Download CompTIA SecurityX Certification.CAS-005.ExamTopics.2025-12-12.160q.tqb

Vendor: CompTIA
Exam Code: CAS-005
Exam Name: CompTIA SecurityX Certification
Date: Dec 12, 2025
File Size: 4 MB
Download Exam

How to open TQB files?

Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.

Download
Taurus Exam Studio

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator

Demo Questions

Question 1
A security analyst identified a vulnerable and deprecated runtime engine that Is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition?
  1. Shutting down the systems until the code is ready
  2. Uninstalling the impacted runtime engine
  3. Selectively blocking traffic on the affected port
  4. Configuring IPS and WAF with signatures
Correct answer: D
Question 2
Which of the following is the reason why security engineers often cannot upgrade the security of embedded facility automation systems?
  1. They are constrained by available compute.
  2. They lack x86-64 processors.
  3. They lack EEPROM.
  4. They are not logic-bearing devices.
Correct answer: A
Question 3
A web application server is running a legacy operating system with an unpatched RCE vulnerability. The server cannot be upgraded until the corresponding application code is changed. Which of the following compensating controls would best prevent successful exploitation?
  1. Segmentation
  2. CASB
  3. HIPS
  4. UEBA
Correct answer: A
Question 4
Which of the following items should be included when crafting a disaster recovery plan?
  1. Redundancy
  2. Testing exercises
  3. Autoscaling
  4. Competitor locations
Correct answer: B
Question 5
A company is rewriting a vulnerable application and adding the mprotect() system call in multiple parts of the application's code that was being leveraged by a recent exploitation tool. Which of the following should be enabled to ensure the application can leverage the new system call against similar attacks in the future?
  1. TPM
  2. Secure boot
  3. NX bit
  4. HSM
Correct answer: C
Question 6
An organization's board of directors has asked the Chief Information Security Officer to build a third-party management program. Which of the following best explains a reason for this request?
  1. Risk transference
  2. Supply chain visibility
  3. Support availability
  4. Vulnerability management
Correct answer: B
Question 7
An organization has deployed a cloud-based application that provides virtual event services globally to clients. During a typical event, thousands of users access various entry pages within a short period of time. The entry pages include sponsor-related content that is relatively static and is pulled from a database. When the first major event occurs, users report poor response time on the entry pages. Which of the following features is the most appropriate for the company to implement?
  1. Horizontal scalability
  2. Vertical scalability
  3. Containerization
  4. Static code analysis
  5. Caching
Correct answer: E
Question 8
An analyst needs to evaluate all images and documents that are publicly shared on a website. Which of the following would be the best tool to evaluate the metadata of these files?
  1. OllyDbg
  2. ExifTool
  3. Volatility
  4. Ghidra
Correct answer: B
Question 9
Two companies that recently merged would like to unify application access between the companies, without initially merging internal authentication stores. Which of the following technical strategies would best meet this objective?
  1. Federation
  2. RADIUS
  3. TACACS+
  4. MFA
  5. ABAC
Correct answer: A
Question 10
An incident response team completed recovery from offline backup for several workstations. The workstations were subjected to a ransomware attack after users fell victim to a spear-phishing campaign, despite a robust training program. Which of the following questions should be considered during the lessons-learned phase to most likely reduce the risk of reoccurrence? (Choose two.)
  1. Are there opportunities for legal recourse against the originators of the spear-phishing campaign?
  2. What internal and external stakeholders need to be notified of the breach?
  3. Which methods can be implemented to increase speed of offline backup recovery?
  4. What measurable user behaviors were exhibited that contributed to the compromise?
  5. Which technical controls, if implemented, would provide defense when user training fails?
  6. Which user roles are most often targeted by spear phishing attacks?
Correct answer: DE
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!