Free Preparation Discussions
MENU
CompTIA CAS-005 Exam Questions
Free CompTIA CAS-005 Exam Actual Questions
Note: Premium Questions for CAS-005 were last updated On May. 18, 2026 (see below)
Which of the following are risks associated with vendor lock-in? (Select two).
Option B:Vendors changing offerings (e.g., features, pricing) can disrupt the client, a key lock-in risk.
Option D:Decreased quality of service may result from reliance on a single vendor without alternatives.
Option A:Seamless data movement is a benefit, not a risk.
Option C:Sufficient service is neutral or positive, not a risk.
Option E:Multicloud is hindered by lock-in, not a risk of it.
Option F:Increased interoperability contradicts lock-in's limitations.
Emails that the marketing department is sending to customers are going to the customers' spam folders. The security team is investigating the issue and discovers that the certificates used by the email server were reissued, but DNS records had not been updated. Which of the following should the security team update in order to fix this issue? (Select three).
The material finding from a recent compliance audit indicate a company has an issue with excessive permissions. The findings show that employees changing roles or departments results in privilege creep. Which of the following solutions are the best ways to mitigate this issue? (Select two).
Setting different access controls defined by business area
To mitigate the issue of excessive permissions and privilege creep, the best solutions are:
Implementing a Role-Based Access Policy:
Role-Based Access Control (RBAC): This policy ensures that access permissions are granted based on the user's role within the organization, aligning with the principle of least privilege. Users are only granted access necessary for their role, reducing the risk of excessive permissions.
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
NIST Special Publication 800-53: Security and Privacy Controls for Information Systems and Organizations
Performing Periodic Access Reviews:
RegularAudits: Periodic access reviews help identify and rectify instances of privilege creep by ensuring that users' access permissions are appropriate for their current roles. These reviews can highlight unnecessary or outdated permissions, allowing for timely adjustments.
CompTIA Security+ SY0-601 Study Guide by Mike Chapple and David Seidl
ISO/IEC 27001:2013 - Information Security Management
A security architect is mitigating a vulnerability that previously led to a web application data breach. An analysis into the root cause of the issue finds the following:
An administrator's account was hijacked and used on several Autonomous System Numbers within 30 minutes.
All administrators use named accounts that require multifactor authentication.
Single sign-on is used for all company applications.Which of the following should the security architect do to mitigate the issue?
The hijacked administrator account was used across multiple ASNs (indicating different network locations) in a short time, despite MFA and SSO. This suggests a stolen session or token misuse. Let's analyze:
A . Token theft detection with lockouts:Useful for detecting stolen SSO tokens, but it's reactive and may not prevent initial misuse across networks.
B . Context-based authentication:This adds real-time checks (e.g., geolocation, IP changes) to verify login attempts. Given the rapid ASN changes, this proactively mitigates the issue by challenging suspicious logins, aligning with CAS-005's focus on adaptive security.
C . Decentralize accounts:This removes SSO, increasing complexity and weakening MFA enforcement, which isn't practical or secure.
A security analyst is reviewing the following log:
Which of the following possible events should the security analyst investigate further?
Based on the log provided, the most concerning event that should be investigated further is the presence of a text file containing passwords that were leaked. Here's why:
Sensitive Information Exposure: A text file containing passwords represents a significant security risk, as it indicates that sensitive credentials have been exposed in plain text, potentially leading to unauthorized access.
Immediate Threat: Password leaks can lead to immediate exploitation by attackers, compromising user accounts and sensitive data. This requires urgent investi
- Select Question Types you want
- Set your Desired Pass Percentage
- Allocate Time (Hours : Minutes)
- Create Multiple Practice tests with Limited Questions
- Customer Support
Jason Roberts
7 days agoMichael Martinez
13 days agoThomas Morgan
29 days agoAngela Turner
21 days agoJustin Flores
16 days agoPaul Evans
11 days agoRachel Nguyen
22 days agoDorothy Turner
29 days agoPauline
2 months agoMarsha
2 months agoBelen
2 months agoLashaunda
2 months agoOlga
3 months agoMichal
3 months agoPok
3 months agoVanda
4 months agoShawnta
4 months agoLeatha
4 months agoAn
4 months agoDesirae
5 months agoGayla
5 months agoCecil
5 months agoLino
5 months agoHildred
6 months agoArthur
6 months agoJose
6 months agoIzetta
6 months agoCassie
7 months agoSol
7 months agoBeatriz
7 months agoLeigha
7 months agoLarae
8 months agoJesus
8 months agoTu
8 months agoGilma
8 months agoPhillip
9 months agoRolf
9 months agoMargart
11 months agoStanford
12 months agoRessie
1 year agoMillie
1 year agoLouis
1 year agoJacqueline
1 year agoMaryann
1 year agoNobuko
1 year agoOzell
1 year agoSanda
1 year agoViola
1 year agoPortia
2 years agoKristel
2 years agoBrandon
2 years agoLouvenia
2 years ago