CAS-005 Online Practice Questions and Answers

Correct Answer:

Correct Answer: A

Based on the security policy that any publicly available server must be patched within 12 hours after a patch is released, the security analyst should patch Host 1 first. Here's why:

Public Availability: Host 1 is externally available, making it accessible from the internet. Publicly available servers are at higher risk of being targeted by attackers, especially when a zero-day vulnerability is known. Exposure to Threats: Host 1

has IIS installed and is publicly accessible, increasing its exposure to potential exploitation. Patching this host first reduces the risk of a successful attack. Prioritization of Critical Assets: According to best practices, assets that are exposed to

higher risks should be prioritized for patching to mitigate potential threats promptly.

Correct Answer: A

The log snippet indicates a DNS AXFR (zone transfer) request, which can be exploited by attackers to gather detailed information about an internal network's infrastructure. Disabling DNS zone transfers is the best solution to mitigate this risk.

Zone transfers should generally be restricted to authorized secondary DNS servers and not be publicly accessible, as they can reveal sensitive network information that facilitates lateral movement during an attack.

References:

CompTIA SecurityX Study Guide: Discusses the importance of securing DNS configurations, including restricting zone transfers. NIST Special Publication 800-81, "Secure Domain Name System (DNS) Deployment Guide": Recommends

restricting or disabling DNS zone transfers to prevent information leakage.

Correct Answer: B

The table indicates varying load times for users accessing the website from different geographic locations. Customers from Australia and India are experiencing significantly higher load times compared to those from the United States. This suggests that latency and geographical distance are affecting the website's performance. A. IDS (Intrusion Detection System): While an IDS is useful for detecting malicious activities, it does not address performance issues related to latency and geographical distribution of content.

B. CDN (Content Delivery Network): A CDN stores copies of the website's content in multiple geographic locations. By serving content from the nearest server to the user, a CDN can significantly reduce load times and improve user

experience globally.

C. WAF (Web Application Firewall): A WAF protects web applications by filtering and monitoring HTTP traffic but does not improve performance related to geographical latency. D. NAC (Network Access Control): NAC solutions control access

to network resources but are not designed to address web performance issues. Implementing a CDN is the best solution to resolve the performance issues observed in the log output.

References:

CompTIA Security+ Study Guide

"CDN: Content Delivery Networks Explained" by Akamai Technologies NIST SP 800-44, "Guidelines on Securing Public Web Servers"

Correct Answer: D

To improve the vulnerability management process in an environment where new devices/IPs are added and dropped regularly, the company should perform regular discovery scanning throughout the IT landscape using the vulnerability

management tool.

Here's why:

Accurate Asset Inventory: Regular discovery scans help maintain an up-to-date inventory of all assets, ensuring that the vulnerability management process includes all relevant devices and IPs. Consistency in Reporting: By continuously

discovering and scanning new and existing assets, the company can generate consistent and comprehensive vulnerability reports that reflect the current state of the network. Proactive Management:

Regular scans enable the organization to proactively identify and address vulnerabilities on new and existing assets, reducing the window of exposure to potential threats.

Correct Answer: B

A Cloud Access Security Broker (CASB) is a security policy enforcement point placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. Implementing a CASB provides several benefits:

A. Improve firewall rules to avoid access to those platforms: This can help but is not as effective or comprehensive as a CASB. B. Implement a cloud-access security broker: A CASB can provide visibility into cloud application usage, enforce

data security policies, and protect against data leaks by monitoring and controlling access to cloud services. It also provides advanced features like data encryption, data loss prevention (DLP), and compliance monitoring.

C. Create SIEM rules to raise alerts for access to those platforms: This helps in monitoring but does not prevent data leaks.

D. Deploy an internet proxy that filters certain domains: This can block access to specific sites but lacks the granular control and visibility provided by a CASB. Implementing a CASB is the most comprehensive solution to decrease the risk of

data leaks by providing visibility, control, and enforcement of security policies for cloud services.

References:

CompTIA Security+ Study Guide

Gartner, "Magic Quadrant for Cloud Access Security Brokers" NIST SP 800-144, "Guidelines on Security and Privacy in Public Cloud Computing"

Correct Answer: AD

Obtain a security token: HTTP 403 responses typically indicate that the request is authenticated but the user does not have the necessary permissions to access the endpoint. Obtaining a security token is a common method for authenticating

requests. This token is usually required by the API to verify that the requestor has the proper access rights.

Leverage OAuth for authentication: OAuth is a widely used authentication framework that allows an application to obtain limited access to user accounts on an HTTP service. It is commonly used for token- based authentication, and

leveraging OAuth would help in obtaining the necessary tokens and permissions to access the API endpoints.

Correct Answer: D

PLCs (Programmable Logic Controllers) are commonly used in industrial automation to control machinery and processes. They generate a significant amount of data known as tag data, which includes real-time information about variables such as temperatures, pressures, and other operational parameters.

A local historian is a dedicated software or system component used in industrial automation environments to collect, store, and manage tag data from PLCs. The local historian typically resides on-site or within the industrial network environment. Its primary function is to capture and archive historical data from PLCs at a high frequency, providing insights into the operational history and trends of the industrial processes.

Correct Answer: E

Caching is the most appropriate feature for the company to implement in this scenario. Caching involves storing frequently accessed data closer to the user, reducing the need to retrieve data from the original source repeatedly. In the context of the virtual event services application, caching sponsor-related content on the entry pages can significantly improve response times for users. This approach leverages the static nature of the content and reduces the load on the database during peak usage times.

Correct Answer: A

Federation (option A) is the best technical strategy for allowing two recently merged companies to unify application access while keeping their internal authentication stores separate. It provides a secure, seamless, and standardized approach to authentication and authorization across organizational boundaries, ensuring efficient and controlled access to shared applications and resources.