The log shows an AXFR (zone transfer) query, which exposed internal DNS records, aiding lateral movement. Let's evaluate:
A). Disabling DNS zone transfers:AXFR allows full DNS zone data to be transferred. Disabling it externally prevents attackers from mapping internal networks, directly mitigating this issue per CAS-005's security operations focus.
B). Restricting to UDP/53:AXFR uses TCP/53, so this wouldn't stop it.
C). DNSmasking:Obscures records but isn't a standard term for this fix.
Reference:CompTIA SecurityX (CAS-005) objectives, Domain 2: Security Operations, covering DNS security.

Enabling dashboards for service status monitoring is the best action to support rapid incident response. The table shows various services with different risk, criticality, and alert severity ratings. To ensure timely and effective incident response, real-time visibility into the status of these services is crucial.
Why Dashboards for Service Status Monitoring?
Real-time Visibility: Dashboards provide an at-a-glance view of the current status of all critical services, enabling rapid detection of issues.
CentralizedMonitoring: A single platform to monitor the status of multiple services helps streamline incident response efforts.
Proactive Alerting: Dashboards can be configured to show alerts and anomalies immediately, ensuring that incidents are addressed as soon as they arise.
Improved Decision Making: Real-time data helps incident response teams make informed decisions quickly, reducing downtime and mitigating impact.
Other options, while useful, do not offer the same level of comprehensive, real-time visibility and proactive alerting:
A). Automate alerting to IT support for phone system outages: This addresses one service but does not provide a holistic view.
C). Send emails for failed log-in attempts on the public website: This is a specific alert for one type of issue and does not cover all services.
D). Configure automated isolation of human resources systems: This is a reactive measure for a specific service and does not provide real-time status monitoring.
References:
CompTIA SecurityX Study Guide
NIST Special Publication 800-61 Revision 2, " Computer Security Incident Handling Guide "
" Best Practices for Implementing Dashboards, " Gartner Research

Public Key Infrastructure (PKI) supports change management by securing messages (e.g., approvals, updates).
Non-repudiation, provided via digital signatures, ensures a sender cannot deny sending a message, critical for auditability in change processes.
Option A:Correct-PKI's digital signatures ensure non-repudiation.
Option B:Confidentiality (via encryption) is a PKI feature but less tied to change management's focus on accountability.
Option C:Delivery receipts are not aPKI function; they're protocol-specific (e.g., SMTP).
Option D:Attestation relates to verifying attributes, not a direct PKI message capability.
Reference:CompTIA SecurityX CAS-005 Domain 2: Security Architecture - PKI and Secure Processes.

Incident response follows a standard process (e.g., NIST 800-61): Preparation, Identification, Containment, Eradication, Recovery, Lessons Learned. After identifying the attack (file and origin), the next step isContainment-limiting the spread or impact (e.g., isolating systems) before remediation or recovery.
Option A:Remediation (fixing the root cause) follows containment.
Option B:Correct-containment prevents further damage post-identification.
Option C:"Response" is too vague; it encompasses all steps.
Option D:Recovery (restoring systems) comes after containment and eradication.
Reference:CompTIA SecurityX CAS-005 Domain 4: Cybersecurity Operations - Incident Response Lifecycle.

Dynamic Application Security Testing (DAST) is crucial for identifying and addressing security vulnerabilities during the software development life cycle (SDLC). Ensuring that DAST scans are routinely scheduled helps in maintaining a secure development process.
Why Routine DAST Scans?
Continuous Security Assessment: Regular DAST scans help in identifying vulnerabilities in real-time, ensuring they are addressed promptly.
Compliance: Routine scans ensure that the development process complies with security standards and regulations.
Proactive Threat Mitigation: Regular scans help in early detection and mitigation of potential security threats, reducing the risk of breaches.
Integration into SDLC: Ensures security is embedded within the development process, promoting a security- first approach.
Other options, while relevant, do not directly address the continuous assessment and proactive identification of threats:
A). If developers are unable to promote to production: This is more of an operational issue than a security assessment.
B). If DAST code is being stored to a single code repository: This concerns code management rather than security testing frequency.
D). If role-based training is deployed: While important, training alone does not ensure continuous security assessment.
References:
CompTIA SecurityX Study Guide
OWASP Testing Guide
NIST Special Publication 800-53, " Security and Privacy Controls for Information Systems and Organizations
"