CAS-005 Online Practice Questions

Explanation:
The most likely cause of the anti-malware alerts on customer workstations is unsecure bundled libraries. When developing and deploying new applications, it is common for developers to use third-party libraries. If these libraries are not properly vetted for security, they can introduce vulnerabilities or malicious code.
Why Unsecure Bundled Libraries?
Third-Party Risks: Using libraries that are not secure can lead to malware infections if the libraries contain malicious code or vulnerabilities.
Code Dependencies: Libraries may have dependencies that are not secure, leading to potential security risks.
Common Issue: This is a frequent issue in software development where libraries are used for convenience but not properly vetted for security.
Other options, while relevant, are less likely to cause widespread anti-malware alerts:
A. Misconfigured code commit: Could lead to issues but less likely to trigger anti-malware alerts.
C. Invalid code signing certificate: Would lead to trust issues but not typically anti-malware alerts.
D. Data leakage: Relevant for privacy concerns but not directly related to anti-malware alerts.
Reference: CompTIA SecurityX Study Guide
"Securing Open Source Libraries," OWASP
"Managing Third-Party Software Security Risks," Gartner Research

Explanation:
Attack surface reduction focuses on minimizing unnecessary services, open ports, and vulnerabilities, reducing the exposure to potential adversaries. This aligns with zero trust and least privilege principles.
Secure Boot (A) helps ensure system integrity but does not minimize exposed services.
Disabling third-party integrations (C) may help, but broader attack surface reduction is the best first step.
Limiting access (D) is important but does not directly reduce exposed services.
Reference: CompTIA SecurityX (CAS-005) Exam Objectives - Domain 2.0 (Security Architecture), Section on Attack Surface Management and Reduction

Explanation:
Comprehensive and Detailed
Understanding Business Impact Analysis (BIA):
A BIA assesses the effects of disruptions to an organization's operations.
It helps prioritize resources based on the potential impact of downtime, compliance issues, and critical processes.
Why Options B, C, and F are Correct:
B (Applicable contract obligations) → Many companies have legal and compliance obligations regarding downtime, availability, and SLAs. This information helps determine what risk levels are acceptable.
C (Costs associated with downtime) → BIA quantifies the financial impact of system failures. Knowing lost revenue, regulatory fines, and recovery costs helps in planning.
F (Critical processes) → Identifying core business processes allows an organization to prioritize recovery efforts and maintain operational continuity.
Why Other Options Are Incorrect:
A (Inventory details) → While useful for asset management, it does not directly impact business continuity planning.
D (Network diagrams) → These help in security architecture but are not directly related to the financial/business impact analysis.
E (Contingency plans) → BIA is performed before contingency planning to identify what needs
protection.
Reference: CompTIA SecurityX CAS-005 Official Study Guide: Business Impact Analysis (BIA) & Risk Management
NIST SP 800-34: Business Continuity & Contingency Planning

Explanation:
Comprehensive and Detailed
This scenario describes an enterprise VPN setup that requires machine authentication before a user logs in. The best explanation for this requirement is that the VPN client selects the appropriate certificate automatically based on the key extension in the machine certificate. Understanding the Key Extension Requirement:
PKI (Public Key Infrastructure) issues machine certificates that include specific key usages such as Client Authentication or IPSec IKE Intermediate.
Key usage extensions define how a certificate can be used, ensuring that only valid certificates are selected by the VPN client.
Why Option B is Correct:
The VPN automatically selects the correct machine certificate with the appropriate key extension. The process occurs without user intervention, ensuring seamless VPN authentication before login.
Why Other Options Are Incorrect:
A (MFA requirement): Certificates used in this scenario are for machine authentication, not user MFA. MFA typically involves user credentials plus a second factor (like OTPs or biometrics), which is not applicable here.
C (Wi-Fi connectivity before login): This refers to pre-logon networking, which is a separate concept where devices authenticate to a Wi-Fi network before login, usually via 802.1X EAP-TLS. However, this question specifically mentions VPN authentication, not Wi-Fi authentication.
D (SSL VPN with certificates): While SSL VPNs do use certificates, this scenario involves machine certificates issued by an internal PKI, which are commonly used in IPSec VPNs, not SSL VPNs.
Reference: CompTIA SecurityX CAS-005 Official Study Guide: Section on Machine Certificate Authentication in VPNs
NIST SP 800-53: Guidelines on authentication mechanisms
RFC 5280: Internet X.509 Public Key Infrastructure Certificate and CRL Profile

Explanation:
Comprehensive and Detailed Step-by-Step
When an employee leaves a company, their home directory might be deleted along with their account, leading to application failures if the directory contained configuration files, dependencies, or system scripts.