2024 The Most Effective CAS-005 with 120 Questions Answers [Q48-Q62]

Q48. A cybersecurity architect is reviewing the detection and monitoring capabilities for a global company that recently made multiple acquisitions. The architect discovers that the acquired companies use different vendors for detection and monitoring The architect’s goal is to:
* Create a collection of use cases to help detect known threats
* Include those use cases in a centralized library for use across all of the companies Which of the following is the best way to achieve this goal?

Sigma rules

Ariel Query Language

UBA rules and use cases

TAXII/STIX library

Q49. A central bank implements strict risk mitigations for the hardware supply chain, including an allow list for specific countries of origin. Which of the following best describes the cyberthreat to the bank?

Ability to obtain components during wartime

Fragility and other availability attacks

Physical Implants and tampering

Non-conformance to accepted manufacturing standards

Q50. A company is having issues with its vulnerability management program New devices/lPs are added and dropped regularly, making the vulnerability report inconsistent Which of the following actions should the company lake to most likely improve the vulnerability management process’

Request a weekly report with all new assets deployed and decommissioned

Extend the DHCP lease lime to allow the devices to remain with the same address for a longer period.

Implement a shadow IT detection process to avoid rogue devices on the network

Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool

Q51. After an incident response exercise, a security administrator reviews the following table:

Which of the following should the administrator do to beat support rapid incident response in the future?

Automate alerting to IT support for phone system outages.

Enable dashboards for service status monitoring

Send emails for failed log-In attempts on the public website

Configure automated Isolation of human resources systems

Q52. A company hosts a platform-as-a-service solution with a web-based front end, through which customer interact with data sets. A security administrator needs to deploy controls to prevent application-focused attacks. Which of the following most directly supports the administrator’s objective’

improving security dashboard visualization on SIEM

Rotating API access and authorization keys every two months

Implementing application toad balancing and cross-region availability

Creating WAF policies for relevant programming languages

Q53. A software engineer is creating a CI/CD pipeline to support the development of a web application The DevSecOps team is required to identify syntax errors Which of the following is the most relevant to the DevSecOps team’s task’

Static application security testing

Software composition analysis

Runtime application self-protection

Web application vulnerability scanning

Q54. A security analyst is reviewing the following authentication logs:

Which of the following should the analyst do first?

Disable User2’s account

Disable User12’s account

Disable User8’s account

Disable User1’s account

Q55. Users are willing passwords on paper because of the number of passwords needed in an environment. Which of the following solutions is the best way to manage this situation and decrease risks?

Increasing password complexity to require 31 least 16 characters

implementing an SSO solution and integrating with applications

Requiring users to use an open-source password manager

Implementing an MFA solution to avoid reliance only on passwords

Q56. After some employees were caught uploading data to online personal storage accounts, a company becomes concerned about data leaks related to sensitive, internal documentation. Which of the following would the company most likely do to decrease this type of risk?

Improve firewall rules to avoid access to those platforms.

Implement a cloud-access security broker

Create SIEM rules to raise alerts for access to those platforms

Deploy an internet proxy that filters certain domains

Q57. A security analyst received a report that an internal web page is down after a company-wide update to the web browser Given the following error message:

Which of the following is the best way to fix this issue?

Rewriting any legacy web functions

Disabling all deprecated ciphers

Blocking all non-essential pons

Discontinuing the use of self-signed certificates

Q58. Users must accept the terms presented in a captive petal when connecting to a guest network. Recently, users have reported that they are unable to access the Internet after joining the network A network engineer observes the following:
* Users should be redirected to the captive portal.
* The Motive portal runs Tl. S 1 2
* Newer browser versions encounter security errors that cannot be bypassed
* Certain websites cause unexpected re directs
Which of the following mow likely explains this behavior?

The TLS ciphers supported by the captive portal ate deprecated

Employment of the HSTS setting is proliferating rapidly.

Allowed traffic rules are causing the NIPS to drop legitimate traffic

An attacker is redirecting supplicants to an evil twin WLAN.

Q59. A financial technology firm works collaboratively with business partners in the industry to share threat intelligence within a central platform This collaboration gives partner organizations the ability to obtain and share data associated with emerging threats from a variety of adversaries Which of the following should the organization most likely leverage to facilitate this activity? (Select two).

CWPP

YAKA

ATTACK

STIX

TAXII

JTAG

Q60. A company’s security policy states that any publicly available server must be patched within 12 hours after a patch is released A recent llS zero-day vulnerability was discovered that affects all versions of the Windows Server OS:

Which of the following hosts should a security analyst patch first once a patch is available?

1

2

3

4

5

6

Q61. A company receives several complaints from customers regarding its website. An engineer implements a parser for the web server logs that generates the following output:

which of the following should the company implement to best resolve the issue?

IDS

CDN

WAF

NAC

Q62. After an incident occurred, a team reported during the lessons-learned review that the team.
* Lost important Information for further analysis.
* Did not utilize the chain of communication
* Did not follow the right steps for a proper response
Which of the following solutions is the best way to address these findinds?

Requesting budget for better forensic tools to Improve technical capabilities for Incident response operations

Building playbooks for different scenarios and performing regular table-top exercises

Requiring professional incident response certifications tor each new team member

Publishing the incident response policy and enforcing it as part of the security awareness program