SecurityX CAS-005 CompTIA Study Notes

CompTIA SecurityX Certification Exam Questions and Answers

Question 21

Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network A network engineer observes the following:

• Users should be redirected to the captive portal.

• The Motive portal runs Tl. S 1 2

• Newer browser versions encounter security errors that cannot be bypassed

• Certain websites cause unexpected re directs

Which of the following mow likely explains this behavior?

Options:

The TLS ciphers supported by the captive portal ate deprecated

Employment of the HSTS setting is proliferating rapidly.

Allowed traffic rules are causing the NIPS to drop legitimate traffic

An attacker is redirecting supplicants to an evil twin WLAN.

Question 22

A security analyst wants to use lessons learned from a poor incident response to reduce dwell lime in the future The analyst is using the following data points

Which of the following would the analyst most likely recommend?

Options:

Adjusting the SIEM to alert on attempts to visit phishing sites

Allowing TRACE method traffic to enable better log correlation

Enabling alerting on all suspicious administrator behavior

utilizing allow lists on the WAF for all users using GFT methods

Answer:

Explanation:

In the context of improving incident response and reducing dwell time, the security analyst needs to focus on proactive measures that can quickly detect and alert on potential security breaches. Here’s a detailed analysis of the options provided:

A. Adjusting the SIEM to alert on attempts to visit phishing sites: While this is a useful measure to prevent phishing attacks, it primarily addresses external threats and doesn’t directly impact dwell time reduction, which focuses on the time a threat remains undetected within a network.

B. Allowing TRACE method traffic to enable better log correlation: The TRACE method in HTTP is used for debugging purposes, but enabling it can introduce security vulnerabilities. It’s not typically recommended for enhancing security monitoring or incident response.

C. Enabling alerting on all suspicious administrator behavior: This option directly targets the potential misuse of administrator accounts, which are often high-value targets for attackers. By monitoring and alerting on suspicious activities from admin accounts, the organization can quickly identify and respond to potential breaches, thereby reducing dwell time significantly. Suspicious behavior could include unusual login times, access to sensitive data not usually accessed by the admin, or any deviation from normal behavior patterns. This proactive monitoring is crucial for quick detection and response, aligning well with best practices in incident response.

D. Utilizing allow lists on the WAF for all users using GET methods: This measure is aimed at restricting access based on allowed lists, which can be effective in preventing unauthorized access but doesn’t specifically address the need for quick detection and response to internal threats.

[References:, CompTIA SecurityX Study Guide: Emphasizes the importance of monitoring and alerting on admin activities as part of a robust incident response plan., NIST Special Publication 800-61 Revision 2,"Computer Security Incident Handling Guide": Highlights best practices for incident response, including the importance of detecting and responding to suspicious activities quickly., "Incident Response & Computer Forensics" by Jason T. Luttgens, Matthew Pepe, and Kevin Mandia: Discusses techniques for reducing dwell time through effective monitoring and alerting mechanisms, particularly focusing on privileged account activities., By focusing on enabling alerting for suspicious administrator behavior, the security analyst addresses a critical area that can help reduce the time a threat goes undetected, thereby improving the overall security posture of the organization., Top of Form, Bottom of Form, , , , ]

Question 23

An organization plans to deploy new software. The project manager compiles a list of roles that will be involved in different phases of the deployment life cycle. Which of the following should the project manager use to track these roles?

Options:

CMDB

Recall tree

ITIL

RACI matrix

Question 24

Embedded malware has been discovered in a popular PDF reader application and is currently being exploited in the wild. Because the supply chain was compromised, this malware is present in versions 10.0 through 10.3 of the software's official versions. The malware is not present in version 10.4.

Since the details around this malware are still emerging, the Chief Information Security Officer has asked the senior security analyst to collaborate with the IT asset inventory manager to find instances of the installed software in order to begin response activities. The asset inventory manager has asked an analyst to provide a regular expression that will identify the affected versions. The software installation entries are formatted as follows:

Reader 10.0

Reader 10.1

Reader 10.2

Reader 10.3

Reader 10.4

Which of the following regular expression entries will accuratelyidentify all the affected versions?

Options:

Reader(*)[1][0].[0-4:

Reader[11[01X.f0-3'

Reader( )[1][0].[0-3:

Reader( )[1][0] X.[1-3:

Summer Special - Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: top65certs

CompTIA SecurityX Certification Exam Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

CompTIA

Fortinet

Microsoft

Salesforce