CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 161:

    Drag and Drop the following information types on to the appropriate CIA category

    Select and Place:

  • Question 162:

    A security consultant is hired by a company to determine if an internally developed web application is vulnerable to attacks. The consultant spent two weeks testing the application, and determines that no vulnerabilities are present. Based on the results of the tools and tests available, which of the following statements BEST reflects the security status of the application?

    A. The company's software lifecycle management improved the security of the application.
    B. There are no vulnerabilities in the application.
    C. The company should deploy a web application firewall to ensure extra security.
    D. There are no known vulnerabilities at this time.

  • Question 163:

    Which of the following is a security advantage of single sign-on? (Select TWO).

    A. Users only have to remember one password.
    B. Applications need to validate authentication tokens.
    C. Authentication is secured by the certificate authority.
    D. Less time and complexity removing user access.
    E. All password transactions are encrypted.

  • Question 164:

    Company XYZ is selling its manufacturing business consisting of one plant to a competitor, Company QRS. All of the people will become QRS employees, but will retain permissions to plant-specific information and resources for one month. To ease the transition, Company QRS also connected the plant and employees to the Company QRS network.

    Which of the following threats is the HIGHEST risk to Company XYZ?

    A. Malware originating from Company XYZ's network
    B. Co-mingling of company networks
    C. Lack of an IPSec connection between the two networks
    D. Loss of proprietary plant information

  • Question 165:

    An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the vendor choices down to two platforms. The integrator chosen to assist the organization with the deployment has many clients running a mixture of the possible combinations of environments.

    Which of the following is the MOST comprehensive method for evaluating the two platforms?

    A. Benchmark each possible solution with the integrators existing client deployments.
    B. Develop testing criteria and evaluate each environment in-house.
    C. Run virtual test scenarios to validate the potential solutions.
    D. Use results from each vendor's test labs to determine adherence to project requirements.

  • Question 166:

    Within an organization, there is a known lack of governance for solution designs. As a result there are inconsistencies and varying levels of quality for the artifacts that are produced. Which of the following will help BEST improve this situation?

    A. Ensure that those producing solution artifacts are reminded at the next team meeting that quality is important.
    B. Introduce a peer review process that is mandatory before a document can be officially made final.
    C. Introduce a peer review and presentation process that includes a review board with representation from relevant disciplines.
    D. Ensure that appropriate representation from each relevant discipline approves of the solution documents before official approval.

  • Question 167:

    A company has been purchased by another agency and the new security architect has identified new security goals for the organization. The current location has video surveillance throughout the building and entryways. The following requirements must be met:

    1.

    Ability to log entry of all employees in and out of specific areas

    2.

    Access control into and out of all sensitive areas

    3.

    Two-factor authentication

    Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO).

    A. Proximity readers
    B. Visitor logs
    C. Biometric readers
    D. Motion detection sensors
    E. Mantrap

  • Question 168:

    An audit at a popular on-line shopping site reveals that a flaw in the website allows customers to purchase goods at a discounted rate. To improve security the Chief Information Security Officer (CISO) has requested that the web based shopping cart application undergo testing to validate user input in both free form text fields and drop down boxes.

    Which of the following is the BEST combination of tools and / or methods to use?

    A. Blackbox testing and fingerprinting
    B. Code review and packet analyzer
    C. Fuzzer and HTTP interceptor
    D. Enumerator and vulnerability assessment

  • Question 169:

    A company data center provides Internet based access to email and web services. The firewall is separated into four zones:

    RED ZONE is an Internet zone

    ORANGE ZONE a Web DMZ

    YELLOW ZONE an email DMZ

    GREEN ZONE is a management interface

    There are 15 email servers and 10 web servers. The data center administrator plugs a laptop into the management interface to make firewall changes. The administrator would like to secure this environment but has a limited budget.

    Assuming each addition is an appliance, which of the following would provide the MOST appropriate placement of security solutions while minimizing the expenses?

    A. RED ZONE: none ORANGE ZONE: WAF YELLOW ZONE: SPAM Filter GREEN ZONE: none
    B. RED ZONE: Virus Scanner, SPAM Filter ORANGE ZONE: NIPS YELLOW ZONE: NIPS GREEN ZONE: NIPS
    C. RED ZONE: WAF, Virus Scanner ORANGE ZONE: NIPS YELLOW ZONE: NIPS GREEN ZONE: SPAM Filter
    D. RED ZONE: NIPS ORANGE ZONE: WAF YELLOW ZONE: Virus Scanner, SPAM Filter GREEN ZONE: none

  • Question 170:

    The security administrator at a company has received a subpoena for the release of all the email received and sent by the company Chief Information Officer (CIO) for the past three years. The security administrator is only able to find one year's worth of email records on the server and is now concerned about the possible legal implications of not complying with the request.

    Which of the following should the security administrator check BEFORE responding to the request?

    A. The company data privacy policies
    B. The company backup logs and archives
    C. The company data retention policies and guidelines
    D. The company data retention procedures

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.