更新された2025年02月テストエンジンに練習CAS-005テスト問題
CAS-005リアル試験問題テストエンジン問題集トレーニングには232問あります
CompTIA CAS-005 認定試験の出題範囲:
| トピック | 出題範囲 |
|---|---|
| トピック 1 |
|
| トピック 2 |
|
| トピック 3 |
|
| トピック 4 |
|
質問 # 31
A security analyst received a notification from a cloud service provider regarding an attack detected on a web server. The cloud service provider shared the following information about the attack:
- The attack came from inside the network.
- The attacking source IP was from the internal vulnerability scanners.
- The scanner is not configured to target the cloud servers.
Which of the following actions should the security analyst take first?
- A. Create an allow list for the vulnerability scanner IPs m order to avoid false positives
- B. Quarantine the scanner sensor to perform a forensic analysis
- C. Configure the scan policy to avoid targeting an out-of-scope host
- D. Set network behavior analysis rules
正解:B
解説:
When a security analyst receives a notification about an attack that appears to originate from an internal vulnerability scanner, it suggests that the scanner itself might have been compromised.
This situation is critical because a compromised scanner can potentially conduct unauthorized scans, leak sensitive information, or execute malicious actions within the network. The appropriate first action involves containing the threat to prevent further damage and allow for a thorough investigation.
Containment and Isolation: Quarantining the scanner will immediately prevent it from continuing any malicious activity or scans. This containment is crucial to protect the rest of the network from potential harm.
Forensic Analysis: By isolating the scanner, a forensic analysis can be performed to understand how it was compromised, what actions it took, and what data or systems might have been affected. This analysis will provide valuable insights into the nature of the attack and help in taking appropriate remedial actions.
Preventing Further Attacks: If the scanner is allowed to continue operating, it might execute more unauthorized actions, leading to greater damage. Quarantine ensures that the threat is neutralized promptly.
Root Cause Identification: A forensic analysis can help identify vulnerabilities in the scanner's configuration, software, or underlying system that allowed the compromise. This information is essential for preventing future incidents.
質問 # 32
A security administrator is performing a gap assessment against a specific OS benchmark. The benchmark requires the following configurations be applied to endpoint:
- Full disk encryption
- Host-based firewall
- Time synchronization
- Password policies
- Application allow listing
- Zero Trust application access
Which of the following solutions best addresses the requirements? (Select two).
- A. SBoM
- B. SASE
- C. HIDS
- D. CASB
- E. SCAP
正解:B、E
解説:
To address the specific OS benchmark configurations, the following solutions are most appropriate:
SCAP (Security Content Automation Protocol): SCAP helps in automating vulnerability management and policy compliance, including configurations like full disk encryption, host-based firewalls, and password policies.
SASE (Secure Access Service Edge): SASE provides a framework for Zero Trust network access and application allow listing, ensuring secure and compliant access to applications and data.
These solutions together cover the comprehensive security requirements specified in the OS benchmark, ensuring a robust security posture for endpoints.
質問 # 33
A company updates its cloud-based services by saving infrastructure code in a remote repository. The code is automatically deployed into the development environment every time the code is saved lo the repository The developers express concern that the deployment often fails, citing minor code issues and occasional security control check failures in the development environment Which of the following should a security engineer recommend to reduce the deployment failures? (Select two).
- A. Code submit authorization workflow
- B. Pipeline compliance scanning
- C. Repository branch protection
- D. Pre-commit code linting
- E. Software composition analysis
- F. Automated regression testing
正解:D、F
解説:
* B. Pre-commit code linting: Linting tools analyze code for syntax errors and adherence to coding standards before the code is committed to the repository. This helps catch minor code issues early in the development process, reducing the likelihood of deployment failures.
* D. Automated regression testing: Automated regression tests ensure that new code changes do not introduce bugs or regressions into the existing codebase. By running these tests automatically during the deployment process, developers can catch issues early and ensure the stability of the development environment.
Other options:
* A. Software composition analysis: This helps identify vulnerabilities in third-party components but does not directly address code quality or deployment failures.
* C. Repository branch protection: While this can help manage the code submission process, it does not directly prevent deployment failures caused by code issues or security check failures.
* E. Code submit authorization workflow: This manages who can submit code but does not address the quality of the code being submitted.
* F. Pipeline compliance scanning: This checks for compliance with security policies but does not address syntax or regression issues.
References:
* CompTIA Security+ Study Guide
* "Continuous Integration and Continuous Delivery" by Jez Humble and David Farley
* OWASP (Open Web Application Security Project) guidelines on secure coding practices
質問 # 34
A security architect wants to develop a baseline of security configurations These configurations automatically will be utilized machine is created Which of the following technologies should the security architect deploy to accomplish this goal?
- A. Short
- B. CMDB
- C. GASB
- D. Ansible
正解:D
解説:
To develop a baseline of security configurations that will be automatically utilized when a machine is created, the security architect should deploy Ansible. Here's why:
* Automation: Ansible is an automation tool that allows for the configuration, management, and deployment of applications and systems. It ensures that security configurations are consistently applied across all new machines.
* Scalability: Ansible can scale to manage thousands of machines, making it suitable for large enterprises that need to maintain consistent security configurations across their infrastructure.
* Compliance: By using Ansible, organizations can enforce compliance with security policies and standards, ensuring that all systems are configured according to best practices.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* Ansible Documentation: Best Practices
* NIST Special Publication 800-40: Guide to Enterprise Patch Management Technologies
質問 # 35
Third parties notified a company's security team about vulnerabilities in the company's application. The security team determined these vulnerabilities were previously disclosed in third-party libraries. Which of the following solutions best addresses the reported vulnerabilities?
- A. Implementing a continuous security assessment program
- B. Creating a bug bounty program
- C. Using laC to include the newest dependencies
- D. Integrating a SASI tool as part of the pipeline
正解:D
解説:
The best solution to address reported vulnerabilities in third-party libraries is integrating a Static Application Security Testing (SAST) tool as part of the development pipeline. Here's why:
* Early Detection: SAST tools analyze source code for vulnerabilities before the code is compiled. This allows developers to identify and fix security issues early in the development process.
* Continuous Security: By integrating SAST tools into the CI/CD pipeline, the organization ensures continuous security assessment of the codebase, including third-party libraries, with each code commit and build.
* Comprehensive Analysis: SAST tools provide a detailed analysis of the code, identifying potential vulnerabilities in both proprietary code and third-party dependencies, ensuring that known issues in libraries are addressed promptly.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* OWASP Static Analysis Security Testing (SAST) Cheat Sheet
* NIST Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations
質問 # 36
After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation. Which of the following would the company most likely do to decrease this type of risk?
- A. Create SIEM rules to raise alerts for access to those platforms
- B. Improve firewall rules to avoid access to those platforms.
- C. Deploy an internet proxy that filters certain domains
- D. Implement a cloud-access security broker
正解:D
解説:
A Cloud Access Security Broker (CASB) is a security policy enforcement point placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. Implementing a CASB provides several benefits:
* A. Improve firewall rules to avoid access to those platforms: This can help but is not as effective or comprehensive as a CASB.
* B. Implement a cloud-access security broker: A CASB can provide visibility into cloud application usage, enforce data security policies, and protect against data leaks by monitoring and controlling access to cloud services. It also provides advanced features like data encryption, data loss prevention (DLP), and compliance monitoring.
* C. Create SIEM rules to raise alerts for access to those platforms: This helps in monitoring but does not prevent data leaks.
* D. Deploy an internet proxy that filters certain domains: This can block access to specific sites but lacks the granular control and visibility provided by a CASB.
Implementing a CASB is the most comprehensive solution to decrease the risk of data leaks by providing visibility, control, and enforcement of security policies for cloud services.
References:
* CompTIA Security+ Study Guide
* Gartner, "Magic Quadrant for Cloud Access Security Brokers"
* NIST SP 800-144, "Guidelines on Security and Privacy in Public Cloud Computing"
質問 # 37
A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment. Which of the following is the best solution?
- A. Limiting the tool to a specific coding language and tuning the rule set
- B. Configuring branch protection rules and dependency checks
- C. Using an application vulnerability scanner to identify coding flaws in production
- D. Performing updates on code libraries before code development
正解:A
解説:
To improve the quality of code scanning results and reduce false positives, the best solution is to limit the tool to a specific coding language and fine-tune the rule set. By configuring the code scanning tool to focus on the specific language used in the application, the tool can more accurately identify relevant issues and reduce the number of false positives. Additionally, tuning the rule set ensures that the tool's checks are appropriate for the application's context, further improving the accuracy of the scan results.
質問 # 38
A regulated company is in the process of refreshing its entire infrastructure. The company has a business-critical process running on an old 2008 Windows server. If this server fails, the company would lose millions of dollars in revenue. Which of the following actions should the company take?
- A. Create an organizational risk register for project prioritization.
- B. Accept the risk as the cost of doing business.
- C. Implement network compensating controls.
- D. Purchase insurance to offset the cost if a failure occurred.
正解:A
解説:
Creating an organizational risk register ensures the issue is documented and prioritized for mitigation, aligning with risk management best practices. Accepting the risk is not advisable due to the financial implications of failure. Implementing network compensating controls does not address server reliability. Purchasing insurance only offsets financial risk and does not ensure system functionality.
質問 # 39
Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Choose two.)
- A. Performing an architectural review of Company B's network
- B. Forcing a password reset requiring more stringent passwords for users on Company B's network
- C. Documenting third-party connections used by Company B
- D. Requiring data sensitivity labeling tor all files shared with Company B
- E. Reviewing the privacy policies currently adopted by Company B
- F. Implementing DLP controls preventing sensitive data from leaving Company B's network
正解:A、C
解説:
To determine how the acquisition of Company B will impact the attack surface, the following steps are crucial:
Documenting third-party connections used by Company B: Understanding all external connections is essential for assessing potential entry points for attackers and ensuring that these connections are secure.
Performing an architectural review of Company B's network: This review will identify vulnerabilities and assess the security posture of the acquired company's network, providing a comprehensive understanding of the new attack surface. These actions will provide a clear picture of the security implications of the acquisition and help in developing a plan to mitigate any identified risks.
質問 # 40
A financial services organization is using Al lo fully automate the process of deciding client loan rates. Which of the following should the organization be most concerned about from a privacy perspective?
- A. Model explainability
- B. Credential Theft
- C. Possible prompt Injections
- D. Exposure to social engineering
正解:A
解説:
When using AI to fully automate the process of deciding client loan rates, the primary concern from a privacy perspective is model explainability.
Why Model Explainability is Critical:
Transparency: It ensures that the decision-making process of the AI model can be understood and explained to stakeholders, including clients.
Accountability: Helps in identifying biases and errors in the model, ensuring that the AI is making fair and unbiased decisions.
Regulatory Compliance: Various regulations require that decisions, especially those affecting individuals' financial status, can be explained and justified.
Trust: Builds trust among users and stakeholders by demonstrating that the AI decisions are transparent and justifiable.
Other options, such as credential theft, prompt injections, and social engineering, are significant concerns but do not directly address the privacy and fairness implications of automated decision- making.
質問 # 41
A security engineer needs 10 secure the OT environment based on me following requirements:
- Isolate the OT network segment
- Restrict Internet access.
- Apply security updates two workstations
- Provide remote access to third-party vendors
Which of the following design strategies should the engineer implement to best meet these requirements?
- A. Deploy a jump box on the third party network to access the OT environment and provide updates using a physical delivery method on the workstations
- B. Create a staging environment on the OT network for the third-party vendor to access and enable automatic updates on the workstations.
- C. Enable outbound internet access on the OT firewall to any destination IP address and use the centralized update server for the workstations
- D. Implement a bastion host in the OT network with security tools in place to monitor access and use a dedicated update server for the workstations.
正解:D
解説:
To secure the Operational Technology (OT) environment based on the given requirements, the best approach is to implement a bastion host in the OT network. The bastion host serves as a secure entry point for remote access, allowing third-party vendors to connect while being monitored by security tools. Using a dedicated update server for workstations ensures that security updates are applied in a controlled manner without direct internet access.
質問 # 42
A company wants to use loT devices to manage and monitor thermostats at all facilities. The thermostats must receive vendor security updates and limit access to other devices within the organization. Which of the following best addresses the company's requirements?
- A. Only allowing operation for loT devices during a specified time window
- B. Only allowing Internet access to a set of specific domains
- C. Operating lot devices on a separate network with no access to other devices internally
- D. Configuring IoT devices to always allow automatic updates
正解:C
解説:
The best approach for managing and monitoring IoT devices, such as thermostats, is to operate them on a separate network with no access to other internal devices. This segmentation ensures that the IoT devices are isolated from the main network, reducing the risk of potential security breaches affecting other critical systems. Additionally, this setup allows for secure vendor updates without exposing the broader network to potential vulnerabilities inherent in IoT devices.
質問 # 43
Emails that the marketing department is sending to customers are pomp to the customers' spam folders. The security team is investigating the issue and discovers that the certificates used by the email server were reissued, but DNS records had not been updated.
Which of the following should the security team update in order to fix this issue? (Select three.)
- A. SAN
- B. DKIM
- C. DMARC
- D. DNSSEC
- E. SPF
- F. MX
- G. SASC
- H. SOA
正解:B、C、E
解説:
To prevent emails from being marked as spam, several DNS records related to email authentication need to be properly configured and updated when there are changes to the email server's certificates:
DMARC (Domain-based Message Authentication, Reporting & Conformance): DMARC records help email servers determine how to handle messages that fail SPF or DKIM checks, improving email deliverability and reducing the likelihood of emails being marked as spam.
SPF (Sender Policy Framework): SPF records specify which mail servers are authorized to send email on behalf of your domain. Updating the SPF record ensures that the new email server is recognized as an authorized sender.
質問 # 44
Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Select two).
Implementing DLP controls preventing sensitive data from leaving Company B's network
- A. Forcing a password reset requiring more stringent passwords for users on Company B's network
- B. Documenting third-party connections used by Company B
- C. Requiring data sensitivity labeling tor all files shared with Company B
- D. Reviewing the privacy policies currently adopted by Company B
- E. Performing an architectural review of Company B's network
正解:B、D
解説:
To determine how the acquisition of Company B will impact the attack surface, the following steps are crucial:
A: Documenting third-party connections used by Company B: Understanding all external connections is essential for assessing potential entry points for attackers and ensuring that these connections are secure.
E: Performing an architectural review of Company B's network: This review will identify vulnerabilities and assess the security posture of the acquired company's network, providing a comprehensive understanding of the new attack surface.
These actions will provide a clear picture of the security implications of the acquisition and help in developing a plan to mitigate any identified risks.
References:
* CompTIA SecurityX Study Guide: Emphasizes the importance of understanding third-party connections and conducting architectural reviews during acquisitions.
* NIST Special Publication 800-37, "Guide for Applying the Risk Management Framework to Federal Information Systems": Recommends comprehensive reviews and documentation of third-party connections.
* "Mergers, Acquisitions, and Other Restructuring Activities" by Donald DePamphilis: Discusses the importance of security assessments during acquisitions.
質問 # 45
A company is concerned about the security of customer data. The IT department has configured all web applications with appropriate access controls to restrict to only authorized users. Which of the following solutions addresses this concern?
- A. Vulnerability scanner
- B. SIEM
- C. DLP
- D. Threat intelligence platform
正解:C
質問 # 46
A security architect is establishing requirements to design resilience in un enterprise system trial will be extended to other physical locations. The system must:
- Be survivable to one environmental catastrophe
- Re recoverable within 24 hours of critical loss of availability
- Be resilient to active exploitation of one site-to-site VPN solution
- A. Lease space to establish cold sites throughout other countries
- B. Employ layering of routers from diverse vendors
- C. Use orchestration to procure, provision, and transfer application workloads lo cloud services
- D. Load-balance connection attempts and data Ingress at internet gateways
- E. Implement full weekly backups to be stored off-site for each of the company's sites
- F. Allocate fully redundant and geographically distributed standby sites.
正解:F
解説:
To design resilience in an enterprise system that can survive environmental catastrophes, recover within 24 hours, and be resilient to active exploitation, the best strategy is to allocate fully redundant and geographically distributed standby sites.
Geographical Redundancy: Having geographically distributed standby sites ensures that if one site is affected by an environmental catastrophe, the other sites can take over, providing continuity of operations.
Full Redundancy: Fully redundant sites mean that all critical systems and data are replicated, enabling quick recovery in the event of a critical loss of availability.
Resilience to Exploitation: Distributing resources across multiple sites reduces the risk of a single point of failure and increases resilience against targeted attacks.
質問 # 47
A hospital's requirements for remote third-party monitoring of the HVAC system include the following:
- The vendor must be able to continuously monitor system health and
respond accordingly.
- The vendor must only have network access to the HVAC system.
- The vendor must be the only entity with access to the HVAC system.
Which of the following best meets the hospital's requirements?
- A. Installing the vendor's monitoring appliance on the internal network and allowing outbound SSL connectivity
- B. Creating a site-to-site VPN tunnel and allowing restricted access to the system
- C. Implementing a reverse web proxy and allowing access from the internet
- D. Deploying a RDP jump box to allow remote system monitoring
正解:B
質問 # 48
A company hosts a platform-as-a-service solution with a web-based front end, through which customer interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks. Which of the following most directly supports the administrator's objective'
- A. Implementing application toad balancing and cross-region availability
- B. improving security dashboard visualization on SIEM
- C. Creating WAF policies for relevant programming languages
- D. Rotating API access and authorization keys every two months
正解:C
解説:
The best way to prevent application-focused attacks for a platform-as-a-service solution with a web-based front end is to create Web Application Firewall (WAF) policies for relevant programming languages. Here's why:
* Application-Focused Attack Prevention: WAFs are designed to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. They help prevent attacks such as SQL injection, cross-site scripting (XSS), and other application-layer attacks.
* Customizable Rules: WAF policies can be tailored to the specific programming languages and frameworks used by the web application, providing targeted protection based on known vulnerabilities and attack patterns.
* Real-Time Protection: WAFs provide real-time protection, blocking malicious requests before they reach the application, thereby enhancing the security posture of the platform.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* OWASP Top Ten: Web Application Security Risks
* NIST Special Publication 800-95: Guide to Secure Web Services
質問 # 49
After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation.
Which of the following would the company most likely do to decrease this type of risk?
- A. Create SIEM rules to raise alerts for access to those platforms
- B. Improve firewall rules to avoid access to those platforms.
- C. Deploy an internet proxy that filters certain domains
- D. Implement a cloud-access security broker
正解:D
解説:
A Cloud Access Security Broker (CASB) is a security policy enforcement point placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed.
Implement a cloud-access security broker: A CASB can provide visibility into cloud application usage, enforce data security policies, and protect against data leaks by monitoring and controlling access to cloud services. It also provides advanced features like data encryption, data loss prevention (DLP), and compliance monitoring.
質問 # 50
A cybersecurity architect is reviewing the detection and monitoring capabilities for a global company that recently made multiple acquisitions. The architect discovers that the acquired companies use different vendors for detection and monitoring. The architect's goal is to:
- Create a collection of use cases to help detect known threats
- Include those use cases in a centralized library for use across all
of the companies
Which of the following is the best way to achieve this goal?
- A. Ariel Query Language
- B. UBA rules and use cases
- C. TAXII/STIX library
- D. Sigma rules
正解:D
解説:
To create a collection of use cases for detecting known threats and include them in a centralized library for use across multiple companies with different vendors, Sigma rules are the best option.
Vendor-Agnostic Format: Sigma rules are a generic and open standard for writing SIEM (Security Information and Event Management) rules. They can be translated to specific query languages of different SIEM systems, making them highly versatile and applicable across various platforms.
Centralized Rule Management: By using Sigma rules, the cybersecurity architect can create a centralized library of detection rules that can be easily shared and implemented across different detection and monitoring systems used by the acquired companies. This ensures consistency in threat detection capabilities.
Ease of Use and Flexibility: Sigma provides a structured and straightforward format for defining detection logic. It allows for the easy creation, modification, and sharing of rules, facilitating collaboration and standardization across the organization.
質問 # 51
During DAST scanning, applications are consistently reporting code defects in open-source libraries that were used to build web applications. Most of the code defects are from using libraries with known vulnerabilities. The code defects are causing product deployment delays.
Which of the following is the best way to uncover these issues earlier in the life cycle?
- A. Completing an IAST scan against the web application
- B. Modifying the WAF polices to block against known vulnerabilities
- C. Directing application logs to the SIEM for continuous monitoring
- D. Using a software dependency management solution
正解:D
質問 # 52
......
CAS-005実際の問題解答PDFには100%カバー率リアル試験問題:https://www.goshiken.com/CompTIA/CAS-005-mondaishu.html
CAS-005試験問題解答:https://drive.google.com/open?id=1TY5dD97De8Y1pJC1ndgrj6m7PFZ4SqoK