CompTIA CAS-005 SecurityX  Exam Dumps and Practice Test Questions Set4 Q61-80

Visit here for our full CompTIA CAS-005 SecurityX exam dumps and practice test questions.

Question 61:

Which type of attack involves sending unsolicited messages or content to a large group of users, often for advertising or phishing purposes?

A. Malware
B. Spam
C. Worm
D. Trojan

Answer: B. Spam

Explanation:

Spam is the practice of sending unsolicited or unwanted messages, typically in bulk, to multiple recipients. While often associated with advertising, spam can also be used to deliver phishing attacks, malware, or fraudulent links. The primary goal of spam may vary from promoting products to compromising systems by tricking users into clicking malicious links or downloading infected attachments. Spam differs from malware, which refers to malicious software, worms, which self-replicate across networks, and Trojans, which disguise themselves as legitimate applications to deceive users. Spam can impact both individual users and organizational networks by consuming bandwidth, overwhelming email servers, and increasing the likelihood of successful phishing attacks.

Effective mitigation strategies include implementing email filtering solutions, using reputation-based services, deploying anti-spam and anti-phishing technologies, and educating users about recognizing and reporting suspicious messages. Understanding spam and its risks is important for CAS-005 candidates because it illustrates the intersection between technical controls, administrative controls, and user awareness. While spam itself may not compromise systems directly, it frequently serves as a delivery mechanism for more sophisticated attacks, making spam awareness critical for maintaining the confidentiality, integrity, and availability of systems and data. Organizations must implement layered defenses, including content filtering, endpoint protection, and user training, to reduce the impact of spam campaigns and associated security risks.

Question 62:

Which type of cloud deployment model allows organizations to share infrastructure among multiple tenants while maintaining security and privacy controls?

A. Public cloud
B. Private cloud
C. Hybrid cloud
D. Community cloud

 Answer: D. Community cloud

Explanation:

 A community cloud is a cloud deployment model where infrastructure is shared among multiple organizations with common goals, requirements, or compliance needs, such as government agencies or healthcare providers. Unlike public clouds, which are open to general customers, community clouds are designed to provide shared resources while maintaining specific security, privacy, and regulatory controls tailored to the participating organizations. Private clouds, by contrast, are dedicated to a single organization and provide full control over infrastructure, while hybrid clouds combine public and private cloud resources to optimize flexibility, scalability, and cost. Community clouds allow organizations to leverage the benefits of shared infrastructure, including cost efficiency and collaborative services, while enforcing strict access controls, encryption, auditing, and compliance requirements. For CAS-005 candidates, understanding community cloud models is important in the context of cloud security, governance, and shared responsibility. Security measures in a community cloud include role-based access control, tenant isolation, encryption of data at rest and in transit, and adherence to compliance frameworks such as HIPAA, FedRAMP, or GDPR. Organizations using community clouds must implement policies and monitoring procedures to maintain confidentiality, integrity, and availability across all shared environments, ensuring that resources are used securely and that no single tenant can compromise the system or access another tenant’s data.

Question 63:

Which type of attack exploits the trust between a user and a website to execute malicious scripts in the victim’s browser?

A. SQL injection
B. Cross-Site Request Forgery (CSRF)
C. Cross-Site Scripting (XSS)
D. Clickjacking

Answer: B. Cross-Site Request Forgery (CSRF)

Explanation:

Cross-Site Request Forgery (CSRF) is a web attack in which an attacker tricks a user into performing actions on a website where the user is authenticated, without their knowledge or consent. Unlike Cross-Site Scripting (XSS), which executes malicious scripts in the browser, CSRF manipulates the trust relationship between the user and the web application to perform unintended actions, such as changing account settings, transferring funds, or submitting forms. CSRF attacks exploit the fact that web browsers automatically include authentication tokens, cookies, or session identifiers in requests to trusted sites, allowing attackers to craft malicious requests that execute with the user’s privileges. Clickjacking, by contrast, involves tricking users into clicking on elements hidden behind legitimate page content, and SQL injection targets backend databases through unsanitized user inputs. Mitigating CSRF involves using techniques such as requiring unique tokens for forms, implementing same-site cookie attributes, and validating the origin or referer headers of requests. For CAS-005 candidates, understanding CSRF emphasizes the importance of secure coding practices, input validation, and implementing defensive controls in web applications. CSRF highlights the relationship between web application design, session management, and user trust, illustrating how attackers can exploit assumptions made by applications about authenticated users. By implementing secure session management, token validation, and monitoring, organizations can protect users and maintain the integrity of web applications, preventing unauthorized actions from being executed under the guise of legitimate users.

Question 64:

Which type of authentication provides identity verification based on biometric characteristics such as fingerprints, iris patterns, or voice recognition?

A. Knowledge-based authentication
B. Possession-based authentication
C. Inherence-based authentication
D. Location-based authentication

Answer: C. Inherence-based authentication

Explanation

 Inherence-based authentication relies on something inherent to the user, such as physical or behavioral biometrics, to verify identity. Common examples include fingerprints, iris scans, facial recognition, voice patterns, and behavioral metrics like typing rhythm or gait. Unlike knowledge-based authentication, which depends on something the user knows, such as a password or PIN, or possession-based authentication, which depends on something the user has, inherence-based methods leverage traits that are unique to an individual and difficult to replicate or steal. Location-based authentication, by contrast, evaluates identity based on physical location, such as GPS coordinates or IP address, rather than biometric traits. In CAS-005, understanding inherence-based authentication is important for implementing multi-factor authentication and enhancing identity verification. Biometric systems provide strong security benefits because they are inherently tied to an individual, reducing the likelihood of unauthorized access. However, they also introduce challenges, including privacy concerns, enrollment accuracy, sensor reliability, and potential spoofing attacks. Organizations must implement additional controls, such as encryption of biometric data, anti-spoofing technologies, and fallback authentication methods, to ensure the effectiveness and security of biometric systems. Inherence-based authentication supports the principle of defense-in-depth by combining it with passwords, smart cards, or tokens to create robust multi-factor authentication schemes, enhancing the overall security posture and maintaining the confidentiality, integrity, and availability of critical systems.

Question 65

 Which type of network attack involves intercepting and potentially altering communications between two parties without their knowledge?

A. Denial-of-Service (DoS)
B. Man-in-the-Middle (MITM)
C. Phishing
D. ARP poisoning

Answer: B. Man-in-the-Middle (MITM)

Explanation:

A Man-in-the-Middle (MITM) attack occurs when an attacker secretly intercepts and sometimes modifies the communication between two parties who believe they are communicating directly. MITM attacks threaten confidentiality because attackers can eavesdrop, integrity because data can be altered in transit, and authentication because attackers may impersonate one or both parties. MITM attacks can occur over unsecured Wi-Fi networks, compromised routers, or by exploiting vulnerabilities in communication protocols. They differ from Denial-of-Service attacks, which aim to disrupt availability, and phishing attacks, which rely on deceiving users into revealing credentials. ARP poisoning is a specific type of MITM that manipulates the Address Resolution Protocol to intercept network traffic. Preventing MITM attacks involves using encrypted communication channels, such as TLS or VPNs, validating digital certificates, implementing mutual authentication, and monitoring network traffic for anomalies. CAS-005 candidates need to understand MITM attacks to protect sensitive communications, enforce secure protocols, and apply network security controls. Organizations should combine encryption, authentication, network segmentation, and intrusion detection to maintain the confidentiality and integrity of transmitted data. Recognizing MITM threats reinforces the importance of secure design, proper certificate management, and awareness of network vulnerabilities, ensuring that data cannot be intercepted or modified by unauthorized parties.

Question 66:

Which type of firewall examines traffic based on the state of active connections and allows return traffic only if it is part of an established session?

A. Packet-filtering firewall
B. Stateful firewall
C. Application-layer firewall
D. Circuit-level gateway

Answer: B. Stateful firewall

Explanation

 Stateful firewalls operate at the network and transport layers and monitor the state of active connections to determine which packets should be allowed through the firewall. Unlike simple packet-filtering firewalls that evaluate individual packets in isolation, stateful firewalls maintain a table of active connections, allowing only traffic that is part of a valid session. This approach enhances security by ensuring that unsolicited or unauthorized packets are dropped, reducing exposure to attacks such as IP spoofing or session hijacking. Application-layer firewalls, by contrast, inspect payload content and enforce rules specific to application protocols, while circuit-level gateways manage TCP or UDP sessions without deep content inspection. Stateful firewalls are effective in enterprise networks because they balance security with performance, enabling dynamic filtering and protecting against many types of network attacks while minimizing administrative overhead. CAS-005 candidates must understand stateful firewalls as part of network security controls, including their role in monitoring session states, enforcing security policies, and integrating with intrusion detection or prevention systems. Proper configuration, logging, and rule management are critical to maintaining security while allowing legitimate traffic to flow. Stateful firewalls support the CIA triad by maintaining the confidentiality, integrity, and availability of network communications and help organizations implement layered security defenses.

Question 67:

Which type of backup strategy copies only data that has changed since the last full backup, requiring less storage than full backups?

A. Incremental backup
B. Differential backup
C. Full backup
D. Snapshot

Answer: B. Differential backup

Explanation:

Differential backups copy all data that has changed since the last full backup, creating a cumulative set of changed files. This approach reduces the storage and time requirements compared to performing a full backup every time while providing simpler recovery than incremental backups, which require a chain of backups to restore. For example, if a full backup is performed on Sunday and differential backups are performed daily, the Wednesday differential will include all changes from Sunday through Wednesday. Differential backups differ from incremental backups, which capture only the changes since the previous backup of any type, requiring multiple sets for restoration. Snapshots capture system states for quick rollback but are not typically used for long-term archival. In CAS-005, understanding differential backups is critical for implementing data protection, disaster recovery, and business continuity strategies. Organizations must balance storage capacity, recovery time objectives, and backup frequency to ensure availability and integrity of data. Regular testing, verification, and secure storage of backup sets are essential to prevent data loss, protect against ransomware, and maintain system resiliency. Differential backups support the CIA triad by enabling organizations to restore data accurately and promptly, minimizing downtime and preserving operational continuity.

Question 68:

Which type of attack occurs when an attacker sends fraudulent emails that appear to come from a legitimate source to trick users into revealing credentials?

A. Phishing
B. Spear phishing
C. Whaling
D. Vishing

Answer: A. Phishing

Explanation

 Phishing is a social engineering attack where attackers send emails or messages that appear to be from trusted sources, intending to trick recipients into revealing sensitive information, such as usernames, passwords, or financial data. Standard phishing campaigns are typically broad, targeting many users indiscriminately. Spear phishing is a more targeted approach that focuses on specific individuals or organizations, often leveraging personal information to increase credibility. Whaling is a type of spear phishing that targets high-level executives or individuals with privileged access. Vishing uses phone calls instead of email to manipulate users. Phishing attacks exploit human trust and curiosity, making user awareness, training, and technical controls like spam filters critical for mitigation. In CAS-005, candidates must understand phishing as part of social engineering risks, emphasizing the need for layered security measures, including user education, email filtering, incident reporting procedures, and multi-factor authentication. Phishing can compromise confidentiality, integrity, and even availability if attackers gain access to credentials or deploy malware, highlighting the importance of proactive defenses and vigilance in organizational security programs.

Question 69:

Which encryption technique uses the same key for both encryption and decryption?

A. Symmetric encryption
B. Asymmetric encryption
C. Hashing
D. Digital signatures

Answer: A. Symmetric encryption

Explanation

Symmetric encryption is a cryptographic method in which the same key is used for both encrypting and decrypting data. This approach requires that both the sender and the recipient securely possess the shared secret key. The major advantage of symmetric encryption is its efficiency, particularly when encrypting large amounts of data, such as files, databases, or network traffic, because symmetric algorithms generally require less computational overhead compared to asymmetric encryption. Common symmetric algorithms include AES (Advanced Encryption Standard), DES (Data Encryption Standard), 3DES (Triple DES), and ChaCha20, each offering varying levels of security and performance.

One of the critical considerations in symmetric encryption is key management. Since the same key must be shared securely between parties, transmitting or storing the key improperly can compromise the entire encryption process. Key management practices include secure key generation, safe storage, periodic rotation, and protected distribution channels to prevent unauthorized access. Symmetric encryption ensures confidentiality, protecting data from unauthorized disclosure. When paired with cryptographic integrity checks, such as HMAC (Hash-based Message Authentication Code), it can also help verify that data has not been tampered with during transmission.

In contrast, asymmetric encryption uses a public-private key pair, allowing secure communication without pre-shared secrets but typically at higher computational cost. Hashing creates fixed-length digests for integrity verification and is non-reversible, while digital signatures combine hashing and asymmetric encryption to provide authentication, integrity, and non-repudiation. In practice, symmetric encryption is often used alongside asymmetric encryption in hybrid systems. For example, asymmetric encryption can securely exchange a symmetric session key, after which symmetric encryption handles the bulk data efficiently.

For CAS-005 candidates, understanding symmetric encryption is fundamental to grasping core cryptographic principles, secure communication practices, and data protection strategies. Correct implementation ensures confidentiality, contributes to overall data integrity when combined with verification methods, and plays a central role in enterprise security architectures, compliance, and safe data exchange across networks.

Question 70

 Which term describes a malicious program that executes under specific conditions, such as on a particular date or event?

A. Trojan
B. Logic bomb
C. Worm
D. Rootkit

Answer: B. Logic bomb

 Explanation:

A logic bomb is a type of malicious software designed to execute a harmful action when specific, predefined conditions are met. These conditions can include particular dates, times, user actions, system events, or combinations thereof. For example, a logic bomb might be programmed to delete critical files on a company’s payroll system on a certain date or to disable network connectivity when an employee logs in. Unlike Trojans, which rely on user execution to deliver a payload, logic bombs are often embedded within legitimate applications or scripts and remain dormant, making them extremely difficult to detect. Worms, in contrast, are self-propagating malware that spread across networks automatically, while rootkits focus on hiding malicious activity to maintain persistent control over a system.

The stealthy nature of logic bombs presents unique challenges to security teams because they may lie inactive for long periods, sometimes months or years, and are often integrated into trusted programs. Detection and prevention require a combination of administrative and technical controls. Strict code reviews, secure software development lifecycle practices, and change management procedures help identify potentially malicious code before deployment. Endpoint protection solutions, integrity monitoring tools, and audit trails are critical for identifying unusual behavior indicative of a logic bomb, such as unexpected file modifications, process activity, or system anomalies. Access controls are also essential to limit the ability of malicious actors to insert such code.

In CAS-005, understanding logic bombs emphasizes the importance of proactive malware prevention, governance, and system monitoring. Logic bombs threaten the integrity, availability, and sometimes confidentiality of systems, highlighting the potential consequences of insider threats or malicious software. Organizations must implement layered defenses, including technical measures like antivirus and intrusion detection systems, alongside administrative measures like employee training, auditing, and incident response plans. By addressing both human and technical vulnerabilities, enterprises can reduce the likelihood of a logic bomb activation and minimize the impact on critical operations. Logic bombs serve as a key example of how malware can exploit both software and organizational weaknesses.

Question 71:

Which type of attack targets a system’s resources, making it unavailable to legitimate users, often by flooding it with traffic?

A. Phishing
B. Denial-of-Service (DoS)
C. SQL injection
D. Cross-Site Scripting (XSS)

Answer: B. Denial-of-Service (DoS)

Explanation:

Denial-of-Service (DoS) attacks are a class of cyberattacks aimed at disrupting the availability of systems, networks, or applications by overwhelming their resources, such as CPU, memory, disk space, or network bandwidth. By flooding a target with excessive traffic or requests, DoS attacks prevent legitimate users from accessing services, causing operational downtime, financial losses, and reputational damage. A Distributed Denial-of-Service (DDoS) attack magnifies this effect by using multiple compromised devices, often forming botnets, to generate massive volumes of traffic, making mitigation more complex and urgent. Unlike phishing attacks, which exploit human behavior to obtain sensitive information, or SQL injection and cross-site scripting (XSS), which exploit software vulnerabilities to compromise data or integrity, DoS attacks primarily threaten availability, one of the three pillars of the CIA triad.

Mitigating DoS and DDoS attacks requires a layered defense strategy. Techniques include implementing traffic filtering and rate limiting on firewalls, using intrusion prevention systems (IPS) to identify and block malicious traffic, deploying content delivery networks (CDNs) to absorb large traffic loads, and leveraging cloud-based DDoS protection services that can scale dynamically during an attack. Network design strategies, such as redundancy, failover systems, and load balancing, also enhance resilience against DoS incidents. In addition, organizations must maintain proactive monitoring and establish incident response procedures, including coordination with upstream Internet Service Providers (ISPs) and cloud providers, to quickly manage and mitigate attack traffic.

For CAS-005 candidates, understanding DoS attacks is critical to appreciating the importance of availability in overall cybersecurity. These attacks highlight the necessity of proactive defense planning, continuous monitoring, and business continuity strategies. By preparing for DoS scenarios, organizations can ensure service continuity, protect critical infrastructure, and maintain stakeholder trust even under adversarial conditions. DoS attacks also emphasize the importance of integrating technical, administrative, and network-layer controls to build a comprehensive and resilient security posture.

Question 72:

Which principle requires users to have only the minimum access necessary to perform their job functions?

A. Separation of duties
B. Defense in depth
C. Principle of least privilege
D. Mandatory vacations

Answer: C. Principle of least privilege

Explanation:

The principle of least privilege is a cornerstone of cybersecurity that ensures users, processes, and systems are granted only the minimum access necessary to perform their assigned tasks. By restricting permissions, organizations minimize the risk of unauthorized access, reduce the potential for accidental or malicious modifications, and limit the impact of compromised accounts. Implementing least privilege involves careful configuration of file permissions, network access rights, application privileges, and administrative authority. It also requires ongoing review and adjustment of access rights as roles, responsibilities, or organizational needs change, ensuring that no user retains unnecessary privileges that could be exploited.

In practical terms, the principle of least privilege is often integrated with role-based access control (RBAC) or attribute-based access control (ABAC) to streamline management in complex environments. RBAC assigns access rights based on roles rather than individual users, simplifying enforcement of least privilege. ABAC can dynamically adjust permissions based on attributes such as location, time, or device security posture. Separation of duties, while related to access control, focuses on dividing responsibilities to prevent fraud or errors, rather than minimizing access. Defense-in-depth employs layered security controls to protect assets, and mandatory vacations are administrative measures used to detect fraudulent activity through role rotation.

For CAS-005 candidates, understanding least privilege is critical because it supports multiple aspects of the CIA triad. It strengthens confidentiality by limiting data exposure, preserves integrity by preventing unauthorized modifications, and enhances accountability by ensuring actions can be traced to appropriately privileged users. Enforcing least privilege is also essential for compliance with regulatory frameworks, such as GDPR, HIPAA, and PCI-DSS, which mandate strict access controls. Organizations that fail to implement least privilege risk insider threats, malware exploitation, and unintentional data leaks. By embedding this principle into identity management, access provisioning, and administrative policies, enterprises create a more secure environment that limits risk while maintaining operational efficiency.

Question 73:

Which type of security control is a company policy that requires employees to undergo regular cybersecurity training?

A. Technical control
B. Administrative control
C. Physical control
D. Detective control

Answer: B. Administrative control

 Explanation:

Administrative controls are essential components of an organization’s security strategy, encompassing policies, procedures, and practices that guide employee behavior and operational processes to ensure the protection of information assets. Requiring employees to participate in regular cybersecurity awareness training is a prime example of an administrative control because it addresses human behavior, organizational culture, and adherence to policies rather than relying solely on technological or physical solutions. Such controls are designed to prevent security incidents by educating personnel on best practices, acceptable use policies, and emerging threats like phishing, social engineering, and insider attacks.

Administrative controls differ from technical controls, which involve hardware or software solutions such as firewalls, intrusion prevention systems, or encryption technologies that directly protect systems. They also differ from physical controls, which secure facilities, equipment, or other physical resources through locks, surveillance, or access cards. Detective controls, on the other hand, monitor systems to identify and alert on suspicious activity, including intrusion detection systems and log monitoring, but they do not directly guide behavior or establish preventative policies.

In the context of CAS-005, understanding administrative controls emphasizes the role of governance, policy enforcement, and risk mitigation through human factors. Effective cybersecurity training programs educate employees on recognizing and reporting threats, implementing secure practices, and complying with organizational and regulatory requirements. To maximize effectiveness, training must be frequent, measurable, role-specific, and updated to reflect evolving threats and compliance standards.

Administrative controls complement technical and physical measures, forming part of a layered defense strategy or defense-in-depth approach. By fostering a security-conscious culture, organizations reduce the likelihood of breaches resulting from human error or negligence, thereby enhancing the overall security posture. These controls also support accountability, compliance, and continuous improvement in risk management practices, reinforcing both organizational integrity and resilience against cyber threats.

Question 74:

Which protocol is commonly used to secure email communications through encryption?

A. SMTP
B. POP3
C. IMAP
D. S/MIME

 Answer: D. S/MIME

Explanation:

S/MIME (Secure/Multipurpose Internet Mail Extensions) is a widely adopted standard used to secure email communications through encryption and digital signatures. Unlike standard email protocols such as SMTP, POP3, and IMAP, which primarily handle the sending and receiving of messages without providing inherent encryption or authentication, S/MIME ensures that the contents of an email are protected from unauthorized access. S/MIME leverages public key infrastructure (PKI) to encrypt email content using the recipient’s public key, ensuring that only the intended recipient, who possesses the corresponding private key, can decrypt and read the message. This provides strong confidentiality, a fundamental aspect of information security.

In addition to confidentiality, S/MIME provides message integrity and authentication. Digital signatures attached to emails allow recipients to verify that the message has not been altered during transmission and confirm the identity of the sender. This also contributes to non-repudiation, as the sender cannot deny having sent the message once it is digitally signed. S/MIME is essential in enterprise environments where sensitive information, such as financial data, intellectual property, or personally identifiable information (PII), is transmitted via email.

For CAS-005 candidates, understanding S/MIME is critical because it demonstrates practical implementation of cryptographic techniques to secure communications. Organizations must manage digital certificates effectively, enforce strong encryption standards such as AES and SHA for message signing, and integrate secure email gateways to inspect and control outgoing and incoming encrypted messages. Regular employee training on using S/MIME and recognizing secure communications also enhances security posture. By implementing S/MIME, organizations uphold the CIA triad: confidentiality is maintained by encryption, integrity is ensured by digital signatures, and authentication validates the sender’s identity. Proper S/MIME use reduces the risk of interception, tampering, phishing attacks, and data leakage, forming a critical component of a comprehensive email security strategy.

Question 75:

 Which type of attack involves modifying the ARP cache to intercept network traffic on a local area network?

A. IP spoofing
B. ARP poisoning
C. MAC flooding
D. DNS spoofing

 Answer: B. ARP poisoning

 Explanation:

ARP poisoning, also referred to as ARP spoofing, is a network-based attack that targets the Address Resolution Protocol (ARP) used in local area networks to map IP addresses to MAC addresses. In an ARP poisoning attack, the attacker sends falsified ARP messages over the LAN, associating their own MAC address with the IP address of a legitimate host, such as the default gateway. As a result, network traffic intended for that host is instead sent to the attacker’s machine, enabling interception, modification, or redirection of data. This type of attack is a common method for conducting Man-in-the-Middle (MITM) attacks, where attackers can capture sensitive information like login credentials, session tokens, or confidential communications, and potentially inject malicious content into the traffic stream.

ARP poisoning is distinct from other network attacks. IP spoofing involves forging the source IP address to masquerade as another device, MAC flooding overwhelms the switch’s MAC table to degrade network performance or force traffic into a hub-like mode, and DNS spoofing manipulates domain name resolution to redirect users to malicious sites. Unlike these attacks, ARP poisoning specifically exploits the trust relationship within a LAN by corrupting the mapping between IP and MAC addresses.

For CAS-005 candidates, understanding ARP poisoning highlights the importance of proactive network security measures and monitoring. Mitigation strategies include implementing static ARP entries for critical devices, enabling dynamic ARP inspection on switches, segmenting networks using VLANs to limit broadcast domains, and enforcing strong authentication and encryption protocols such as HTTPS or VPNs. Regularly monitoring ARP tables and deploying intrusion detection systems can help detect anomalous ARP activity. ARP poisoning demonstrates how attackers can exploit fundamental network protocols to compromise confidentiality, integrity, and availability, underscoring the necessity of layered security controls and vigilant network management in enterprise environments.

Question 76:

Which type of cryptographic control ensures that data has not been altered during transmission?

A. Encryption
B. Hashing
C. Steganography
D. Obfuscation

Answer: B. Hashing

 Explanation:

Hashing is a fundamental cryptographic technique used to ensure data integrity by transforming input data of any length into a fixed-length value, commonly known as a hash or digest. Each unique piece of input data produces a unique hash, meaning even a small change in the original data will result in a dramatically different hash value. This property makes hashing extremely effective for detecting tampering, errors, or unauthorized modifications during data transmission. Unlike encryption, which is reversible and provides confidentiality by transforming plaintext into ciphertext, hashing is a one-way function and cannot be decrypted to recover the original data. This one-way nature makes it particularly suitable for integrity verification, password storage, digital signatures, and message authentication codes (MACs).

In CAS-005, hashing is essential for understanding integrity controls. When data is transmitted over a network, hashing allows the recipient to recompute the hash and compare it with the sender’s hash. A mismatch indicates that the data may have been altered, intentionally or accidentally. Hashing algorithms such as SHA-256, SHA-3, and MD5 are commonly used, though MD5 and SHA-1 are now considered less secure due to vulnerabilities. Hashing can also be combined with digital signatures to provide authentication and non-repudiation, allowing recipients to verify both the integrity of the data and the identity of the sender.

Organizations implement hashing in multiple contexts, including file integrity monitoring to detect unauthorized changes to system files, validating software downloads to ensure they have not been tampered with, securing passwords in databases, and verifying messages transmitted over encrypted channels. Hashing supports the broader security objectives of confidentiality, integrity, and authentication when integrated into security protocols and systems. Understanding hashing is critical for CAS-005 candidates, as it underpins many real-world mechanisms that protect sensitive information from modification and ensure trustworthy communication within enterprise environments.

Question 77:

 Which type of wireless security protocol replaced WEP and provides stronger encryption and integrity protection?

A. WPA2
B. WPA
C. WPS
D. TKIP

 Answer: A. WPA2

 Explanation:

WPA2 (Wi-Fi Protected Access II) is a wireless security protocol developed to address the significant vulnerabilities found in WEP (Wired Equivalent Privacy). WEP used the RC4 encryption algorithm, which was easily breakable due to weak initialization vectors and predictable key patterns, making it insufficient for protecting wireless networks. WPA2 replaced WEP with stronger encryption using AES (Advanced Encryption Standard), which is widely recognized for its robust cryptographic strength and resistance to attacks. Additionally, WPA2 incorporates CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) to provide not only confidentiality but also integrity and authentication verification for wireless communications. This ensures that transmitted data cannot be easily intercepted, altered, or spoofed by attackers.

WPA, the predecessor to WPA2, improved upon WEP by introducing TKIP (Temporal Key Integrity Protocol) to dynamically change encryption keys, but TKIP is less secure than AES and is considered outdated. WPS (Wi-Fi Protected Setup) is a network configuration feature designed to simplify device connections, but it can introduce security vulnerabilities if the PIN-based setup is exploited. In enterprise environments, using WPA2—or preferably WPA3—is essential for maintaining a secure wireless network. Implementing WPA2 involves enforcing strong passphrases, using enterprise authentication methods such as 802.1X with RADIUS servers, disabling legacy protocols, and monitoring wireless traffic for anomalies.

Understanding WPA2 is critical for CAS-005 candidates because wireless security is a key component of network defense and the CIA triad. Weak wireless encryption can allow attackers to intercept sensitive communications, perform man-in-the-middle attacks, or gain unauthorized access to internal resources. WPA2 supports a defense-in-depth strategy by securing the wireless layer, complementing other network security measures such as firewalls, intrusion detection systems, and endpoint protections. Properly configured WPA2 ensures both confidentiality and integrity of wireless communications, mitigating risks and protecting organizational assets.

Question 78:

Which type of authentication system allows a user to log in once and gain access to multiple applications without re-entering credentials?

A. Multi-factor authentication
B. Single sign-on
C. Token-based authentication
D. Biometric authentication

Answer: B. Single sign-on

 Explanation

 Single sign-on (SSO) is an authentication mechanism that allows users to log in once using a single set of credentials and gain access to multiple applications or systems without needing to re-enter their login information for each service. This approach greatly enhances usability by reducing the number of passwords a user must remember and decreasing password fatigue, which is a common security risk when users create weak or repeated passwords across systems. SSO simplifies identity management for IT departments, as administrators can centrally control user access, provision new accounts, and revoke access quickly when employees leave the organization or change roles.

While multi-factor authentication (MFA) increases security by requiring additional verification factors such as a one-time password, biometric scan, or security token, it does not inherently provide seamless access across multiple applications. Token-based authentication is often used within SSO to manage session tokens, granting temporary access and maintaining a secure session without repeatedly prompting the user. Biometric authentication relies on unique physiological traits like fingerprints, facial recognition, or iris scans to verify identity, but on its own, it does not provide cross-application access.

In the context of CAS-005, understanding SSO is essential because it directly affects both security and operational efficiency. Properly implemented SSO integrates with secure session management, strong initial authentication, and access control policies. Security considerations include protecting the authentication token from theft or replay attacks, using encryption for token storage and transmission, and monitoring login activity for unusual patterns. SSO also supports the CIA triad: it enhances confidentiality by reducing password sharing, ensures integrity by controlling authentication centrally, and contributes to availability by allowing users uninterrupted access to resources.

Additionally, SSO can be combined with MFA for a layered security approach, providing strong protection while maintaining ease of use. Organizations that implement SSO effectively reduce administrative overhead, minimize potential credential compromise, and improve the overall security posture while streamlining user experience across enterprise systems.

Question 79:

 Which principle of security requires splitting critical tasks among multiple users to prevent fraud or errors?

A. Principle of least privilege
B. Separation of duties
C. Defense in depth
D. Mandatory access control

Answer: B. Separation of duties

Explanation:

Separation of duties is a foundational security principle that ensures critical tasks are divided among multiple individuals to prevent fraud, errors, or abuse. By distributing responsibilities, no single user has complete control over a sensitive process, which reduces the likelihood of intentional malicious actions or inadvertent mistakes. This principle is particularly important in financial operations, administrative workflows, and IT management, where unchecked authority could result in data corruption, unauthorized transactions, or compliance violations. Separation of duties complements the principle of least privilege, which limits user access to only the resources necessary for their role, and defense-in-depth, which incorporates multiple layers of security controls to protect organizational assets. Mandatory access control (MAC) enforces strict, label-based access policies but does not inherently ensure that responsibilities are divided among different individuals, highlighting the unique role of separation of duties in internal governance.

In the context of CAS-005, separation of duties is considered an administrative control critical for process security, risk management, and internal auditing. Effective implementation begins with clearly defining roles and responsibilities, ensuring complementary tasks are assigned to different personnel, and avoiding overlapping privileges that could enable fraud. Monitoring and auditing mechanisms are essential to enforce compliance, detect anomalies, and provide accountability for actions performed. Examples include requiring multiple signatures for financial approvals, splitting duties between system administrators and security officers, and segregating development and production system access.

Separation of duties also strengthens the integrity and accountability pillars of the CIA triad. It prevents a single individual from altering or manipulating critical data without oversight, ensuring that processes are transparent and verifiable. By embedding this principle into organizational policies, procedures, and system designs, organizations enhance their overall security posture, reduce operational risk, and foster a culture of responsibility and trust. It remains a cornerstone concept for security governance, internal controls, and regulatory compliance in enterprise environments.

Question 80:

Which type of malware records keystrokes to capture sensitive information such as passwords or credit card numbers?

A. Spyware
B. Keylogger
C. Trojan
D. Worm

Answer: B. Keylogger

Explanation:

A keylogger is a form of malware or monitoring tool designed to capture every keystroke made on a computer or device, often without the user’s knowledge. By recording keyboard input, keyloggers can harvest highly sensitive information, including login credentials, passwords, credit card numbers, personal identification information, and other confidential data. Keyloggers can exist as software-based malware, installed surreptitiously via phishing attacks, malicious downloads, or infected websites, or as hardware devices inserted between a keyboard and a system to intercept input. Unlike spyware, which may collect a broad range of system usage information or behavioral data, keyloggers specifically focus on capturing keystrokes. Trojans, on the other hand, disguise themselves as legitimate programs to deliver malicious payloads, while worms self-replicate and spread across networks without user interaction.

Keyloggers are particularly dangerous because they operate stealthily, often avoiding detection by traditional antivirus software. They pose a direct threat to confidentiality, enabling attackers to gain unauthorized access to sensitive accounts, perform identity theft, and compromise enterprise systems. Mitigating keylogger threats requires a multi-layered security approach. Endpoint protection software, regular system updates, anti-malware solutions, and device monitoring can detect and prevent infections. Additionally, implementing multi-factor authentication reduces the effectiveness of stolen credentials, while user awareness training helps individuals recognize phishing attempts and suspicious downloads that could install keyloggers.

In CAS-005, understanding keyloggers is crucial for recognizing the risks they pose to confidentiality and overall security posture. Organizations must combine technical controls, such as antivirus solutions and secure authentication practices, with administrative policies and user training to mitigate the impact of keyloggers. Monitoring for unusual system activity, employing network security tools, and enforcing least privilege access further strengthens defenses. Ultimately, keyloggers highlight the importance of endpoint security, proactive monitoring, and layered defense strategies in protecting sensitive data within enterprise environments.