CAS-005テスト問題練習試そう!2026年に更新された530問あります [Q248-Q264]

Share

CAS-005テスト問題練習試そう!2026年に更新された530問あります

更新された2026年04月プレミアムCAS-005試験エンジンPDFで今すぐダウンロード!無料更新された530問あります


CompTIA CAS-005 認定試験の出題範囲:

トピック出題範囲
トピック 1
  • Governance, Risk, and Compliance: This section of the exam measures the skills of CompTIA security architects that cover the implementation of governance components based on organizational security requirements, including developing policies, procedures, and standards. Candidates will learn about managing security programs, including awareness training on phishing and social engineering.
トピック 2
  • Security Architecture: This domain focuses on analyzing requirements to design resilient systems, including the configuration of firewalls and intrusion detection systems.
トピック 3
  • Security Operations: This domain is designed for CompTIA security architects and covers analyzing data to support monitoring and response activities, as well as assessing vulnerabilities and recommending solutions to reduce attack surfaces. Candidates will apply threat-hunting techniques and utilize threat intelligence concepts to enhance operational security.
トピック 4
  • Security Engineering: This section measures the skills of CompTIA security architects that involve troubleshooting common issues related to identity and access management (IAM) components within an enterprise environment. Candidates will analyze requirements to enhance endpoint and server security while implementing hardware security technologies. This domain also emphasizes the importance of advanced cryptographic concepts in securing systems.

 

質問 # 248
An organization recently implemented a policy that requires all passwords to be rotated every 90 days. An administrator sees a large volume of failed sign-on logs from multiple servers that are often accessed by users. The administrator determines users are disconnecting from the RDP session but not logging off. Which of the following should the administrator do to prevent account lockouts?

  • A. Increase the account lockout threshold.
  • B. Force daily reboots.
  • C. Extend the allowed session length.
  • D. Enforce password complexity.

正解:B


質問 # 249
A security architect for a global organization with a distributed workforce recently received funding lo deploy a CASB solution Which of the following most likely explains the choice to use a proxy-based CASB?

  • A. Corporate devices cannot receive certificates when not connected to on-premises devices
  • B. The capability to block unapproved applications and services is possible
  • C. Privacy compliance obligations are bypassed when using a user-based deployment.
  • D. Protecting and regularly rotating API secret keys requires a significant time commitment

正解:B

解説:
A proxy-based Cloud Access Security Broker (CASB) is chosen primarily for its ability to block unapproved applications and services. Here's why:
Application and Service Control: Proxy-based CASBs can monitor and control the use of applications and services by inspecting traffic as it passes through the proxy. This allows the organization to enforce policies that block unapproved applications and services, ensuring compliance with security policies.
Visibility and Monitoring: By routing traffic through the proxy, the CASB can provide detailed visibility into user activities and data flows, enabling better monitoring and threat detection.
Real-Time Protection: Proxy-based CASBs can provide real-time protection against threats by analyzing and controlling traffic before it reaches the end user, thus preventing the use of risky applications and services.
References:
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-125: Guide to Security for Full Virtualization Technologies Gartner CASB Market Guide


質問 # 250
A security engineer needs to remediate a SWEET32 vulnerability in an OpenSSH-based application and review existing configurations. Which of the following should the security engineer do? (Select two.)

  • A. cat /etc/sshd/ssh_config | grep "PermitRootLogin"
  • B. cat /etc/sshd/ssh_config | grep "Ciphers"
  • C. Disable 3DES algorithms
  • D. Disable Twofish algorithms
  • E. Disable RSA algorithms
  • F. cat /etc/ashd/ash_config | grep "HMAC"

正解:B、C


質問 # 251
An organization is researching the automation capabilities for systems within an OT network. A security analyst wants to assist with creating secure coding practices and would like to learn about the programming languages used on the PLCs. Which of the following programming languages is the most relevant for PLCs?

  • A. Ladder logic
  • B. Java
  • C. Python
  • D. Rust
  • E. C

正解:A

解説:
Programmable Logic Controllers (PLCs) in Operational Technology (OT) environments commonly use Ladder Logic, a graphical programming language resembling electrical relay logic diagrams. It's the most relevant for PLCs due to its widespread use in industrial automation.
* Option A:Ladder Logic is the standard for PLC programming, making it the best choice.
* Option B:Rust is modern and secure but not typically used for PLCs.
* Option C:C is used in some embedded systems but less common for PLCs.
* Option D:Python is versatile but not native to PLC programming.
* Option E:Java is rare in PLC contexts.


質問 # 252
Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment. Which of the following actions should be taken to address this requirement?

  • A. Isolating the historian server for connections only from The SCADA environment
  • B. Adding the business workstations to the SCADA domain
  • C. Deploying a screened subnet between 11 and SCADA
  • D. Publishing the C$ share from SCADA to the enterprise

正解:A

解説:
The best action to address the requirement of accessing the historian server within a SCADA system is to isolate the historian server for connections only from the SCADA environment.
Security and Isolation: Isolating the historian server ensures that only authorized devices within the SCADA environment can connect to it. This minimizes the attack surface and protects sensitive data from unauthorized access.
Access Control: By restricting access to the historian server to only SCADA devices, the organization can better control and monitor interactions, ensuring that only legitimate queries and data retrievals occur.
Best Practices for Critical Infrastructure: Following the principle of least privilege, isolating critical components like the historian server is a standard practice in securing SCADA systems, reducing the risk of cyberattacks.


質問 # 253
An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry Which of the following should the security analyst use to perform threatmodeling?

  • A. CAPEC
  • B. STRIDE
  • C. OWASP
  • D. ATT&CK

正解:B

解説:
The ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework is the best tool for a security analyst to use for threat modeling when looking for gaps in detection capabilities based on Advanced Persistent Threats (APTs) that may target the industry. Here's why:
Comprehensive Framework: ATT&CK provides a detailed and structured repository of known adversary tactics and techniques based on real-world observations. It helps organizations understand how attackers operate and what techniques they might use.
Gap Analysis: By mapping existing security controls against the ATT&CK matrix, analysts can identify which tactics and techniques are not adequately covered by current detection and mitigation measures.
Industry Relevance: The ATT&CK framework is continuously updated with the latest threat intelligence, making it highly relevant for industries facing APT threats. It provides insights into specific APT groups and their preferred methods of attack.
References:
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
MITRE ATT&CK Framework Official Documentation
NIST Special Publication 800-150: Guide to Cyber Threat Information Sharing


質問 # 254
Within a SCADA a business needs access to the historian server in order together metric about the functionality of the environment. Which of the following actions should be taken to address this requirement?

  • A. Isolating the historian server for connections only from The SCADA environment
  • B. Adding the business workstations to the SCADA domain
  • C. Deploying a screened subnet between 11 and SCADA
  • D. Publishing the C$ share from SCADA to the enterprise

正解:A

解説:
The best action to address the requirement of accessing the historian server within a SCADA system is to isolate the historian server for connections only from the SCADA environment. Here's why:
Security and Isolation: Isolating the historian server ensures that only authorized devices within the SCADA environment can connect to it. This minimizes the attack surface and protects sensitive data from unauthorized access.
Access Control: By restricting access to the historian server to only SCADA devices, the organization can better control and monitor interactions, ensuring that only legitimate queries and data retrievals occur.
Best Practices for Critical Infrastructure: Following the principle of least privilege, isolating critical components like the historian server is a standard practice in securing SCADA systems, reducing the risk of cyberattacks.
References:
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-82: Guide to Industrial Control Systems (ICS) Security ISA/IEC 62443 Standards: Security for Industrial Automation and Control Systems


質問 # 255
Which of the following best explains the importance of determining organization risk appetite when operating with a constrained budget?

  • A. Budgetary pressure drives risk mitigation planning in all companies
  • B. Risk appetite directly influences which breaches are disclosed publicly
  • C. Organizational risk appetite varies from organization to organization
  • D. Risk appetite directly impacts acceptance of high-impact low-likelihood events.

正解:D

解説:
Risk appetite is the amount of risk an organization is willing to accept to achieve its objectives. When operating with a constrained budget, understanding the organization's risk appetite is crucial because:
It helps prioritize security investments based on the level of risk the organization is willing to tolerate.
High-impact, low-likelihood events may be deemed acceptable if they fall within the organization's risk appetite, allowing for budget allocation to other critical areas.
Properly understanding and defining risk appetite ensures that limited resources are used effectively to manage risks that align with the organization's strategic goals.
Reference:
CompTIA Security+ Study Guide
NIST Risk Management Framework (RMF) guidelines
ISO 31000, "Risk Management - Guidelines"


質問 # 256
A company was recently infected by malware. During the root cause analysis, the company determined that several users were installing their own applications. To prevent further compromises, the company has decided it will only allow authorized applications to run on its systems. Which of the following should the company implement?

  • A. Signing
  • B. Permit listing
  • C. HIPS
  • D. Access control

正解:B

解説:
To prevent unauthorized applications from running, the company needs a mechanism to explicitly define and enforce which applications are allowed to execute. "Permit listing" (often referred to as
"whitelisting" in security contexts) is the most effective solution here. It involves creating a list of approved applications, and only those on the list are permitted to run, blocking all others by default. This directly addresses the root cause--users installing unapproved software--by restricting execution to only authorized programs.


質問 # 257
A company reduced its staff 60 days ago, and applications are now starting to fail. The security analyst is investigating to determine if there is malicious intent for the application failures. The security analyst reviews the following logs:
22:03:50 sshd[21502]: Success login for user01 from 192.168.2.5
22:10:00 sshd[21502]: Failed login for user10 from 192.168.2.5
22:11:40 sshd[21502]: Success login for user07 from 192.168.2.58
22:12:00 sshd[21502]: Failed login for user10 from 192.168.2.5
22:13:00 sshd[21502]: Failed login for user10 from 192.168.2.5
22:13:00 sshd[21502]: Success login for user03 from 192.168.2.27
22:13:00 sshd[21502]: Failed login for user10 from 192.168.2.5
Which of the following is the most likely reason for the application failures?

  • A. The user's account was set as a service account.
  • B. The root password has been changed.
  • C. The user's home directory was deleted.
  • D. The user does not have sudo access.

正解:C

解説:
The logs indicate multiple failed login attempts for user10, who may have been part of the staff reduction 60 days prior. If user10's account was removed, and their home directory deleted, any applications or services relying on files or configurations within that directory would fail. This scenario is common when service accounts are not properly identified and preserved during staff reductions.
Ensuring that service accounts are documented and maintained separately from user accounts is essential to prevent unintended disruptions to applications and services.
Reference: CompTIA SecurityX CAS-005 Exam Objectives, Domain 3.1: "Given a scenario, troubleshoot common issues with identity and access management (IAM) components in an enterprise environment."


質問 # 258
An engineer is designing a wireless access solution that must comply with the IEEE-specified security requirements for the 802.1X protocol. The engineer wants to streamline access by removing the need to provide a WPA2 PSK and domain credentials each time for access. Which of the following actions best meet this requirement? (Choose two.)

  • A. Using a geofence over the facility and enforcing it for access
  • B. Issuing a separate 32-bit key to wireless supplicants
  • C. Configuring RADIUS with EAP-FAST
  • D. Issuing client authentication certificates to devices
  • E. Configuring RADIUS with EAP-TLS
  • F. Configuring RADIUS with EAP-PEAP

正解:D、E

解説:
Issuing client authentication certificates enables certificate-based authentication, removing the need for users to enter PSKs or credentials repeatedly.
Configuring RADIUS with EAP-TLS leverages those certificates within the 802.1X framework, providing strong, standards-based authentication that meets IEEE security requirements.


質問 # 259
A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs. Which of the following would be the most secure way to dispose of the SSDs given the CISO's concern?

  • A. Overwriting
  • B. Shredding
  • C. Incinerating
  • D. Formatting
  • E. Degaussing

正解:C


質問 # 260
A security analyst reviews the following report:

Which of the following assessments is the analyst performing?

  • A. Supply chain
  • B. Organizational
  • C. System
  • D. Quantitative

正解:A

解説:
The analyst is reviewing information related to product origin, manufacturers, OS, developers, and vendors - key components of a supply chain assessment, which evaluates potential risks from third-party components and service providers.


質問 # 261
A security engineer is reviewing event logs because an employee successfully connected a personal Windows laptop to the corporate network, which is against company policy. Company policy allows all Windows 10 and 11 laptops to connect to the system as long as the MDM agent installed by IT is running. Only compliant devices can connect, and the logic in the system to evaluate compliant laptops is as follows:

Which of the following most likely occurred when the employee connected a personally owned Windows laptop and was allowed on the network?

  • A. The OS was a valid version, but the MDM agent was not installed, triggering a true positive.
  • B. The OS was running a Windows version below 10 and triggered a false negative.
  • C. The OS version was higher than 11, and the MDM agent was running, triggering a true negative.
  • D. The agent was not running on the laptop, which triggered a false positive.

正解:B

解説:
The provided logic checks for compliance based on the OsVersionand whether the agentRunningis true. Here's how the logic works:
1. If OsVersion >= 10:
- If agentRunningis true, the device is compliant.
- If agentRunningis false, the device is non-compliant.
2. Else (if OsVersion < 10):
- The device is marked as compliant.
This logic means that laptops with an OS version below 10 are mistakenly considered compliant, which is a false negative because they do not meet the policy requirement. This is likely how the employee's laptop, running a version of Windows below 10, was able to connect to the network against policy.


質問 # 262
After discovering that an employee is using a personal laptop to access highly confidential data, a systems administrator must secure the company's dat a. Which of the following capabilities best addresses this situation?

  • A. Package monitoring
  • B. OCSP stapling
  • C. SOAR
  • D. CASB
  • E. Conditional access

正解:E

解説:
The best solution is Conditional Access (D). Conditional access policies enforce access requirements based on contextual signals such as device compliance, user identity, location, or risk profile. In this case, the administrator can configure conditional access to ensure that only managed, corporate-approved devices are allowed to access confidential data. If an employee attempts to use a personal laptop, the access request will be blocked or redirected to a secure process (e.g., virtual desktop).
Option A (OCSP stapling) relates to certificate revocation checking and does not control device access. Option B (CASB) provides cloud access visibility and control but is broader and less precise than enforcing direct device-level conditional policies. Option C (SOAR) orchestrates responses but is not primarily designed for access enforcement. Option E (package monitoring) detects software changes but does not prevent unauthorized device usage.


質問 # 263
A company is having issues with its vulnerability management program New devices/lPs are added and dropped regularly, making the vulnerability report inconsistent Which of the following actions should the company lake to most likely improve the vulnerability management process'

  • A. Request a weekly report with all new assets deployed and decommissioned
  • B. Extend the DHCP lease lime to allow the devices to remain with the same address for a longer period.
  • C. Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool
  • D. Implement a shadow IT detection process to avoid rogue devices on the network

正解:C

解説:
To improve the vulnerability management process in an environment where new devices/IPs are added and dropped regularly, the company should perform regular discovery scanning throughout the IT landscape using the vulnerability management tool. Here's why:
Accurate Asset Inventory: Regular discovery scans help maintain an up-to-date inventory of all assets, ensuring that the vulnerability management process includes all relevant devices and IPs.
Consistency in Reporting: By continuously discovering and scanning new and existing assets, the company can generate consistent and comprehensive vulnerability reports that reflect the current state of the network.
Proactive Management: Regular scans enable the organization to proactively identify and address vulnerabilities on new and existing assets, reducing the window of exposure to potential threats.
Reference:
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-40: Guide to Enterprise Patch Management Technologies CIS Controls: Control 1 - Inventory and Control of Hardware Assets


質問 # 264
......

正真正銘のCAS-005問題集には100%合格率練習テスト問題集:https://jp.fast2test.com/CAS-005-premium-file.html

CompTIA CAS-005リアル試験問題保証付き更新された問題集にはFast2test:https://drive.google.com/open?id=1YdrDI0qdbomTtf5TiblD4IAo0doMkkzk


弊社を連絡する

我々は12時間以内ですべてのお問い合わせを答えます。

我々の働いている時間: ( GMT 0:00-15:00 )
月曜日から土曜日まで

サポート: 現在連絡 

English Deutsch 繁体中文 한국어