CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 181:

    A security manager has started a new job and has identified that a key application for a new client does not have an accreditation status and is currently not meeting the compliance requirement for the contract's SOW. The security manager has competing priorities and wants to resolve this issue quickly with a system determination and risk assessment.

    Which of the following approaches presents the MOST risk to the security assessment?

    A. The security manager reviews the system description for the previous accreditation, but does not review application change records.
    B. The security manager decides to use the previous SRTM without reviewing the system description.
    C. The security manager hires an administrator from the previous contract to complete the assessment.
    D. The security manager does not interview the vendor to determine if the system description is accurate.

  • Question 182:

    A new company requirement mandates the implementation of multi-factor authentication to access network resources. The security administrator was asked to research and implement the most cost-effective solution that would allow for the authentication of both hardware and users. The company wants to leverage the PKI infrastructure which is already well established.

    Which of the following solutions should the security administrator implement?

    A. Issue individual private/public key pairs to each user, install the private key on the central authentication system, and protect the private key with the user's credentials. Require each user to install the public key on their computer.
    B. Deploy USB fingerprint scanners on all desktops, and enable the fingerprint scanner on all laptops. Require all network users to register their fingerprint using the reader and store the information in the central authentication system.
    C. Issue each user one hardware token. Configure the token serial number in the user properties of the central authentication system for each user and require token authentication with PIN for network logon.
    D. Issue individual private/public key pairs to each user, install the public key on the central authentication system, and require each user to install the private key on their computer and protect it with a password.

  • Question 183:

    A security company is developing a new cloud-based log analytics platform. Its purpose is to allow:

    Customers to upload their log files to the "big data" platform Customers to perform remote log search Customers to integrate into the platform using an API so that third party business intelligence tools can be used for the purpose of trending,

    insights, and/or discovery

    Which of the following are the BEST security considerations to protect data from one customer being disclosed to other customers? (Select THREE).

    A. Secure storage and transmission of API keys
    B. Secure protocols for transmission of log files and search results
    C. At least two years retention of log files in case of e-discovery requests
    D. Multi-tenancy with RBAC support
    E. Sanitizing filters to prevent upload of sensitive log file contents
    F. Encrypted storage of all customer log files

  • Question 184:

    The IT department of a pharmaceutical research company is considering whether the company should allow or block access to social media websites during lunch time. The company is considering the possibility of allowing access only through the company's guest wireless network, which is logically separated from the internal research network. The company prohibits the use of personal devices; therefore, such access will take place from company owned laptops.

    Which of the following is the HIGHEST risk to the organization?

    A. Employee's professional reputation
    B. Intellectual property confidentiality loss
    C. Downloaded viruses on the company laptops
    D. Workstation compromise affecting availability

  • Question 185:

    A University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing.

    Which of the following is the BEST course of action?

    A. Notify the transaction system vendor of the security vulnerability that was discovered.
    B. Use a protocol analyzer to reverse engineer the transaction system's protocol.
    C. Contact the computer science students and threaten disciplinary action if they continue their actions.
    D. Install a NIDS in front of all the transaction system terminals.

  • Question 186:

    A data breach has occurred at Company A and as a result, the Chief Information Officer (CIO) has resigned. The CIO's laptop, cell phone and PC were all wiped of data per company policy. A month later, prosecutors in litigation with Company A suspect the CIO knew about the data breach long before it was discovered and have issued a subpoena requesting all the CIO's email from the last 12 months. The corporate retention policy recommends keeping data for no longer than 90 days.

    Which of the following should occur?

    A. Restore the CIO's email from an email server backup and provide the last 90 days from the date of the subpoena request.
    B. Inform the litigators that the CIOs information has been deleted as per corporate policy.
    C. Restore the CIO's email from an email server backup and provide the last 90 days from the date of the CIO resignation.
    D. Restore the CIO's email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date.

  • Question 187:

    The security administrator of a small private firm is researching and putting together a proposal to purchase an IPS to replace an existing IDS. A specific brand and model has been selected, but the security administrator needs to gather various cost information for that product.

    Which of the following documents would perform a cost analysis report and include information such as payment terms?

    A. RFI
    B. RTO
    C. RFQ
    D. RFC

  • Question 188:

    Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users?

    A. Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking.
    B. IPv6 networking, port security, full disk encryption, three-factor authentication, cloud based servers, and a cold site.
    C. Port security on switches, point to point VPN tunnels for user server connections, two-factor cryptographic authentication, physical locks, and a standby hot site.
    D. Port security on all switches, point to point VPN tunnels for user connections to servers, two- factor authentication, a sign-in roster, and a warm site.

  • Question 189:

    An IT administrator has been tasked by the Chief Executive Officer with implementing security using a single device based on the following requirements:

    1.

    Selective sandboxing of suspicious code to determine malicious intent.

    2.

    VoIP handling for SIP and H.323 connections.

    3.

    Block potentially unwanted applications.

    Which of the following devices would BEST meet all of these requirements?

    A. UTM
    B. HIDS
    C. NIDS
    D. WAF
    E. HSM

  • Question 190:

    A security administrator is conducting network forensic analysis of a recent defacement of the company's secure web payment server (HTTPS). The server was compromised around the New Year's holiday when all the company employees were off. The company's network diagram is summarized below:

    Internet

    Gateway Firewall

    IDS

    Web SSL Accelerator

    Web Server Farm

    Internal Firewall

    Company Internal Network

    The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm during the holiday.

    Which of the following is true?

    A. The security administrator should review the IDS logs to determine the source of the attack and the attack vector used to compromise the web server.
    B. The security administrator must correlate the external firewall logs with the intrusion detection system logs to determine what specific attack led to the web server compromise.
    C. The security administrator must reconfigure the network and place the IDS between the SSL accelerator and the server farm to be able to determine the cause of future attacks.
    D. The security administrator must correlate logs from all the devices in the network diagram to determine what specific attack led to the web server compromise.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.