Free CompTIA CAS-005 Exam Dumps Questions & Answers

A company recentlyexperienced aransomware attack. Although the company performssystems and data backupon a schedule that aligns with itsRPO (Recovery Point Objective) requirements, thebackup administratorcould not recovercritical systems and datafrom its offline backups to meet the RPO. Eventually, the systems and data were restored with information that wassix months outside of RPO requirements.
Which of the following actions should the company take to reduce the risk of a similar attack?

• A.Encrypt and label the backup tapes with the appropriate retention schedule before they are sent to the off-site location.
• B.Perform regular disaster recovery testing of IT and non-IT systems and processes.
• C.Implement a business continuity process that includes reverting manual business processes.
• D.Carry out a tabletop exercise to update and verify the RACI matrix with IT and critical business functions.

A malware researcher has discovered a credential stealer is looking at a specific memory register to harvest passwords that will be used later for lateral movement in corporate networks. The malware is using TCP 4444 to communicate with other workstations. The lateral movement would be best mitigated by:

• A.Configuring the CPU's NX bit
• B.Enabling ASLR on the Active Directory server
• C.Enabling an edge firewall
• D.Enabling a host firewall
• E.Enforcing all systems to use UEFI

The device event logs sourced from MDM software are as follows:
Device | Date/Time | Location | Event | Description
ANDROID_102 | 01JAN21 0255 | 38.9072N, 77.0369W | PUSH | APPLICATION 1220 INSTALL QUEUED ANDROID_102 | 01JAN21 0301 | 38.9072N, 77.0369W | INVENTORY | APPLICATION 1220 ADDED ANDROID_1022 | 01JAN21 0701 | 39.0067N, 77.4291W | CHECK-IN | NORMAL ANDROID_1022 | 01JAN21 0701 | 25.2854N, 51.5310E | CHECK-IN | NORMAL ANDROID_1022 | 01JAN21 0900 | 39.0067N, 77.4291W | CHECK-IN | NORMAL ANDROID_1022 | 01JAN21 1030 | 39.0067N, 77.4291W | STATUS | LOCAL STORAGE REPORTING 85% FULL Which of the following security concerns and response actions would best address the risks posed by the device in the logs?

• A.Resource leak; recover the device for analysis and clean up the local storage
• B.Impossible travel; disable the device's account and access while investigating
• C.Falsified status reporting; remotely wipe the device
• D.Malicious installation of an application; change the MDM configuration to remove application ID 1220

While performing threat-hunting functions, an analyst is using the Diamond Model of Intrusion Analysis. The analyst identifies the likely adversary, the infrastructure involved, and the target. Which of the following must the threat hunter document to use the model effectively?

• A.Methodologies
• B.Phase
• C.Capabilities
• D.Knowledge

A compliance officer is reviewing the data sovereignty laws in several countries where the organization has no presence Which of the following is the most likely reason for reviewing these laws?

• A.The organization has been subject to legal proceedings in countries where it has a presence.
• B.The organization has suffered brand reputation damage from incorrect media coverage
• C.The organization is performing due diligence of potential tax issues.
• D.The organization is concerned with new regulatory enforcement in other countries