CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 141:

    A breach at a government agency resulted in the public release of top secret information. The Chief Information Security Officer has tasked a group of security professionals to deploy a system which will protect against such breaches in the future.

    Which of the following can the government agency deploy to meet future security needs?

    A. A DAC which enforces no read-up, a DAC which enforces no write-down, and a MAC which uses an access matrix.
    B. A MAC which enforces no write-up, a MAC which enforces no read-down, and a DAC which uses an ACL.
    C. A MAC which enforces no read-up, a MAC which enforces no write-down, and a DAC which uses an access matrix.
    D. A DAC which enforces no write-up, a DAC which enforces no read-down, and a MAC which uses an ACL.

  • Question 142:

    A company has decided to move to an agile software development methodology. The company gives all of its developers security training. After a year of agile, a management review finds that the number of items on a vulnerability scan has actually increased since the methodology change.

    Which of the following best practices has MOST likely been overlooked in the agile implementation?

    A. Penetration tests should be performed after each sprint.
    B. A security engineer should be paired with a developer during each cycle.
    C. The security requirements should be introduced during the implementation phase.
    D. The security requirements definition phase should be added to each sprint.

  • Question 143:

    Which of the following must be taken into consideration for e-discovery purposes when a legal case is first presented to a company?

    A. Data ownership on all files
    B. Data size on physical disks
    C. Data retention policies on only file servers
    D. Data recovery and storage

  • Question 144:

    A developer is coding the crypto routine of an application that will be installed on a standard headless and diskless server connected to a NAS housed in the datacenter. The developer has written the following six lines of code to add entropy to the routine:

    1 - If VIDEO input exists, use video data for entropy 2 - If AUDIO input exists, use audio data for entropy 3 - If MOUSE input exists, use mouse data for entropy 4 - IF KEYBOARD input exists, use keyboard data for entropy 5 - IF IDE input exists, use IDE data for entropy 6 - IF NETWORK input exists, use network data for entropy

    Which of the following lines of code will result in the STRONGEST seed when combined?

    A. 2 and 1
    B. 3 and 5
    C. 5 and 2
    D. 6 and 4

  • Question 145:

    Which of the following refers to programs running in an isolated space to run untested code and prevents the code from making permanent changes to the OS kernel and other data on the host machine?

    A. Input Validation
    B. Application hardening
    C. Code signing
    D. Application sandboxing

  • Question 146:

    Company A has experienced external attacks on their network and wants to minimize the attacks from reoccurring. Modify the network diagram to prevent SQL injections. XSS attacks, smurf attacks, e-mail spam, downloaded malware. viruses and ping attacks. The company can spend a MAXIMUM of 550.000 USD. A cost list for each item is listed below

    1. Anti-Virus Server- $10,000 2 Firewall-$15,000 3 Load Balanced Server - $10,000 4 NIDS/NIPS-$10,000

    5. Packet Analyzer-55.000 6 Patch Server-$15,000 7 Proxy Server-$20,000 8. Router - S10.000 9 Spam Filter - S5 000 10 Traffic Shaper - $20,000

    11. Web Application Firewall - $10,000

    Instructions: Not all placeholders in the diagram need to be filled and items can only be used once.

    Select and Place:

  • Question 147:

    Company XYZ is in negotiations to acquire Company ABC for $1.2millon. Due diligence activities have uncovered systemic security issues in the flagship product of Company ABC. It has been established that a complete product rewrite would be needed with average estimates indicating a cost of $1.6millon.

    Which of the following approaches should the risk manager of Company XYZ recommend?

    A. Transfer the risk
    B. Accept the risk
    C. Mitigate the risk
    D. Avoid the risk

  • Question 148:

    A large international business has completed the acquisition of a small business and it is now in the process of integrating the small business' IT department. Both parties have agreed that the large business will retain 95% of the smaller business' IT staff. Additionally, the larger business has a strong interest in specific processes that the smaller business has in place to handle its regional interests.

    Which of the following IT security related objectives should the small business' IT staff consider reviewing during the integration process? (Select TWO).

    A. How the large business operational procedures are implemented.
    B. The memorandum of understanding between the two businesses.
    C. New regulatory compliance requirements.
    D. Service level agreements between the small and the large business.
    E. The initial request for proposal drafted during the merger.
    F. The business continuity plan in place at the small business.

  • Question 149:

    The risk manager is reviewing a report which identifies a requirement to keep a business critical legacy system operational for the next two years. The legacy system is out of support because the vendor and security patches are no longer released. Additionally, this is a proprietary embedded system and little is documented and known about it.

    Which of the following should the Information Technology department implement to reduce the security risk from a compromise of this system?

    A. Virtualize the system and migrate it to a cloud provider.
    B. Segment the device on its own secure network.
    C. Install an antivirus and HIDS on the system.
    D. Hire developers to reduce vulnerabilities in the code.

  • Question 150:

    In order to reduce costs and improve employee satisfaction, a large corporation is creating a BYOD policy. It will allow access to email and remote connections to the corporate enterprise from personal devices; provided they are on an approved device list.

    Which of the following security measures would be MOST effective in securing the enterprise under the new policy? (Select TWO).

    A. Provide free email software for personal devices.
    B. Encrypt data in transit for remote access.
    C. Require smart card authentication for all devices
    D. Implement NAC to limit insecure devices access.
    E. Enable time of day restrictions for personal devices.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.