2025年最新の更新のCompTIA CASPが有効なCAS-005問題集を無料提供しています [Q96-Q114]

Share

2025年最新の更新のCompTIA CASPが有効なCAS-005問題集を無料提供しています

最新のFast2test CAS-005PDF問題集をダウンロードしちゃおう:https://jp.fast2test.com/CAS-005-premium-file.html(232問題と解答)

質問 # 96
A manufacturing plant is updating its IT services. During discussions, the senior management team created the following list of considerations:
- Staff turnover is high and seasonal.
- Extreme conditions often damage endpoints.
- Losses from downtime must be minimized.
- Regulatory data retention requirements exist.
Which of the following best addresses the considerations?

  • A. Maintaining an inventory of spare endpoints for rapid deployment
  • B. Deploying redundant file servers and configuring database journaling
  • C. Establishing further environmental controls to limit equipment damage
  • D. Using a non-persistent virtual desktop interface with thin clients

正解:D


質問 # 97
A company that relies on an COL system must keep it operating until a new solution is available.
Which of the following is the most secure way to meet this goal?

  • A. Placing the system in a screened subnet and blocking access from internal resources
  • B. Enforcing strong credentials and improving monitoring capabilities
  • C. Restricting system access to perform necessary maintenance by the IT team
  • D. Isolating the system and enforcing firewall rules to allow access to only required endpoints

正解:D

解説:
To ensure the most secure way of keeping a legacy system (COL) operating until a new solution is available, isolating the system and enforcing strict firewall rules is the best approach. This method minimizes the attack surface by restricting access to only the necessary endpoints, thereby reducing the risk of unauthorized access and potential security breaches. Isolating the system ensures that it is not exposed to the broader network, while firewall rules control the traffic that can reach the system, providing a secure environment until a replacement is implemented.


質問 # 98
A security configure is building a solution to disable weak CBC configuration for remote access connections lo Linux systems. Which of the following should the security engineer modify?

  • A. The /etc/hosts file, updating the IP parameter
  • B. The /etc/nsswith.conf file, updating the name server
  • C. The /etc/openssl.conf file, updating the virtual site parameter
  • D. The /etc/etc/sshd, configure file updating the ciphers

正解:D

解説:
The sshd_config file is the main configuration file for the OpenSSH server. To disable weak CBC (Cipher Block Chaining) ciphers for SSH connections, the security engineer should modify the sshd_config file to update the list of allowed ciphers. This file typically contains settings for the SSH daemon, including which encryption algorithms are allowed.
By editing the /etc/ssh/sshd_config file and updating the Ciphers directive, weak ciphers can be removed, and only strong ciphers can be allowed. This change ensures that the SSH server does not use insecure encryption methods.
References:
* CompTIA Security+ Study Guide
* OpenSSH manual pages (man sshd_config)
* CIS Benchmarks for Linux


質問 # 99
A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?

  • A. installing a firewall and making it the network core
  • B. Deploying a VPN to prevent remote locations from accessing server VLANs
  • C. Configuring a SASb solution to restrict users to server communication
  • D. Implementing microsegmentation on the server VLANs

正解:D

解説:
The best solution to harden a three-tier environment (web, database, and application servers) is to implement microsegmentation on the server VLANs. Here's why:
* Enhanced Security: Microsegmentation creates granular security zones within the data center, allowing for more precise control over east-west traffic between servers. This helps prevent lateral movement by attackers who may gain access to one part of the network.
* Isolation of Tiers: By segmenting the web, database, and application servers, the organization can apply specific security policies and controls to each segment, reducing the risk of cross-tier attacks.
* Compliance and Best Practices: Microsegmentation aligns with best practices for network security and helps meet compliance requirements by ensuring that sensitive data and systems are properly isolated and protected.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-125: Guide to Security for Full Virtualization Technologies
* CIS Controls: Control 12 - Boundary Defense


質問 # 100
A company plans to implement a research facility with intellectual property data that should be protected. The following is the security diagram proposed by the security architect:

Which of the following security architect models is illustrated by the diagram?

  • A. Agent based security model
  • B. Perimeter protection security model
  • C. Identity and access management model
  • D. Zero Trust security model

正解:D

解説:
The security diagram proposed by the security architect depicts a Zero Trust security model. Zero Trust is a security framework that assumes all entities, both inside and outside the network, cannot be trusted and must be verified before gaining access to resources.
Key Characteristics of Zero Trust in the Diagram:
Role-based Access Control: Ensures that users have access only to the resources necessary for their role.
Mandatory Access Control: Additional layer of security requiring authentication for access to sensitive areas.
Network Access Control: Ensures that devices meet security standards before accessing the network.
Multi-factor Authentication (MFA): Enhances security by requiring multiple forms of verification.
This model aligns with the Zero Trust principles of never trusting and always verifying access requests, regardless of their origin.


質問 # 101
A security engineer is reviewing the following piece of code for an internally developed web application that allows employees to manipulate documents from a number of internal servers.
Users can specify the document to be parsed by passing the document URL to the application as a parameter. The application then executes the following Python call: response = requests.get(url) The engineer wants to improve the security of the application before deployment. Which of the following is the best to implement?

  • A. A WAF
  • B. Output encoding
  • C. A code scanner
  • D. Indexing

正解:A


質問 # 102
A company migrated a critical workload from its data center to the cloud. The workload uses a very large data set that requires computational-intensive data processing. The business unit that uses the workload is projecting the following growth pattern:
- Storage requirements will double every six months.
- Computational requirements will fluctuate throughout the year.
- Average computational requirements will double every year.
Which of the following should the company do to address the business unit's requirements?

  • A. Implement a load balancer for computing and storage resources.
  • B. Combine compute and storage in vertically autoscaling mode.
  • C. Plan for a horizontally scaling computing and storage infrastructure.
  • D. Deploy a cloud-based CDN for storage and a load balancer for compute.

正解:C


質問 # 103
A security engineer is reviewing the results of an annual penetration test. The report lists one of the results as "critical severity" on several domain-joined workstations:
SSL/TLS Weak Protocols Supported TLS 1.0, TLS 1.1
Which of the following should the security engineer implement to remediate this finding in the most centralized manner?

  • A. A GPO to disable weak protocols in the Schannel hive
  • B. A PowerShell script to disable weak protocols in the HKLM Schannel hive
  • C. An SCCM patch to disable weak protocols in the Schannel hive
  • D. A registry script to disable weak protocols in the Schannel hive

正解:A


質問 # 104
After an incident response exercise, a security administrator reviews the following table:

Which of the following should the administrator do to beat support rapid incident response in the future?

  • A. Automate alerting to IT support for phone system outages.
  • B. Configure automated Isolation of human resources systems
  • C. Send emails for failed log-In attempts on the public website
  • D. Enable dashboards for service status monitoring

正解:D

解説:
Enabling dashboards for service status monitoring is the best action to support rapid incident response. The table shows various services with different risk, criticality, and alert severity ratings. To ensure timely and effective incident response, real-time visibility into the status of these services is crucial.
Why Dashboards for Service Status Monitoring?
Real-time Visibility: Dashboards provide an at-a-glance view of the current status of all critical services, enabling rapid detection of issues.
Centralized Monitoring: A single platform to monitor the status of multiple services helps streamline incident response efforts.
Proactive Alerting: Dashboards can be configured to show alerts and anomalies immediately, ensuring that incidents are addressed as soon as they arise.
Improved Decision Making: Real-time data helps incident response teams make informed decisions quickly, reducing downtime and mitigating impact.


質問 # 105
An organization wants to create a threat model to identity vulnerabilities in its infrastructure. Which of the following, should be prioritized first?

  • A. Internal infrastructure with high-seventy and Known exploited vulnerabilities
  • B. External facing Infrastructure with a low risk score and no known exploited vulnerabilities
  • C. External-facing Infrastructure with known exploited vulnerabilities
  • D. External-facing infrastructure with a high risk score that can only be exploited with local access to the resource

正解:C

解説:
When creating a threat model to identify vulnerabilities in an organization's infrastructure, prioritizing external-facing infrastructure with known exploited vulnerabilities is critical. Here's why:
* Exposure to Attack: External-facing infrastructure is directly exposed to the internet, making it a primary target for attackers. Any vulnerabilities in this layer pose an immediate risk to the organization's security.
* Known Exploited Vulnerabilities: Vulnerabilities that are already known and exploited in the wild are of higher concern because they are actively being used by attackers. Addressing these vulnerabilities reduces the risk of exploitation significantly.
* Risk Mitigation: By prioritizing external-facing infrastructure with known exploited vulnerabilities, the organization can mitigate the most immediate and impactful threats, thereby improving overall security posture.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-30: Guide for Conducting Risk Assessments
* OWASP Threat Modeling Cheat Sheet


質問 # 106
Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole. Which of the following is the best way to achieve this goal? (Choose two.)

  • A. Reviewing the privacy policies currently adopted by Company B
  • B. Documenting third-party connections used by Company B
  • C. Implementing DLP controls preventing sensitive data from leaving Company B's network
  • D. Forcing a password reset requiring more stringent passwords for users on Company B's network
  • E. Requiring data sensitivity labeling tor all files shared with Company B
  • F. Performing an architectural review of Company B's network

正解:B、F

解説:
To determine how the acquisition of Company B will impact the attack surface, the following steps are crucial:
Documenting third-party connections used by Company B: Understanding all external connections is essential for assessing potential entry points for attackers and ensuring that these connections are secure.
Performing an architectural review of Company B's network: This review will identify vulnerabilities and assess the security posture of the acquired company's network, providing a comprehensive understanding of the new attack surface. These actions will provide a clear picture of the security implications of the acquisition and help in developing a plan to mitigate any identified risks.


質問 # 107
A security operations engineer needs to prevent inadvertent data disclosure when encrypted SSDs are reused within an enterprise. Which of the following is the most secure way to achieve this goal?

  • A. Wiping the SSD through degaussing
  • B. Writing non-zero, random data to all cells of the SSD
  • C. Executing a script that deletes and overwrites all data on the SSD three times
  • D. Securely deleting the encryption keys used by the SSD

正解:D

解説:
The most secure way to prevent inadvertent data disclosure when encrypted SSDs are reused is to securely delete the encryption keys used by the SSD. Without the encryption keys, the data on the SSD remains encrypted and is effectively unreadable, rendering any residual data useless. This method is more reliable and efficient than overwriting data multiple times or using other physical destruction methods.
References:
* CompTIA SecurityX Study Guide: Highlights the importance of managing encryption keys and securely deleting them to protect data.
* NIST Special Publication 800-88, "Guidelines for Media Sanitization": Recommends cryptographic erasure as a secure method for sanitizing encrypted storage devices.


質問 # 108
A global manufacturing company has an internal application mat is critical to making products This application cannot be updated and must Be available in the production area A security architect is implementing security for the application. Which of the following best describes the action the architect should take-?

  • A. Create a separate network for users who need access to the application
  • B. Disallow wireless access to the application.
  • C. Deploy Intrusion detection capabilities using a network tap
  • D. Create an acceptable use policy for the use of the application

正解:A

解説:
Creating a separate network for users who need access to the application is the best action to secure an internal application that is critical to the production area and cannot be updated.
Why Separate Network?
* Network Segmentation: Isolates the critical application from the rest of the network, reducing the risk of compromise and limiting the potential impact of any security incidents.
* Controlled Access: Ensures that only authorized users have access to the application, enhancing security and reducing the attack surface.
* Minimized Risk: Segmentation helps in protecting the application from vulnerabilities that could be exploited from other parts of the network.
Other options, while beneficial, do not provide the same level of security for a critical application:
* A. Disallow wireless access: Useful but does not provide comprehensive protection.
* B. Deploy intrusion detection capabilities using a network tap: Enhances monitoring but does not provide the same level of isolation and control.
* C. Create an acceptable use policy: Important for governance but does not provide technical security controls.
References:
* CompTIA SecurityX Study Guide
* NIST Special Publication 800-125, "Guide to Security for Full Virtualization Technologies"
* "Network Segmentation Best Practices," Cisco Documentation


質問 # 109
A company's security policy states that any publicly available server must be patched within 12 hours after a patch is released A recent llS zero-day vulnerability was discovered that affects all versions of the Windows Server OS:

Which of the following hosts should a security analyst patch first once a patch is available?

  • A. 0
  • B. 1
  • C. 2
  • D. 3
  • E. 4
  • F. 5

正解:E

解説:
Based on the security policy that any publicly available server must be patched within 12 hours after a patch is released, the security analyst should patch Host 1 first. Here's why:
* Public Availability: Host 1 is externally available, making it accessible from the internet. Publicly available servers are at higher risk of being targeted by attackers, especially when a zero-day vulnerability is known.
* Exposure to Threats: Host 1 has IIS installed and is publicly accessible, increasing its exposure to potential exploitation. Patching this host first reduces the risk of a successful attack.
* Prioritization of Critical Assets: According to best practices, assets that are exposed to higher risks should be prioritized for patching to mitigate potential threats promptly.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-40: Guide to Enterprise Patch Management Technologies
* CIS Controls: Control 3 - Continuous Vulnerability Management


質問 # 110
A compliance officer is reviewing the data sovereignty laws in several countries where the organization has no presence Which of the following is the most likely reason for reviewing these laws?

  • A. The organization is performing due diligence of potential tax issues.
  • B. The organization is concerned with new regulatory enforcement in other countries
  • C. The organization has been subject to legal proceedings in countries where it has a presence.
  • D. The organization has suffered brand reputation damage from incorrect media coverage

正解:B

解説:
Reviewing data sovereignty laws in countries where the organization has no presence is likely due to concerns about regulatory enforcement. Data sovereignty laws dictate how data can be stored, processed, and transferred across borders. Understanding these laws is crucial for compliance, especially if the organization handles data that may be subject to foreign regulations.
* A. The organization is performing due diligence of potential tax issues: This is less likely as tax issues are generally not directly related to data sovereignty laws.
* B. The organization has been subject to legal proceedings in countries where it has a presence:
While possible, this does not explain the focus on countries where the organization has no presence.
* C. The organization is concerned with new regulatory enforcement in other countries: This is the
* most likely reason. New regulations could impact the organization's operations, especially if they involve data transfers or processing data from these countries.
* D. The organization has suffered brand reputation damage from incorrect media coverage: This is less relevant to the need for reviewing data sovereignty laws.
References:
* CompTIA Security+ Study Guide
* GDPR and other global data protection regulations
* "Data Sovereignty: The Future of Data Protection?" by Mark Burdon


質問 # 111
A network engineer must ensure that always-on VPN access is enabled Curt restricted to company assets Which of the following best describes what the engineer needs to do''

  • A. Add the VPN hostname as a SAN entry on the root certificate
  • B. Create a wildcard certificate for connections from public networks
  • C. Generate device certificates using the specific template settings needed
  • D. Modify signing certificates in order to support IKE version 2

正解:C

解説:
To ensure always-on VPN access is enabled and restricted to company assets, the network engineer needs to generate device certificates using the specific template settings required for the company's VPN solution.
These certificates ensure that only authorized devices can establish a VPN connection.
Why Device Certificates are Necessary:
* Authentication: Device certificates authenticate company assets, ensuring that only authorized devices can access the VPN.
* Security: Certificates provide a higher level of security compared to username and password combinations, reducing the risk of unauthorized access.
* Compliance: Certificates help in meeting security policies and compliance requirements by ensuring that only managed devices can connect to the corporate network.
Other options do not provide the same level of control and security for always-on VPN access:
* B. Modify signing certificates for IKE version 2: While important for VPN protocols, it does not address device-specific authentication.
* C. Create a wildcard certificate: This is not suitable for device-specific authentication and could introduce security risks.
* D. Add the VPN hostname as a SAN entry: This is more related to certificate management and does not ensure device-specific authentication.
References:
* CompTIA SecurityX Study Guide
* "Device Certificates for VPN Access," Cisco Documentation
* NIST Special Publication 800-77, "Guide to IPsec VPNs"


質問 # 112
A security officer received several complaints from users about excessive MPA push notifications at night The security team investigates and suspects malicious activities regarding user account authentication Which of the following is the best way for the security officer to restrict MI~A notifications''

  • A. Provisioning FID02 devices
  • B. Configuring prompt-driven MFA
  • C. Deploying a text message based on MFA
  • D. Enabling OTP via email

正解:B

解説:
Excessive MFA push notifications can be a sign of an attempted push notification attack, where attackers repeatedly send MFA prompts hoping the user will eventually approve one by mistake. To mitigate this:
* A. Provisioning FIDO2 devices: While FIDO2 devices offer strong authentication, they may not be practical for all users and do not directly address the issue of excessive push notifications.
* B. Deploying a text message-based MFA: SMS-based MFA can still be vulnerable to similar spamming attacks and phishing.
* C. Enabling OTP via email: Email-based OTPs add another layer of security but do not directly solve the issue of excessive notifications.
* D. Configuring prompt-driven MFA: This option allows users to respond to prompts in a secure manner, often including features like time-limited approval windows, additional verification steps, or requiring specific actions to approve. This can help prevent users from accidentally approving malicious attempts.
Configuring prompt-driven MFA is the best solution to restrict unnecessary MFA notifications and improve security.
References:
* CompTIA Security+ Study Guide
* NIST SP 800-63B, "Digital Identity Guidelines"
* "Multi-Factor Authentication: Best Practices" by Microsoft


質問 # 113
A company wants to invest in research capabilities with the goal to operationalize the research output. Which of the following is the best option for a security architect to recommend?

  • A. Continuous adversary emulation
  • B. Dark web monitoring
  • C. Threat intelligence platform
  • D. Honeypots

正解:C

解説:
Investing in a threat intelligence platform is the best option for a company looking to operationalize research output. A threat intelligence platform helps in collecting, processing, and analyzing threat data to provide actionable insights. These platforms integrate data from various sources, including dark web monitoring, honeypots, and other security tools, to offer a comprehensive view of the threat landscape.


質問 # 114
......


CompTIA CAS-005 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • セキュリティ アーキテクチャ: このドメインでは、ファイアウォールや侵入検知システムの構成を含む、回復力のあるシステムを設計するための要件の分析に重点を置いています。
トピック 2
  • セキュリティ エンジニアリング: このセクションでは、エンタープライズ環境内の ID およびアクセス管理 (IAM) コンポーネントに関連する一般的な問題のトラブルシューティングに関わる CompTIA セキュリティ アーキテクトのスキルを評価します。受験者は、ハードウェア セキュリティ テクノロジを実装しながら、エンドポイントとサーバーのセキュリティを強化するための要件を分析します。このドメインでは、システムのセキュリティ保護における高度な暗号化概念の重要性も強調します。
トピック 3
  • ガバナンス、リスク、コンプライアンス: この試験セクションでは、ポリシー、手順、標準の開発など、組織のセキュリティ要件に基づいたガバナンス コンポーネントの実装をカバーする CompTIA セキュリティ アーキテクトのスキルを測定します。受験者は、フィッシングやソーシャル エンジニアリングに関する意識向上トレーニングなど、セキュリティ プログラムの管理について学習します。
トピック 4
  • セキュリティ運用: このドメインは CompTIA セキュリティ アーキテクト向けに設計されており、監視および対応活動をサポートするためのデータの分析、脆弱性の評価、攻撃対象領域を削減するためのソリューションの推奨などをカバーしています。候補者は脅威ハンティング技術を適用し、脅威インテリジェンスの概念を活用して運用セキュリティを強化します。

 

実験された試験材料はCAS-005:https://jp.fast2test.com/CAS-005-premium-file.html

最新CAS-005リアル試験問題をフォローせよ!:https://drive.google.com/open?id=1YdrDI0qdbomTtf5TiblD4IAo0doMkkzk


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어