CAS-005 Exam Dumps : CompTIA SecurityX Certification Exam

The best solution is to provide a hash of all data made available (D). Hashing ensures the integrity of the threat intelligence data provided to customers. Clients can verify that the data received via API matches the published hash, ensuring no tampering occurred in transit or at rest. This supports customer trust and aligns with the objective of protecting data integrity while maintaining availability.

Option A (API secret keys) improves authentication and reduces attack surface but does not address integrity or compute efficiency. Option B (publishing IoCs publicly) increases attack surface and reduces control over distribution, which conflicts with security objectives. Option C (rate limiting) helps availability and cost control but does not guarantee data integrity.

By providing hashes, the company ensures customers can validate authenticity regardless of delivery method, reducing the risk of manipulated IoCs. This approach also minimizes compute spend since hashing is lightweight compared to continuous verification processes.

Therefore, the strongest alignment with all stated objectives—availability, reduced spend, reduced attack surface, and integrity—is achieved by providing hashes of all threat intelligence data.

The error message reveals sensitive details (hostnames, database names, table names), constitutinginformation disclosure. This aids attackers in reconnaissance. Mitigation involves modifying the application to display generic error messages (e.g., “An error occurred”) instead of specifics.

Option A:Unsecure references suggest coding flaws, but this is a configuration/output issue, not input sanitization.

Option B:Unsecure protocols and HttpOnly cookies relate to session security, not error handling.

Option C:Correct—information disclosure is the issue; generic errors mitigate it.

Option D:No evidence of SQL injection (e.g., manipulated input); upgrading the database doesn’t address disclosure.

Theregulated lab environment (Yes)shares the same VLAN (10.2.0.0/22) withusers, creatingzone traversalrisk from unregulated zones to sensitive datanetworks.

This allows pivoting and lateral movement from non-regulated user devices into regulated lab environments — a classiczone boundary violation.

Zone traversal should be mitigated with segmentation and firewall enforcement.

FromCAS-005, Domain 2: Risk Management and Mitigation Strategies:

“Zone traversal occurs when segmentation boundaries are misconfigured or merged, leading to regulatory and risk compliance failures.”