Pass the CompTIA CompTIA CASP CAS-005 Questions and answers with CertsForce

Theregulated lab environment (Yes)shares the same VLAN (10.2.0.0/22) withusers, creatingzone traversalrisk from unregulated zones to sensitive datanetworks.

This allows pivoting and lateral movement from non-regulated user devices into regulated lab environments — a classiczone boundary violation.

Zone traversal should be mitigated with segmentation and firewall enforcement.

FromCAS-005, Domain 2: Risk Management and Mitigation Strategies:

“Zone traversal occurs when segmentation boundaries are misconfigured or merged, leading to regulatory and risk compliance failures.”

The best answer is C. Privacy regulations . A data subject access request process exists to support an individual’s right to access their personal data. Regulators and official privacy guidance define this as a core privacy right. The UK ICO explains that the “right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data” , and Article 15 GDPR establishes the same right in law. Because the security officer is asking a third party to prove it can handle these requests, the officer is clearly validating compliance with privacy law and related data protection obligations.

This also aligns with CompTIA SecurityX’s GRC focus on compliance requirements, program documentation, and data governance. A third party that processes personal data for the enterprise must be able to respond appropriately to access requests from data subjects, so confirming that process is a due diligence activity tied to regulatory privacy compliance rather than e-discovery, certification, or generic reporting frameworks.

Why the other options are incorrect:

A. Information security standards may require good practices, but DSAR handling is specifically about privacy rights. B. E-discovery requirements relate to legal discovery and litigation processes, not an individual’s privacy access rights. D. Certification requirements and E. Reporting frameworks are not the primary reason an organization must support subject access requests. The clearest and most accurate answer is privacy regulations.

To meet the requirements of only allowing internally signed applications, preventing unauthorized software installations, and logging attempts to run unauthorized software, configuring application control with blocked hashes and enterprise-trusted root certificates is the best solution. This approach ensures that only applications signed by trusted certificates are allowed to execute, while all other attempts are blocked and logged. It effectively prevents unauthorized software installations by restrictingexecution to pre-approved applications.

Step-by-Step Explanation:

Sigma (A) is a rule-based detection language that is vendor-agnostic, meaning it can be used across different SIEM (Security Information and Event Management) tools. Unlike YARA (B), which focuses on file-based detection, Sigma provides a standardized way to create rules that work across various security platforms.

To improve the quality of code scanning results and reduce false positives, the best solution is to limit the tool to a specific coding language and fine-tune the rule set. By configuring the code scanning tool to focus on the specific language used in the application, the tool can more accurately identify relevant issues and reduce the number of false positives. Additionally, tuning the rule set ensures that the tool ' s checks are appropriate for the application ' s context, further improving the accuracy ofthe scan results.

The beststrategy for securely managing cryptographic material is to use a Hardware Security Module (HSM). Here’s why:

Security and Integrity: HSMs are specialized hardware devices designed to protect and manage digital keys. They provide high levels of physical and logical security, ensuring that cryptographic material is well protected against tampering and unauthorized access.

Centralized Key Management: Using HSMs allows for centralized management of cryptographic keys, reducing the risks associated with decentralized and potentially insecure key storage practices, such as on personal laptops.

Compliance and Best Practices: HSMs comply with various industry standards and regulations (such as FIPS 140-2) for secure key management. This ensures that the organization adheres to best practices and meets compliance requirements.

When differentiating between valid and invalid findings from vulnerability scans, the systemsadministrator should verify that the scanning credentials are properly configured. Valid credentials ensure that the scanner can authenticate and access the systems being evaluated, providing accurate and comprehensive results. Without proper credentials, scans may miss vulnerabilities or generate false positives, making it difficult to prioritize and address the findings effectively.

The best answer is B. An attacker viewed password hashes on the device . The decisive event is sudo cat /etc/shadow SUCCESS . On Linux systems, /etc/shadow stores password hashes and related account password data. The log therefore indicates successful privileged access to that file and successful viewing of its contents. CompTIA’s SecurityX Security Operations domain includes analysis of indicators of malicious activity and investigation of suspicious system behavior; this command sequence is consistent with credential-access activity.

Why the other options are not best:

A is incorrect because there is no evidence of file injection. C is not supported because the logs show file access, not confirmed data transfer or exfiltration. D is tempting because of cd ../../ , but that is only navigation. The key security-relevant action is the successful reading of /etc/shadow , which means password hashes were viewed.