CAS-005 Exam Dumps - CompTIA CASP Questions and Answers

The code function provided in the question seems tobe designed to parse JSON formatted logs to check for an alarm state. Option A is a JSON format that matches the structure likely expected by the code. The presence of the "error_log" and "InAlarmState" keys suggests that this is the correct input format.

The error message"NET::ERR_CERT_WEAK_SIGNATURE_ALGORITHM" indicates that the web browser is rejecting the certificate because it uses a weak signature algorithm. This commonly happens with self-signed certificates, which often use outdated or insecure algorithms.

Why Discontinue Self-Signed Certificates?

Security Compliance: Modern browsers enforce strict security standards and may reject certificates that do not comply with these standards.

Trusted Certificates: Using certificates from a trusted Certificate Authority (CA) ensures compliance with security standards and is less likely to be flagged as insecure.

Weak Signature Algorithm: Self-signed certificates might use weak algorithms like MD5 or SHA-1, which are considered insecure.

Other options do not address the specific cause of the certificate error:

A. Rewriting legacy web functions: Does not address the certificate issue.

B. Disabling deprecated ciphers: Useful for improving security but not related to the certificate error.

C. Blocking non-essential ports: This is unrelated to the issue of certificate validation.

The best approach is to use Terraform scripts while creating golden images (A). Terraform is an Infrastructure as Code (IaC) tool that allows organizations to automate infrastructure deployment consistently across environments. A golden image is a pre-configured, patched, and hardened system image used as a standard baseline. By creating golden images via Terraform scripts, the company ensures that every microservice instance is deployed on an already-updated and secure OS. This eliminates the need for repeatedly patching the base OS before code deployment.

Option B (cron job with apt-update) applies patches but introduces delays (every 30 days) and lacks consistency across new deployments. Option C (snapshots) saves deployment states but risks replicating outdated or unpatched images. Option D (centralized update server) is useful but still requires updates post-deployment, which slows the rollout of microservices.

By automating golden image creation through Terraform, the company gains efficiency, repeatability, and security assurance, aligning with DevSecOps principles and CAS-005 cloud-native best practices.

Model poisoning occurs when an attacker manipulates the training data or the training process of an AI model so that its predictions are deliberately inaccurate or biased. In the SecurityX CAS-005 objectives, this is part of understanding emerging technology threats, specifically AI/ML vulnerabilities. This differs from:

Social engineering, which manipulates humans rather than AI models.

Output handling, which deals with how outputs are processed but doesn’t cause inaccuracy at the model level.

Prompt injections, which manipulate the model at query time, not during training.Because model poisoning directly corrupts the AI model itself, it is the clearest reason AI outputs could be inaccurate.

A centralized Software Bill of Materials (SBoM) is the best solution for identifying vulnerabilities in container images in aprivate repository. An SBoM provides a comprehensive inventory of all components, dependencies, and their versions within a container image, facilitating quick evaluation and response to vulnerabilities.

Why Centralized SBoM?

Comprehensive Inventory: An SBoM lists all software components, including their versions and dependencies, allowing for thorough vulnerability assessments.

Quick Identification: Centralizing SBoM data enables rapid identification of affected containers when a vulnerability is disclosed.

Automation: SBoMs can be integrated into automated tools for continuous monitoring and alerting of vulnerabilities.

Regulatory Compliance: Helps in meeting compliance requirements by providing a clear and auditable record of all software components used.

Other options, while useful, do not provide the same level of comprehensive and efficient vulnerability management:

A. SAST scan reports: Focuses on static analysis of code but may not cover all components in container images.

C. CIS benchmark compliance reports: Ensures compliance with security benchmarks but does not provide detailed component inventory.

D. Credentialed vulnerability scan: Useful for in-depth scans but may not be as efficient for quick vulnerability evaluation.

The correct answer is Playbooks (A). In incident response, playbooks are structured workflows that define step-by-step actions for specific incident types (e.g., ransomware, phishing, insider threats). They allow SOC analysts to standardize responses across multiple platforms and tools, ensuring consistency and faster mitigation. By leveraging playbooks, organizations integrate existing incident response tools into automated or semi-automated processes, improving efficiency and reducing human error.

Option B (event collectors) consolidate logs but do not directly improve response processes. Option C (centralized logging) enhances visibility but does not provide a framework for action. Option D (endpoint detection) expands detection capabilities but does not enhance the process effectiveness of incident response.

CAS-005 emphasizes structured response through automation and orchestration. Playbooks, often implemented via SOAR platforms, allow integration of detection, triage, and remediation steps, making them the most effective way to increase incident response maturity.

Disabling unneeded servicesreduces the attack surface by closing open ports.Patchingensures that endpoint protection software and operating systems are up-to-date, reducing vulnerability exposure.Removing unused accountseliminates access paths for malicious users exploiting dormant accounts. Secure boot, BIOS passwords, and drive encryption are important, but they address different layers of security than the vulnerabilities listed.

The most secure way to prevent inadvertent data disclosure when encrypted SSDs are reused is to securely delete the encryption keys used by the SSD. Without the encryption keys, the data on the SSD remains encrypted and is effectively unreadable, rendering any residual data useless. This method is more reliable and efficient than overwriting data multiple times or using other physical destruction methods.

The actions described fall under Operational Security (OPSEC), which is the practice of identifying critical information, analyzing potential adversary intelligence collection, and implementing measures to protect sensitive details from disclosure. In this case, the ISAC report highlights how adversaries may use photos shared on social media as reconnaissance, revealing details about technology or configurations inside secure facilities.

By disabling cameras and location services on corporate devices and blocking access to social media from corporate and guest networks, the CISO is reducing the chance of inadvertent information disclosure. This prevents employees from unintentionally leaking images or metadata that adversaries could exploit.

Adversary emulation (A) involves simulating threat actors’ tactics in controlled exercises, which is not what is occurring here. Open-source intelligence (C) is the method adversaries use to gather data, not the defensive practice the CISO is implementing. Social engineering (D) describes manipulative attacks against humans, but this control is preventive, not reactive.

Thus, these measures are clear examples of Operational Security to limit information exposure.