Question 12 - CompTIA SecurityX / CASP+ CAS-005 Real Exam Questions [Jan 2026 Update]

Q: 12

[Security Architecture] Asecuntv administrator is performing a gap assessment against a specific OS benchmark The benchmark requires the following configurations be applied to endpomts: • Full disk encryption * Host-based firewall • Time synchronization * Password policies • Application allow listing * Zero Trust application access Which of the following solutions best addresses the requirements? (Select two).

Options

Correct Answer:

C, D

Explanation

The Security Content Automation Protocol (SCAP) is a suite of specifications standardized by NIST for automating vulnerability management and policy compliance evaluation. It is designed specifically for tasks like performing a gap assessment against a security benchmark, checking for required configurations such as firewall status, password policies, and application lists.

Secure Access Service Edge (SASE) is a cloud-native architecture that converges network and security services. A core tenet of SASE is Zero Trust Network Access (ZTNA), which directly addresses the "Zero Trust application access" requirement. SASE solutions enforce access policies by continuously assessing the security posture of endpoints, verifying compliance with requirements like full disk encryption and host-based firewalls before granting access to resources.

Why Incorrect

A. CASB: A Cloud Access Security Broker (CASB) primarily secures traffic between users and cloud applications; it does not perform comprehensive OS-level configuration assessments.

B. SBoM: A Software Bill of Materials (SBoM) is an inventory of software components, used for vulnerability management and supply chain security, not for enforcing endpoint configuration policies.

E. HIDS: A Host-based Intrusion Detection System (HIDS) is a monitoring tool that detects malicious activity or policy violations, but it is not a framework for configuration assessment or Zero Trust access control.

References

1. NIST Special Publication 800-126 Revision 3

The Security Content Automation Protocol (SCAP) Version 1.3. Section 2

"Introduction

" states

"SCAP is a suite of specifications for exchanging security automation content... It is used for purposes such as automating vulnerability checking

compliance checking

and security measurement."

2. NIST Special Publication 800-207

Zero Trust Architecture. Section 3.2.2

"Device

" discusses the importance of the system's security posture in a Zero Trust Architecture. It states

"The enterprise monitors and manages the security posture of devices... This includes patch levels

OS versions

and integrity of security components." SASE is an implementation of this principle.

3. Yousef

& Shosha

A. F. (2023). A Survey on Secure Access Service Edge (SASE). IEEE Access

51119-51143. https://doi.org/10.1109/ACCESS.2023.3279111. The paper defines SASE as a framework that "integrates networking and security functions into a unified

cloud-native service

" with Zero Trust Network Access (ZTNA) as a core component for enforcing granular

identity- and context-aware access policies.

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE