CompTIA CAS-005 SecurityX  Exam Dumps and Practice Test Questions Set 9 Q161-180

Visit here for our full CompTIA CAS-005 SecurityX exam dumps and practice test questions.

Question 161:

Which type of attack involves intercepting and modifying communications between two parties without their knowledge?

A. Man-in-the-Middle (MITM)
B. Phishing
C. DNS Spoofing
D. SQL Injection

Answer: A. Man-in-the-Middle (MITM)

Explanation:

Man-in-the-Middle (MITM): A MITM attack occurs when an attacker secretly intercepts and potentially alters communications between two parties who believe they are directly communicating with each other. CAS-005 emphasizes understanding MITM attacks as a critical threat to confidentiality, integrity, and authentication in networks. Attackers can exploit MITM for credential theft, data manipulation, eavesdropping, session hijacking, and injecting malicious content. Common MITM methods include ARP spoofing on local networks, DNS spoofing to redirect traffic, and SSL stripping to downgrade secure connections. Candidates must understand prevention measures including the use of strong encryption (TLS/SSL), mutual authentication, certificate pinning, secure VPNs, network segmentation, intrusion detection systems, and monitoring for abnormal network patterns. MITM attacks demonstrate the importance of layered defenses and secure communication protocols to maintain the CIA triad.

Phishing: Phishing targets human behavior to trick users into revealing sensitive information through deceptive messages. CAS-005 categorizes phishing as a social engineering threat rather than an active interception of communications between legitimate parties. While phishing may serve as a vector for MITM setup, it is primarily focused on exploitation of trust rather than direct interception. Mitigation involves user awareness, email filtering, SPF/DKIM/DMARC configurations, and reporting suspicious activity.

DNS Spoofing: DNS spoofing corrupts DNS resolution, redirecting users to malicious IP addresses. While it can facilitate MITM attacks, it does not inherently allow real-time interception or modification of traffic. CAS-005 emphasizes DNS security practices, including DNSSEC, monitoring, and secure resolver configurations to prevent misuse.

SQL Injection: SQL injection targets databases by inserting malicious queries into applications. CAS-005 notes SQL injection affects data integrity and confidentiality but is an application-level attack and unrelated to network-based interception. Mitigation requires parameterized queries, input validation, and secure coding practices.

MITM attacks highlight the need for encryption, authentication, monitoring, and defensive network architecture to prevent unauthorized interception and modification of communications. CAS-005 candidates must understand both attack mechanics and multi-layered defenses.

Question 162:

 Which type of control identifies and alerts security teams about potential incidents after they occur?

A. Preventive Control
B. Detective Control
C. Corrective Control
D. Deterrent Control

Answer: B. Detective Control

Explanation:

Preventive Control: Preventive controls aim to stop security incidents before they occur, such as firewalls, access restrictions, and multi-factor authentication. CAS-005 teaches that while preventive measures are proactive, they do not provide visibility into incidents that bypass these controls.

Detective Control: Detective controls monitor systems, networks, or processes and generate alerts when anomalies, intrusions, or violations occur. CAS-005 emphasizes the importance of log monitoring, intrusion detection systems (IDS), security information and event management (SIEM), audit trails, file integrity monitoring, and anomaly detection. Detective controls support incident response by providing evidence and enabling timely mitigation. They do not directly prevent incidents but are crucial for awareness, forensics, and continuous improvement of the security posture. Candidates must understand tuning, correlating events, and integrating alerts with incident response plans to ensure effective threat detection.

Corrective Control: Corrective controls address issues after detection, such as patching vulnerabilities, restoring backups, or revoking compromised accounts. CAS-005 differentiates corrective actions from detective measures; corrective controls fix problems but do not provide the visibility necessary to identify them.

Deterrent Control: Deterrent controls discourage malicious behavior through policies, legal consequences, or visible security measures. While CAS-005 includes deterrent controls as part of risk management, they do not detect incidents or alert teams.

Detective controls complement preventive and corrective strategies, forming a layered approach in CAS-005. Effective detection involves configuration, continuous monitoring, alert prioritization, and integration with response procedures. They support compliance, auditing, and forensic investigation, strengthening overall organizational resilience.

Question 163:

Which cloud service model provides virtualized computing resources over the internet, allowing customers to run applications without managing the underlying infrastructure?

A. IaaS (Infrastructure as a Service)
B. PaaS (Platform as a Service)
C. SaaS (Software as a Service)
D. DaaS (Desktop as a Service)

Answer: B. PaaS

Explanation:

IaaS: Infrastructure as a Service provides virtualized hardware resources such as servers, storage, and networking. CAS-005 emphasizes IaaS allows organizations to manage operating systems and applications while outsourcing physical infrastructure. Security responsibilities include configuration, patch management, and virtual network monitoring.

PaaS: Platform as a Service delivers a complete development and deployment environment, abstracting underlying infrastructure while providing runtime, middleware, and development tools. CAS-005 highlights PaaS as essential for agile application development, enabling developers to focus on coding while the provider manages infrastructure security, OS patching, and runtime environment. Security considerations include application security, access control, identity management, encryption, compliance, API security, and logging. Candidates must understand shared responsibility in cloud models: the provider secures the platform, while the customer secures applications, data, and access. PaaS enhances scalability, reduces operational burden, and supports secure DevOps practices, emphasizing secure software development lifecycle integration.

SaaS: Software as a Service delivers fully managed applications to end-users over the internet. CAS-005 teaches that security responsibilities focus on data protection, identity management, access control, and compliance; the provider manages infrastructure, platform, and application security.

DaaS: Desktop as a Service offers virtual desktops hosted in the cloud. CAS-005 emphasizes its use for workforce mobility, BYOD, and disaster recovery. Security considerations include endpoint management, access control, and encryption, but the core model focuses on desktop delivery rather than development or runtime environments.

PaaS provides a middle ground between IaaS and SaaS, requiring CAS-005 candidates to understand secure development, cloud responsibilities, application lifecycle management, and compliance in multi-tenant environments.

Question 164:

Which security control ensures that critical operations are divided among multiple individuals to prevent fraud or errors?

A. Separation of Duties
B. Principle of Least Privilege
C. Mandatory Access Control
D. Role-Based Access Control

Answer: A. Separation of Duties

Explanation:

Separation of Duties (SoD): SoD divides responsibilities for critical processes among multiple individuals so that no single person can complete a transaction or operation alone, preventing fraud and reducing errors. CAS-005 emphasizes SoD as an administrative control critical in finance, operations, IT administration, and compliance. Implementation involves role definition, workflow design, complementary responsibilities, access reviews, auditing, and monitoring. SoD reduces insider threat risk, improves accountability, and complements technical controls like RBAC and least privilege. Candidates must understand SoD integration with access policies, segregation of sensitive systems, and process auditing to maintain operational integrity.

Principle of Least Privilege: Least privilege restricts users to the minimum access necessary to perform their job functions. While related to SoD, it focuses on access minimization rather than task division. CAS-005 highlights both principles for comprehensive security design.

Mandatory Access Control: MAC enforces access based on predefined security labels. While MAC restricts access, it does not inherently prevent a single individual from performing all tasks. CAS-005 differentiates MAC as a technical access control model primarily used in high-security environments.

Role-Based Access Control: RBAC assigns permissions based on roles rather than individual identities. RBAC can support SoD when roles are carefully designed to distribute responsibilities but does not itself enforce separation. CAS-005 teaches integration of RBAC with SoD for robust administrative and technical controls.

SoD is foundational for risk mitigation, compliance, fraud prevention, and operational integrity. CAS-005 candidates must implement, monitor, and audit SoD alongside technical controls for layered security.

Question 165:

Which principle of cybersecurity ensures that information is available to authorized users when needed?

A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation

Answer: C. Availability

Explanation:

Confidentiality: Confidentiality ensures data is protected from unauthorized access. CAS-005 emphasizes encryption, access control, and data classification to maintain confidentiality. While confidentiality is critical, it does not guarantee timely access for legitimate users.

Integrity: Integrity ensures data remains accurate and unaltered except by authorized actions. CAS-005 highlights checksums, hashing, and digital signatures to maintain integrity. Integrity alone does not guarantee accessibility.

Availability: Availability ensures that systems, applications, and data are accessible to authorized users when needed. CAS-005 emphasizes availability as one pillar of the CIA triad. Measures include redundancy, load balancing, fault tolerance, disaster recovery planning, high availability architecture, backup strategies, network resilience, monitoring, and incident response. Availability also involves protection against attacks such as DoS/DDoS, hardware failures, and natural disasters. Ensuring availability requires comprehensive planning combining technical, administrative, and physical controls. CAS-005 candidates must understand availability in terms of service-level agreements, recovery time objectives (RTO), recovery point objectives (RPO), and continuity of operations planning.

Non-repudiation: Non-repudiation ensures accountability by preventing users from denying their actions. CAS-005 teaches non-repudiation as essential for audits and legal accountability but it does not guarantee system access.

Availability is critical for operational continuity, supporting productivity, business resilience, and mission-critical functions. CAS-005 teaches that achieving availability requires redundancy, proactive monitoring, incident response, preventive and corrective controls, and alignment with organizational objectives.

Question 166:

Which type of attack involves tricking users into divulging confidential information, such as passwords or credit card numbers, via deceptive messages?

A. Phishing
B. Man-in-the-Middle
C. SQL Injection
D. Cross-Site Scripting (XSS)

Answer: A. Phishing

Explanation:

Phishing: Phishing is a social engineering attack that manipulates human trust to steal sensitive information. Attackers often use email, instant messaging, SMS, or even phone calls to impersonate trusted sources like banks, colleagues, or IT departments. CAS-005 emphasizes phishing as a high-risk threat vector because it bypasses technical controls by targeting human behavior. Techniques include deceptive URLs, fake websites, cloned forms, and psychological manipulation to create urgency, fear, or curiosity. Modern phishing attacks often incorporate spear-phishing, targeting specific individuals with personalized information gathered from social media or corporate databases, and whaling, which targets executives or high-value personnel. Detection and mitigation require user education, anti-phishing email filters, domain authentication technologies (SPF, DKIM, DMARC), browser warnings, two-factor authentication, and incident response procedures. Understanding phishing aligns with CAS-005 objectives related to awareness training, risk mitigation, identity protection, and the implementation of layered defense strategies.

Man-in-the-Middle (MITM): MITM attacks intercept communications between parties, often silently, to eavesdrop, modify, or redirect data. While MITM can be a vector for credential theft similar to phishing, it relies on technical exploitation of network or protocol weaknesses rather than psychological manipulation. CAS-005 teaches the importance of TLS/SSL, certificate verification, and VPNs to defend against MITM attacks. MITM differs from phishing because the attacker actively positions themselves within the communication channel, whereas phishing relies on tricking the user.

SQL Injection: SQL injection exploits insecure coding practices to inject malicious SQL commands into applications, targeting databases to extract, modify, or delete data. CAS-005 highlights SQL injection as an application-layer attack affecting confidentiality and integrity, not a social engineering method. Mitigation involves input validation, prepared statements, and secure coding practices.

Cross-Site Scripting (XSS): XSS attacks inject malicious scripts into web pages that execute in users’ browsers, stealing cookies or executing unauthorized actions. While XSS may indirectly facilitate phishing-like data theft, it is a technical exploit rather than a psychological manipulation technique. CAS-005 emphasizes secure web development, output encoding, and content security policies to mitigate XSS.

Phishing demonstrates the critical importance of human factors, awareness training, and layered security measures. CAS-005 candidates must be able to recognize phishing indicators, implement technical and administrative controls, and integrate monitoring with incident response for comprehensive organizational protection.

Question 167:

Which security control restricts access based on predefined security labels or classifications, commonly used in government or military environments?

A. Discretionary Access Control (DAC)
B. Mandatory Access Control (MAC)
C. Role-Based Access Control (RBAC)
D. Rule-Based Access Control

Answer: B. Mandatory Access Control (MAC)

Explanation:

Discretionary Access Control (DAC): DAC allows resource owners to determine access permissions. CAS-005 teaches that DAC is flexible and user-driven but vulnerable to accidental exposure or malicious abuse. It is not suitable for highly sensitive environments where strict control is required.

Mandatory Access Control (MAC): MAC enforces access decisions based on predefined labels or classifications assigned to both users and resources. CAS-005 emphasizes that MAC is ideal for environments requiring high confidentiality, such as military or government systems. Users cannot override MAC settings, ensuring strict adherence to organizational policies and classification schemes. Implementation requires proper labeling, role assignments based on clearance levels, auditing, and continuous policy enforcement. MAC controls access to files, databases, and systems based on sensitivity, providing granular security and reducing insider threat risk. Candidates must understand MAC as a technical control that integrates with administrative policy frameworks, supporting confidentiality, integrity, and compliance requirements.

C. Role-Based Access Control (RBAC): RBAC assigns permissions based on job roles rather than individual identity. CAS-005 highlights RBAC as a flexible and scalable access control model for enterprise environments. While RBAC can support MAC-like enforcement, it is primarily role-focused and does not inherently use sensitivity labels. RBAC is more commonly applied in commercial and organizational IT systems than in classified environments.

Rule-Based Access Control: Rule-based access control enforces access according to conditions such as time, network location, or activity. CAS-005 teaches that rule-based controls are dynamic and condition-dependent but do not necessarily enforce strict classification-based security like MAC. These controls complement other models but are insufficient for highly classified environments on their own.

Understanding MAC in CAS-005 is critical for candidates to implement structured, auditable, and enforceable access policies, integrating both technical and administrative measures to maintain security in sensitive contexts.

Question 168:

Which type of malware replicates itself to spread across systems without user intervention?

A. Worm
B. Trojan
C. Rootkit
D. Keylogger

Answer: A. Worm

Explanation:

Worm: A worm is self-replicating malware that propagates across networks without requiring user interaction. CAS-005 highlights worms as threats to availability and network integrity. Worms exploit vulnerabilities in operating systems, applications, or network protocols to spread automatically, often consuming bandwidth, crashing systems, or delivering payloads such as ransomware. Effective mitigation involves patch management, network segmentation, intrusion prevention systems, antivirus/antimalware tools, firewalls, and monitoring unusual traffic patterns. Understanding worms is essential in CAS-005 for incident response planning, malware analysis, and layered defenses, emphasizing both technical and procedural controls.

Trojan: Trojans disguise themselves as legitimate software but do not self-replicate. They require user action for deployment. CAS-005 emphasizes Trojans for their potential to deliver malicious payloads, steal credentials, or establish remote access. Unlike worms, they rely on social engineering or software download mechanisms rather than autonomous propagation.

Rootkit: Rootkits hide malware or unauthorized processes to maintain stealth and persistence. CAS-005 teaches that rootkits support persistence and evasion but are not inherently self-replicating. Rootkit detection and mitigation involve integrity monitoring, boot-level scanning, and behavioral analysis.

Keylogger: Keyloggers record keystrokes to capture sensitive information. CAS-005 emphasizes their confidentiality impact, but keyloggers do not replicate autonomously across systems. Detection involves endpoint protection, anomaly detection, and user awareness.

Worms illustrate automated, network-focused malware propagation, underscoring CAS-005 principles around patching, monitoring, and layered network security for availability and threat containment.

Question 169:

Which principle ensures that data is accurate, consistent, and protected from unauthorized modification?

A. Confidentiality
B. Integrity
C. Availability
D. Authentication

Answer: B. Integrity

Explanation:

Confidentiality: Confidentiality ensures data access is limited to authorized users. CAS-005 emphasizes encryption, access control, and classification for confidentiality. However, confidentiality does not guarantee that data remains unaltered.

Integrity: Integrity ensures that information remains accurate, consistent, and unmodified except by authorized processes. CAS-005 emphasizes techniques like hashing (SHA, MD5), digital signatures, checksums, version control, logging, and file integrity monitoring. Integrity is critical for regulatory compliance, operational accuracy, and trust in decision-making systems. Violations of integrity can result in financial loss, operational failure, or reputational damage. Candidates must understand technical controls, such as cryptographic hashes and digital signatures, and administrative procedures, including change management and audit trails. Integrity aligns with the CIA triad alongside confidentiality and availability, providing comprehensive protection for data accuracy and reliability.

Availability: Availability ensures timely access to information, but does not prevent unauthorized modification or corruption. CAS-005 stresses that availability complements integrity but addresses access rather than data correctness.

Authentication: Authentication verifies identity to control access. While related to integrity in ensuring only authorized users modify data, authentication alone does not prevent unintentional or malicious changes. CAS-005 emphasizes authentication as part of layered security measures supporting integrity controls.

Integrity safeguards are vital for data reliability, auditing, and operational consistency, aligning with CAS-005 goals for data security, secure communications, and compliance frameworks.

Question 170:

 Which control involves monitoring and analyzing network traffic to detect potential security threats in real time?

A. Firewall
B. Intrusion Detection System (IDS)
C. Intrusion Prevention System (IPS)
D. Security Information and Event Management (SIEM)

Answer: C. Intrusion Prevention System (IPS)

Explanation:

Firewall: Firewalls enforce rules for network traffic based on IP addresses, ports, or protocols. CAS-005 teaches firewalls are preventive controls but do not analyze traffic for malicious behavior beyond predefined rules. They form the first line of defense but lack real-time threat prevention capabilities for complex attacks.

Intrusion Detection System (IDS): IDS monitors traffic and alerts administrators of suspicious activity. CAS-005 emphasizes IDS as a detective control, providing visibility and forensic data but no automatic prevention. IDS requires human intervention or integrated responses to mitigate threats.

Intrusion Prevention System (IPS): IPS actively monitors network or system traffic and automatically blocks or mitigates identified threats. CAS-005 highlights IPS as a preventive and corrective control combining detection with immediate response. IPS can operate using signature-based, anomaly-based, or behavior-based methods, detecting malware, unauthorized access, DoS attacks, and suspicious traffic patterns. Integration with firewalls, SIEM systems, and endpoint protection ensures comprehensive network security. IPS requires proper configuration, tuning to reduce false positives, and continuous updates to signatures. Candidates must understand deployment, maintenance, and monitoring of IPS as a proactive network security measure supporting the CIA triad by preventing unauthorized access, maintaining integrity, and ensuring availability.

Security Information and Event Management (SIEM): SIEM aggregates logs from multiple sources, correlates events, and provides alerts. CAS-005 teaches SIEM as a detective and analytical tool that supports incident response and compliance but does not inherently block attacks in real time.

IPS is essential for active threat mitigation, reducing dwell time for attackers, and enhancing automated security response capabilities, aligning with CAS-005 objectives for network security, incident response, and defense-in-depth.

Question 171:

Which type of authentication factor relies on something inherent to the user, such as fingerprints or facial recognition?

A. Knowledge factor
B. Possession factor
C. Inherence factor
D. Location factor

Answer: C. Inherence factor

Explanation:

Knowledge factor: Knowledge factors involve something a user knows, such as passwords, PINs, or security questions. CAS-005 emphasizes knowledge factors as one of the core authentication elements, highlighting their role in multi-factor authentication (MFA) schemes. However, knowledge factors are vulnerable to guessing, phishing, or social engineering. While strong passwords, passphrases, and secure storage improve resilience, CAS-005 stresses that knowledge factors alone are insufficient for high-security environments. They provide user-specific access but cannot inherently verify identity beyond what the user reports. Knowledge factors are frequently combined with possession or inherence factors to strengthen security and reduce the risk of credential compromise.

B. Possession factor: Possession factors depend on something a user physically possesses, such as smart cards, hardware tokens, or mobile authentication devices. CAS-005 highlights that possession factors enhance authentication by adding a second layer of verification, reducing reliance on knowledge factors alone. They require secure issuance, tracking, and revocation to prevent misuse. However, possession factors can be stolen or duplicated, making them vulnerable without complementary controls like PINs or biometric verification. While effective for two-factor or multi-factor authentication, possession factors do not directly verify inherent characteristics of the individual.

Inherence factor: Inherence factors rely on biological or behavioral characteristics unique to the user. Examples include fingerprints, iris scans, facial recognition, voice patterns, or keystroke dynamics. CAS-005 emphasizes inherence factors as a critical element in modern authentication frameworks because they provide a high level of assurance that the person requesting access is the authorized user. Inherence factors are resistant to theft or loss, unlike passwords or tokens. However, they require careful implementation to protect biometric templates, prevent spoofing, and ensure privacy compliance under regulations such as GDPR or HIPAA. Multi-factor authentication combining inherence with possession or knowledge factors provides robust identity assurance, a key CAS-005 objective. Biometric enrollment, template storage, liveness detection, and fallback mechanisms are all part of secure inherence factor deployment.

Location factor: Location factors validate a user’s access based on geographic or network location, such as IP address, GPS coordinates, or VPN endpoints. CAS-005 teaches location factors as supplementary controls that can strengthen authentication by enforcing access policies or anomaly detection. However, location factors do not inherently identify a user—they only provide context. While location-based controls can prevent unauthorized access from unusual locations, they cannot replace inherence or possession factors for verifying identity. Location factors are best used in conjunction with other authentication methods to provide context-aware security.

In CAS-005, understanding inherence factors is crucial for implementing secure multi-factor authentication, ensuring strong identity verification, and protecting against credential compromise. Inherence factors represent one of the most robust authentication methods when combined with knowledge and possession controls in a layered security model.

Question 172:

Which security principle requires that critical tasks be divided among multiple users to prevent fraud or errors?

A. Principle of least privilege
B. Separation of duties
C. Defense in depth
D. Mandatory access control

Answer: B. Separation of duties

Explanation:

Principle of least privilege: Least privilege limits user access to only what is necessary for their job function. CAS-005 emphasizes this principle for reducing the attack surface and limiting the potential damage from compromised accounts. While it complements separation of duties by restricting access, it does not inherently divide responsibilities for critical tasks. Least privilege focuses on minimizing access rights, not ensuring multiple users share responsibility.

Separation of duties: Separation of duties (SoD) divides critical functions among multiple personnel to reduce the risk of fraud, errors, or unauthorized actions. CAS-005 emphasizes SoD as a key administrative control and governance mechanism, particularly in financial systems, administrative workflows, and sensitive IT operations. By requiring multiple individuals to approve transactions, access changes, or system modifications, SoD enforces accountability and mitigates insider threat risks. Implementation involves role definition, complementary access assignments, audit logging, monitoring, and periodic review of responsibilities. SoD supports both integrity and internal controls, providing assurance that no single user can complete sensitive operations independently. CAS-005 candidates must understand how SoD integrates with technical, administrative, and procedural controls to maintain secure organizational operations. Proper SoD reduces the risk of fraud, accidental misconfigurations, and compliance violations while reinforcing a culture of accountability.

Defense in depth: Defense in depth is a layered security approach combining technical, administrative, and physical controls to protect systems. CAS-005 highlights defense in depth as an overarching strategy rather than a specific principle like SoD. While SoD contributes to defense in depth, the latter also encompasses network segmentation, endpoint security, firewalls, access controls, monitoring, and policies. Defense in depth mitigates the impact of single control failures, ensuring continuity and resilience across enterprise systems.

Mandatory access control: MAC enforces access decisions based on classifications or labels, such as Top Secret or Confidential. CAS-005 emphasizes MAC for high-security environments, but it does not inherently divide tasks among multiple users. MAC focuses on restricting access according to policy rather than distributing responsibility for critical operations.

Separation of duties is foundational in CAS-005 for risk management, internal auditing, governance, and compliance. It ensures that sensitive actions are subject to review and collaboration, reducing opportunities for insider threats, error propagation, and systemic abuse. Proper implementation requires continuous monitoring, audit trails, and integration with technical controls such as role-based access control and least privilege.

Question 173:

Which type of attack modifies the ARP cache on a local network to redirect traffic through the attacker’s system?

A. IP Spoofing
B. ARP Poisoning
C. MAC Flooding
D. DNS Spoofing

Answer: B. ARP Poisoning

Explanation:

IP Spoofing: IP spoofing involves falsifying the source IP address of network packets to impersonate another host. CAS-005 emphasizes IP spoofing as a method for evading access controls, bypassing firewalls, or facilitating DoS attacks. However, IP spoofing alone does not redirect traffic through the attacker’s system; it is typically used for packet forgery or reflection attacks. Mitigation includes ingress/egress filtering, packet validation, and network monitoring.

ARP Poisoning: ARP poisoning, also known as ARP spoofing, is a network-level attack that sends falsified ARP messages on a local area network to associate the attacker’s MAC address with another host’s IP address. CAS-005 highlights ARP poisoning as a critical vulnerability in LANs, enabling Man-in-the-Middle attacks, session hijacking, and data interception. ARP poisoning undermines the integrity and confidentiality of network communications by manipulating Layer 2 address mappings. Effective mitigation involves dynamic ARP inspection, static ARP entries, network segmentation, VLAN isolation, and encrypted protocols. Detection techniques include monitoring ARP tables for anomalies and using intrusion detection systems tailored to ARP anomalies. CAS-005 emphasizes that understanding ARP poisoning requires both theoretical knowledge and practical awareness of network protocols, attack vectors, and countermeasures.

MAC Flooding: MAC flooding overwhelms a switch’s MAC address table, causing it to fail open and broadcast all traffic to every port. CAS-005 identifies MAC flooding as a network availability threat, potentially allowing sniffing or unauthorized access. Unlike ARP poisoning, MAC flooding disrupts switch operation rather than selectively redirecting traffic. Preventive controls include port security, VLAN segmentation, and switch capacity planning.

DNS Spoofing: DNS spoofing corrupts DNS resolution to redirect users to malicious websites. CAS-005 distinguishes DNS spoofing as a higher-layer attack targeting name resolution rather than local network traffic redirection. DNS security measures include DNSSEC, monitoring, and secure resolver configurations.

ARP poisoning is a vital CAS-005 topic because it bridges network layer understanding with practical threat mitigation, emphasizing real-time monitoring, LAN security, and encrypted communications to preserve confidentiality and integrity.

Question 174:

Which type of backup strategy copies only the data that has changed since the last full backup

A. Full backup
B. Incremental backup
C. Differential backup
D. Snapshot

Answer: B. Incremental backup

Explanation:

Full backup: Full backups copy all selected files each time they run. CAS-005 teaches that full backups provide comprehensive restoration capabilities but consume the most storage and take the longest to complete. Full backups are foundational in disaster recovery but inefficient for frequent backup cycles.

Incremental backup: Incremental backups only copy data that has changed since the last backup of any type. CAS-005 emphasizes incremental backups for efficient storage use, reduced backup window, and integration into a layered recovery plan. Restoration requires the last full backup plus all subsequent incremental backups, making meticulous tracking critical. Incremental backups balance storage efficiency with recovery complexity. Proper implementation involves automated scheduling, verification, encryption, offsite storage, and adherence to recovery point objectives (RPO) and recovery time objectives (RTO). CAS-005 teaches that incremental backups must be tested regularly, integrated with disaster recovery exercises, and secured to prevent data loss or compromise.

Differential backup: Differential backups copy all data changed since the last full backup. CAS-005 identifies differential backups as a compromise between full and incremental strategies, providing faster restoration than incremental but consuming more storage over time.

Snapshot: Snapshots capture system or volume states at a point in time for quick rollback. CAS-005 distinguishes snapshots as short-term or operational recovery tools rather than full disaster recovery solutions. They are valuable for virtual environments but require additional backup strategies for long-term data retention.

Incremental backups are emphasized in CAS-005 for cost-effective, efficient, and reliable recovery planning, balancing storage usage with timely restoration capabilities.

Question 175:

Which security principle ensures that information is accessible to authorized users when needed?

A. Confidentiality
B. Integrity
C. Availability
D. Non-repudiation

Answer: C. Availability

Explanation:

Confidentiality: Confidentiality protects information from unauthorized access or disclosure. CAS-005 emphasizes encryption, access controls, and classification, but confidentiality does not guarantee timely access to authorized users.

Integrity: Integrity ensures accuracy, consistency, and protection from unauthorized modifications. CAS-005 teaches integrity safeguards for audit, compliance, and operational correctness but does not directly address system uptime or accessibility.

Availability: Availability ensures systems, applications, and data are operational and accessible to authorized users when needed. CAS-005 emphasizes high availability architectures, redundant systems, failover strategies, disaster recovery planning, backup verification, and incident response to maintain uninterrupted service. Availability is crucial for operational continuity, regulatory compliance, and organizational resilience. Measures include clustering, load balancing, power redundancy, network redundancy, and DDoS mitigation. Availability supports business continuity by ensuring that critical systems remain functional even under attack, failure, or disaster. CAS-005 teaches candidates to balance availability with confidentiality and integrity to implement comprehensive information security management.

Non-repudiation: Non-repudiation ensures that actions or transactions cannot be denied by the originator. CAS-005 teaches non-repudiation as a component of accountability, often implemented via digital signatures or logging, but it does not guarantee system accessibility.

Availability is central to CAS-005’s CIA triad, underscoring the need for technical, administrative, and procedural controls that maintain continuous, reliable access to organizational systems and data.

Question 176

Which type of malware encrypts a victim’s files and demands payment for the decryption key

A. Spyware
B. Ransomware
C. Worm
D. Trojan

Answer: B. Ransomware

Explanation:

Spyware: Spyware is malware designed to collect information about a user or system without consent. CAS-005 emphasizes spyware as a confidentiality threat because it exfiltrates data such as browsing behavior, credentials, or financial information. Spyware can include keyloggers, adware, or tracking cookies. While spyware compromises privacy and can lead to identity theft, it does not typically encrypt files or demand payment, which distinguishes it from ransomware. Detection and mitigation strategies include anti-malware tools, endpoint monitoring, user education, and strict access controls. CAS-005 teaches candidates that spyware infections often exploit social engineering or software vulnerabilities, making patch management and user awareness crucial preventive measures.

Ransomware: Ransomware is malware that encrypts files, entire systems, or network shares and demands payment—usually in cryptocurrency—for the decryption key. CAS-005 underscores ransomware as a critical threat to the CIA triad: confidentiality, integrity, and availability. By encrypting data, ransomware directly impacts availability and integrity, preventing access to critical files and potentially corrupting backups if not properly segmented. Attack vectors include phishing emails, malicious attachments, drive-by downloads, and remote desktop protocol (RDP) exploits. Effective mitigation involves layered defenses: regular, tested backups, network segmentation, endpoint protection, email filtering, and user education. CAS-005 also emphasizes incident response planning, including isolating infected systems, forensic analysis, and legal compliance reporting. Candidates must understand how ransomware interacts with disaster recovery plans, emphasizing offline backups, immutable storage, and recovery testing to ensure business continuity. Recovery strategies are critical because paying ransoms does not guarantee data restoration and may introduce legal or ethical concerns. Proper patch management, least privilege access, network monitoring, and application whitelisting help prevent ransomware deployment. Ransomware demonstrates the intersection of technical, administrative, and procedural controls in protecting enterprise systems.

Worm: Worms are self-replicating malware that propagate across networks without user intervention. CAS-005 teaches that worms exploit software vulnerabilities or weak credentials to spread quickly, often causing denial-of-service effects or delivering payloads. While worms can carry ransomware or other malware as a secondary payload, worms themselves primarily serve propagation purposes. Containment strategies include network segmentation, patch management, and intrusion detection systems.

Trojan: Trojans masquerade as legitimate software but deliver malicious functionality when executed. CAS-005 highlights Trojans as flexible attack vectors capable of delivering payloads such as keyloggers, backdoors, or ransomware. Trojans do not self-replicate like worms but rely on user interaction. Anti-malware solutions, endpoint protection, and user awareness mitigate Trojan risks.

In CAS-005, ransomware is emphasized due to its high impact on operations, the increasing prevalence of attacks, and the need for layered defenses combining prevention, detection, response, and recovery. Understanding ransomware prepares candidates to implement policies, technical safeguards, and incident response plans to maintain enterprise availability and integrity.

Question 177:

Which protocol is used to securely transmit web traffic over the internet?

A. HTTP
B. FTP
C. HTTPS
D. Telnet

Answer: C. HTTPS

Explanation:

HTTP: Hypertext Transfer Protocol (HTTP) is the foundational protocol for web communication, used to transfer web pages between servers and clients. CAS-005 highlights HTTP as inherently insecure because traffic is transmitted in plaintext, exposing data such as login credentials, session cookies, and sensitive content to eavesdropping or man-in-the-middle attacks. While HTTP is critical to web infrastructure, it does not provide encryption or integrity protection. Mitigation involves redirecting traffic to HTTPS, implementing secure coding practices, and using web application firewalls to monitor unencrypted traffic.

FTP: File Transfer Protocol (FTP) is a legacy protocol used to transfer files between hosts. CAS-005 identifies FTP as insecure due to the lack of encryption for credentials and data, which can be intercepted by attackers. Secure alternatives include SFTP (SSH File Transfer Protocol) and FTPS (FTP Secure), both providing encryption for authentication and data transfer. Organizations must replace FTP with secure protocols to comply with security policies and regulatory requirements.

HTTPS: Hypertext Transfer Protocol Secure (HTTPS) secures web communication by layering HTTP over Transport Layer Security (TLS). CAS-005 emphasizes HTTPS as essential for protecting confidentiality, integrity, and authentication of web traffic. HTTPS encrypts requests and responses, preventing eavesdropping, man-in-the-middle attacks, and session hijacking. Digital certificates issued by trusted Certificate Authorities (CAs) verify server authenticity, ensuring users communicate with legitimate websites. CAS-005 candidates learn to implement HTTPS across enterprise web applications, including proper TLS configuration, strong cipher suites, certificate management, and HTTP Strict Transport Security (HSTS). HTTPS also supports privacy regulations such as GDPR and HIPAA by securing data in transit. Organizations must monitor for certificate expiration, insecure protocols, and mixed content to maintain web security.

Telnet: Telnet is a legacy remote access protocol that transmits commands and data in plaintext. CAS-005 highlights Telnet as insecure for modern environments due to its vulnerability to interception and credential compromise. Secure alternatives include SSH (Secure Shell), which provides encrypted remote access. Telnet should be disabled and replaced with secure protocols across all enterprise systems.

HTTPS is integral to CAS-005 objectives for secure communications. Candidates must understand TLS handshakes, certificate validation, encryption algorithms, and secure configuration best practices to maintain confidentiality, integrity, and trust in web-based systems. Proper HTTPS deployment mitigates phishing, session hijacking, and data exposure risks.

Question 178:

 Which access control model assigns permissions based on user roles rather than individual identity?

A. Discretionary Access Control (DAC)
B. Role-Based Access Control (RBAC)
C. Mandatory Access Control (MAC)
D. Rule-Based Access Control

Answer: B. Role-Based Access Control

Explanation:

Discretionary Access Control (DAC): DAC allows resource owners to grant or revoke access at their discretion. CAS-005 emphasizes DAC as flexible but potentially risky because it relies on user judgment, increasing the chance of privilege abuse. DAC is suitable for collaborative environments but can complicate auditing and policy enforcement.

Role-Based Access Control (RBAC): RBAC assigns permissions to predefined roles rather than individual users. CAS-005 stresses RBAC as a scalable, auditable, and efficient method for managing access in enterprise systems. Roles map to job functions, ensuring users have the minimum necessary access to perform duties, supporting the principle of least privilege. RBAC simplifies onboarding, reduces errors, and enforces compliance policies. Implementation requires careful role definition, role hierarchy design, periodic reviews, and integration with identity management systems. RBAC also facilitates separation of duties by assigning complementary roles to multiple users. CAS-005 candidates must understand RBAC configuration, monitoring, and auditing for regulatory compliance and internal controls.

Mandatory Access Control (MAC): MAC enforces access based on security labels and classifications. CAS-005 teaches MAC as highly restrictive and suitable for government or military environments. While MAC provides strong confidentiality, it lacks flexibility and is not based on roles or job functions.

Rule-Based Access Control: Rule-based access control enforces access decisions based on conditions such as time of day, network location, or device type. CAS-005 highlights this as dynamic and complementary to RBAC or MAC. However, it does not inherently assign access based on job function.

RBAC is central to CAS-005 objectives for identity and access management. Proper implementation ensures scalability, policy compliance, security, and operational efficiency while minimizing risk from excessive permissions or insider threats.

Question 179:

Which cryptographic method ensures data integrity by producing a fixed-length output unique to input data?

A. Symmetric encryption
B. Asymmetric encryption
C. Hashing
D. Digital signatures

Answer: C. Hashing

Explanation:

Symmetric encryption: Symmetric encryption uses a single key for encryption and decryption, providing confidentiality but not inherent integrity verification. CAS-005 highlights symmetric encryption for securing large data volumes efficiently but notes the need for complementary integrity checks such as HMACs.

Asymmetric encryption: Asymmetric encryption uses public-private key pairs, enabling secure communication and digital signatures. CAS-005 emphasizes its use for confidentiality, authentication, and non-repudiation. While asymmetric encryption can support integrity through digital signatures, it is not inherently a hash function.

Hashing: Hashing generates a fixed-length output unique to the input data, serving as a fingerprint. CAS-005 teaches hashing as essential for data integrity verification, password storage, and digital signatures. Any change in input produces a different hash, allowing detection of tampering. Hash algorithms include SHA-2, SHA-3, and MD5 (deprecated). CAS-005 emphasizes proper selection of secure algorithms, collision resistance, and integration with HMACs for integrity verification. Hashing supports audit logs, file validation, and secure communication protocols.

Digital signatures: Digital signatures combine hashing and asymmetric encryption to ensure integrity, authenticity, and non-repudiation. CAS-005 highlights digital signatures as a higher-level application of cryptography built on hash functions and public-private key mechanisms. While they guarantee integrity, their core relies on hashing.

Hashing is foundational in CAS-005 for ensuring information integrity, validating software, and enabling secure communications. Candidates must understand hash functions, collision vulnerabilities, and secure implementation practices.

Question 180:

Which disaster recovery site is fully operational and can immediately take over if the primary site fails?

A. Hot site
B. Warm site
C. Cold site
D. Snapshot site

Answer: A. Hot site

Explanation:

Hot site: A hot site is a fully operational backup facility with hardware, software, network connectivity, and synchronized data. CAS-005 emphasizes hot sites for mission-critical systems requiring minimal downtime. Hot sites allow immediate switchover, ensuring high availability and business continuity. Implementation involves real-time data replication, system monitoring, and regular testing. Hot sites are cost-intensive but critical for organizations with low tolerance for downtime, such as financial institutions, healthcare, or online services.

Warm site: Warm sites provide infrastructure and partial data replication but require additional configuration and data restoration before full operation. CAS-005 highlights warm sites as a compromise between cost and recovery speed.

Cold site: Cold sites provide only physical space without preinstalled hardware or data. CAS-005 notes cold sites as cost-effective but slow to activate, suitable for non-critical systems or low-RTO requirements.

Snapshot site: Snapshots capture system states or volumes at a point in time. CAS-005 teaches snapshots as short-term recovery tools, not fully operational disaster recovery sites. Snapshots support rapid rollback but do not replace hot site infrastructure.

Hot sites are central to CAS-005 objectives in disaster recovery and business continuity planning, ensuring organizations can maintain operations under catastrophic failure scenarios. Proper planning, testing, and synchronization with backup strategies are essential.