Download CompTIA SecurityX Certification.CAS-005.ExamTopics.2026-05-19.162q.tqb

Vendor: CompTIA
Exam Code: CAS-005
Exam Name: CompTIA SecurityX Certification
Date: May 19, 2026
File Size: 4 MB
Download Exam

How to open TQB files?

Files with TQB (Taurus Question Bank) extension can be opened by Taurus Exam Studio.

Download
Taurus Exam Studio

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator Taurus Exam Simulator

Demo Questions

Question 1
A security architect wants to ensure a remote host's identity and decides that pinning the X.509 certificate to the device is the most effective solution. Which of the following must happen first?
  1. Use Distinguished Encoding Rules (DER) for the certificate.
  2. Extract the private key from the certificate.
  3. Use an out-of-band method to obtain the certificate.
  4. Compare the retrieved certificate with the embedded certificate.
Correct answer: C
Question 2
A web application server is running a legacy operating system with an unpatched RCE vulnerability. The server cannot be upgraded until the corresponding application code is changed. Which of the following compensating controls would best prevent successful exploitation?
  1. Segmentation
  2. CASB
  3. HIPS
  4. UEBA
Correct answer: A
Question 3
An organization's board of directors has asked the Chief Information Security Officer to build a third-party management program. Which of the following best explains a reason for this request?
  1. Risk transference
  2. Supply chain visibility
  3. Support availability
  4. Vulnerability management
Correct answer: B
Question 4
The company's client service team is receiving a large number of inquiries from clients regarding a new vulnerability. Which of the following would provide the customer service team with a consistent message to deliver directly to clients?
  1. Communication plan
  2. Response playbook
  3. Disaster recovery procedure
  4. Automated runbook
Correct answer: B
Question 5
An organization wants to implement an access control system based on its data classification policy that includes the following data types:
  • Confidential 
  • Restricted 
  • Internal 
  • Public Flag for Review 
The access control system should support SSO federation to map users into groups. Each group should only access systems that process and store data at the classification assigned to the group. Which of the following should the organization implement to enforce its requirements with a minimal impact to systems and resources?
  1. A tagging strategy in which all resources are assigned a tag based on the data classification type, and a system that enforces attribute-based access control
  2. Role-based access control that maps data types to internal roles, which are defined in the human resources department's source of truth system
  3. Network microsegmentation based on data types, and a network access control system enforcing mandatory access control based on the user principal
  4. A rule-based access control strategy enforced by the SSO system with rules managed by the internal LDAP and applied on a per-system basis
Correct answer: A
Question 6
A retail organization wants to properly test and verify its capabilities to detect and/or prevent specific TTPs as mapped to the MITRE ATTACK framework specific to APTs. Which of the following should be used by the organization to accomplish this goal?
  1. Tabletop exercise
  2. Penetration test
  3. Sandbox detonation
  4. Honeypot
Correct answer: B
Question 7
A systems administrator is working with the SOC to identify potential intrusions associated with ransomware. The SOC wants the systems administrator to perform network-level analysis to identify outbound traffic from any infected machines. Which of the following is the most appropriate action for the systems administrator to take?
  1. Monitor for IoCs associated with C&C communications.
  2. Tune alerts to Identify changes to administrative groups.
  3. Review NetFlow logs for unexpected increases in egress traffic.
  4. Perform binary hash comparisons to identify infected devices.
Correct answer: C
Question 8
Which of the following is the best way to protect the website browsing history for an executive who travels to foreign countries where internet usage is closely monitored?
  1. DOH
  2. EAP-TLS
  3. Geofencing
  4. Private browsing mode
Correct answer: A
Question 9
A programmer is reviewing the following proprietary piece of code that was identified as a vulnerability due to users being authenticated when they provide incorrect credentials:
Which of the following should the programmer implement to remediate the code vulnerability?
  1. Salted hashing via the proprietary SHASH function
  2. Input validation in the first two lines of code
  3. Atomic execution of subroutines
  4. TOCTOU remediation in SET USERACL
  5. Database connection over encrypted channels
Correct answer: B
Question 10
A security engineer receives reports through the organization's bug bounty program about remote code execution in a specific component in a custom application. Management wants to properly secure the component and proactively avoid similar issues. Which of the following is the best approach to uncover additional vulnerable paths in the application?
  1. Leverage an exploitation framework to uncover vulnerabilities.
  2. Use fuzz testing to uncover potential vulnerabilities in the application.
  3. Utilize a software composition analysis tool to report known vulnerabilities.
  4. Reverse engineer the application to look for vulnerable code paths.
  5. Analyze the use of an HTTP intercepting proxy to dynamically uncover issues.
Correct answer: B
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!