is implementing a code signing requireme...
- Question 80: A security engineer must ensure that sensitive corporate inf...
- Question 81: A security analyst is reviewing the following log: (Exhibit)...
- Question 82: A company isolated its OT systems from other areas of the co...
