CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 121:

    At one time, security architecture best practices led to networks with a limited number (1-3) of network access points. This restriction allowed for the concentration of security resources and resulted in a well defined attack surface. The introduction of wireless networks, highly portable network devices, and cloud service providers has rendered the network boundary and attack surface increasingly porous.

    This evolution of the security architecture has led to which of the following?

    A. Increased security capabilities, the same amount of security risks and a higher TCO but a smaller corporate datacenter on average.
    B. Increased business capabilities and increased security risks with a lower TCO and smaller physical footprint on the corporate network.
    C. Increased business capabilities and increased security risks with a higher TCO and a larger physical footprint.
    D. Decreased business capabilities and increased security risks with a lower TCO and increased logical footprint due to virtualization.

  • Question 122:

    Which of the following are components defined within an Enterprise Security Architecture Framework? (Select THREE).

    A. Implementation run-sheets
    B. Solution designs
    C. Business capabilities
    D. Solution architectures
    E. Business requirements documents
    F. Reference models
    G. Business cases
    H. Business vision and drivers

  • Question 123:

    Company XYZ provides residential television cable service across a large region. The company's board of directors is in the process of approving a deal with the following three companies:

    A National landline telephone provider

    A Regional wireless telephone provider

    An international Internet service provider The board of directors at Company XYZ wants to keep the companies and billing separated. While the Chief Information Officer (CIO) at Company XYZ is concerned about the confidentiality of Company XYZ's customer data and wants to share only minimal information about its customers for the purpose of accounting, billing, and

    customer authentication.

    The proposed solution must use open standards and must make it simple and seamless for Company XYZ's customers to receive all four services.

    Which of the following solutions is BEST suited for this scenario?

    A. All four companies must implement a TACACS+ web based single sign-on solution with associated captive portal technology.
    B. Company XYZ must implement VPN and strict access control to allow the other three companies to access the internal LDAP.
    C. Company XYZ needs to install the SP, while the partner companies need to install the WAYF portion of a Federated identity solution.
    D. Company XYZ needs to install the IdP, while the partner companies need to install the SP portion of a Federated identity solution.

  • Question 124:

    A security administrator has been conducting a security assessment of Company XYZ for the past two weeks. All of the penetration tests and other assessments have revealed zero flaws in the systems at Company XYZ. However, Company XYZ reports that it has been the victim of numerous security incidents in the past six months. In each of these incidents, the criminals have managed to exfiltrate large volumes of data from the secure servers at the company.

    Which of the following techniques should the investigation team consider in the next phase of their assessment in hopes of uncovering the attack vector the criminals used?

    A. Vulnerability assessment
    B. Code review
    C. Social engineering
    D. Reverse engineering

  • Question 125:

    A security code reviewer has been engaged to manually review a legacy application. A number of systemic issues have been uncovered relating to buffer overflows and format string vulnerabilities.

    The reviewer has advised that future software projects utilize managed code platforms if at all possible.

    Which of the following languages would suit this recommendation? (Select TWO).

    A. C
    B. C#
    C. C++
    D. Perl
    E. Java

  • Question 126:

    A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security items should the company have in place before implementation? (Select TWO).

    A. The company must dedicate specific staff to act as social media representatives of the company.
    B. All staff needs to be instructed in the proper use of social media in the work environment.
    C. Senior staff blogs should be ghost written by marketing professionals.
    D. The finance department must provide a cost benefit analysis for social media.
    E. The security policy needs to be reviewed to ensure that social media policy is properly implemented.
    F. The company should ensure that the company has sufficient bandwidth to allow for social media traffic.

  • Question 127:

    A security engineer wants to implement forward secrecy but still wants to ensure the number of requests handled by the web server is not drastically reduced due to the larger computational overheads. Browser compatibility is not a concern; however system performance is.

    Which of the following, when implemented, would BEST meet the engineer's requirements?

    A. DHE
    B. ECDHE
    C. AES128-SHA
    D. DH

  • Question 128:

    A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night.

    Which of the following presents the MOST risk to confidentiality in this scenario?

    A. Loss of physical control of the servers
    B. Distribution of the job to multiple data centers
    C. Network transmission of cryptographic keys
    D. Data scraped from the hardware platforms

  • Question 129:

    A process allows a LUN to be available to some hosts and unavailable to others. Which of the following causes such a process to become vulnerable?

    A. LUN masking
    B. Data injection
    C. Data fragmentation
    D. Moving the HBA

  • Question 130:

    A general insurance company wants to set up a new online business. The requirements are that the solution needs to be:

    Extendable for new products to be developed and added Externally facing for customers and business partners to login Usable and manageable

    Be able to integrate seamlessly with third parties for non core functions such as document printing

    Secure to protect customer's personal information and credit card information during transport and at rest

    The conceptual solution architecture has specified that the application will consist of a traditional three tiered architecture for the front end components, an ESB to provide services, data transformation capability and legacy system

    integration and a web services gateway.

    Which of the following security components will BEST meet the above requirements and fit into the solution architecture? (Select TWO).

    A. Implement WS-Security for services authentication and XACML for service authorization.
    B. Use end-to-end application level encryption to encrypt all fields and store them encrypted in the database.
    C. Implement a certificate based solution on a smart card in combination with a PIN to provide authentication and authorization of users.
    D. Implement WS-Security as a federated single sign-on solution for authentication authorization of users.
    E. Implement SSL encryption for all sensitive data flows and encryption of passwords of the data at rest.
    F. Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.