CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 91:

    A wholesaler has decided to increase revenue streams by selling direct to the public through an on-line system. Initially this will be run as a short term trial and if profitable, will be expanded and form part of the day to day business. The risk manager has raised two main business risks for the initial trial:

    1.

    IT staff has no experience with establishing and managing secure on-line credit card processing.

    2.

    An internal credit card processing system will expose the business to additional compliance requirements. Which of the following is the BEST risk mitigation strategy?

    A. Transfer the risks to another internal department, who have more resources to accept the risk.
    B. Accept the risks and log acceptance in the risk register. Once the risks have been accepted close them out.
    C. Transfer the initial risks by outsourcing payment processing to a third party service provider.
    D. Mitigate the risks by hiring additional IT staff with the appropriate experience and certifications.

  • Question 92:

    In single sign-on, the secondary domain needs to trust the primary domain to do which of the following? (Select TWO).

    A. Correctly assert the identity and authorization credentials of the end user.
    B. Correctly assert the authentication and authorization credentials of the end user.
    C. Protect the authentication credentials used to verify the end user identity to the secondary domain for unauthorized use.
    D. Protect the authentication credentials used to verify the end user identity to the secondary domain for authorized use.
    E. Protect the accounting credentials used to verify the end user identity to the secondary domain for unauthorized use.
    F. Correctly assert the identity and authentication credentials of the end user.

  • Question 93:

    A firm's Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted, in a risk management meeting that code base confidentiality is of upmost importance to allow the company to exceed the competition in terms of product reliability, stability and performance. The CEO also highlighted that company reputation for secure products is extremely important.

    Which of the following will provide the MOST thorough testing and satisfy the CEO's requirements?

    A. Use the security assurance team and development team to perform Grey box testing.
    B. Sign a NDA with a large consulting firm and use the firm to perform Black box testing.
    C. Use the security assurance team and development team to perform Black box testing.
    D. Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.

  • Question 94:

    The root cause analysis of a recent security incident reveals that an attacker accessed a printer from the Internet. The attacker then accessed the print server, using the printer as a launch pad for a shell exploit. The print server logs show that the attacker was able to exploit multiple accounts, ultimately launching a successful DoS attack on the domain controller.

    Defending against which of the following attacks should form the basis of the incident mitigation plan?

    A. DDoS
    B. SYN flood
    C. Buffer overflow
    D. Privilege escalation

  • Question 95:

    A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number of hosts located in the application zone, the production zone, and the core network. The 50 hosts in the core network are a mixture of Windows and Linux based systems, used by development staff to develop new applications. The single Windows host in the application zone is used exclusively by the production team to control software deployments into the production zone. There are 10 UNIX web application hosts in the production zone which are publically accessible.

    Development staff is required to install and remove various types of software from their hosts on a regular basis while the hosts in the zone rarely require any type of configuration changes.

    Which of the following when implemented would provide the BEST level of protection with the LEAST amount of disruption to staff?

    A. NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware across all Windows hosts.
    B. NIPS in the production zone, NIDS in the application zone, HIPS in the core network, and anti-virus / anti-malware across all hosts.
    C. HIPS in the production zone, NIPS in the application zone, and HIPS in the core network.
    D. NIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware across all hosts.

  • Question 96:

    Which of the following is true about an unauthenticated SAMLv2 transaction?

    A. The browser asks the SP for a resource. The SP provides the browser with an XHTML format. The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access.
    B. The browser asks the IdP for a resource. The IdP provides the browser with an XHTML format. The browser asks the SP to validate the user, and then provides the XHTML to the IdP for access.
    C. The browser asks the IdP to validate the user. The IdP sends an XHTML form to the SP and a cookie to the browser. The browser asks for a resource to the SP, which verifies the cookie and XHTML format for access.
    D. The browser asks the SP to validate the user. The SP sends an XHTML form to the IdP. The IdP provides the XHTML form back to the SP, and then the browser asks the SP for a resource.

  • Question 97:

    A developer has implemented a piece of client-side JavaScript code to sanitize a user's provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log:

    10.235.62.11 - [02/Mar/2014:06:13:04] "GET /site/script.php?user=adminandpass=pass%20or %201=1 HTTP/1.1" 200 5724

    Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer?

    A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.
    B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.
    C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation.
    D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.

  • Question 98:

    About twice a year a switch fails in a company's network center. Under the maintenance contract, the switch would be replaced in two hours losing the business $1,000 per hour. The cost of a spare switch is $3,000 with a 12-hour delivery time and would eliminate downtime costs if purchased ahead of time. The maintenance contract is $1,500 per year.

    Which of the following is true in this scenario?

    A. It is more cost-effective to eliminate the maintenance contract and purchase a replacement upon failure.
    B. It is more cost-effective to purchase a spare switch prior to an outage and eliminate the maintenance contract.
    C. It is more cost-effective to keep the maintenance contract instead of purchasing a spare switch prior to an outage.
    D. It is more cost-effective to purchase a spare switch prior to an outage and keep the maintenance contract.

  • Question 99:

    A security administrator is investigating the compromise of a SCADA network that is not physically connected to any other network. Which of the following is the MOST likely cause of the compromise?

    A. Outdated antivirus definitions
    B. Insecure wireless
    C. Infected USB device
    D. SQL injection

  • Question 100:

    The Chief Information Security Officer (CISO) has just returned from attending a security conference and now wants to implement a Security Operations Center (SOC) to improve and coordinate the detection of unauthorized access to the enterprise. The CISO's biggest concern is the increased number of attacks that the current infrastructure cannot detect.

    Which of the following is MOST likely to be used in a SOC to address the CISO's concerns?

    A. DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC
    B. Forensics, White box testing, Log correlation, HIDS, and SSO
    C. Vulnerability assessments, NIDP, HIDS, SCAP, Analytics and SIEM
    D. eGRC, WIPS, Federated ID, Network enumerator, NIPS and Port Scanners

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.