CompTIA SecurityX Practice Test (CAS-005)

A Privileged Access Management (PAM) solution is the most appropriate choice. PAM acts as a compensating control by creating a secure, proxied gateway for administrative access. It can enforce strong authentication (like MFA) and provide detailed session logging and monitoring without modifying the legacy system itself, thus meeting the requirements of enhanced security with no operational disruption. Mandating native MFA integration is likely infeasible on an unsupported legacy system that cannot be modified. Isolating the system with a firewall is a good security practice but does not strengthen the authentication process for privileged users who already have network access. Deploying a modern EDR agent may not be possible on an obsolete operating system and could cause performance issues, disrupting high-throughput processing.

Upgrading to the vendor’s latest release and then validating patches in a controlled setting addresses the known flaw while preserving existing functionality. Stopping usage may break key operations and does not ensure a proper fix. An allow listing approach limits which processes can access the component but still leaves the flaw in place. Monitoring unusual activity may detect suspicious events, but it does not address the fundamental weakness.

Segmentation with monitored gateways helps limit infiltration attempts. Disabling external connections could block valid maintenance processes. A major hardware replacement may cause significant downtime and might not address all vulnerabilities. Granting broad privileges to administrators can weaken security. Segmenting the environment preserves functionality and reduces access to critical assets.

Examining detection logs reveals whether intrusion detection tools recognized unauthorized behaviors. Gathering secondhand feedback from the group that performed the simulation does not validate defenders’ actual detection or alerting. Checking user training records addresses social engineering tactics but does not confirm whether the environment captured technical indicators. Asking workforce members to set new passwords does not demonstrate whether suspicious activity generated alerts.

Scheduling the replacement of cryptographic materials limits the usefulness of older credentials. An unauthorized party who gains access to outdated secrets finds them invalid after the refresh period. Other listed measures support security controls but do not involve routine updates of encryption secrets.

Utilizing a single platform that merges external and local logs in a flexible data structure supports advanced correlation and rapid integration of new sources. Storing each feed separately or relying entirely on export or manual searching introduces inefficiencies and inconsistent views of the data, limiting the ability to correlate events effectively.

Establishing an unbroken line of secure communication from user devices to the final system ensures that data remains protected even when passing through multiple nodes. Terminating and re-establishing secure connections at edge servers can introduce points of exposure. Location-based routing simplifies access, and cryptographic checksums support file integrity, but neither alone guarantees data confidentiality during transit.

A second location equipped for operations and replicating data in near real-time supports prompt availability. Storing hardware remotely can increase delays if software and configurations are not kept current. Periodic backups in an offsite archive help with data recovery but do not meet pressing uptime demands. A dormant site with occasional testing might overlook hidden issues and slow down resumption of services.

Isolating each plug-in and granting it only the minimal API scopes it needs enforces the principle of least privilege and prevents a plug-in from invoking sensitive functions outside its intended purpose. Verbose logging (option 2) helps detection but does not stop the attack. Moving credentials to environment variables (option 3) addresses secret management, not authorization. Extending OAuth token lifetimes (option 4) actually increases risk by keeping broad privileges valid for longer.

A recognized approach that merges broader business objectives with IT processes establishes a consistent method for planning, implementing, and reviewing security efforts alongside operational goals. Other options concentrate on narrow or unrelated areas, such as data protection only, software development practices, or payment-specific tasks, and do not provide comprehensive governance of the larger enterprise environment.

Establishing a trust relationship among separate identity providers aligns with the concept of federation. It allows each partner to keep its user directories while still passing validated claims between them. Other options, such as merging all credentials into a single directory or issuing separate accounts, add complexity. Trust-based integration is designed for secure single sign-in without duplicating or storing credentials in multiple places.

Deactivating unnecessary components and updating core parts limits paths that attackers can exploit. Broad permission settings or reliance on unsupported software can leave the environment exposed. Remote connections on untrusted channels can increase risks of unauthorized changes or data access.

Digital fingerprinting—typically implemented as cryptographic hashing—ensures the integrity of logs by allowing verification that no changes occurred after storage. By saving the hash separately, any tampering becomes immediately detectable through comparison. This method aligns with controls in NIST SP 800-92 and CIS Control 8 (Audit Log Management). Encryption ensures confidentiality but not change detection. Shared folders and obfuscation fail to provide assurance against post-write modification. Forensic soundness and non-repudiation require verifiable tamper evidence.

A phased assessment that includes data flow reviews and threat modeling helps reveal unknown infiltration points introduced by unifying networks, systems, or staff. It addresses possible seams in the environment while allowing the group to maintain normal functions. Shutting down major systems interrupts business and may miss potential blind spots. Relying on staff agreements alone does not detect or mitigate infiltration issues. Assigning one champion per acquired system lacks a full-spectrum analysis of how these systems interact with the rest of the environment.

Collaborating with a group that shares tailored intelligence is the most beneficial because it focuses on threats relevant to the specific operational environment. Other methods propose valuable controls but do not provide the same level of direct threat insight or collaboration among similar entities. A publicly available feed is broader in scope, not always offering the specialized intelligence needed. A honeynet can reveal adversary techniques on a single network, but it does not facilitate knowledge exchange with peers. Outsourced monitoring can provide services but might not integrate industry-specific threat data in the same collaborative way.

Deploying cryptographic verification for domain entries (sometimes referred to as DNSSEC) uses digital signatures to protect name resolution data from unauthorized changes. Requiring password changes does not fix altered name resolution information. Captive portals are unrelated to the integrity of domain data and do not remove misdirection. Performing periodic restarts of domain controllers does not eliminate tampered data propagated to other resolvers.

When roles are not clearly assigned, employees skip reporting issues or assume someone else is in charge, resulting in missed indicators. Advanced machine learning and firewalls focus on technology rather than ensuring each person understands tasks. Consolidated policy enforcement from management sets standards at a high level but does not address the confusion among the newly formed team’s daily obligations. Successful modeling relies on well-defined duties, so confusion among personnel is a major contributor to gaps.

Developing a process with scheduled patch cycles and monitoring results targets weaknesses in a planned way. This maintains operational continuity and lowers the recurrence of the same weaknesses in the future. Removing the application from production until new hardware arrives disrupts business. Blocking all inbound connections is too broad and affects legitimate access. Conducting manual scans yearly is not frequent enough to track and address weaknesses consistently.

A Configuration Management Database (CMDB) is the correct solution because its primary purpose is to store information about hardware and software assets (referred to as configuration items) and their relationships. Implementing a CMDB would provide a centralized, authoritative inventory, addressing the core problem of unknown assets and enabling better change management, vulnerability management, and risk assessment. A SIEM is used for log aggregation and analysis, a GRC tool manages policies and risk at a high level, and a vulnerability scanner identifies weaknesses but does not serve as a comprehensive asset inventory system.

Automated pipelines that include security checks provide a scalable, repeatable method for validating code with every update. These checks detect newly introduced vulnerabilities in near-real time and generate feedback quickly, minimizing the risk of regression or lingering flaws. Manual reviews or milestone-based audits introduce delays and gaps, which can leave weaknesses unaddressed between cycles. By contrast, integrated security tooling within CI/CD ensures each change is evaluated consistently, helping maintain a strong security posture across frequent deployments.