CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 231:

    An administrator's company has recently had to reduce the number of Tier 3 help desk technicians available to support enterprise service requests. As a result, configuration standards have declined as administrators develop scripts to troubleshoot and fix customer issues. The administrator has observed that several default configurations have not been fixed through applied group policy or configured in the baseline.

    Which of the following are controls the administrator should recommend to the organization's security manager to prevent an authorized user from conducting internal reconnaissance on the organization's network? (Select THREE).

    A. Network file system
    B. Disable command execution
    C. Port security
    D. TLS
    E. Search engine reconnaissance
    F. NIDS
    G. BIOS security
    H. HIDS
    I. IdM

  • Question 232:

    Which of the following are security components provided by an application security library or framework? (Select THREE).

    A. Authorization database
    B. Fault injection
    C. Input validation
    D. Secure logging
    E. Directory services
    F. Encryption and decryption

  • Question 233:

    An IT administrator wants to restrict DNS zone transfers between two geographically dispersed, external company DNS name servers, and has decided to use TSIG. Which of the following are critical when using TSIG? (Select TWO).

    A. Periodic key changes once the initial keys are established between the DNS name servers.
    B. Secure exchange of the key values between the two DNS name servers.
    C. A secure NTP source used by both DNS name servers to avoid message rejection.
    D. DNS configuration files on both DNS name servers must be identically encrypted.
    E. AES encryption with a SHA1 hash must be used to encrypt the configuration files on both DNS name servers.

  • Question 234:

    A company has a legacy virtual cluster which was added to the datacenter after a small company was acquired. All VMs on the cluster use the same virtual network interface to connect to the corporate data center LAN. Some of the virtual machines on the cluster process customer data, some process company financial data, and others act as externally facing web servers.

    Which of the following security risks can result from the configuration in this scenario?

    A. Visibility on the traffic between the virtual machines can impact confidentiality
    B. NIC utilization can exceed 50 percent and impact availability
    C. Shared virtual switches can negatively impact the integrity of network packets
    D. Additional overhead from network bridging can affect availability

  • Question 235:

    Company XYZ recently acquired a manufacturing plant from Company ABC which uses a different manufacturing ICS platform. Company XYZ has strict ICS security regulations while Company ABC does not. Which of the following approaches would the network security administrator for Company XYZ MOST likely proceed with to integrate the new manufacturing plant?

    A. Conduct a network vulnerability assessment of acquired plant ICS platform and correct all identified flaws during integration.
    B. Convert the acquired plant ICS platform to the Company XYZ standard ICS platform solely to eliminate potential regulatory conflicts.
    C. Conduct a risk assessment of the acquired plant ICS platform and implement any necessary or required controls during integration.
    D. Require Company ABC to bring their ICS platform into regulatory compliance prior to integrating the new plant into Company XYZ's network.

  • Question 236:

    A security administrator was doing a packet capture and noticed a system communicating with an address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network. Which of the following is the BEST course of action?

    A. Investigate the network traffic and block UDP port 3544 at the firewall
    B. Remove the system from the network and disable IPv6 at the router
    C. Locate and remove the unauthorized 6to4 relay from the network
    D. Disable the switch port and block the 2001::/32 traffic at the firewall

  • Question 237:

    An administrator is reviewing logs and sees the following entry:

    Message: Access denied with code 403 (phase 2). Pattern match "\bunion\b.{1,100}?\bselect\b" at ARGS:$id. [data "union all select"] [severity "CRITICAL"] [tag "WEB_ATTACK"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] Action: Intercepted (phase 2) Apache-Handler: php5- script Which of the following attacks was being attempted?

    A. Session hijacking
    B. Cross-site script
    C. SQL injection
    D. Buffer overflow

  • Question 238:

    A systems administrator establishes a CIFS share on a Unix device to share data to windows systems. The security authentication on the windows domain is set to the highest level. Windows users are stating that they cannot authenticate to the Unix share.

    Which of the following settings on the Unix server is the cause of this problem?

    A. Refuse LM and only accept NTLMv2
    B. Accept only LM
    C. Refuse NTLMv2 and accept LM
    D. Accept only NTLM

  • Question 239:

    A business is currently in the process of upgrading its network infrastructure to accommodate a personnel growth of over fifty percent within the next six months. All preliminary planning has been completed and a risk assessment plan is being adopted to decide which security controls to put in place throughout each phase.

    Which of the following risk responses is MOST likely being considered if the business is creating an SLA with a third party?

    A. Accepting risk
    B. Mitigating risk
    C. Identifying risk
    D. Transferring risk

  • Question 240:

    A security researcher is about to evaluate a new secure VoIP routing appliance. The appliance manufacturer claims the new device is hardened against all known attacks and several un- disclosed zero day exploits. The code base used for the device is a combination of compiled C and TC/TKL scripts.

    Which of the following methods should the security research use to enumerate the ports and protocols in use by the appliance?

    A. Device fingerprinting
    B. Switchport analyzer
    C. Grey box testing
    D. Penetration testing

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.