Online Questions - Valid Practice CAS-005 Exam Dumps Test Questions [Q49-Q70]

Online Questions - Valid Practice CAS-005 Exam Dumps Test Questions

100% Real CAS-005 dumps  - Brilliant CAS-005 Exam Questions PDF

NEW QUESTION # 49
A security analyst is reviewing the following log:

Which of the following possible events should the security analyst investigate further?

• A. A text file containing passwords that were leaked
• B. A PDF that exposed sensitive information improperly
• C. A macro that was prevented from running
• D. A malicious file that was run in this environment

Answer: A

Explanation:
Based on the log provided, the most concerning event that should be investigated further is the presence of a text file containing passwords that were leaked. Here's why:
* Sensitive Information Exposure: A text file containing passwords represents a significant security risk, as it indicates that sensitive credentials have been exposed in plain text, potentially leading to unauthorized access.
* Immediate Threat: Password leaks can lead to immediate exploitation by attackers, compromising user accounts and sensitive data. This requires urgent investi

NEW QUESTION # 50
An organization is required to
* Respond to internal and external inquiries in a timely manner
* Provide transparency.
* Comply with regulatory requirements
The organization has not experienced any reportable breaches but wants to be prepared if a breach occurs in the future. Which of the following is the best way for the organization to prepare?

• A. Outsourcing the handling of necessary regulatory filing to an external consultant
• B. Developing communication templates that have been vetted by internal and external counsel
• C. Conducting lessons-learned activities and integrating observations into the crisis management plan
• D. Integrating automated response mechanisms into the data subject access request process

Answer: B

Explanation:
Preparing communication templates that have been vetted by both internal and external counsel ensures that the organization can respond quickly and effectively to internal and external inquiries, comply with regulatory requirements, and provide transparency in the event of a breach.
Why Communication Templates?
* Timely Response: Pre-prepared templates ensure that responses are ready to be deployed quickly, reducing response time.
* Regulatory Compliance: Templates vetted by counsel ensure that all communications meet legal and regulatory requirements.
* Consistent Messaging: Ensures that all responses are consistent, clear, and accurate, maintaining the organization's credibility.
* Crisis Management: Pre-prepared templates are a critical component of a broader crisis management plan, ensuring that all stakeholders are informed appropriately.
Other options, while useful, do not provide the same level of preparedness and compliance:
* A. Outsourcing to an external consultant: This may delay response times and lose internal control over the communication.
* B. Integrating automated response mechanisms: Useful for efficiency but not for ensuring compliant and vetted responses.
* D. Conducting lessons-learned activities: Important for improving processes but does not provide immediate preparedness for communication.
References:
* CompTIA SecurityX Study Guide
* NIST Special Publication 800-61 Revision 2, "Computer Security Incident Handling Guide"
* ISO/IEC 27002:2013, "Information technology - Security techniques - Code of practice for information security controls"

NEW QUESTION # 51
An organization is developing on Al-enabled digital worker to help employees complete common tasks such as template development, editing, research, and scheduling. As part of the Al workload the organization wants to Implement guardrails within the platform. Which of the following should the company do to secure the Al environment?

• A. Limn the platform's abilities to only non-sensitive functions
• B. Require end-user acknowledgement of organizational policies.
• C. Grant the system the ability to self-govern
• D. Enhance the training model's effectiveness.

Answer: A

Explanation:
Limiting the platform's abilities to only non-sensitive functions helps to mitigate risks associated with AI operations. By ensuring that the AI-enabled digital worker is only allowed to perform tasks that do not involve sensitive or critical data, the organization reduces the potential impact of any security breaches or misuse.
Enhancing the training model's effectiveness (Option B) is important but does not directly address security guardrails. Granting the system the ability to self-govern (Option C) could increase risk as it may act beyond the organization's control. Requiring end-user acknowledgement of organizational policies (Option D) is a good practice but does not implement technical guardrails to secure the AI environment.
References:
* CompTIA Security+ Study Guide
* NIST SP 800-53 Rev. 5, "Security and Privacy Controls for Information Systems and Organizations"
* ISO/IEC 27001, "Information Security Management"

NEW QUESTION # 52
A software development team requires valid data for internal tests. Company regulations, however do not allow the use of this data in cleartext. Which of the following solutions best meet these requirements?

• A. Configuring data hashing
• B. Implementing data obfuscation
• C. Deploying tokenization
• D. Replacing data with null record

Answer: C

Explanation:
Tokenization replaces sensitive data elements with non-sensitive equivalents, called tokens, that can be used within the internal tests. The original data is stored securely and can be retrieved if necessary. This approach allows the software development team to work with data that appears realistic and valid without exposing the actual sensitive information.
Configuring data hashing (Option A) is not suitable for test data as it transforms the data into a fixed-length value that is not usable in the same way as the original data. Replacing data with null records (Option C) is not useful as it does not provide valid data for testing. Data obfuscation (Option D) could be an alternative but might not meet the regulatory requirements as effectively as tokenization.
References:
* CompTIA Security+ Study Guide
* NIST SP 800-57 Part 1 Rev. 5, "Recommendation for Key Management"
* PCI DSS Tokenization Guidelines

NEW QUESTION # 53
After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation. Which of the following would the company most likely do to decrease this type of risk?

• A. Improve firewall rules to avoid access to those platforms.
• B. Create SIEM rules to raise alerts for access to those platforms
• C. Deploy an internet proxy that filters certain domains
• D. Implement a cloud-access security broker

Answer: D

Explanation:
A Cloud Access Security Broker (CASB) is a security policy enforcement point placed between cloud service consumers and cloud service providers to combine and interject enterprise security policies as cloud-based resources are accessed. Implementing a CASB provides several benefits:
* A. Improve firewall rules to avoid access to those platforms: This can help but is not as effective or comprehensive as a CASB.
* B. Implement a cloud-access security broker: A CASB can provide visibility into cloud application usage, enforce data security policies, and protect against data leaks by monitoring and controlling access to cloud services. It also provides advanced features like data encryption, data loss prevention (DLP), and compliance monitoring.
* C. Create SIEM rules to raise alerts for access to those platforms: This helps in monitoring but does not prevent data leaks.
* D. Deploy an internet proxy that filters certain domains: This can block access to specific sites but lacks the granular control and visibility provided by a CASB.
Implementing a CASB is the most comprehensive solution to decrease the risk of data leaks by providing visibility, control, and enforcement of security policies for cloud services.
References:
* CompTIA Security+ Study Guide
* Gartner, "Magic Quadrant for Cloud Access Security Brokers"
* NIST SP 800-144, "Guidelines on Security and Privacy in Public Cloud Computing"

NEW QUESTION # 54
While reviewing recent modem reports, a security officer discovers that several employees were contacted by the same individual who impersonated a recruiter. Which of the following best describes this type of correlation?

• A. Spear-phishing campaign
• B. Attack pattern analysis
• C. Red team assessment
• D. Threat modeling

Answer: A

Explanation:
The situation where several employees were contacted by the same individual impersonating a recruiter best describes a spear-phishing campaign. Here's why:
* Targeted Approach: Spear-phishing involves targeting specific individuals within an organization with personalized and convincing messages to trick them into divulging sensitive information or performing actions that compromise security.
* Impersonation: The use of impersonation, in this case, a recruiter, is a common tactic in spear-phishing to gain the trust of the targeted individuals and increase the likelihood of a successful attack.
* Correlated Contacts: The fact that several employees were contacted by the same individual suggests a coordinated effort to breach the organization's security by targeting multiple points of entry through social engineering.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-61: Computer Security Incident Handling Guide
* OWASP Phishing Cheat Sheet

NEW QUESTION # 55
A company wants to install a three-tier approach to separate the web. database, and application servers A security administrator must harden the environment which of the following is the best solution?

• A. Configuring a SASb solution to restrict users to server communication
• B. Deploying a VPN to prevent remote locations from accessing server VLANs
• C. installing a firewall and making it the network core
• D. Implementing microsegmentation on the server VLANs

Answer: D

Explanation:
The best solution to harden a three-tier environment (web, database, and application servers) is to implement microsegmentation on the server VLANs. Here's why:
* Enhanced Security: Microsegmentation creates granular security zones within the data center, allowing for more precise control over east-west traffic between servers. This helps prevent lateral movement by attackers who may gain access to one part of the network.
* Isolation of Tiers: By segmenting the web, database, and application servers, the organization can apply specific security policies and controls to each segment, reducing the risk of cross-tier attacks.
* Compliance and Best Practices: Microsegmentation aligns with best practices for network security and helps meet compliance requirements by ensuring that sensitive data and systems are properly isolated and protected.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-125: Guide to Security for Full Virtualization Technologies
* CIS Controls: Control 12 - Boundary Defense

NEW QUESTION # 56
You are a security analyst tasked with interpreting an Nmap scan output from company's privileged network.
The company's hardening guidelines indicate the following:
There should be one primary server or service per device.
Only default ports should be used.
Non-secure protocols should be disabled.
INSTRUCTIONS
Using the Nmap output, identify the devices on the network and their roles, and any open ports that should be closed.
For each device found by Nmap, add a device entry to the Devices Discovered list, with the following information:
The IP address of the device
The primary server or service of the device (Note that each IP should by associated with one service/port only) The protocol(s) that should be disabled based on the hardening guidelines (Note that multiple ports may need to be closed to comply with the hardening guidelines) If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Answer:

Explanation:
See explanation below.
Explanation:
10.1.45.65 SFTP Server Disable 8080
10.1.45.66 Email Server Disable 415 and 443
10.1.45.67 Web Server Disable 21, 80
10.1.45.68 UTM Appliance Disable 21

NEW QUESTION # 57
A systems administrator wants to introduce a newly released feature for an internal application. The administrate docs not want to test the feature in the production environment. Which of the following locations is the best place to test the new feature?

• A. Development environment
• B. Testing environment
• C. Staging environment
• D. CI/CO pipeline

Answer: C

Explanation:
The best location to test a newly released feature for an internal application, without affecting the production environment, is the staging environment. Here's a detailed explanation:
* Staging Environment: This environment closely mirrors the production environment in terms of hardware, software, configurations, and settings. It serves as a final testing ground before deploying changes to production. Testing in the staging environment ensures that the new feature will behave as expected in the actual production setup.
* Isolation from Production: The staging environment is isolated from production, which means any issues arising from the new feature will not impact the live users or the integrity of the production data.
This aligns with best practices in change management and risk mitigation.
* Realistic Testing: Since the staging environment replicates the production environment, it provides realistic testing conditions. This helps in identifying potential issues that might not be apparent in a development or testing environment, which often have different configurations and workloads.
* References:
* CompTIA Security+ SY0-601 Official Study Guide by Quentin Docter, Jon Buhagiar
* NIST Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations

NEW QUESTION # 58
A company detects suspicious activity associated with external connections Security detection tools are unable to categorize this activity. Which of the following is the best solution to help the company overcome this challenge?

• A. implement UEBA
• B. Map network traffic to known loCs.
• C. Monitor the dark web
• D. Implement an Interactive honeypot

Answer: A

Explanation:
User and Entity Behavior Analytics (UEBA) is the best solution to help the company overcome challenges associated with suspicious activity that cannot be categorized by traditional detection tools. UEBA uses advanced analytics to establish baselines of normal behavior for users and entities within the network. It then identifies deviations from these baselines, which may indicate malicious activity. This approach is particularly effective for detecting unknown threats and sophisticated attacks that do not match known indicators of compromise (IoCs).

NEW QUESTION # 59
Users are willing passwords on paper because of the number of passwords needed in an environment. Which of the following solutions is the best way to manage this situation and decrease risks?

• A. implementing an SSO solution and integrating with applications
• B. Implementing an MFA solution to avoid reliance only on passwords
• C. Requiring users to use an open-source password manager
• D. Increasing password complexity to require 31 least 16 characters

Answer: A

Explanation:
Implementing a Single Sign-On (SSO) solution and integrating it with applications is the best way to manage the situation and decrease risks. Here's why:
* Reduced Password Fatigue: SSO allows users to log in once and gain access to multiple applications and systems without needing to remember and manage multiple passwords. This reduces the likelihood of users writing down passwords.
* Improved Security: By reducing the number of passwords users need to manage, SSO decreases the attack surface and potential for password-related security breaches. It also allows for the implementation of stronger authentication methods.
* User Convenience: SSO improves the user experience by simplifying the login process, which can lead to higher productivity and satisfaction.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-63B: Digital Identity Guidelines - Authentication and Lifecycle Management
* OWASP Authentication Cheat Sheet

NEW QUESTION # 60
An organization mat performs real-time financial processing is implementing a new backup solution Given the following business requirements?
* The backup solution must reduce the risk for potential backup compromise
* The backup solution must be resilient to a ransomware attack.
* The time to restore from backups is less important than the backup data integrity
* Multiple copies of production data must be maintained
Which of the following backup strategies best meets these requirement?

• A. Utilizing two connected storage arrays and ensuring the arrays constantly sync
• B. Enabling remote journaling on the databases to ensure real-time transactions are mirrored
• C. Creating a secondary, immutable storage array and updating it with live data on a continuous basis
• D. Setting up antitempering on the databases to ensure data cannot be changed unintentionally

Answer: C

Explanation:
* A. Creating a secondary, immutable storage array and updating it with live data on a continuous basis: An immutable storage array ensures that data, once written, cannot be altered or deleted. This greatly reduces the risk of backup compromise and provides resilience against ransomware attacks, as the ransomware cannot modify or delete the backup data. Maintaining multiple copies of production data with an immutable storage solution ensures data integrity and compliance with the requirement for multiple copies.
Other options:
* B. Utilizing two connected storage arrays and ensuring the arrays constantly sync: While this ensures data redundancy, it does not provide protection against ransomware attacks, as both arrays could be compromised simultaneously.
* C. Enabling remote journaling on the databases: This ensures real-time transaction mirroring but does not address the requirement for reducing the risk of backup compromise or resilience to ransomware.
* D. Setting up anti-tampering on the databases: While this helps ensure data integrity, it does not provide a comprehensive backup solution that meets all the specified requirements.
References:
* CompTIA Security+ Study Guide
* NIST SP 800-209, "Security Guidelines for Storage Infrastructure"
* "Immutable Backup Architecture" by Veeam

NEW QUESTION # 61
A company that uses containers to run its applications is required to identify vulnerabilities on every container image in a private repository The security team needs to be able to quickly evaluate whether to respond to a given vulnerability Which of the following, will allow the security team to achieve the objective with the last effort?

• A. Credentialed vulnerability scan
• B. CIS benchmark compliance reports
• C. SAST scan reports
• D. Centralized SBoM

Answer: D

Explanation:
A centralized Software Bill of Materials (SBoM) is the best solution for identifying vulnerabilities in container images in a private repository. An SBoM provides a comprehensive inventory of all components, dependencies, and their versions within a container image, facilitating quick evaluation and response to vulnerabilities.
Why Centralized SBoM?
* Comprehensive Inventory: An SBoM lists all software components, including their versions and dependencies, allowing for thorough vulnerability assessments.
* Quick Identification: Centralizing SBoM data enables rapid identification of affected containers when a vulnerability is disclosed.
* Automation: SBoMs can be integrated into automated tools for continuous monitoring and alerting of vulnerabilities.
* Regulatory Compliance: Helps in meeting compliance requirements by providing a clear and auditable record of all software components used.
Other options, while useful, do not provide the same level of comprehensive and efficient vulnerability management:
* A. SAST scan reports: Focuses on static analysis of code but may not cover all components in container images.
* C. CIS benchmark compliance reports: Ensures compliance with security benchmarks but does not provide detailed component inventory.
* D. Credentialed vulnerability scan: Useful for in-depth scans but may not be as efficient for quick vulnerability evaluation.
References:
* CompTIA SecurityX Study Guide
* "Software Bill of Materials (SBoM)," NIST Documentation
* "Managing Container Security with SBoM," OWASP

NEW QUESTION # 62
A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password Which of the following models should the company implement to best solve this issue?

• A. Time-based
• B. Context-based
• C. Rule based
• D. Role based

Answer: B

Explanation:
Context-based authentication enhances traditional security methods by incorporating additional layers of information about the user's current environment and behavior. This can include factors such as the user's location, the time of access, the device used, and the behavior patterns. It is particularly useful in preventing unauthorized access even if an attacker has obtained a valid password.
* Rule-based (A) focuses on predefined rules and is less flexible in adapting to dynamic threats.
* Time-based (B) authentication considers the time factor but doesn't provide comprehensive protection against stolen credentials.
* Role-based (C) is more about access control based on the user's role within the organization rather than authenticating the user based on current context.
By implementing context-based authentication, the company can ensure that even if a password is compromised, the additional contextual factors required for access (which an attacker is unlikely to possess) provide a robust defense mechanism.
References:
* CompTIA SecurityX guide on authentication models and best practices.
* NIST guidelines on authentication and identity proofing.
* Analysis of multi-factor and adaptive authentication techniques.

NEW QUESTION # 63
A security review revealed that not all of the client proxy traffic is being captured. Which of the following architectural changes best enables the capture of traffic for analysis?

• A. Adding an additional proxy server to each segmented VLAN
• B. Configuring a span port on the perimeter firewall to ingest logs
• C. Enabling client device logging and system event auditing
• D. Setting up a reverse proxy for client logging at the gateway

Answer: B

Explanation:
Configuring a span port on the perimeter firewall to ingest logs is the best architectural change to ensure that all client proxy traffic is captured for analysis. Here's why:
* Comprehensive Traffic Capture: A span port (or mirror port) on the perimeter firewall can capture all inbound and outbound traffic, including traffic that might bypass the proxy. This ensures that all network traffic is available for analysis.
* Centralized Logging: By capturing logs at the perimeter firewall, the organization can centralize logging and analysis, making it easier to detect and investigate anomalies.
* Minimal Disruption: Implementing a span port is a non-intrusive method that does not require significant changes to the network architecture, thus minimizing disruption to existing services.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-92: Guide to Computer Security Log Management
* OWASP Logging Cheat Sheet

NEW QUESTION # 64
A developer needs to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module. Which of the following is the most appropriate technique?

• A. Key splitting
• B. Key stretching
• C. Key encryption
• D. Key rotation
• E. Key escrow

Answer: B

Explanation:
The most appropriate technique to improve the cryptographic strength of a password-storage component in a web application without completely replacing the crypto-module is key stretching. Here's why:
* Enhanced Security: Key stretching algorithms, such as PBKDF2, bcrypt, and scrypt, increase the computational effort required to derive the encryption key from the password, making brute-force attacks more difficult and time-consuming.
* Compatibility: Key stretching can be implemented alongside existing cryptographic modules, enhancing their security without the need for a complete overhaul.
* Industry Best Practices: Key stretching is a widely recommended practice for securely storing passwords, as it significantly improves resistance to password-cracking attacks.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-63B: Digital Identity Guidelines - Authentication and Lifecycle
* Management
* OWASP Password Storage Cheat Sheet

NEW QUESTION # 65
A systems administrator wants to introduce a newly released feature for an internal application. The administrate docs not want to test the feature in the production environment. Which of the following locations is the best place to test the new feature?

• A. Development environment
• B. Testing environment
• C. Staging environment
• D. CI/CO pipeline

Answer: C

NEW QUESTION # 66
A systems administrator works with engineers to process and address vulnerabilities as a result of continuous scanning activities. The primary challenge faced by the administrator is differentiating between valid and invalid findings. Which of the following would the systems administrator most likely verify is properly configured?

• A. Scanning credentials
• B. Testing cadence
• C. Exploit definitions
• D. Report retention time

Answer: A

Explanation:
When differentiating between valid and invalid findings from vulnerability scans, the systems administrator should verify that the scanning credentials are properly configured. Valid credentials ensure that the scanner can authenticate and access the systems being evaluated, providing accurate and comprehensive results.
Without proper credentials, scans may miss vulnerabilities or generate false positives, making it difficult to prioritize and address the findings effectively.
References:
* CompTIA SecurityX Study Guide: Highlights the importance of using valid credentials for accurate vulnerability scanning.
* "Vulnerability Management" by Park Foreman: Discusses the role of scanning credentials in obtaining accurate scan results and minimizing false positives.
* "The Art of Network Security Monitoring" by Richard Bejtlich: Covers best practices for configuring and using vulnerability scanning tools, including the need for valid credentials.

NEW QUESTION # 67
An organization wants to create a threat model to identity vulnerabilities in its infrastructure. Which of the following, should be prioritized first?

• A. Internal infrastructure with high-seventy and Known exploited vulnerabilities
• B. External-facing Infrastructure with known exploited vulnerabilities
• C. External facing Infrastructure with a low risk score and no known exploited vulnerabilities
• D. External-facing infrastructure with a high risk score that can only be exploited with local access to the resource

Answer: B

Explanation:
When creating a threat model to identify vulnerabilities in an organization's infrastructure, prioritizing external-facing infrastructure with known exploited vulnerabilities is critical. Here's why:
* Exposure to Attack: External-facing infrastructure is directly exposed to the internet, making it a primary target for attackers. Any vulnerabilities in this layer pose an immediate risk to the organization's security.
* Known Exploited Vulnerabilities: Vulnerabilities that are already known and exploited in the wild are of higher concern because they are actively being used by attackers. Addressing these vulnerabilities reduces the risk of exploitation significantly.
* Risk Mitigation: By prioritizing external-facing infrastructure with known exploited vulnerabilities, the organization can mitigate the most immediate and impactful threats, thereby improving overall security posture.
* References:
* CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
* NIST Special Publication 800-30: Guide for Conducting Risk Assessments
* OWASP Threat Modeling Cheat Sheet

NEW QUESTION # 68
Audit findings indicate several user endpoints are not utilizing full disk encryption During me remediation process, a compliance analyst reviews the testing details for the endpoints and notes the endpoint device configuration does not support full disk encryption Which of the following is the most likely reason me device must be replaced'

• A. The HSM is outdated and no longer supported by the manufacturer
• B. The HSM is vulnerable to common exploits and a firmware upgrade is needed
• C. The vTPM was not properly initialized and is corrupt.
• D. The motherboard was not configured with a TPM from the OEM supplier.
• E. The HSM does not support sealing storage

Answer: D

Explanation:
The most likely reason the device must be replaced is that the motherboard was not configured with a TPM (Trusted Platform Module) from the OEM (Original Equipment Manufacturer) supplier.
Why TPM is Necessary for Full Disk Encryption:
* Hardware-Based Security: TPM provides a hardware-based mechanism to store encryption keys securely, which is essential for full disk encryption.
* Compatibility: Full disk encryption solutions, such as BitLocker, require TPM to ensure that the encryption keys are securely stored and managed.
* Integrity Checks: TPM enables system integrity checks during boot, ensuring that the device has not been tampered with.
Other options do not directly address the requirement for TPM in supporting full disk encryption:
* A. The HSM is outdated: While HSM (Hardware Security Module) is important for security, it is not typically used for full disk encryption.
* B. The vTPM was not properly initialized: vTPM (virtual TPM) is less common and not typically a reason for requiring hardware replacement.
* C. The HSM is vulnerable to common exploits: This would require a firmware upgrade, not replacement of the device.
* E. The HSM does not support sealing storage: Sealing storage is relevant but not the primary reason for requiring TPM for full disk encryption.
References:
* CompTIA SecurityX Study Guide
* "Trusted Platform Module (TPM) Overview," Microsoft Documentation
* "BitLocker Deployment Guide," Microsoft Documentation

NEW QUESTION # 69
A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP.
Which of the following is me best way to reduce the risk oi reoccurrence?

• A. Using code signing to verify the source of OS updates
• B. Enforcing allow lists for authorized network pons and protocols
• C. Measuring and attesting to the entire boot chum
• D. Rolling the cryptographic keys used for hardware security modules

Answer: B

Explanation:
The scenario describes a sophisticated attack where the threat actor used steganography within LDAP to exfiltrate data. Given that the hardware and OS firmware were validated and found uncompromised, the attack vector likely exploited a network communication channel. To mitigate such risks, enforcing allow lists for authorized network ports and protocols is the most effective strategy.
Here's why this option is optimal:
* Port and Protocol Restrictions: By creating an allow list, the organization can restrict communications to only those ports and protocols that are necessary for legitimate business operations. This reduces the attack surface by preventing unauthorized or unusual traffic.
* Network Segmentation: Enforcing such rules helps in segmenting the network and ensuring that only approved communications occur, which is critical in preventing data exfiltration methods like steganography.
* Preventing Unauthorized Access: Allow lists ensure that only predefined, trusted connections are allowed, blocking potential paths that attackers could use to infiltrate or exfiltrate data.
Other options, while beneficial in different contexts, are not directly addressing the network communication threat:
* B. Measuring and attesting to the entire boot chain: While this improves system integrity, it doesn't directly mitigate the risk of data exfiltration through network channels.
* C. Rolling the cryptographic keys used for hardware security modules: This is useful for securing data and communications but doesn't directly address the specific method of exfiltration described.
* D. Using code signing to verify the source of OS updates: Ensures updates are from legitimate sources, but it doesn't mitigate the risk of network-based data exfiltration.
References:
* CompTIA SecurityX Study Guide
* NIST Special Publication 800-41, "Guidelines on Firewalls and Firewall Policy"
* CIS Controls Version 8, Control 9: Limitation and Control of Network Ports, Protocols, and Services

NEW QUESTION # 70
......

CAS-005 Exam PDF [2025] Tests Free Updated Today with Correct 120 Questions: https://easypass.examsreviews.com/CAS-005-pass4sure-exam-review.html