Valid CAS-005 Dumps shared by EduDump.com for Helping Passing CAS-005 Exam! EduDump.com now offer the newest CAS-005 exam dumps, the EduDump.com CAS-005 exam questions have been updated and answers have been corrected get the newest EduDump.com CAS-005 dumps with Test Engine here:
Access CAS-005 Dumps Premium Version
(348 Q&As Dumps, 35%OFF Special Discount Code: freecram)
<< Prev Question Next Question >>
Question 24/120
During a recentsecurity event, access from thenon-production environment to the production environmentenabledunauthorized usersto:
Installunapproved software
Makeunplanned configuration changes
During theinvestigation, the following findings were identified:
Several new users were added in bulkby theIAM team
Additionalfirewalls and routerswere recently added
Vulnerability assessmentshave been disabled formore than 30 days
Theapplication allow listhas not been modified intwo weeks
Logs were unavailablefor various types of traffic
Endpoints have not been patchedinover ten days
Which of the following actions would most likely need to be taken toensure proper monitoring?(Select two)
Installunapproved software
Makeunplanned configuration changes
During theinvestigation, the following findings were identified:
Several new users were added in bulkby theIAM team
Additionalfirewalls and routerswere recently added
Vulnerability assessmentshave been disabled formore than 30 days
Theapplication allow listhas not been modified intwo weeks
Logs were unavailablefor various types of traffic
Endpoints have not been patchedinover ten days
Which of the following actions would most likely need to be taken toensure proper monitoring?(Select two)
Correct Answer: A,D,E
Understanding the Security Event:
Unauthorized usersgained access from non-production to production.
IAM policies were weak, allowingbulk user creation.
Vulnerability assessments were disabled, andpatching was delayed.
Logs were unavailable, making incident response difficult.
Why Options A, D, and E areCorrect:
A (Disable bulk user creation by IAM team)# Prevents unauthorized mass user account creation, which could beexploited by attackers.
D (Routine updates for endpoints & network devices)# Patch management ensuresvulnerabilities are not left open for attackers.
E (Ensure all security/network devices send logs to SIEM)# Helps withreal-time monitoring and detection of unauthorized activities.
Why Other Options Are Incorrect:
B (180-day log retention)# While log retention is good,real-time monitoring is the priority.
C (Review application allow list daily)# Reviewing itdaily is impractical. Regular audits are better.
F (Restrict production-to-non-production traffic)# The issue isunauthorized access, not traffic routing.
Reference:
CompTIA SecurityX CAS-005 Official Study Guide:IAM, Patch Management & SIEM Logging Best Practices NIST 800-53 (AC-2, AU-12):Audit Logging & Access Control
Unauthorized usersgained access from non-production to production.
IAM policies were weak, allowingbulk user creation.
Vulnerability assessments were disabled, andpatching was delayed.
Logs were unavailable, making incident response difficult.
Why Options A, D, and E areCorrect:
A (Disable bulk user creation by IAM team)# Prevents unauthorized mass user account creation, which could beexploited by attackers.
D (Routine updates for endpoints & network devices)# Patch management ensuresvulnerabilities are not left open for attackers.
E (Ensure all security/network devices send logs to SIEM)# Helps withreal-time monitoring and detection of unauthorized activities.
Why Other Options Are Incorrect:
B (180-day log retention)# While log retention is good,real-time monitoring is the priority.
C (Review application allow list daily)# Reviewing itdaily is impractical. Regular audits are better.
F (Restrict production-to-non-production traffic)# The issue isunauthorized access, not traffic routing.
Reference:
CompTIA SecurityX CAS-005 Official Study Guide:IAM, Patch Management & SIEM Logging Best Practices NIST 800-53 (AC-2, AU-12):Audit Logging & Access Control
- Question List (120q)
- Question 1: A company's security policy states that any publicly availab...
- Question 2: After an organization met with its ISAC, the organization de...
- Question 3: A security operations engineer needs to prevent inadvertent ...
- Question 4: Acompany must build and deploy security standards for all se...
- Question 5: While reviewing recent modem reports, a security officer dis...
- Question 6: A security analyst discovered requests associated with IP ad...
- Question 7: A financial services organization is using Al lo fully autom...
- Question 8: A company that relies on an COL system must keep it operatin...
- Question 9: A company reduced its staff 60 days ago, and applications ar...
- Question 10: A company wants to improve and automate the compliance of it...
- Question 11: An enterprise is deploying APIs that utilize a private key a...
- Question 12: The device event logs sourced from MDM software are as follo...
- Question 13: A user from the sales department opened a suspicious file at...
- Question 14: A product development team has submitted code snippets for r...
- Question 15: Which of the following key management practices ensures that...
- Question 16: An organization determines existing business continuity prac...
- Question 17: As part of a security audit in the software development life...
- Question 18: During a forensic review of a cybersecurity incident, a secu...
- Question 19: An organization has been using self-managed encryption keys ...
- Question 20: After some employees were caught uploading data to online pe...
- Question 21: An organization hires a security consultant to establish a S...
- Question 22: A systems administrator works with engineers to process and ...
- Question 23: A security engineer is reviewing the following vulnerability...
- Question 24: During a recentsecurity event, access from thenon-production...
- Question 25: An organization wants to implement a platform to better iden...
- Question 26: A company plans to implement a research facility with Intell...
- Question 27: An IPSec solution is being deployed. The configuration files...
- Question 28: An organization recently implemented a purchasing freeze tha...
- Question 29: A security engineer is given the following requirements: * A...
- Question 30: An organization recently acquired another company that is ru...
- Question 31: A company wants to use loT devices to manage and monitor the...
- Question 32: An analyst reviews a SIEM and generates the following report...
- Question 33: A systems administrator wants to use existing resources to a...
- Question 34: A company wants to protect against the most common attacks a...
- Question 35: A security analyst needs to ensure email domains that send p...
- Question 36: A software vendor provides routine functionality and securit...
- Question 37: A security administrator needs to automate alerting. The ser...
- Question 38: PKI can be used to support security requirements in the chan...
- Question 39: (Exhibit) An administrator needs to craft a single certifica...
- Question 40: The identity and access management team is sending logs to t...
- Question 41: A security engineer wants to stay up-to-date on new detectio...
- Question 42: A security architect is establishing requirements to design ...
- Question 43: A company implemented a NIDS and a NIPS on the most critical...
- Question 44: A cloud engineer needs to identify appropriate solutions to:...
- Question 45: An organization is developing a disaster recovery plan that ...
- Question 46: An organization is implementing advanced security controls a...
- Question 47: A company migrating to aremote work model requires that comp...
- Question 48: A security analyst received anotification from a cloud servi...
- Question 49: A recent security audit identified multiple endpoints have t...
- Question 50: A security architect is investigating instances of employees...
- Question 51: Due to locality and budget constraints, an organization's sa...
- Question 52: A security engineer needs 10 secure the OT environment based...
- Question 53: During the course of normal SOC operations, three anomalous ...
- Question 54: After an incident occurred, a team reported during the lesso...
- Question 55: Embedded malware has been discovered in a popular PDF reader...
- Question 56: A systems administrator is working with clients to verify em...
- Question 57: A security analyst is reviewing the following log: (Exhibit)...
- Question 58: A software engineer is creating a CI/CD pipeline to support ...
- Question 59: During a security assessment using an CDR solution, a securi...
- Question 60: During a gap assessment, an organization notes that OYOD usa...
- Question 61: During a recent audit, a company's systems were assessed- Gi...
- Question 62: (Exhibit) Which of the following is the security engineer mo...
- Question 63: A security engineer wants to propose an MDM solution to miti...
- Question 64: A security engineer wants to reduce the attack surface of a ...
- Question 65: A company designs policies and procedures for hardening cont...
- Question 66: An analyst wants to conduct a risk assessment on a new appli...
- Question 67: A Chief Information Security Officer is concerned about the ...
- Question 68: A company is having issues with its vulnerability management...
- Question 69: After a penetration test on the internal network, the follow...
- Question 70: A building camera is remotely accessed and disabled from the...
- Question 71: A cloud engineer wants to configure mail security protocols ...
- Question 72: A company is preparing to move a new version of a web applic...
- Question 73: A security engineer is implementing a code signing requireme...
- Question 74: Which of the following is the main reason quantum computing ...
- Question 75: A company migrated a critical workload from its data center ...
- Question 76: An organization is researching the automation capabilities f...
- Question 77: Users are experiencing a variety of issueswhen trying to acc...
- Question 78: A security configure isbuilding a solution to disable weak C...
- Question 79: A senior security engineer flags me following log file snipp...
- Question 80: An organization is prioritizing efforts to remediate or miti...
- Question 81: A company receives reports about misconfigurations and vulne...
- Question 82: Which of the following best describes a common use case for ...
- Question 83: A company recentlyexperienced aransomware attack. Although t...
- Question 84: A company isolated its OT systems from other areas of the co...
- Question 85: A developer makes a small change to a resource allocation mo...
- Question 86: A security engineer needs to review the configurations of se...
- Question 87: The material finding from a recent compliance audit indicate...
- Question 88: After an incident response exercise, a security administrato...
- Question 89: An administrator brings the company's fleet of mobile device...
- Question 90: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 ...
- Question 91: You are a security analyst tasked with interpreting an Nmap ...
- Question 92: An organization is looking for gaps in its detection capabil...
- Question 93: Company A and Company D ate merging Company A's compliance r...
- Question 94: An attacker infiltrated the code base of a hardware manufact...
- Question 95: A local government that is investigating a data exfiltration...
- Question 96: A company's SICM Is continuously reporting false positives a...
- Question 97: An auditor is reviewing the logs from a web application to d...
- Question 98: While investigating a security event an analyst finds eviden...
- Question 99: A security analyst is performing a review of a web applicati...
- Question 100: A software development team requires valid data for internal...
- Question 101: A security team is responding to malicious activity and need...
- Question 102: A company recently experienced an incident in which an advan...
- Question 103: A security analyst Detected unusual network traffic related ...
- Question 104: A technician is reviewing the logs and notices a large numbe...
- Question 105: A financial technology firm works collaboratively with busin...
- Question 106: A security analyst is reviewing the following code in the pu...
- Question 107: During a periodic internal audit, a company identifies a few...
- Question 108: A vulnerability can on a web server identified the following...
- Question 109: Which of the following tests explains why AI output could be...
- Question 110: During DAST scanning, applications are consistently reportin...
- Question 111: Users must accept the terms presented in a captive petal whe...
- Question 112: Operational technology often relies upon aging command, cont...
- Question 113: A security review revealed that not all of the client proxy ...
- Question 114: A cybersecurity architect is reviewing the detection and mon...
- Question 115: Which of the following best describes the reason PQC prepara...
- Question 116: A security analystreviews the following report: (Exhibit) Wh...
- Question 117: An organization recently implemented a new email DLP solutio...
- Question 118: Which of the following AI concerns is most adequately addres...
- Question 119: A systems administrator wants to reduce the number of failed...
- Question 120: A developer needs toimprove the cryptographic strength of a ...
