CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 191:

    Warehouse users are reporting performance issues at the end of each month when trying to access cloud applications to complete their end of the month financial reports. They have no problem accessing those applications at the beginning of the month.

    Network information:

    DMZ network 192.168.5.0/24 VPN network 192.168.1.0/24 Datacenter 192.168.2.0/24 User network - 192.168.3.0/24 HR network 192.168.4.0/24 Warehouse network 192.168.6.0/24 Finance network 192.168.7.0/24

    Traffic shaper configuration:

    VLAN Bandwidth limit (Mbps) VPN 50 User 175 HR 220 Finance 230 Warehouse 75 Guest 50

    External firewall allows all networks to access the Internet. Internal Firewall Rules:

    Action Source Destination Permit 192.168.1.0/24 192.168.2.0/24 Permit 192.168.1.0/24 192.168.3.0/24 Permit 192.168.1.0/24 192.168.5.0/24 Permit 192.168.2.0/24 192.168.1.0/24 Permit 192.168.3.0/24 192.168.1.0/24 Permit 192.168.5.0/24 192.168.1.0/24 Permit 192.168.4.0/24 192.168.7.0/24 Permit 192.168.7.0/24 192.168.4.0/24 Permit 192.168.7.0/24 any Deny 192.168.4.0/24 any Deny 192.168.1.0/24 192.168.4.0/24 Deny any any

    Which of the following restrictions is the MOST likely cause?

    A. Bandwidth limit on the traffic shaper for the finance department
    B. Proxy server preventing the warehouse from accessing cloud applications
    C. Deny statements in the firewall for the warehouse network
    D. Bandwidth limit on the traffic shaper for the warehouse department

  • Question 192:

    A company has recently implemented a video conference solution that uses the H.323 protocol. The security engineer is asked to make recommendations on how to secure video conferences to protect confidentiality. Which of the following should the security engineer recommend?

    A. Implement H.235 extensions with DES to secure the audio and video transport.
    B. Recommend moving to SIP and RTP as those protocols are inherently secure.
    C. Recommend implementing G.711 for the audio channel and H.264 for the video.
    D. Encapsulate the audio channel in the G.711 codec rather than the unsecured Speex.

  • Question 193:

    Due to cost and implementation time pressures, a security architect has allowed a NAS to be used instead of a SAN for a non-critical, low volume database.

    Which of the following would make a NAS unsuitable for a business critical, high volume database application that required a high degree of data confidentiality and data availability? (Select THREE).

    A. File level transfer of data
    B. Zoning and LUN security
    C. Block level transfer of data
    D. Multipath
    E. Broadcast storms
    F. File level encryption
    G. Latency

  • Question 194:

    Company ABC's SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN?

    A. Enable multipath to increase availability
    B. Enable deduplication on the storage pools
    C. Implement snapshots to reduce virtual disk size
    D. Implement replication to offsite datacenter

  • Question 195:

    Which of the following authentication types is used primarily to authenticate users through the use of tickets?

    A. LDAP
    B. RADIUS
    C. TACACS+
    D. Kerberos

  • Question 196:

    The Chief Information Officer (CIO) is focused on improving IT governance within the organization to reduce system downtime. The CIO has mandated that the following improvements be implemented:

    -All business units must now identify IT risks and include them in their business risk profiles.

    -Key controls must be identified and monitored.

    -Incidents and events must be recorded and reported with management oversight.

    -Exemptions to the information security policy must be formally recorded, approved, and managed.

    -IT strategy will be reviewed to ensure it is aligned with the businesses strategy and objectives.

    In addition to the above, which of the following would BEST help the CIO meet the requirements?

    A. Establish a register of core systems and identify technical service owners
    B. Establish a formal change management process
    C. Develop a security requirement traceability matrix
    D. Document legacy systems to be decommissioned and the disposal process

  • Question 197:

    Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process?

    A. Collection, Identification, Preservation, Examination, Analysis, Presentation.
    B. Identification, Preservation, Collection, Examination, Analysis, Presentation.
    C. Collection, Preservation, Examination, Identification, Analysis, Presentation.
    D. Identification, Examination, Preservation, Collection, Analysis, Presentation.

  • Question 198:

    A network security engineer would like to allow authorized groups to access network devices with a shell restricted to only show information while still authenticating the administrator's group to an unrestricted shell. Which of the following can be configured to authenticate and enforce these shell restrictions? (Select TWO).

    A. Single Sign On
    B. Active Directory
    C. Kerberos
    D. NIS+
    E. RADIUS
    F. TACACS+

  • Question 199:

    Company A needs to export sensitive data from its financial system to company B's database, using company B's API in an automated manner. Company A's policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company A's financial system and company B's destination server using the supplied API. Additionally, company A's legacy financial software does not support encryption, while company B's API supports encryption.

    Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?

    A. Company A must install an SSL tunneling service on the financial system.
    B. Company A's security administrator should use an HTTPS capable browser to transfer the data.
    C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.
    D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls.

  • Question 200:

    A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure. Which of the following security goals does this meet? (Select TWO).

    A. Availability
    B. Authentication
    C. Integrity
    D. Confidentiality
    E. Encryption

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.