Pass the CompTIA CompTIA CASP CAS-005 Questions and answers with CertsForce

In serverless computing, organizations rely heavily on CSPs to manage the infrastructure, runtime, and scaling. A key risk is thelevel of control and influence governments have over CSPs, potentially affecting availability, access, or confidentiality of hosted services due to legal orders or government actions. Concerns about virtualization technologies, scalability, or third-party monitoring are valid but less critical compared to the overarching legal and control risks tied to CSP reliance.

Integrating IDS, firewall, and DLP to reduce response time requires orchestration and automation. Let’s evaluate:

A. SOAR(Security Orchestration, Automation, and Response):SOAR integrates security tools, automates workflows, and speeds up incident response. It’s the best fit for this scenario, as CAS-005 highlights SOAR for operational efficiency.

B. CWPP (CloudWorkload Protection Platform):Focused on securing cloud workloads, not integrating on-premises tools.

C. XCCDF (Extensible Configuration Checklist Description Format):A standard for compliance checklists, not a tool for integration or response.

Removing unnecessary services from existing endpoints reduces the attack surface by minimizing the number of potential vulnerabilities attackers could exploit. This is a cost-effective method to harden devices without requiring new purchases, aligning perfectly with a purchasing freeze. Deploying new EDR solutions or disposing of devices would likely conflict with the resource freeze, and reimaging systems does not address minimizing services proactively.

Understanding the Security Event:

Unauthorized usersgained access from non-production to production.

IAM policies were weak, allowingbulk user creation.

Vulnerability assessments were disabled, andpatching was delayed.

Logs were unavailable, making incident response difficult.

Why Options A, D, and E areCorrect:

A (Disable bulk user creation by IAM team)→ Prevents unauthorized mass user account creation, which could beexploited by attackers.

D (Routine updates for endpoints & network devices)→ Patch management ensuresvulnerabilities are not left open for attackers.

E (Ensure all security/network devices send logs to SIEM)→ Helps withreal-time monitoring and detection of unauthorized activities.

Why Other Options Are Incorrect:

B (180-day log retention)→ While log retention is good,real-time monitoring is the priority.

C (Review application allow list daily)→ Reviewing itdaily is impractical. Regular audits are better.

F (Restrict production-to-non-production traffic)→ The issue isunauthorized access, not traffic routing.

ChaCha20-Poly1305is a cipher suite specifically designed for efficiency on systems with limited hardware resources. It offers high security with lower memory and CPU consumption compared to AES on certain platforms, especially mobile devices. TLS 1.3 supports ChaCha20-Poly1305 natively. CBC (Cipher Block Chaining) modes like IDEA-CBC and Camellia-CBC are less efficient and not recommended under TLS 1.3, and AES-GCM, while secure, can be less efficient than ChaCha20 on devices without AES hardware acceleration.

The best approach is to use Terraform scripts while creating golden images (A). Terraform is an Infrastructure as Code (IaC) tool that allows organizations to automate infrastructure deployment consistently across environments. A golden image is a pre-configured, patched, and hardened system image used as a standard baseline. By creating golden images via Terraform scripts, the company ensures that every microservice instance is deployed on an already-updated and secure OS. This eliminates the need for repeatedly patching the base OS before code deployment.

Option B (cron job with apt-update) applies patches but introduces delays (every 30 days) and lacks consistency across new deployments. Option C (snapshots) saves deployment states but risks replicating outdated or unpatched images. Option D (centralized update server) is useful but still requires updates post-deployment, which slows the rollout of microservices.

By automating golden image creation through Terraform, the company gains efficiency, repeatability, and security assurance, aligning with DevSecOps principles and CAS-005 cloud-native best practices.

A Content Delivery Network (CDN) caches and distributes static and dynamic web content across multiple geographically distributed edge servers, reducing latency for global users. This directly addresses page-loading delays caused by distance from the primary data centers.

RASP is for runtime application security, not latency.

Remote journaling is for data replication, not performance optimization.

SASE can improve security and WAN routing, but a CDN is purpose-built for content delivery performance.

To keep the mail server up to date with indicators of compromise (IoCs) and block known-malicious emails, the security architect needs mechanisms to ingest new threat intelligence and apply it dynamically. The best solutions are:

Threat Feed API (B): This provides automated updates from external or commercial threat intelligence providers. By integrating a threat feed, the mail server can regularly fetch IoCs such as malicious domains, IPs, or attachment hashes.

Webhooks (D): These allow real-time or near real-time updates when new IoCs are published. Instead of waiting for scheduled pulls, the mail server can receive push notifications with updated indicators, ensuring rapid response to evolving threats.

Other options are less effective. Log analyzers (A) assist with monitoring but don’t actively update or block threats. A scheduled task (C) may automate local operations but lacks the external intelligence integration required. Inbox deletion code (E) is reactive and inefficient. A security runbook (F) defines processes but does not technically enable automated updates.

Thus, the combination of Threat Feed APIs and Webhooks provides continuous, automated IoC ingestion, reducing exposure to malicious email campaigns.

The requirements demand detailed asset tracking and inventory management. Let’s analyze:

A. SBoM (Software Bill of Materials):Tracks software components, not hardware or network topology.

B. CASB (Cloud Access Security Broker):Secures cloud apps but doesn’t map physical switches or OS counts.

C. GRC(Governance, Risk, and Compliance):Focuses on risk management, not detailed asset tracking.