CompTIA SecurityX CAS‑005 Practice Test

Correct answer: SCAP
Explanation:
SCAP (Security Content Automation Protocol) allows automation of vulnerability data exchange (OVAL, CVE, CPE) and supports consistent scanning and reporting. Plain-text FTP, HTTP, POP3 or Telnet do not provide structured vulnerability automation or secure exchange.

Correct answer: RAM dump
Explanation:
RAM may contain encryption keys, running processes, injected code, and evidence of in-memory attacks. A RAM dump preserves this volatile state for analysis. The other artifacts are unrelated to volatile state or security incident evidence.

Correct answer: Infrastructure as Code (IaC) with version control and automated compliance checks
Explanation:
Using IaC ensures that configurations are codified, versioned, and repeatable. Automated compliance checks detect drift, enforce consistent policies, and reduce human error. Manual, ad-hoc configurations and disabling logging or backups makes drift likely and untraceable.

Correct answer: Track software components and dependencies to identify vulnerabilities or license issues
Explanation:
SBOM catalogs all components, libraries, and dependencies used in software; this helps detect vulnerable or deprecated components, manage licensing, and respond quickly when new CVEs are disclosed. None of the other items affect software security or vulnerability management.

Correct answer: Use of ephemeral key exchange (e.g. ECDHE)
Explanation:
Ephemeral key exchanges provide unique session keys per communication session; compromise of long-term keys doesn’t reveal past sessions. Static key reuse, plaintext FTP, or disabling encryption eliminate confidentiality and undermine forward secrecy.

Correct answer: Isolated runtime environments, minimal attack surface, easier patching and rollback
Explanation:
Containers isolate applications, bundle dependencies, reduce external dependencies, and simplify patching or rollback—reducing risk of conflicts or vulnerabilities. The other choices degrade security, performance, or best practices.

Correct answer: Shared responsibility model
Explanation:
The shared responsibility model clarifies which security tasks the cloud provider handles (e.g. infrastructure, hypervisor) and which remain the customer’s duty (e.g. data, configuration, access controls). This clarity is essential when designing hybrid architectures. Flat networks or “no-responsibility” models ignore real obligations and create risk.

Correct answer: Behavior-based monitoring and anomaly detection across user and system activity
Explanation:
Behavior-based monitoring detects deviations from normal activity, revealing insider threats or compromised accounts. Periodic password changes or weak credentials don’t prevent misuse, and disabling logging removes visibility. Universal admin rights magnify risk.

Correct answer: Runtime application self-protection (RASP) + EDR + host-based firewalls
Explanation:
Combining RASP (to protect application behavior), EDR (endpoint detection and response), and host-based firewalls provides layered defense against both known and unknown threats. Shared passwords, open ports, disabled logging or unrestricted USB defeat security best practices and make exploitation easier.

Correct answer: Use hardware-backed keys, with secure storage and rotation policies
Explanation:
Hardware-backed key storage (e.g. HSM or TPM) provides strong protection against key theft, ensures resistance to tampering, and supports secure key rotation. Storing keys alongside data, embedding in code, sharing via email, or disabling key management undermines encryption effectiveness and exposes data to breach.

Correct answer: CVSS (Common Vulnerability Scoring System)
Explanation:
CVSS assigns numerical severity scores to vulnerabilities based on exploitability, impact, and context. This allows organizations to rank and prioritize remediation across many systems. The other options are unrelated to vulnerability scoring.

Correct answer: SOAR / scripting with IaC and scheduled tasks
Explanation:
SOAR (Security Orchestration, Automation, and Response), along with Infrastructure-as-Code scripts and scheduled tasks, enables repeatable, consistent, and scalable security operations—patching, compliance checks, scanning, and response. Manual processes or disabling monitoring lead to errors, drift, and increased risk.

Correct answer: Micro-segmentation
Explanation:
Micro-segmentation divides a network into smaller, isolated zones or trust domains, restricting traffic between segments and limiting potential lateral movement if a breach occurs. A flat LAN with shared passwords or open Wi-Fi undermines security, and disabling host firewalls removes critical defenses.

Correct answer: Visibility and control over cloud services, data flows, and policy enforcement
Explanation:
A CASB gives organizations oversight over cloud usage, enforces compliance policies, controls data flows, and helps prevent shadow-IT or unauthorized services. It supports secure deployment and governance in cloud environments. The other options degrade performance, break functionality, or undermine security.

Correct answer: Cryptographic erase
Explanation:
Cryptographic erase involves deleting or destroying the encryption key, rendering the encrypted data unreadable and unrecoverable. It’s a valid data disposal or secure data retirement method. Plaintext storage or base64 encoding don’t secure data; FTP is insecure; symmetric key reuse without proper key management is risky.

Correct answer: Code review and automated security scanning of scripts
Explanation:
When infrastructure is defined as code, issues such as insecure defaults, open ports, or misconfigurations can be replicated rapidly. A code review and automated security scanning of IaC scripts helps catch insecure settings before they are deployed, ensuring configuration consistency and reducing attack surface. Skipping version control, disabling logging, or reusing passwords undermine security, and copy-pasting random settings invites mistakes.

Correct answer: Zero Trust with identity-based access controls
Explanation:
Zero Trust applies the principle of “never trust, always verify,” enforcing least privilege, identity verification for every access request, and strict segmentation. This reduces risk of lateral movement, unauthorized access, and over-privileged accounts. The other options weaken security and do the opposite of enforcing control.

Correct answer: Third-party risk and its impact on confidentiality, integrity, and availability
Explanation:
Third-party risk assessment evaluates how outsourcing or integrating with external vendors may jeopardize the organization's data and security posture. Confidentiality, integrity, and availability (CIA) remain core risk dimensions. Assessing trivial details like office chairs or coffee machines doesn’t address security risks or compliance requirements.

Correct answer: COBIT
Explanation:
COBIT is a recognized IT governance framework that helps align IT and business goals, manage risk, define policies, and provide control objectives. It fits well under the Governance, Risk, and Compliance domain of SecurityX. The other options are unrelated protocols or data formats, not governance frameworks.

Correct answer: Security policy
Explanation:
A security policy defines the organization’s security goals, acceptable practices, roles and responsibilities, and the overall security posture. It precedes technical controls and provides governance. Firewall rules or network diagrams implement technical details, but without a policy there is no consistent foundation for governance or compliance. A patch log or training video are operational artifacts tied to policy implementation, not policy definitions.