CAS-005

Practice CAS-005 Exam

Is it difficult for you to decide to purchase CompTIA CAS-005 exam dumps questions? CertQueen provides FREE online CompTIA SecurityX Certification Exam CAS-005 exam questions below, and you can test your CAS-005 skills first, and then decide whether to buy the full version or not. We promise you get the following advantages after purchasing our CAS-005 exam dumps questions.
1.Free update in ONE year from the date of your purchase.
2.Full payment fee refund if you fail CAS-005 exam with the dumps

 

 Full CAS-005 Exam Dump Here

Latest CAS-005 Exam Dumps Questions

The dumps for CAS-005 exam was last updated on Dec 12,2025 .

Viewing page 1 out of 12 pages.

Viewing questions 1 out of 64 questions

Question#1

A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution.
Which of the following most likely explains the choice to use a proxy-based CASB?

A. The capability to block unapproved applications and services is possible
B. Privacy compliance obligations are bypassed when using a user-based deployment.
C. Protecting and regularly rotating API secret keys requires a significant time commitment
D. Corporate devices cannot receive certificates when not connected to on-premises devices

Explanation:
A proxy-based Cloud Access Security Broker (CASB) is chosen primarily for its ability to block unapproved applications and services.
Here ’ s why:
Application and Service Control: Proxy-based CASBs can monitor and control the use of applications and services by inspecting traffic as it passes through the proxy. This allows the organization to enforce policies that block unapproved applications and services, ensuring compliance with security policies.
Visibility and Monitoring: By routing traffic through the proxy, the CASB can provide detailed visibility into user activities and data flows, enabling better monitoring and threat detection.
Real-Time Protection: Proxy-based CASBs can provide real-time protection against threats by analyzing and controlling traffic before it reaches the end user, thus preventing the use of risky applications and services.
Reference: CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-125: Guide to Security for Full Virtualization Technologies
Gartner CASB Market Guide

Question#2

A security engineer is developing a solution to meet the following requirements?
• All endpoints should be able to establish telemetry with a SIEM.
• All endpoints should be able to be integrated into the XDR platform.
• SOC services should be able to monitor the XDR platform
Which of the following should the security engineer implement to meet the requirements?

A. CDR and central logging
B. HIDS and vTPM
C. WAF and syslog
D. HIPS and host-based firewall

Explanation:
To meet the requirements of having all endpoints establish telemetry with a SIEM, integrate into an XDR platform, and allow SOC services to monitor the XDR platform, the best approach is to implement Host Intrusion Prevention Systems (HIPS) and a host-based firewall. HIPS can provide detailed telemetry data to the SIEM and can be integrated into the XDR platform for comprehensive monitoring and response. The host-based firewall ensures that only authorized traffic is allowed, providing an additional layer of security.
Reference: CompTIA SecurityX Study Guide: Describes the roles of HIPS and host-based firewalls in endpoint security and their integration with SIEM and XDR platforms.
NIST Special Publication 800-94, "Guide to Intrusion Detection and Prevention Systems (IDPS)":
Highlights the capabilities of HIPS for security monitoring and incident response.
"Network Security Monitoring" by Richard Bejtlich: Discusses the integration of various security tools, including HIPS and firewalls, for effective security monitoring.

Question#3

A company designs policies and procedures for hardening containers deployed in the production environment. However, a security assessment reveals that deployed containers are not complying with the security baseline.
Which of the following solutions best addresses this issue throughout early life-cycle stages?

A. Installing endpoint agents on each container and setting them to report when configurations drift from the baseline
B. Finding hardened container images and enforcing them as the baseline for new deployments
C. Creating a pipeline to check the containers through security gates and validating the baseline controls before the final deployment
D. Running security assessments regularly and checking for the security baseline on containers already in production

Explanation:
SecurityX CAS-005 secure DevOps guidance recommends integrating security controls into the CI/CD pipeline. By validating container security baselines at security gates before deployment, noncompliant builds are stopped early, ensuring consistency across environments.
Option B is useful but does not ensure compliance if changes are made after image creation.
Option A detects drift but only after deployment.
Option D is reactive and does not prevent insecure deployments.

Question#4

An audit finding reveals that a legacy platform has not retained loos for more than 30 days The platform has been segmented due to its interoperability with newer technology. As a temporary solution, the IT department changed the log retention to 120 days.
Which of the following should the security engineer do to ensure the logs are being properly retained?

A. Configure a scheduled task nightly to save the logs
B. Configure event-based triggers to export the logs at a threshold.
C. Configure the SIEM to aggregate the logs
D. Configure a Python script to move the logs into a SQL database.

Explanation:
To ensure that logs from a legacy platform are properly retained beyond the default retention period, configuring the SIEM to aggregate the logs is the best approach. SIEM solutions are designed to collect, aggregate, and store logs from various sources, providing centralized log management and
retention. This setup ensures that logs are retained according to policy and can be easily accessed for analysis and compliance purposes.
Reference: CompTIA SecurityX Study Guide: Discusses the role of SIEM in log management and retention.
NIST Special Publication 800-92, "Guide to Computer Security Log Management": Recommends the use of centralized log management solutions, such as SIEM, for effective log retention and analysis.
"Security Information and Event Management (SIEM) Implementation" by David Miller: Covers best practices for configuring SIEM systems to aggregate and retain logs from various sources.

Question#5

Which of the following is the security engineer most likely doing?


A. Assessing log in activities using geolocation to tune impossible Travel rate alerts
B. Reporting on remote log-in activities to track team metrics
C. Threat hunting for suspicious activity from an insider threat
D. Baselining user behavior to support advanced analytics

Explanation:
In the given scenario, the security engineer is likely examining login activities and their associated geolocations. This type of analysis is aimed at identifying unusual login patterns that might indicate an impossible travel scenario. An impossible travel scenario is when a single user account logs in from geographically distant locations in a short time, which is physically impossible. By assessing login activities using geolocation, the engineer can tune alerts to identify and respond to potential security breaches more effectively.

Exam Code: CAS-005         Q & A: 327 Q&As         Updated:  Dec 12,2025

 

 Full CAS-005 Exam Dumps Here

Exam Code: CAS-005
Q & A: 327 Q&As
Updated:  Dec 12,2025

 

 About CAS-005 Dumps

TOP Exams