CompTIA CAS-005 SecurityX  Exam Dumps and Practice Test Questions Set 7 Q121-140

Visit here for our full CompTIA CAS-005 SecurityX exam dumps and practice test questions.

Question 121

 Which type of security control enforces rules through technology, such as firewalls, antivirus, or intrusion prevention systems?

A. Technical control
B. Administrative control
C. Physical control
D. Detective control

Answer: A. Technical control

Explanation:

A. Technical control: Technical controls, also called logical controls, are mechanisms implemented through technology to protect systems and data. Examples include firewalls, intrusion detection/prevention systems (IDS/IPS), antivirus, endpoint protection, encryption, and access control mechanisms. These controls operate automatically to prevent or mitigate threats without requiring constant human intervention. For instance, firewalls enforce rules to block unauthorized inbound or outbound traffic, IPS actively prevents identified attacks, and antivirus software detects and quarantines malware before it spreads. In CAS-005, candidates must understand that technical controls are a primary line of defense in defense-in-depth strategies, complementing administrative and physical controls. They help maintain confidentiality, integrity, and availability by proactively enforcing security policies at the system and network level. Effective technical control implementation involves proper configuration, patch management, monitoring, and integration with broader security frameworks.

Administrative control: Administrative controls involve policies, procedures, standards, and guidelines that govern organizational behavior. Examples include security awareness training, incident response plans, acceptable use policies, and audit procedures. While administrative controls are essential for shaping behavior and ensuring compliance, they do not directly prevent attacks; they rely on human adherence to rules. In the context of preventing threats with firewalls or antivirus, administrative controls might specify rules for usage or monitoring schedules, but the actual enforcement is handled by technical measures. CAS-005 emphasizes that administrative and technical controls must work in tandem.

Physical control: Physical controls protect facilities, hardware, and personnel from unauthorized access or environmental hazards. Examples include locks, badge access, CCTV, security guards, fire suppression systems, and server room cages. Physical controls mitigate risks such as theft, vandalism, or natural disasters but cannot enforce network rules or stop malware, which is why they are distinct from technical controls. Understanding physical controls helps candidates in CAS-005 grasp the multi-layered approach required for holistic security.

Detective control: Detective controls monitor, detect, and alert on unauthorized activities. Examples include log analysis, security monitoring tools, IDS, audit trails, and SIEM systems. These controls are reactive rather than preventive; they help organizations identify and respond to incidents after they occur. While some IDS/IPS tools blur the line between detection and prevention, in CAS-005 terms, preventive enforcement of security policies via technology is a technical control, not purely detective.

Question 122:

 Which type of attack involves tricking users into revealing confidential information by impersonating trusted entities?

A. Phishing
B. Spear phishing
C. Vishing
D. Smishing

Answer: A. Phishing

Explanation:

Phishing: Phishing attacks are social engineering techniques where attackers send deceptive messages, usually via email, that appear to come from legitimate sources. The goal is to trick users into disclosing sensitive information such as usernames, passwords, credit card numbers, or installing malware. Phishing relies on human error rather than technical system flaws. CAS-005 emphasizes recognizing phishing attacks as a significant threat to organizational security and as a driver for implementing administrative controls, such as security awareness training, simulated phishing campaigns, and reporting mechanisms. Phishing is broad and can target large numbers of users indiscriminately. Understanding phishing is crucial for CAS-005 candidates to assess organizational risk and implement layered defenses.

Spear phishing: Spear phishing is a targeted form of phishing. Unlike generic phishing, spear phishing attacks focus on specific individuals or organizations using personalized information gathered from social media, corporate websites, or prior breaches. The attacker crafts highly convincing messages to increase the likelihood of success. CAS-005 highlights spear phishing as an advanced social engineering risk that requires both administrative and technical countermeasures, including email filtering, multi-factor authentication, and employee training on identifying suspicious content.

Vishing: Vishing, or voice phishing, involves using telephone calls to impersonate trusted entities and trick users into revealing confidential information. Attackers may pose as bank representatives, IT support, or government officials to obtain credentials, social security numbers, or financial information. While vishing is a form of social engineering like phishing, CAS-005 differentiates it by its voice-based communication channel, requiring awareness training and verification procedures to mitigate risk.

Smishing: Smishing is SMS-based phishing, where attackers send text messages containing malicious links or prompts to extract sensitive information. It leverages the immediacy of SMS communication and human trust. CAS-005 stresses the importance of educating users about smishing, deploying mobile device security policies, and using filtering technologies to reduce exposure. Smishing, like other phishing methods, exploits human psychology and requires layered administrative and technical controls for effective defense.

Question 123:

Which type of backup copies only the data that has changed since the last full backup?

A. Full backup
B. Incremental backup
C. Differential backup
D. Snapshot

Answer: B. Incremental backup

Explanation:

Full backup: A full backup captures all selected data every time the backup runs. While it ensures simplicity in recovery—only the most recent full backup is needed—full backups consume significant storage and can be time-consuming. CAS-005 emphasizes understanding full backups as foundational for disaster recovery and the importance of combining them with other backup strategies for efficiency.

Incremental backup: Incremental backups copy only the data that has changed since the last backup of any type, whether full or incremental. This approach is storage-efficient and reduces backup time, but restoration requires the last full backup plus all subsequent incremental backups. CAS-005 highlights incremental backups as part of an optimized backup strategy for organizations seeking fast daily backups and storage efficiency while still maintaining recoverability. Understanding incremental backup restoration dependencies is crucial for planning disaster recovery and continuity strategies.

Differential backup: Differential backups copy all data that has changed since the last full backup, not since the last incremental. While easier to restore than incremental backups—requiring only the last full backup and the most recent differential—they grow in size over time until the next full backup. CAS-005 candidates should understand the trade-offs between incremental and differential approaches in terms of speed, storage, and recovery time objectives.

Snapshot: Snapshots capture the state of a system or volume at a specific point in time, often used for fast rollback or virtualization environments. While they provide near-instantaneous recovery points, snapshots are typically not a replacement for long-term backup solutions. CAS-005 teaches snapshots as part of a comprehensive backup and recovery strategy but emphasizes understanding their limitations in long-term data retention and offsite storage scenarios.

Question 124:

 Which type of malware is designed to remain hidden and maintain persistent access on a compromised system?

A. Virus
B. Trojan
C. Rootkit
D. Worm

Answer: C. Rootkit

Explanation:

Virus: A virus attaches itself to executable files or documents and spreads when the host file is executed. It can corrupt data, spread to other systems, and disrupt operations. CAS-005 highlights viruses as a basic malware type, emphasizing the importance of signature-based detection, antivirus, and endpoint protection.

Trojan: Trojans disguise themselves as legitimate software to trick users into executing them. They can carry various payloads, including ransomware, keyloggers, or backdoors. Trojans rely on social engineering or user interaction to infect systems. CAS-005 emphasizes recognizing Trojan behaviors, deployment vectors, and mitigation strategies such as user training and software verification.

Rootkit: Rootkits are stealthy malware designed to hide their presence and maintain persistent access. They modify operating system components, hooks, or kernel modules to avoid detection by antivirus or monitoring tools. CAS-005 candidates must understand rootkits as advanced threats, often combined with other malware types, and recognize the importance of integrity monitoring, kernel-level protection, and incident response procedures for mitigation. Rootkits compromise confidentiality, integrity, and availability simultaneously, making them among the most dangerous malware families.

Worm: Worms are self-propagating malware that spread across networks without user intervention. While worms can cause widespread disruption and consume network resources, they typically do not focus on stealth or persistent concealment. CAS-005 highlights worms as highly infectious threats that emphasize the need for network segmentation, patching, and endpoint monitoring.

Question 125

 Which type of attack exploits software vulnerabilities to execute arbitrary code on a victim’s system?

A. Buffer overflow
B. SQL injection
C. Cross-site scripting (XSS)
D. Denial-of-service (DoS)

Answer: A. Buffer overflow

Explanation:

Buffer overflow: A buffer overflow occurs when a program writes more data into a memory buffer than it can hold, overwriting adjacent memory. Attackers can exploit this vulnerability to execute arbitrary code, escalate privileges, or crash applications. CAS-005 emphasizes buffer overflow attacks in application security, secure coding practices, and input validation. Mitigation includes bounds checking, secure programming languages, compiler protections, and runtime protections such as ASLR (Address Space Layout Randomization).

SQL injection: SQL injection targets web applications by manipulating input to execute arbitrary SQL queries, potentially exposing databases or modifying data. While critical for CAS-005 candidates to understand, SQL injection is specific to database-driven web applications and differs from memory-level exploitation.

Cross-site scripting (XSS): XSS allows attackers to inject malicious scripts into web pages viewed by users. It targets client-side execution in browsers and is primarily an integrity and confidentiality threat, rather than allowing direct arbitrary code execution on the host system.

Denial-of-service (DoS): DoS attacks focus on making resources unavailable rather than executing arbitrary code. CAS-005 candidates must distinguish between availability attacks like DoS and exploitation attacks like buffer overflow for risk assessment and mitigation planning.

Question 126:

Which type of malware encrypts a user’s files and demands payment to restore access?

A. Spyware
B. Ransomware
C. Adware
D. Rootkit

Answer: B. Ransomware

Explanation:

Spyware: Spyware is malware that silently monitors user activity, often capturing sensitive data such as passwords, browsing history, or financial information. Spyware operates stealthily, sending collected information to attackers without the victim’s knowledge. While it poses significant confidentiality risks, it does not encrypt files or demand payment. CAS-005 emphasizes understanding spyware for endpoint security, detection strategies, and mitigation techniques such as anti-spyware software, behavioral monitoring, and user education. Spyware threats highlight the importance of layered defenses, including endpoint protection, network monitoring, and strong access controls to protect sensitive data.

Ransomware: Ransomware is a type of malware that encrypts a victim’s files, rendering them inaccessible until a ransom is paid, often in cryptocurrency. Ransomware attacks may be delivered via phishing emails, malicious links, or compromised websites, and they can propagate across networks to affect multiple systems. CAS-005 candidates must understand ransomware’s operational mechanisms, including encryption algorithms, lateral movement, and persistence techniques. Mitigation strategies include offline or offsite backups, regular patching, endpoint protection, network segmentation, email filtering, and employee awareness training. Incident response procedures for ransomware should include containment, eradication, system recovery, and forensic investigation to identify vulnerabilities and prevent recurrence. Ransomware attacks primarily compromise availability in the CIA triad but can also threaten confidentiality if exfiltration occurs before encryption. CAS-005 teaches the importance of proactive measures, layered security, and disaster recovery planning to minimize operational impact.

Adware: Adware delivers unwanted advertisements to users, often generating revenue for attackers or vendors. While intrusive and potentially leading to privacy concerns, adware does not encrypt files or demand payment. CAS-005 highlights adware in the context of endpoint protection and user awareness. Adware can serve as a vector for additional malware, but its primary effect is nuisance and minor confidentiality risk rather than data loss or operational disruption. Endpoint security solutions, user education, and web filtering mitigate adware risks.

Rootkit: Rootkits are designed to maintain stealthy, persistent access to a compromised system by hiding malware or system changes. While rootkits can be part of a ransomware attack (for persistence), rootkits themselves do not encrypt files or directly demand payment. CAS-005 emphasizes rootkits as advanced threats requiring kernel-level monitoring, integrity checks, and secure patching to detect and remove. They pose severe risks to integrity and confidentiality, allowing attackers to manipulate system processes undetected. Rootkits are a major concern for system administrators because they bypass traditional detection mechanisms.

Question 127

 Which type of attack intercepts and potentially alters communication between two parties without their knowledge?

A. Man-in-the-Middle (MITM)
B. Replay attack
C. Phishing
D. SQL injection

Answer: A. Man-in-the-Middle (MITM)

Explanation:

Man-in-the-Middle (MITM): MITM attacks occur when an attacker secretly intercepts communications between two parties, potentially modifying messages or stealing sensitive information. MITM attacks can take various forms, such as ARP spoofing, DNS spoofing, or SSL stripping. CAS-005 emphasizes understanding MITM risks because these attacks compromise confidentiality, integrity, and authentication. Mitigation includes encryption protocols (TLS/SSL), strong authentication mechanisms, certificate validation, network monitoring, and VPN usage. MITM attacks demonstrate the importance of layered security, end-to-end encryption, and vigilant monitoring to prevent interception or modification of communications. CAS-005 candidates must recognize both technical and administrative defenses, such as secure key management and user training on certificate validation.

Replay attack: Replay attacks capture valid data transmissions (like authentication tokens) and retransmit them to gain unauthorized access. While a replay attack may resemble MITM in that it manipulates communication, it does not involve real-time interception and modification; it is primarily about reusing valid credentials. CAS-005 highlights replay attack prevention strategies such as time-stamped tokens, nonces, and session expiration policies. Understanding replay attacks is critical for securing authentication protocols and session management.

Phishing: Phishing involves tricking users into revealing credentials or personal data, typically through email, websites, or messages. Unlike MITM, phishing exploits human behavior rather than intercepting network communication. CAS-005 emphasizes phishing awareness, training, and email filtering as key defenses. While phishing may indirectly facilitate MITM attacks by stealing credentials, it is fundamentally a social engineering technique, not a network-level interception.

SQL injection: SQL injection targets database queries, allowing attackers to manipulate backend databases by injecting malicious input. SQL injection affects data integrity and confidentiality but does not intercept communication between parties in transit. CAS-005 candidates must differentiate SQL injection from MITM attacks and understand secure coding practices, input validation, and parameterized queries to mitigate this threat.

Question 128:

Which type of access control model assigns permissions based on user roles and responsibilities?

A. Discretionary Access Control (DAC)
B. Mandatory Access Control (MAC)
C. Role-Based Access Control (RBAC)
D. Rule-Based Access Control

Answer: C. Role-Based Access Control (RBAC)

Explanation:

Discretionary Access Control (DAC): DAC allows resource owners to control access to their resources at their discretion. Users can grant permissions to others, which can result in inconsistent access policies and higher risk of insider threats. CAS-005 teaches DAC as a flexible but less secure model, useful in collaborative environments where trust is high. DAC is less suitable for high-security environments because users may inadvertently over-provision access.

Mandatory Access Control (MAC): MAC enforces strict access policies based on security labels, classifications, or clearance levels. Users cannot override these permissions. CAS-005 emphasizes MAC in government and military contexts, where confidentiality is paramount. While highly secure, MAC lacks flexibility for dynamic enterprise environments where roles change frequently.

Role-Based Access Control (RBAC): RBAC assigns permissions based on defined roles, aligning access rights with job responsibilities. This reduces administrative overhead, ensures consistency, and supports the principle of least privilege. CAS-005 highlights RBAC as a scalable and secure model for enterprises, enabling organizations to implement structured access management, enforce compliance, and audit user activities effectively. Proper RBAC implementation involves defining roles, mapping them to required permissions, and regularly reviewing assignments to prevent privilege creep. RBAC supports accountability, reduces insider threats, and integrates with directory services, IAM platforms, and auditing systems.

Rule-Based Access Control: Rule-based controls grant or deny access based on predefined conditions like time, location, or device attributes. CAS-005 explains this model as complementary to RBAC or DAC, providing context-aware security policies. Rule-based access is flexible but may require complex configuration and continuous monitoring to prevent gaps in security enforcement.

Question 129:

Which principle divides critical tasks among multiple users to reduce the risk of fraud or error?

A. Principle of least privilege
B. Separation of duties
C. Defense in depth
D. Mandatory vacations

Answer: B. Separation of duties

Explanation:

Principle of least privilege: This principle restricts users to the minimum access needed to perform their jobs. While it limits attack surfaces and insider threats, it does not inherently divide tasks among multiple users. CAS-005 emphasizes this principle for access control and privilege management.

Separation of duties: Separation of duties ensures that no single individual has complete control over a critical process, reducing the likelihood of fraud, errors, or abuse. CAS-005 stresses its application in finance, IT administration, and sensitive operational procedures. Implementing separation of duties involves careful role assignment, monitoring, and audit trails. It complements other controls such as least privilege, RBAC, and monitoring to enforce accountability and integrity.

Defense in depth: This strategy layers multiple security controls to protect systems and data. While it mitigates risk, it does not directly enforce task division among users. CAS-005 emphasizes defense in depth as a holistic risk management approach.

Mandatory vacations: Requiring employees to take time off is a control to detect fraudulent activity and ensure that critical tasks are reviewed by others. CAS-005 includes this as a procedural complement to separation of duties but notes it is not the core principle itself.

Question 130:

 Which type of wireless attack attempts to capture authentication credentials by impersonating a legitimate access point?

A. Evil twin
B. Jamming
C. War driving
D. Bluejacking

Answer: A. Evil twin

Explanation:

Evil twin: An evil twin attack involves setting up a rogue access point that mimics a legitimate Wi-Fi network. Users unknowingly connect, allowing attackers to capture credentials, inject malware, or monitor traffic. CAS-005 emphasizes evil twin attacks as a combination of social engineering and technical exploitation, requiring encryption, certificate validation, and user awareness to mitigate. Network segmentation and monitoring can also detect unauthorized APs.

Jamming: Jamming attacks disrupt wireless communication by overwhelming frequencies, causing denial-of-service conditions. Unlike evil twin attacks, jamming does not capture credentials; it primarily affects availability. CAS-005 teaches detection through RF monitoring and mitigation with channel hopping or spectrum management.

War driving: War driving is the practice of mapping Wi-Fi networks for vulnerabilities, often passive reconnaissance rather than active exploitation. CAS-005 highlights its relevance in risk assessment but notes it is not a direct credential theft technique.

Bluejacking: Bluejacking involves sending unsolicited messages via Bluetooth. While it can annoy users or serve as a vector for phishing, it does not capture Wi-Fi authentication credentials. CAS-005 discusses it as a low-severity threat in personal device management.

Question 131

 Which type of attack injects malicious SQL code into an application to manipulate its database and extract sensitive data?

A. Cross-Site Scripting (XSS)
B. SQL Injection
C. Command Injection
D. Buffer Overflow

Answer: B. SQL Injection

Explanation:

Cross-Site Scripting (XSS): XSS attacks target web browsers by injecting malicious scripts into web pages that execute in the user’s browser. While XSS can compromise confidentiality, integrity, and session management, it primarily exploits client-side execution. CAS-005 emphasizes XSS for its impact on users’ data and its ability to steal session tokens, but it does not manipulate the underlying database directly, which is why it differs from SQL injection. Understanding XSS helps candidates implement proper input validation, output encoding, and content security policies, protecting against client-side script execution attacks.

SQL Injection: SQL injection occurs when an attacker inserts malicious SQL statements into input fields or parameters, which are then executed by the backend database. This can allow unauthorized data access, modification, or deletion, potentially affecting confidentiality, integrity, and availability. CAS-005 emphasizes understanding SQL injection for secure coding, highlighting parameterized queries, input validation, stored procedures, and least privilege database access as primary defenses. SQL injection remains one of the most critical web application threats due to its high impact and prevalence. It can be combined with other attacks, such as privilege escalation or exfiltration of authentication credentials. Proper database security and secure application development lifecycle practices are critical for mitigating SQL injection risks.

Command Injection: Command injection targets the operating system by executing arbitrary system commands through vulnerable applications. CAS-005 differentiates command injection from SQL injection because it affects the OS rather than the database. Attackers exploit unsanitized input, potentially gaining full system control. Mitigation involves input validation, context-aware sanitization, and principle of least privilege on OS-level permissions. Understanding command injection in CAS-005 provides insight into operating system security and the need for layered defenses.

Buffer Overflow: Buffer overflow attacks occur when more data is written to a memory buffer than it can hold, allowing an attacker to overwrite memory and potentially execute arbitrary code. CAS-005 teaches that buffer overflows are typically a vulnerability in compiled applications, distinct from SQL injection. Defense involves secure coding practices, bounds checking, and stack protection mechanisms. Buffer overflows primarily compromise integrity and availability, whereas SQL injection primarily targets database confidentiality and integrity.

Question 132

 Which security mechanism uses cryptographic keys to encrypt data so that only authorized parties can read it?

A. Hashing
B. Symmetric encryption
C. Obfuscation
D. Steganography

Answer: B. Symmetric encryption

Explanation:

Hashing: Hashing generates a fixed-length output representing data integrity. It is one-way, meaning it cannot be reversed to retrieve the original data. CAS-005 emphasizes hashing for integrity verification and password storage but not for data confidentiality. While hashes detect tampering, they do not prevent unauthorized reading of sensitive information.

Symmetric encryption: Symmetric encryption uses the same cryptographic key for both encryption and decryption, ensuring that only parties with the key can access the plaintext. CAS-005 teaches symmetric encryption for securing large volumes of data efficiently, such as database content, files, or network transmissions. Candidates must understand key management, secure key distribution, and the use of strong algorithms like AES for maintaining confidentiality. Symmetric encryption supports confidentiality but must be combined with integrity verification, such as message authentication codes (MACs), to ensure end-to-end security.

Obfuscation: Obfuscation involves making data or code difficult to understand but does not provide true cryptographic protection. CAS-005 emphasizes obfuscation as a weak deterrent against reverse engineering, not as a mechanism for securing sensitive data. Obfuscation may delay attackers but does not guarantee confidentiality or integrity.

Steganography: Steganography hides data within other media, such as images or audio files, making it less obvious to an attacker. CAS-005 differentiates steganography from encryption because it does not inherently prevent unauthorized access; it merely conceals the existence of the data. While useful in specialized cases, steganography should be combined with encryption for robust protection.

Question 133:

Which type of backup copies only the files that have changed since the last full backup?

A. Full backup
B. Incremental backup
C. Differential backup
D. Snapshot

Answer: B. Incremental backup

Explanation:

Full backup: Full backups copy all selected files each time, providing the simplest recovery but requiring significant storage and longer execution times. CAS-005 emphasizes full backups as foundational for disaster recovery, but they are inefficient if performed frequently. Full backups are often combined with incremental or differential backups to optimize recovery and storage.

Incremental backup: Incremental backups capture only the changes made since the last backup of any type, reducing storage usage and backup time. CAS-005 teaches incremental backups for efficient backup strategies, noting that recovery requires the last full backup plus all subsequent incremental backups. Incremental backups optimize resource usage but increase the complexity of restoration. Implementing incremental backups requires careful management, verification, and testing to ensure reliable data recovery in case of disaster.

Differential backup: Differential backups copy all changes since the last full backup, balancing backup efficiency and recovery speed. CAS-005 emphasizes that differential backups require only the last full backup plus the latest differential to restore data, making recovery faster than incremental but more storage-intensive.

Snapshot: Snapshots capture a point-in-time image of storage volumes or systems, useful for rapid rollback but not suitable for long-term backup or offsite archival. CAS-005 notes snapshots are complementary to full, incremental, or differential backups. Snapshots support availability but not long-term disaster recovery.

Question 134:

Which type of authentication requires something the user knows, such as a password or PIN?

A. Possession factor
B. Knowledge factor
C. Inherence factor
D. Location factor

Answer: B. Knowledge factor

Explanation:

Possession factor: Possession factors rely on items the user physically has, like smart cards or hardware tokens. CAS-005 emphasizes these in multi-factor authentication but not as the “something you know” component.

Knowledge factor: Knowledge factors are secrets only the user knows, such as passwords, PINs, or passphrases. CAS-005 highlights that knowledge factors are widely used but vulnerable to guessing, phishing, or credential reuse. Combining knowledge factors with possession or inherence factors strengthens authentication through multi-factor approaches. Proper password policies, complexity, rotation, and education mitigate risks associated with knowledge factors.

Inherence factor: Inherence factors are biometrics, like fingerprints, iris scans, or voice recognition. CAS-005 emphasizes inherence factors as strong authentication mechanisms that are difficult to replicate, complementing knowledge or possession factors in multi-factor setups.

Location factor: Location factors verify identity based on geographic or network location, often using IP geolocation, GPS, or network domain checks. CAS-005 highlights location factors as context-aware controls but not as primary authentication methods.

Question 135:

Which type of cloud service model provides software applications over the internet, removing the need for local installation and management?

A. IaaS
B. PaaS
C. SaaS
D. DaaS

Answer: C. SaaS

Explanation:

IaaS: Infrastructure as a Service provides virtualized hardware resources, networking, and storage. CAS-005 emphasizes IaaS for organizations needing granular control over infrastructure while offloading physical hardware management. Security responsibilities include OS patching, access controls, and network configuration.

PaaS: Platform as a Service delivers runtime environments, frameworks, and development tools. CAS-005 highlights PaaS for developers to build applications without managing underlying infrastructure. Security considerations include application-level vulnerabilities, secure coding, and platform configuration.

SaaS: Software as a Service provides fully managed applications via the cloud. CAS-005 emphasizes SaaS as a convenience and productivity tool, reducing local management but requiring strong identity management, access controls, data protection, encryption, and compliance with privacy regulations. Security focuses on authentication, authorization, data residency, and monitoring user activities. SaaS providers assume most infrastructure and platform security, but organizations remain responsible for secure configuration, user policies, and endpoint protection.

DaaS: Desktop as a Service delivers virtual desktops hosted in the cloud. CAS-005 notes DaaS as a hybrid model for providing remote desktop environments with centralized management, security, and compliance benefits, but it is not synonymous with SaaS applications.

Question 136:

Which type of malware is designed to replicate itself across networks and systems without user intervention?

A. Virus
B. Worm
C. Trojan
D. Spyware

Answer: B. Worm

Explanation:

Virus: A virus is malware that attaches itself to files or programs and requires user interaction, such as executing a file or opening an attachment, to propagate. CAS-005 emphasizes that viruses rely on human behavior to spread and often deliver payloads that modify files, corrupt data, or disrupt systems. While viruses can be devastating, their dependence on user action differentiates them from worms. Anti-virus solutions, endpoint protection, and user awareness are primary defenses. Candidates must understand viruses to develop layered protections including scanning, patching, and restrictive execution policies.

Worm: Worms are self-replicating malware capable of spreading across networks and devices without user intervention. CAS-005 highlights worms for their ability to exploit vulnerabilities in software, protocols, or network configurations to propagate autonomously. They can cause massive disruptions by consuming bandwidth, launching DDoS attacks, or delivering secondary payloads like ransomware. Worms emphasize the importance of network segmentation, patch management, intrusion detection systems, and firewalls. Understanding worms in CAS-005 prepares candidates to mitigate fast-spreading threats, implement proactive network monitoring, and enforce endpoint security controls. Worm attacks impact availability, confidentiality, and integrity, demonstrating the need for a layered security approach.

Trojan: Trojans masquerade as legitimate applications to trick users into executing them. CAS-005 teaches that Trojans are not self-replicating but may provide remote access or deliver additional malware. They exploit human trust rather than network vulnerabilities. Prevention includes user awareness, secure download policies, and endpoint protection. Understanding Trojans in CAS-005 helps in designing administrative and technical controls to reduce risk.

Spyware: Spyware collects information about a user’s activities without their knowledge. CAS-005 notes spyware primarily compromises confidentiality, tracking keystrokes, browsing behavior, or credentials. Spyware does not self-replicate autonomously like worms, making it fundamentally different in propagation method. Detection relies on anti-malware tools, endpoint monitoring, and user education.

Question 137:

 Which type of access control model restricts access based on roles assigned to users rather than individual identities?

A. Discretionary Access Control (DAC)
B. Role-Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Rule-Based Access Control

Answer: B. Role-Based Access Control

Explanation:

Discretionary Access Control (DAC): DAC allows resource owners to set permissions on objects they control. CAS-005 emphasizes DAC for its flexibility but notes the risk of improper delegation or accidental exposure. Access decisions are identity-based, not role-based, and rely on user discretion, making it unsuitable for large-scale role-centric administration.

Role-Based Access Control (RBAC): RBAC assigns permissions to roles rather than individual users. CAS-005 highlights RBAC as a foundational access control model for enterprise environments. Users inherit permissions through their roles, simplifying management, enforcing the principle of least privilege, and supporting compliance audits. RBAC reduces administrative overhead, prevents excessive privilege allocation, and aligns with separation of duties policies. Implementation includes defining roles carefully, mapping permissions, and auditing access regularly. RBAC supports operational efficiency, scalability, and security consistency across systems.

Mandatory Access Control (MAC): MAC enforces access based on security labels or classifications. CAS-005 notes MAC is prevalent in high-security or government environments where access is strictly controlled by system policy. Unlike RBAC, MAC is not role-based but classification-based, providing rigid security but less administrative flexibility.

Rule-Based Access Control: This model grants or denies access based on predefined conditions or rules, such as time-of-day, location, or device. CAS-005 emphasizes that rule-based controls are context-driven but require integration with other models like RBAC or MAC for comprehensive security. Rule-based control is supplemental, not a standalone role-based system.

Question 138:

Which type of cryptography uses a public key for encryption and a private key for decryption?

A. Symmetric encryption
B. Asymmetric encryption
C. Hashing
D. Steganography

Answer: B. Asymmetric encryption

Explanation:

Symmetric encryption: Symmetric encryption uses the same key for encryption and decryption. CAS-005 emphasizes symmetric cryptography for large-volume data encryption due to efficiency, but it requires secure key distribution. It does not address scenarios where the sender and recipient cannot securely share a key in advance.

Asymmetric encryption: Asymmetric encryption, or public key cryptography, uses a key pair: the public key encrypts data, and the private key decrypts it. CAS-005 highlights asymmetric cryptography as critical for secure communications, digital signatures, and key exchange. It solves key distribution challenges inherent in symmetric encryption, supports authentication, non-repudiation, and confidentiality. Implementation requires proper key management, certificate authorities, and secure storage of private keys. Examples include RSA, ECC, and DSA. Asymmetric encryption is essential for securing emails, VPNs, and HTTPS traffic. It allows establishing encrypted channels over insecure networks without pre-shared keys. Understanding asymmetric encryption in CAS-005 ensures candidates can design systems that balance efficiency, confidentiality, and integrity.

Hashing: Hashing generates a fixed-length digest representing data integrity. CAS-005 emphasizes hashing for verifying integrity and password storage but not for encryption or secure transmission. Hashes are irreversible and cannot recover original data, unlike asymmetric encryption.

Steganography: Steganography conceals data within media files. CAS-005 notes it hides data but does not encrypt or provide cryptographic confidentiality. For secure communication, steganography must be combined with encryption.

Question 139:

Which type of malware monitors user behavior to collect sensitive information such as credentials or financial data?

A. Spyware
B. Adware
C. Worm
D. Keylogger

Answer: A. Spyware

Explanation:

Spyware: Spyware is designed to secretly monitor and collect user activities. CAS-005 highlights spyware as a confidentiality threat that captures keystrokes, browser history, and credentials without user consent. Detection involves endpoint protection, behavioral analysis, and monitoring suspicious outbound traffic. Spyware can operate with stealth, often combining with Trojans or adware to evade defenses. Spyware emphasizes human and technical attack vectors in CAS-005, underscoring the importance of administrative policies, awareness training, and technical monitoring.

Adware: Adware displays unwanted advertisements and may track behavior for marketing purposes. CAS-005 differentiates adware from spyware because its primary purpose is commercial, not malicious data exfiltration, although some adware collects user data.

Worm: Worms self-propagate and disrupt networks. CAS-005 emphasizes that worms do not primarily monitor user behavior but affect availability and integrity.

Keylogger: Keyloggers record keystrokes and are a form of spyware but specifically focus on capturing typed information. CAS-005 teaches keyloggers as a subset of spyware, often delivered via Trojans. Unlike general spyware, keyloggers provide granular monitoring of input.

Question 140:

Which type of social engineering attack uses deceptive messages to trick users into revealing sensitive information?

A. Phishing
B. Baiting
C. Tailgating
D. Vishing

Answer: A. Phishing

Explanation:

Phishing:

Phishing is a form of social engineering attack that exploits human psychology to manipulate individuals into disclosing sensitive information, such as usernames, passwords, financial details, or personally identifiable information (PII). Attackers often craft emails, instant messages, or SMS messages that appear to originate from trusted entities, such as banks, internal IT departments, colleagues, or well-known organizations. CAS-005 emphasizes that phishing is the most prevalent and damaging social engineering threat, as it directly targets the weakest link in security: human behavior.

Phishing messages typically use urgency, fear, or curiosity to prompt action. For example, an email might claim that the recipient’s account has been compromised and requires immediate password reset via a provided link. The link often leads to a fraudulent website mimicking the legitimate service, designed to harvest credentials. Advanced phishing campaigns may use spear-phishing techniques, which target specific individuals using personal information collected from social media, corporate directories, or previous breaches. Another variant, whaling, focuses on high-profile executives or stakeholders with access to critical systems.

CAS-005 objectives require candidates to understand both the methods attackers use and the technical and administrative controls that can mitigate phishing risks. Technical controls include email filtering systems that detect malicious links or attachments, anti-malware solutions, sandboxing of suspicious files, and DNS filtering to block access to known phishing domains. Transport Layer Security (TLS) and email authentication protocols, such as SPF, DKIM, and DMARC, help verify legitimate email sources and reduce spoofing.

Administrative and procedural controls are equally vital. Organizations must implement regular user awareness training to educate employees about recognizing suspicious messages, the dangers of clicking unknown links, and procedures for reporting potential phishing attempts. Simulated phishing campaigns can reinforce training and measure employee readiness, providing insights for further education and process improvement. CAS-005 also emphasizes incident response planning, so that phishing incidents are reported quickly, analyzed for scope, and remediated efficiently.

Phishing not only threatens confidentiality by exposing credentials but can also compromise integrity and availability. Attackers may gain access to sensitive systems, deploy malware, modify critical data, or exfiltrate confidential information. CAS-005 highlights the layered defense strategy: phishing awareness complements endpoint protection, access control policies, multi-factor authentication, and monitoring to prevent a successful attack from escalating into a broader compromise.

Baiting:

Baiting is another social engineering attack that relies on human curiosity or greed rather than digital deception. Attackers leave a physical or digital lure to entice the victim into taking action. Classic examples include malware-infected USB drives left in common areas, enticing the finder to connect the device to a corporate workstation. Digital baiting may involve offering free downloads, movie torrents, or software “gifts” that contain malicious payloads.

CAS-005 emphasizes baiting as a physical or behavioral attack vector. Unlike phishing, which exploits digital messaging and trust, baiting targets a person’s tendency to act without verifying the source. While the ultimate goal of baiting may mirror phishing—gaining credentials, installing malware, or accessing sensitive data—the vector is fundamentally different. Mitigation measures include strict endpoint controls that prevent execution of unauthorized devices or software, policies prohibiting the use of unknown external media, and employee awareness campaigns to highlight the risks of interacting with unknown devices or downloads. Baiting illustrates the importance of integrating technical, physical, and administrative controls to address both human and systemic vulnerabilities, a principle central to CAS-005 security objectives.

Tailgating:

Tailgating is a physical security attack, wherein an unauthorized individual follows an authorized person into a secure area. This attack bypasses electronic access controls, security guards, and other physical security measures by relying on social manipulation, courtesy, or distraction. For example, an attacker may carry boxes or ask someone to hold the door, exploiting human politeness to gain entry.

CAS-005 highlights tailgating as a key example of human-targeted physical security breaches. Although it is not a digital credential attack like phishing, tailgating can lead to physical access to servers, network closets, or restricted facilities, which in turn can facilitate malware installation, hardware theft, or unauthorized system access. Preventive measures include enforcing strict access policies, requiring employee vigilance, implementing turnstiles or mantraps, using surveillance systems, and conducting security awareness training. Employees should be instructed never to allow others to follow them without proper authentication.

While tailgating does not involve email or messaging, it illustrates the broader category of social engineering within CAS-005. It demonstrates that attackers exploit human behavior and trust, highlighting the need for layered security across technical, administrative, and physical domains.

Vishing:

Vishing, or voice phishing, uses telephone-based communication to extract sensitive information. Attackers often impersonate trusted entities such as banks, IT support teams, or government agencies to trick victims into revealing personal or corporate information. Vishing exploits social engineering techniques similar to phishing, such as invoking urgency, fear, or authority.

CAS-005 underscores vishing as a human-centric attack vector. While the delivery mechanism differs—audio rather than digital messaging—the goal aligns with phishing: credential theft, access to financial accounts, or exposure of sensitive corporate data. Vishing mitigation includes employee training on verifying caller identity, using secure phone lines, implementing callback procedures, and educating staff about never providing sensitive information over the phone without proper verification. Multi-factor authentication can further reduce the risk if compromised credentials are attempted to be used by attackers.

Vishing is often combined with other attacks, such as phishing or pretexting, forming multi-vector social engineering campaigns. CAS-005 emphasizes understanding the similarities and differences among phishing, vishing, baiting, and tailgating, ensuring candidates can design comprehensive human and technical defense strategies.