CompTIA SecurityX Certification - (CAS-005) Exam Questions

OBJ 1.4: Passively harvesting information from a target is the main purpose of the reconnaissance phase.  Harvesting email addresses from the public internet, identifying employees on social media (particularly LinkedIn profiles), discovering public-facing servers, and gathering other publicly available information can allow an attacker to develop a more thorough understanding of a targeted organization. Acquiring or developing zero-day exploits, selecting backdoor implants, and choosing command and control (C2) mechanisms will require the information gathered during reconnaissance to be effective. Still, these activities will occur during the weaponization phase.   For support or reporting issues, include Question ID: 63fe07943b7322449ddbcfa7 in your ticket. Thank you.

OBJ 2.3: The management interface should only be exposed to an isolated or dedicated network used for the management and configuration of the network device and platforms only. This would also help reduce the likelihood of an attack against the virtualization platform or the hypervisor itself. The external zone (internet), internal zone (LAN), or screened subnet (formerly called a DMZ) should not have the management interface exposed to them.   For support or reporting issues, include Question ID: 63fe07043b7322449ddbc8a6 in your ticket. Thank you.

OBJ 3.4: Secure boot is a feature of UEFI that prevents unwanted processes from executing during the boot operation by checking a list of digital certificates from valid operating system vendors before the system booting up. A self-encrypting drive (SED) is a type of solid state device (SSD) or hard disk drive (HDD) that conducts transparent encryption of all data as it is written to the device using an embedded hardware cryptographic processor. Shell restrictions are configurations that limit an end user’s ability to access the command prompt in Windows or the shell in Linux to prevent their ability to interact directly with the operating system. Attestation services are used to ensure the integrity of the computer’s startup and runtime operations. Hardware-based attestation is designed to protect against threats and malicious code that could be loaded before the operating system is loaded.   For support or reporting issues, include Question ID: 63fe07ca3b7322449ddbd255 in your ticket. Thank you.

OBJ 4.2: Isolation of Connor’s computer by deactivating the port on the switch should be performed instead of just unplugging the computer. This would guarantee that Connor won’t just plug the computer back into the network as soon as you leave his desk. While Connor won’t be able to work without his workstation, it is essential to isolate the issue quickly to prevent future attempts at lateral movement from occurring and protect the company’s data needed for continued business operations. While we are unsure of the issue's initial root cause, we know it is currently isolated to Connor’s machine. He should receive remedial cybersecurity training, his workstation’s hard drive forensically imaged for later analysis, and then his workstation should be remediated or reimaged. It is better to isolate just Connor’s machine instead of the entire network segment in this scenario. Isolating the network segment, without evidence indicating the need to do so, would have been overkill and overly disruptive to the business. Reimaging Connor’s device may destroy data that could have otherwise been recovered and led to a successful root cause analysis. There is also insufficient evidence in this scenario to warrant disciplinary action against Connor, as he may have clicked on a malicious link by mistake.   For support or reporting issues, include Question ID: 63fe07263b7322449ddbca48 in your ticket. Thank you.

OBJ 2.4: Port security, also known as persistent MAC learning or Sticky MAC, is a security feature that enables an interface to retain dynamically learned MAC addresses when the switch is restarted or if the interface goes down and is brought back online. This is a security feature that can be used to prevent someone from unplugging their office computer and connecting their laptop to the network jack without permission since the switch port connected to that network jack would only allow the computer with the original MAC address to gain connectivity.   For support or reporting issues, include Question ID: 63fe06de3b7322449ddbc6d0 in your ticket. Thank you.

OBJ 2.4: The BEST choice is to implement biometric identification for user logins, such as a fingerprint reader or a retina scanner. This would ensure that even if an employee could discover another employee's username and password, they would be prevented from logging into the workstation without the employee's finger or eye to scan. Enforcing short password retention can limit the possible damage when a password is disclosed, but it won't prevent a login during the valid period. Security cameras may act as a deterrent or detective control, but they cannot prevent an employee from logging into the workstation as another employee. Security cameras could be used to determine who logged in after the fact, though.   For support or reporting issues, include Question ID: 63fe06c33b7322449ddbc57f in your ticket. Thank you.

OBJ 3.6: Patches should always be tested first. Once successfully tested, deployment to the production environment can then be accomplished.   For support or reporting issues, include Question ID: 63fe07753b7322449ddbce1c in your ticket. Thank you.

OBJ 1.4: An external target type best describes these targets since the question doesn’t clearly describe if the servers are first-party or third-party hosted. An external target type is an asset that can be accessed from outside of the organization. For example, if the webserver is visible on the Internet, it is considered an external target. An internal target type means that assets can be accessed from within the organization. This can either be physically or logically from within the network, and it best simulates an insider threat. This target type can also be used to simulate an external hacker who has gained credentials on the network, such as using a spear phishing attack. First-party hosted targets are assets hosted by the client organization themselves. Third-party hosted targets are assets hosted by a vendor, partner, or cloud service provider.   For support or reporting issues, include Question ID: 63fe078f3b7322449ddbcf61 in your ticket. Thank you.