CAS-005 Exam Dumps : CompTIA SecurityX Certification Exam

In a Discretionary Access Control (DAC) model, the data owner or an assigned stakeholder has the authority to determine who can access resources. SecurityX CAS-005 IAM objectives describe DAC as user- or owner-controlled, where permissions can be granted or revoked at the owner’s discretion.

In this scenario, because permissions from the legacy system could not be migrated, multiple stakeholders were made responsible for assigning and managing access—matching the DAC model’s characteristics.

Option A relates to outsourcing, which does not define an access control model.

Option C is about authentication limitations, unrelated to the choice of DAC.

Option D describes backup responsibilities, which are operational tasks, not access control.

The situation where several employees were contacted by the same individual impersonating a recruiter best describes aspear-phishing campaign. Here’s why:

Targeted Approach: Spear-phishing involves targeting specific individuals within an organization with personalized and convincing messages to trick them into divulging sensitive information or performing actions that compromise security.

Impersonation: The use of impersonation, in this case, a recruiter, is a common tactic in spear-phishing to gain the trust of the targeted individuals and increase the likelihood of a successful attack.

Correlated Contacts: The fact that several employees were contacted by the same individual suggests a coordinated effort to breach the organization’s security by targeting multiple points of entry through social engineering.