CAS-005 Exam Dumps - CompTIA SecurityX Certification Exam

The best solution is to use a non-persistent virtual desktop infrastructure (VDI) with thin clients (B). Thin clients are inexpensive, easy to replace, and resilient in harsh environments where traditional endpoints may be damaged. With non-persistent VDI, employee desktops are virtualized and reset to a clean state after logout, reducing risks from turnover, malware persistence, or user misconfiguration. Centralized management ensures consistent patching and security updates while minimizing downtime, since damaged thin clients can be swapped quickly with minimal disruption.

Option A (environmental controls) may reduce equipment damage but does not address turnover or regulatory retention requirements. Option C (redundant servers and journaling) improves data integrity but does not solve endpoint-related risks or staffing issues. Option D (maintaining spare endpoints) mitigates hardware failures but still relies on managing and configuring full systems, which is inefficient for high-turnover environments.

CAS-005 emphasizes virtualization and centralization strategies in environments where operational resilience, rapid recovery, and compliance are critical. Non-persistent VDI with thin clients provides the most comprehensive solution here.

To ensure that logs from a legacy platform are properly retained beyond the default retention period, configuring the SIEM to aggregate the logs is the best approach. SIEM solutions are designed to collect, aggregate, and store logs from various sources, providing centralized log management and retention. This setup ensures that logs are retained according to policy and can be easily accessed for analysis and compliance purposes.

Reviewing the asset inventory allows the security team to identify all instances of the affected application versions within the organization. By knowing which systems are running the vulnerable versions, the team can assess the full scope of the impact, determine which systems might be compromised, and prioritize them for further investigation and remediation.

Performing a port scan (Option A) might help identify open ports but does not provide specific information about theapplication versions. Inspecting egress network traffic (Option B) and analyzing user behavior (Option D) are important steps in the incident response process but do not directly identify which versions of the application are affected.

The best answer is C. Correlating based on source field in batches of time . To identify trends in SIEM data, the analyst should group related events over a time window and correlate them around a common field. In this excerpt, user1 appears repeatedly across multiple alert types, including unusual authentication, access to sensitive resources, and elevated risk score. That pattern is exactly the sort of repeated behavior that becomes visible when events are correlated by source over time. CompTIA’s official SecurityX objectives in the Security Operations domain include “Data analysis: indicators of malicious activity, trend analysis, statistics, and deduplication/correlation.” That objective language directly supports this answer.

Why the other options are not best:

A narrows only one rule window and does not systematically identify trends across multiple event types. B may reduce volume, but reduction alone does not reveal trends. D is risky because noisy rules might still provide useful context, and disabling them based only on total daily alerts can hide meaningful multi-event patterns. The practical, operational ap proach is to correlate records by a shared field such as source/user across time batches so repeated suspicious behavior stands out.

For a disaster recovery (DR) plan requiring immediate data availability, the first step is understanding what needs to be protected and recovered. Identifying critical business processes and their associated software and hardware requirements establishes the foundation for the DR plan. This ensures that backups and recovery mechanisms align with business priorities, meeting the " moment ' s notice " requirement.

Option A:A change management plan is important for system consistency but doesn’t directly address immediate data availability in a DR context.

Option B:Hiring staff supports execution but doesn’t define what needs to be recovered or how. It’s a later step.

Option C:A warm site (a partially operational backup site) is a good DR solution, but designing it comes after identifying critical processes and resources.

Option D:This is the first step in any DR planning process—knowing what’s critical ensures the plan meets availability goals efficiently.