CAS-005 Dumps Questions Increase Your Chance of Success

Category:

Comments:

0 Comments

Post Date:

August 18, 2024

Passing the CAS-005 certification exam can be challenging, which is why practicing with CAS-005 questions can greatly increase your chances of success. CompTIA CAS-005 dumps questions help you become familiar with the exam format. The CAS-005 questions are designed to mimic the actual exam, which means that you'll get a feel for the types of questions you'll encounter, the difficulty level, and the time limit. All the CAS-005 exam dumps questions are the latest version for you to study. Test free CAS-005 exam questions below.

Page 1 of 7

1. An analyst has prepared several possible solutions to a successful attack on the company. The solutions need to be implemented with the least amount of downtime.

Which of the following should the analyst perform?

Implement all the solutions at once in a virtual lab and then run the attack simulation. Collect the metrics and then choose the best solution based on the metrics.

Implement every solution one at a time in a virtual lab, running a metric collection each time. After the collection, run the attack simulation, roll back each solution, and then implement the next. Choose the best solution based on the best metrics.

Implement every solution one at a time in a virtual lab, running an attack simulation each time while collecting metrics. Roll back each solution and then implement the next. Choose the best solution based on the best metrics.

Implement all the solutions at once in a virtual lab and then collect the metrics. After collection, run the attack simulation. Choose the best solution based on the best metrics.

2. Company A acquired Company B and needs to determine how the acquisition will impact the attack surface of the organization as a whole.

Which of the following is the best way to achieve this goal? (Select two).

Implementing DLP controls preventing sensitive data from leaving Company B's network

A. Documenting third-party connections used by Company B

B. Reviewing the privacy policies currently adopted by Company B

C. Requiring data sensitivity labeling tor all files shared with Company B

D. Forcing a password reset requiring more stringent passwords for users on Company B's network

E. Performing an architectural review of Company B's network

3. An enterprise is deploying APIs that utilize a private key and a public key to ensure the connection string is protected. To connect to the API, customers must use the private key.

Which of the following would best secure the REST API connection to the database while preventing the use of a hard-coded string in the request string?

Implement a VPN for all APIs

Sign the key with DSA

Deploy MFA for the service accounts

Utilize HMAC for the keys

4. A secuntv administrator is performing a gap assessment against a specific OS benchmark.

The benchmark requires the following configurations be applied to endpomts:

• Full disk encryption * Host-based firewall

• Time synchronization * Password policies

• Application allow listing * Zero Trust application access

Which of the following solutions best addresses the requirements? (Select two).

CASB

SBoM

SCAP

SASE

HIDS

5. A security engineer performed a code scan that resulted in many false positives. The security engineer must find asolution that improves the quality of scanning results before application deployment.

Which of the following is the best solution?

Limiting the tool to a specific coding language and tuning the rule set

Configuring branch protection rules and dependency checks

Using an application vulnerability scanner to identify coding flaws in production

Performing updates on code libraries before code development

6. A security engineer wants to stay up-to-date on new detections that are released on a regular basis. The engineer's organization uses multiple tools rather than one specific vendor security stack.

Which of the following rule-based languages is the most appropriate to use as a baseline for detection rules with the multiple security tool setup?

Sigma

YARA

Snort

Rita

Which of the following is the security engineer most likely doing?

Assessing log in activities using geolocation to tune impossible Travel rate alerts

Reporting on remote log-in activities to track team metrics

Threat hunting for suspicious activity from an insider threat

Baselining user behavior to support advanced analytics

8. A company recently experienced an incident in which an advanced threat actor was able to shim malicious code against the hardware static of a domain controller The forensic team cryptographically validated that com the underlying firmware of the box and the operating system had not been compromised. However, the attacker was able to exfiltrate information from the server using a steganographic technique within LOAP.

Which of the following is me b»« way to reduce the risk oi reoccurrence?

Enforcing allow lists for authorized network pons and protocols

Measuring and attesting to the entire boot chum

Rolling the cryptographic keys used for hardware security modules

Using code signing to verify the source of OS updates

9. An organization is implementing Zero Trust architecture A systems administrator must increase the effectiveness of the organization's context-aware access system.

Which of the following is the best way to improve the effectiveness of the system?

Secure zone architecture

Always-on VPN

Accurate asset inventory

Microsegmentation

10. A security architect wants to develop abase line of security configurations These configurations automatically will be utilized machine is created.

Which of the following technologies should the security architect deploy to accomplish this goal?

Short

GASB

Ansible

CMDB

Page 2 of 7

11. Which of the following best describes the reason PQC preparation is important?

To protect data against decryption due to increases in computational resource availability

To have larger key lengths available through key stretching

To improve encryption performance and speed using lightweight cryptography

To leverage asymmetric encryption for large amounts of data

12. A company is having issues with its vulnerability management program New devices/lPs are added

and dropped regularly, making the vulnerability report inconsistent.

Which of the following actions should the company lake to most likely improve the vulnerability management process'

Request a weekly report with all new assets deployed and decommissioned

Extend the DHCP lease lime to allow the devices to remain with the same address for a longer period.

Implement a shadow IT detection process to avoid rogue devices on the network

Perform regular discovery scanning throughout the 11 landscape using the vulnerability management tool

13. An organization determines existing business continuity practices are inadequate to support critical internal process dependencies during a contingency event. A compliance analyst wants the Chief Information Officer (CIO) to identify the level of residual risk that is acceptable to guide remediation activities.

Which of the following does the CIO need to clarify?

Mitigation

Impact

Likelihood

Appetite

14. A security analyst reviews the following report:

Which of the following assessments is the analyst performing?

A. System

B. Supply chain

C. Quantitative

D. Organizational

15. A security architect is investigating instances of employees who had their phones stolen in public places through seemingly targeted attacks. Devices are able to access company resources such as email and internal documentation, some of which can persist in application storage.

Which of the following would best protect the company from information exposure? (Select two).

Implement a remote wipe procedure if the phone does not check in for a period of time

Enforce biometric access control with configured timeouts

Set up geofencing for corporate applications where the phone must be near an office

Use application control to restrict the applications that can be installed

Leverage an MDM solution to prevent the side loading of mobile applications

Enable device certificates that will be used for access to company resources

16. A systems engineer is configuring SSO for a business that will be using SaaS applications for its remote-only workforce. Privileged actions in SaaS applications must be allowed only from corporate mobile devices that meet minimum security requirements, but BYOD must also be permitted for other activity.

Which of the following would best meet this objective?

Block any connections from outside the business's network security boundary.

Install machine certificates on corporate devices and perform checks against the clients.

Configure device attestations and continuous authorization controls.

Deploy application protection policies using a corporate, cloud-based MDM solution.

17. An organization currently has IDS, firewall, and DLP systems in place. The systems administrator needs to integrate the tools in the environment to reduce response time.

Which of the following should the administrator use?

A. SOAR

B. CWPP

C. XCCDF

D. CMDB

18. SIMULATION

During the course of normal SOC operations, three anomalous events occurred and were flagged as potential IoCs. Evidence for each of these potential IoCs is provided.

INSTRUCTIONS

Review each of the events and select the appropriate analysis and remediation options for each IoC.

19. A vulnerability can on a web server identified the following:

Which of the following actions would most likely eliminate on path decryption attacks? (Select two).

Disallowing cipher suites that use ephemeral modes of operation for key agreement

Removing support for CBC-based key exchange and signing algorithms

Adding TLS_ECDHE_ECDSA_WITH_AE3_256_GCMS_HA256

Implementing HIPS rules to identify and block BEAST attack attempts

Restricting cipher suites to only allow TLS_RSA_WITH_AES_128_CBC_SHA

Increasing the key length to 256 for TLS_RSA_WITH_AES_128_CBC_SHA

20. Embedded malware has been discovered in a popular PDF reader application and is currently being exploited in the wild. Because the supply chain was compromised, this malware is present in versions 10.0 through 10.3 of the software's official versions. The malware is not present in version 10.4.

Since the details around this malware are still emerging, the Chief Information Security Officer has asked the senior security analyst to collaborate with the IT asset inventory manager to find instances of the installed software in order to begin response activities. The asset inventory manager has asked an analyst to provide a regular expression that will identify the affected versions.

The software installation entries are formatted as follows:

Reader 10.0

Reader 10.1

Reader 10.2

Reader 10.3

Reader 10.4

Which of the following regular expression entries will accuratelyidentify all the affected versions?

Reader(*)[1][0].[0-4:

Reader[11[01

f0-3'

Reader( )[1][0].[0-3:

Reader( )[1][0]

[1-3:

Page 3 of 7

21. A security analyst is using data provided from a recent penetration test to calculate CVSS scores to prioritize remediation.

Which of the following metric groups would the analyst need to determine to get the overall scores? (Select three).

Temporal

Availability

Integrity

Confidentiality

Base

Environmental

Impact

Attack vector

22. A company isolated its OT systems from other areas of the corporate network These systems are required to report usage information over the internet to the vendor.

Which oi the following best reduces the risk of compromise or sabotage' (Select two).

A. Implementing allow lists

B. Monitoring network behavior

C. Encrypting data at rest

D. Performing boot Integrity checks

E. Executing daily health checks

F. Implementing a site-to-site IPSec VPN

23. A company lined an email service provider called my-email.com to deliver company emails. The company stalled having several issues during the migration.

A security engineer is troubleshooting and observes the following configuration snippet:

Which of the following should the security engineer modify to fix the issue? (Select two).

The email CNAME record must be changed to a type A record pointing to 192.168.111

The TXT record must be Changed to "v=dmarc ip4: 192.168.1.10 include: my-email.com -all"

The srvo1 A record must be changed to a type CNAME record pointing to the email server

The email CNAME record must be changed to a type A record pointing to 192.168.1.10

The TXT record must be changed to "v=dkim ip4: l92.168.1.11 include my-email.com -ell"

The TXT record must be Changed to "v=dkim ip4: 192.168.1.10 include: email-all"

The srv01 A record must be changed to a type CNAME record pointing to the web01 server

24. An organization has been using self-managed encryption keys rather than the free keys managed by the cloud provider. The Chief Information Security Officer (CISO) reviews the monthly bill and realizes the self-managed keys are more costly than anticipated.

Which of the following should the CISO recommend to reduce costs while maintaining a strong security posture?

A. Utilize an on-premises HSM to locally manage keys.

B. Adjust the configuration for cloud provider keys on data that is classified as public.

C. Begin using cloud-managed keys on all new resources deployed in the cloud.

D. Extend the key rotation period to one year so that the cloud provider can use cached keys.

25. While reviewing recent modem reports, a security officer discovers that several employees were contacted by the same individual who impersonated a recruiter.

Which of the following best describes this type of correlation?

Spear-phishing campaign

Threat modeling

Red team assessment

Attack pattern analysis

26. After a penetration test on the internal network, the following report was generated:

Attack Target Result

Compromised host ADMIN01S.CORP.LOCAL Successful

Hash collected KRBTGT.CORP.LOCAL Successful

Hash collected SQLSV.CORP.LOCAL Successful

Pass the hash SQLSV.CORP.LOCAL Failed

Domain control CORP.LOCAL Successful

Which of the following should be recommended to remediate the attack?

A. Deleting SQLSV

B. Reimaging ADMIN01S

C. Rotating KRBTGT password

D. Resetting the local domain

27. 1.A security analyst is reviewing the following authentication logs:

Which of the following should the analyst do first?

Disable User2's account

Disable User12's account

Disable User8's account

Disable User1's account

28. A company receives several complaints from customers regarding its website.

An engineer implements a parser for the web server logs that generates the following output:

Which of the following should the company implement to best resolve the issue?

A. IDS

B. CDN

C. WAF

D. NAC

29. During a vulnerability assessment, a scan reveals the following finding: Windows Server 2016 Missing hotfix KB87728 - CVSS 3.1 Score: 8.1 [High] - Affected host 172.16.15.2 Later in the review process, the remediation team marks the finding as a false positive.

Which of the following is the best way to avoid this issue on future scans?

Getting an up-to-date list of assets from the CMDB

Performing an authenticated scan on the servers

Configuring the sensor with an advanced policy for fingerprinting servers

Coordinating the scan execution with the remediation team early in the process

30. A security officer performs due diligence activities before implementing a third-party solution into the enterprise environment. The security officer needs evidence from the third party that a data subject access request handling process is in place.

Which of the following is the security officer most likely seeking to maintain compliance?

Information security standards

E-discovery requirements

Privacy regulations

Certification requirements

Reporting frameworks

Page 4 of 7

31. A company finds logs with modified time stamps when compared to other systems. The security team decides to improve logging and auditing for incident response.

Which of the following should the team do to best accomplish this goal?

Integrate a file-monitoring tool with the SIE

Change the log solution and integrate it with the existing SIE

Implement a central logging server, allowing only log ingestion.

Rotate and back up logs every 24 hours, encrypting the backups.

32. Recent repents indicate that a software tool is being exploited Attackers were able to bypass user access controls and load a database. A security analyst needs to find the vulnerability and recommend a mitigation.

The analyst generates the following output:

Which of the following would the analyst most likely recommend?

Installing appropriate EDR tools to block pass-the-hash attempts

Adding additional time to software development to perform fuzz testing

Removing hard coded credentials from the source code

Not allowing users to change their local passwords

33. An organization is looking for gaps in its detection capabilities based on the APTs that may target the industry.

Which of the following should the security analyst use to perform threat modeling?

ATT&CK

OWASP

CAPEC

STRIDE

34. An organization wants to manage specialized endpoints and needs a solution that provides the ability to

* Centrally manage configurations

* Push policies.

• Remotely wipe devices

• Maintain asset inventory

Which of the following should the organization do to best meet these requirements?

Use a configuration management database

Implement a mobile device management solution.

Configure contextual policy management

Deploy a software asset manager

35. SIMULATION

A product development team has submitted code snippets for review prior to release.

INSTRUCTIONS

Analyze the code snippets, and then select one vulnerability, and one fix for each code snippet.

Code Snippet 1

Code Snippet 2

Vulnerability 1:

SQL injection

Cross-site request forgery

Server-side request forgery

Indirect object reference

Cross-site scripting

Fix 1:

Perform input sanitization of the userid field.

Perform output encoding of queryResponse,

Ensure usex: ia belongs to logged-in user.

Inspect URLS and disallow arbitrary requests.

Implement anti-forgery tokens.

Vulnerability 2

1) Denial of service

2) Command injection

3) SQL injection

4) Authorization bypass

5) Credentials passed via GET

Fix 2

A) Implement prepared statements and bind variables.

B) Remove the serve_forever instruction.

C) Prevent the "authenticated" value from being overridden by a GET parameter.

D) HTTP POST should be used for sensitive parameters.

E) Perform input sanitization of the userid field.

See the solution below in explanation.

36. Which of the following AI concerns is most adequately addressed by input sanitation?

Model inversion

Prompt Injection

Data poisoning

Non-explainable model

37. A financial services organization is using Al lo fully automate the process of deciding client loan rates.

Which of the following should the organization be most concerned about from a privacy perspective?

Model explainability

Credential Theft

Possible prompt Injections

Exposure to social engineering

38. Which of the following security risks should be considered as an organization reduces cost and increases availability of services by adopting serverless computing?

Level of control and influence governments have over cloud service providers

Type of virtualization or emulation technology used in the provisioning of services

Vertical scalability of the infrastructure underpinning the serverless offerings

Use of third-party monitoring of service provisioning and configurations

39. During a forensic review of a cybersecurity incident, a security engineer collected a portion of the payload used by an attacker on a comprised web server.

Given the following portion of the code:

Which of the following best describes this incident?

A. XSRF attack

B. Command injection

C. Stored XSS

D. SQL injection

40. DRAG DROP

An organization is planning for disaster recovery and continuity of operations.

INSTRUCTIONS

Review the following scenarios and instructions. Match each relevant finding to the affected host. After associating scenario 3 with the appropriate host(s), click the host to select the appropriate corrective action for that finding.

Each finding may be used more than once.

If at any time you would like to bring back the initial state of the simulation, please click the Reset All button.

Page 5 of 7

41. Which of the following are risks associated with vendor lock-in? (Select two).

The client can seamlessly move data.

The vendor can change product offerings.

The client receives a sufficient level of service.

The client experiences decreased quality of service.

The client can leverage a multicloud approach.

The client experiences increased interoperability.

42. A systems engineer is configuring a system baseline for servers that will provide email services.

As part of the architecture design, the engineer needs to improve performance of the systems by using an access vector cache, facilitating mandatory access control and protecting against:

• Unauthorized reading and modification of data and programs

• Bypassing application security mechanisms

• Privilege escalation

• interference with other processes

Which of the following is the most appropriate for the engineer to deploy?

SELinux

Privileged access management

Self-encrypting disks

NIPS

43. A security analyst discovered requests associated with IP addresses known for born legitimate 3nd bot-related traffic.

Which of the following should the analyst use to determine whether the requests are malicious?

User-agent string

Byte length of the request

Web application headers

HTML encoding field

44. A security engineer is assisting a DevOps team that has the following requirements for container images:

Ensure container images are hashed and use version controls.

Ensure container images are up to date and scanned for vulnerabilities.

Which of the following should the security engineer do to meet these requirements?

Enable clusters on the container image and configure the mesh with ACLs.

Enable new security and quality checks within a CI/CD pipeline.

Enable audits on the container image and monitor for configuration changes.

Enable pulling of the container image from the vendor repository and deploy directly to operations.

45. An engineering team determines the cost to mitigate certain risks is higher than the asset values. The team must ensure the risks are prioritized appropriately.

Which of the following is the best way to address the issue?

Data labeling

Branch protection

Vulnerability assessments

Purchasing insurance

46. A company wants to implement hardware security key authentication for accessing sensitive information systems The goal is to prevent unauthorized users from gaining access with a stolen password.

Which of the following models should the company implement to best solve this issue?

Rule based

Time-based

Role based

Context-based

47. An organization mat performs real-time financial processing is implementing a new backup solution.

Given the following business requirements?

* The backup solution must reduce the risk for potential backup compromise

* The backup solution must be resilient to a ransomware attack.

* The time to restore from backups is less important than the backup data integrity

* Multiple copies of production data must be maintained

Which of the following backup strategies best meets these requirement?

A. Creating a secondary, immutable storage array and updating it with live data on a continuous basis

B. Utilizing two connected storage arrays and ensuring the arrays constantly sync

C. Enabling remote journaling on the databases to ensure real-time transactions are mirrored

D. Setting up antitempering on the databases to ensure data cannot be changed unintentionally

48. Users are willing passwords on paper because of the number of passwords needed in an environment.

Which of the following solutions is the best way to manage this situation and decrease risks?

Increasing password complexity to require 31 least 16 characters

implementing an SSO solution and integrating with applications

Requiring users to use an open-source password manager

Implementing an MFA solution to avoid reliance only on passwords

49. A security analyst needs to ensure email domains that send phishing attempts without previous communications are not delivered to mailboxes.

The following email headers are being reviewed

Which of the following is the best action for the security analyst to take?

A. Block messages from hr-saas.com because it is not a recognized domain.

B. Reroute all messages with unusual security warning notices to the IT administrator

C. Quarantine all messages with sales-mail.com in the email header

D. Block vendor com for repeated attempts to send suspicious messages

50. A company receives reports about misconfigurations and vulnerabilities in a third-party hardware device that is part of its released products.

Which of the following solutions is the best way for the company to identify possible issues at an earlier stage?

A. Performing vulnerability tests on each device delivered by the providers

B. Performing regular red-team exercises on the vendor production line

C. Implementing a monitoring process for the integration between the application and the vendor appliance

D. Implementing a proper supply chain risk management program

Page 6 of 7

51. The device event logs sourced from MDM software are as follows:

Device | Date/Time | Location | Event | Description

ANDROID_102 | 01JAN21 0255 | 38.9072N, 77.0369W | PUSH | APPLICATION 1220 INSTALL QUEUED ANDROID_102 | 01JAN21 0301 | 38.9072N, 77.0369W | INVENTORY | APPLICATION 1220 ADDED ANDROID_1022 | 01JAN21 0701 | 39.0067N, 77.4291W | CHECK-IN | NORMAL

ANDROID_1022 | 01JAN21 0701 | 25.2854N, 51.5310E | CHECK-IN | NORMAL ANDROID_1022 | 01JAN21 0900 | 39.0067N, 77.4291W | CHECK-IN | NORMAL

ANDROID_1022 | 01JAN21 1030 | 39.0067N, 77.4291W | STATUS | LOCAL STORAGE REPORTING 85% FULL

Which of the following security concerns and response actions would best address the risks posed by the device in the logs?

Malicious installation of an application; change the MDM configuration to remove application ID 1220

Resource leak; recover the device for analysis and clean up the local storage

Impossible travel; disable the device's account and access while investigating

Falsified status reporting; remotely wipe the device

52. A healthcare system recently suffered from a ransomware incident. As a result, the board of directors decided to hire a security consultant to improve existing network security. The security consultant found that the healthcare network was completely flat, had no privileged access limits, and had open RDP access to servers with personal health information.

As the consultant builds the remediation plan, which of the following solutions would best solve these challenges? (Select three).

SD-WAN

PAM

Remote access VPN

MFA

Network segmentation

BGP

NAC

53. PKI can be used to support security requirements in the change management process.

Which of the following capabilities does PKI provide for messages?

Non-repudiation

Confidentiality

Delivery receipts

Attestation

54. A company’s SIEM is designed to associate the company’s asset inventory with user events. Given the following report:

Which of the following should a security engineer investigate first as part of a log audit?

An endpoint that is not submitting any logs

Potential activity indicating an attacker moving laterally in the network

A misconfigured syslog server creating false negatives

Unauthorized usage attempts of the administrator account

55. A user reports application access issues to the help desk.

The help desk reviews the logs for the user:

Which of the following is most likely the reason for the issue?

The user inadvertently tripped the geoblock rule in NGF

A threat actor has compromised the user's account and attempted to log in.

The user is not allowed to access the human resources system outside of business hours.

The user did not attempt to connect from an approved subnet.

56. A company undergoing digital transformation is reviewing the resiliency of a CSP and is concerned about meeting SLA requirements in the event of a CSP incident.

Which of the following would be best to proceed with the transformation?

An on-premises solution as a backup

A load balancer with a round-robin configuration

A multicloud provider solution

An active-active solution within the same tenant

57. A technician is reviewing the logs and notices a large number of files were transferred to remote sites over the course of three months. This activity then stopped. The files were transferred via TLS-protected HTTP sessions from systems that do not normally send traffic to those sites. The technician will define this threat as:

A decrypting RSA using an obsolete and weakened encryption attack.

A zero-day attack.

An advanced persistent threat.

An on-path attack.

58. A security team determines that the most significant risks within the pipeline are:

• Unauthorized code changes

• The current inability to perform independent verification of software modules.

Which of the following best addresses these concerns?

Code signing

Digital signatures

Non-repudiation

Lightweight cryptography

59. A Chief Information Security Officer (CISO) is concerned that a company's current data disposal procedures could result in data remanence. The company uses only SSDs.

Which of the following would be the most secure way to dispose of the SSDs given the CISO's concern?

Degaussing

Overwriting

Shredding

Formatting

Incinerating

60. A security review revealed that not all of the client proxy traffic is being captured.

Which of the following architectural changes best enables the capture of traffic for analysis?

Adding an additional proxy server to each segmented VLAN

Setting up a reverse proxy for client logging at the gateway

Configuring a span port on the perimeter firewall to ingest logs

Enabling client device logging and system event auditing

Page 7 of 7

61. An organization recently implemented a purchasing freeze that has impacted endpoint life-cycle management efforts.

Which of the following should a security manager do to reduce risk without replacing the endpoints?

Remove unneeded services

Deploy EDR

Dispose of end-of-support devices

Reimage the system

62. An organization wants to create a threat model to identity vulnerabilities in its infrastructure.

Which of the following, should be prioritized first?

External-facing Infrastructure with known exploited vulnerabilities

Internal infrastructure with high-seventy and Known exploited vulnerabilities

External facing Infrastructure with a low risk score and no known exploited vulnerabilities

External-facing infrastructure with a high risk score that can only be exploited with local access to the resource

63. A security officer received several complaints from users about excessive MPA push notifications at night The security team investigates and suspects malicious activities regarding user account authentication.

Which of the following is the best way for the security officer to restrict MI~A notifications''

A. Provisioning FID02 devices

B. Deploying a text message based on MFA

C. Enabling OTP via email

D. Configuring prompt-driven MFA

64. Previously intercepted communications must remain secure even if a current encryption key is compromised in the future.

Which of the following best supports this requirement?

Tokenization

Key stretching

Forward secrecy

Simultaneous authentication of equals

65. A security engineer needs 10 secure the OT environment based on me following requirements

• Isolate the OT network segment

• Restrict Internet access.

• Apply security updates two workstations

• Provide remote access to third-party vendors

Which of the following design strategies should the engineer implement to best meet these requirements?

Deploy a jump box on the third party network to access the OT environment and provide updates using a physical delivery method on the workstations

Implement a bastion host in the OT network with security tools in place to monitor access and use a dedicated update server for the workstations.

Enable outbound internet access on the OT firewall to any destination IP address and use the centralized update server for the workstations

Create a staging environment on the OT network for the third-party vendor to access and enable automatic updates on the workstations.

66. Source code snippets for two separate malware samples are shown below:

Sample 1:

knockEmDown(String e) {

if(target.isAccessed()) {

target.toShell(e);

System.out.printIn(e.toString());

c2.sendTelemetry(target.hostname.toString + " is " + e.toString());

} else { target.close();

}

}

Sample 2:

targetSys(address a) {

if(address.islpv4()) {

address.connect(1337);

address.keepAlive("paranoid");

String status = knockEmDown(address.current);

remote.sendC2(address.current + " is " + status);

} else {

throw Exception e;

}

}

Which of the following describes the most important observation about the two samples?

Telemetry is first buffered and then transmitted in paranoid mode.

The samples were probably written by the same developer.

Both samples use IP connectivity for command and control.

Sample 1 is the target agent while Sample 2 is the C2 server.

TAGS:

CAS-005, CAS-005 exam dumps

Notify of

Label

Name*

Email*

Website

Label

Name*

Email*

Website

0 Comments

Oldest

Newest Most Voted

Inline Feedbacks

View all comments

Get CAS-005 Dumps Full Version

Q&As: 217
Versions: PDF and Software Download Now

About Dumpsinfo

Dumpsinfo is a good platform providing the latest exam information and dumps questions for all IT certification exams. You can study all the latest exam dumps questions online.

[email protected]

Mon - Sat 9:00am - 6:00pm

CAS-005 Dumps Questions Increase Your Chance of Success

Related

Posts

Online 220-1202 Exam Dumps Help You Build Confidence

Improve Your Knowledge with CV0-004 Exam Dumps

Valid PT0-003 Exam Dumps are Your best Choice to Pass

Prepare N10-009 Exam with Using N10-009 Dump Questions

About Us

EMAIL

Services

Opening Hours