CompTIA Updated CAS-005 Exam Questions and Answers by mattias

The first action should be to reset access for John and Joe, who are corporate accounts belonging to the organization. Their credentials were exposed in recent leaks, including one from an initial access broker (Joe), which indicates an active exploitation risk. Immediate password resets and session invalidations prevent adversaries from using the compromised credentials to gain access.

Ann’s account (@hotmail.com) is personal and not under corporate management, so while her exposure is concerning, it does not pose a direct risk to organizational systems. Contacting her can follow later steps but should not delay urgent remediation for John and Joe.

Option B delays remediation. Option C overreaches by including Ann in corporate resets. Option D includes contacting authorities prematurely, which is important but secondary to immediate containment.

CAS-005 emphasizes rapid containment of credential leaks affecting corporate identities, making access resets for John and Joe the first step.

The best way is to perform a Software Assurance Maturity Model (SAMM) assessment. SAMM provides a structured framework to evaluate current software security maturity across people, process, and technology. The assessment highlights gaps and generates a roadmap tailored to the organization’s development environment.

Option B (threat modeling) only applies to specific applications, not the entire SDLC process. Option C risks misalignment with technical practices by relying only on CISO goals. Option D (OWASP secure coding manual) is useful but provides guidelines, not a maturity-based roadmap.

CAS-005 stresses leveraging maturity models for structured, measurable improvements. SAMM directly addresses this by producing a customized, actionable roadmap for secure coding practices.

A computer screen shot of a diagram Description automatically generated

A screenshot of a computer error Description automatically generated

Preparing communication templates that have been vetted by both internal and external counsel ensures that the organization can respond quickly and effectively to internal and external inquiries, comply with regulatory requirements, and provide transparency in the event of a breach.

Why Communication Templates?

Timely Response: Pre-prepared templates ensure that responses are ready to be deployed quickly, reducing response time.

Regulatory Compliance: Templates vetted by counsel ensure that all communications meet legal and regulatory requirements.

Consistent Messaging: Ensures that all responses are consistent, clear, and accurate, maintaining the organization’s credibility.

Crisis Management: Pre-prepared templates are a critical component of a broader crisis management plan, ensuring that all stakeholders are informed appropriately.

Other options, while useful, do not provide the same level of preparedness and compliance:

A. Outsourcing to an external consultant: This may delay response times and lose internal control over the communication.

B. Integrating automated response mechanisms: Useful for efficiency but not for ensuring compliant and vetted responses.

D. Conducting lessons-learned activities: Important for improving processes but does not provide immediate preparedness for communication.