← Back to exam page

CAS-005 CompTIA SecurityX Certification

Loading demo links...

Showing 13–15 of 15 questions

Question 13

A company's finance department acquired a new payment system that exports data to an unencrypted file on the system. The company implemented controls on the file so only appropriate personnel are allowed access. Which of the following risk techniques did the department use in this situation?

Select an option, then click Submit answer.

  • Accept

  • Avoid

  • Transfer

  • Mitigate
Question 14

An attacker infiltrated an electricity-generation site and disabled the safety instrumented system. Ransomware was also deployed on the engineering workstation. The environment has back-to-back firewalls separating the corporate and OT systems. Which of the following is the MOST likely security consequence of this attack?

Select an option, then click Submit answer.

  • A turbine would overheat and cause physical harm.

  • The engineers would need to go to the historian.

  • The SCADA equipment could not be maintained.

  • Data would be exfiltrated through the data diodes.
Question 15

A DevOps team has deployed databases, event-driven services, and an API gateway as PaaS solution that will support a new billing system. Which of the following security responsibilities will the DevOps team need to perform?

Select an option, then click Submit answer.

  • Securely configure the authentication mechanisms

  • Patch the infrastructure at the operating system

  • Execute port scanning against the services

  • Upgrade the service as part of life-cycle management