CAS-005 Exam Dumps : CompTIA SecurityX Certification Exam

The scenario involves replacing an on-premises VPN solution, which has a zero-day vulnerability, with cloud-hosted resources while ensuring trusted connectivity. Trusted connectivity in a cloud environment implies secure, scalable, and modern access control that goes beyond traditional VPNs. Let’s analyze the options:

A. Container orchestration: This refers to managing and automating containerized workloads (e.g., Kubernetes). While useful for application deployment, it doesn’t directly address secure connectivity to cloud resources.

B. Microsegmentation: This involves creating fine-grained security policies within a network to limit lateral movement. It’s valuable for internal security but isn’t a complete solution for trusted connectivity to cloud-hosted resources.

C. Conditional access: This ensures access based on conditions (e.g., user identity, device health). It’s relevant for identity management but lacks the broader networking and security scope needed here.

The beststrategy for securely managing cryptographic material is to use a Hardware Security Module (HSM). Here’s why:

Security and Integrity: HSMs are specialized hardware devices designed to protect and manage digital keys. They provide high levels of physical and logical security, ensuring that cryptographic material is well protected against tampering and unauthorized access.

Centralized Key Management: Using HSMs allows for centralized management of cryptographic keys, reducing the risks associated with decentralized and potentially insecure key storage practices, such as on personal laptops.

Compliance and Best Practices: HSMs comply with various industry standards and regulations (such as FIPS 140-2) for secure key management. This ensures that the organization adheres to best practices and meets compliance requirements.

The best answer is C. Correlating based on source field in batches of time . To identify trends in SIEM data, the analyst should group related events over a time window and correlate them around a common field. In this excerpt, user1 appears repeatedly across multiple alert types, including unusual authentication, access to sensitive resources, and elevated risk score. That pattern is exactly the sort of repeated behavior that becomes visible when events are correlated by source over time. CompTIA’s official SecurityX objectives in the Security Operations domain include “Data analysis: indicators of malicious activity, trend analysis, statistics, and deduplication/correlation.” That objective language directly supports this answer.

Why the other options are not best:

A narrows only one rule window and does not systematically identify trends across multiple event types. B may reduce volume, but reduction alone does not reveal trends. D is risky because noisy rules might still provide useful context, and disabling them based only on total daily alerts can hide meaningful multi-event patterns. The practical, operational ap proach is to correlate records by a shared field such as source/user across time batches so repeated suspicious behavior stands out.