CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 241:

    Which of the following is the BEST place to contractually document security priorities, responsibilities, guarantees, and warranties when dealing with outsourcing providers?

    A. NDA
    B. OLA
    C. MOU
    D. SLA

  • Question 242:

    Which of the following is an example of single sign-on?

    A. An administrator manages multiple platforms with the same username and hardware token. The same username and token is used across all the platforms.
    B. Multiple applications have been integrated with a centralized LDAP directory for authentication and authorization. A user has to authenticate each time the user accesses an application.
    C. A password is synchronized between multiple platforms and the user is required to authenticate with the same password across each platform.
    D. A web access control infrastructure performs authentication and passes attributes in a HTTP header to multiple applications.

  • Question 243:

    After being informed that the company DNS is unresponsive, the system administrator issues the following command from a Linux workstation:

    SSH p 2020 -l user dnsserver.company.com

    Once at the command prompt, the administrator issues the below commanD.

    Service bind restart

    The system returns the below response:

    Unable to restart BIND

    Which of the following is true about the above situation?

    A. The administrator must use the sudo command in order to restart the service.
    B. The administrator used the wrong SSH port to restart the DNS server.
    C. The service was restarted correctly, but it failed to bind to the network interface.
    D. The service did not restart because the bind command is privileged.

  • Question 244:

    A security administrator was recently hired in a start-up company to represent the interest of security and to assist the network team in improving security in the company. The sales team is continuously contacting the security administrator to answer security questions posed by potential customers/clients.

    Which of the following is the BEST strategy to minimize the frequency of these requests?

    A. Request the major stakeholder hire a security liaison to assist the sales team with security- related questions.
    B. Train the sales team about basic security, and make them aware of the security policies and procedures of the company.
    C. The job description of the security administrator is to assist the sales team; thus the process should not be changed.
    D. Compile a list of the questions, develop an FAQ on the website, and train the sales team about basic security concepts.

  • Question 245:

    A trust relationship has been established between two organizations with web based services. One organization is acting as the Requesting Authority (RA) and the other acts as the Provisioning Service Provider (PSP). Which of the following is correct about the trust relationship?

    A. The trust relationship uses SAML in the SOAP header. The SOAP body transports the SPML requests / responses.
    B. The trust relationship uses XACML in the SAML header. The SAML body transports the SOAP requests / responses.
    C. The trust relationship uses SPML in the SOAP header. The SOAP body transports the SAML requests / responses.
    D. The trust relationship uses SPML in the SAML header. The SAML body transports the SPML requests / responses.

  • Question 246:

    A healthcare company recently purchased the building next door located on the same campus. The building previously did not have any IT infrastructure. The building manager has selected four potential locations to place IT equipment consisting of a half height open server rack with five switches, a router, a firewall, and two servers. Given the descriptions below, where would the security engineer MOST likely recommend placing the rack? The Boiler Room: The rack can be placed 5 feet (1.5 meters) up on the wall, between the second and third boiler. The room is locked and only maintenance has access to it. The Reception AreA. The reception area is an open area right as customers enter. There is a closet 5 feet by 5 feet (1.5 meters by 1.5 meters) that the rack will be placed in with floor mounts. There is a 3 digit PIN lock that the receptionist sets. The Rehabilitation AreA. The rack needs to be out of the way from patients using the whirlpool bath, so it will be wall mounted 8 feet (2.4 meters) up as the area has high ceilings. The rehab area is staffed full time and admittance is by key card only. The Finance AreA. There is an unused office in the corner of the area that can be used for the server rack. The rack will be floor mounted. The finance area is locked and alarmed at night.

    A. The Rehabilitation Area
    B. The Reception Area
    C. The Boiler Room
    D. The Finance Area

  • Question 247:

    An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers. Which of the following are management challenges and risks associated with this style of technology lifecycle management?

    A. Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks on old hardware.
    B. Increased mean time to failure rate of legacy servers, OS variances, patch availability, and ability to restore to dissimilar hardware.
    C. OS end-of-support issues, ability to backup data, hardware parts availability, and firmware update availability and management.
    D. Inability to use virtualization, trusted OS complexities, and multiple patch versions based on OS dependency.

  • Question 248:

    The Chief Executive Officer (CEO) has asked a security project manager to provide recommendations on the breakout of tasks for the development of a new product. The CEO thinks that by assigning areas of work appropriately the overall

    security of the product will be increased, because staff will focus on their areas of expertise.

    Given the below groups and tasks select the BEST list of assignments.

    Groups: Networks, Development, Project Management, Security, Systems Engineering, Testing Tasks: Decomposing requirements, Secure coding standards, Code stability, Functional validation, Stakeholder engagement, Secure transport

    A. Systems Engineering. Decomposing requirements Development: Secure coding standards Testing. Code stability Project Management: Stakeholder engagement Security: Secure transport Networks: Functional validation
    B. Systems Engineering. Decomposing requirements Development: Code stability Testing. Functional validation Project Management: Stakeholder engagement Security: Secure coding standards Networks: Secure transport
    C. Systems Engineering. Functional validation Development: Stakeholder engagement Testing. Code stability Project Management: Decomposing requirements Security: Secure coding standards Networks: Secure transport
    D. Systems Engineering. Decomposing requirements Development: Stakeholder engagement Testing. Code stability Project Management: Functional validation Security: Secure coding standards Networks: Secure transport

  • Question 249:

    A Security Administrator has some concerns about the confidentiality of data when using SOAP. Which of the following BEST describes the Security Administrator's concerns?

    A. The SOAP header is not encrypted and allows intermediaries to view the header data. The body can be partially or completely encrypted.
    B. The SOAP protocol supports weak hashing of header information. As a result the header and body can easily be deciphered by brute force tools.
    C. The SOAP protocol can be easily tampered with, even though the header is encrypted.
    D. The SOAP protocol does not support body or header encryption which allows assertions to be viewed in clear text by intermediaries.

  • Question 250:

    A team is established to create a secure connection between software packages in order to list employee's remaining or unused benefits on their paycheck stubs. Which of the following business roles would be MOST effective on this team?

    A. Network Administrator, Database Administrator, Programmers
    B. Network Administrator, Emergency Response Team, Human Resources
    C. Finance Officer, Human Resources, Security Administrator
    D. Database Administrator, Facilities Manager, Physical Security Manager

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.