Download CompTIA SecurityX Certification.CAS-005.ExamTopics.2026-05-30.196q.vcex

Vendor: CompTIA
Exam Code: CAS-005
Exam Name: CompTIA SecurityX Certification
Date: May 30, 2026
File Size: 5 MB
Download Exam

How to open VCEX files?

Files with VCEX extension can be opened by ProfExam Simulator.

Download
ProfExam Simulator

Purchase
Coupon: TAURUSSIM_20OFF

Discount: 20%

ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator ProfExam Simulator

Demo Questions

Question 1
A security officer is requiring all personnel working on a special project to obtain a security clearance requisite with the level of all information being accessed. Data on this network must be protected at the same level of each clearance holder. The need to know must be verified by the data owner. Which of the following should the security officer do to meet these requirements?
  1. Create a rule to authorize personnel only from certain IPs to access the files.
  2. Assign labels to the files and require formal access authorization.
  3. Assign attributes to each file and allow authorized users to share the files.
  4. Assign roles to users and authorize access to files based on the roles.
Correct answer: B
Question 2
A company hired a third-party consultant to run a cybersecurity incident simulation in order to identify security gaps and prepare stakeholders for a potential incident. Which of the following best describes this activity?
  1. Tabletop exercise
  2. Walk-through review
  3. Lessons learned
  4. Business impact analysis
Correct answer: A
Question 3
A security architect wants to ensure a remote host's identity and decides that pinning the X.509 certificate to the device is the most effective solution. Which of the following must happen first?
  1. Use Distinguished Encoding Rules (DER) for the certificate.
  2. Extract the private key from the certificate.
  3. Use an out-of-band method to obtain the certificate.
  4. Compare the retrieved certificate with the embedded certificate.
Correct answer: C
Question 4
A security analyst identified a vulnerable and deprecated runtime engine that Is supporting a public-facing banking application. The developers anticipate the transition to modern development environments will take at least a month. Which of the following controls would best mitigate the risk without interrupting the service during the transition?
  1. Shutting down the systems until the code is ready
  2. Uninstalling the impacted runtime engine
  3. Selectively blocking traffic on the affected port
  4. Configuring IPS and WAF with signatures
Correct answer: D
Question 5
A web application server is running a legacy operating system with an unpatched RCE vulnerability. The server cannot be upgraded until the corresponding application code is changed. Which of the following compensating controls would best prevent successful exploitation?
  1. Segmentation
  2. CASB
  3. HIPS
  4. UEBA
Correct answer: A
Question 6
Which of the following items should be included when crafting a disaster recovery plan?
  1. Redundancy
  2. Testing exercises
  3. Autoscaling
  4. Competitor locations
Correct answer: B
Question 7
An organization's board of directors has asked the Chief Information Security Officer to build a third-party management program. Which of the following best explains a reason for this request?
  1. Risk transference
  2. Supply chain visibility
  3. Support availability
  4. Vulnerability management
Correct answer: B
Question 8
An incident response team completed recovery from offline backup for several workstations. The workstations were subjected to a ransomware attack after users fell victim to a spear-phishing campaign, despite a robust training program. Which of the following questions should be considered during the lessons-learned phase to most likely reduce the risk of reoccurrence? (Choose two.)
  1. Are there opportunities for legal recourse against the originators of the spear-phishing campaign?
  2. What internal and external stakeholders need to be notified of the breach?
  3. Which methods can be implemented to increase speed of offline backup recovery?
  4. What measurable user behaviors were exhibited that contributed to the compromise?
  5. Which technical controls, if implemented, would provide defense when user training fails?
  6. Which user roles are most often targeted by spear phishing attacks?
Correct answer: D, E
Question 9
The company's client service team is receiving a large number of inquiries from clients regarding a new vulnerability. Which of the following would provide the customer service team with a consistent message to deliver directly to clients?
  1. Communication plan
  2. Response playbook
  3. Disaster recovery procedure
  4. Automated runbook
Correct answer: B
Question 10
An organization wants to implement an access control system based on its data classification policy that includes the following data types:
  • Confidential 
  • Restricted 
  • Internal 
  • Public Flag for Review 
The access control system should support SSO federation to map users into groups. Each group should only access systems that process and store data at the classification assigned to the group. Which of the following should the organization implement to enforce its requirements with a minimal impact to systems and resources?
  1. A tagging strategy in which all resources are assigned a tag based on the data classification type, and a system that enforces attribute-based access control
  2. Role-based access control that maps data types to internal roles, which are defined in the human resources department's source of truth system
  3. Network microsegmentation based on data types, and a network access control system enforcing mandatory access control based on the user principal
  4. A rule-based access control strategy enforced by the SSO system with rules managed by the internal LDAP and applied on a per-system basis
Correct answer: A
Question 11
A company that provides services to clients who work with highly sensitive data would like to provide assurance that the data's confidentiality is maintained in a dynamic, low-risk environment. Which of the following would best achieve this goal? (Choose two.)
  1. Install a SOAR on all endpoints.
  2. Hash all files.
  3. Install SIEM within a SOC.
  4. Encrypt all data and files at rest, in transit, and in use.
  5. Configure SOAR to monitor and intercept files and data leaving the network.
  6. Implement file integrity monitoring.
Correct answer: D, F
CONNECT US
HOW TO OPEN VCE FILES

Use VCE Exam Simulator to open VCE files
Avanaset

HOW TO OPEN VCEX FILES

Use ProfExam Simulator to open VCEX files
ProfExam Screen

ProfExam
ProfExam at a 20% markdown

You have the opportunity to purchase ProfExam at a 20% reduced price

Get Now!