CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 271:

    A security manager is collecting RFQ, RFP, and RFI publications to help identify the technology trends which a government will be moving towards in the future. This information is available to the public. By consolidating the information, the security manager will be able to combine several perspectives into a broader view of technology trends.

    This is an example of which of the following? (Select TWO).

    A. Supervisory control and data acquisition
    B. Espionage
    C. Hacktivism
    D. Data aggregation
    E. Universal description discovery and integration
    F. Open source intelligence gathering

  • Question 272:

    A bank provides single sign on services between its internally hosted applications and externally hosted CRM. The following sequence of events occurs:

    1.

    The banker accesses the CRM system, a redirect is performed back to the organization's internal systems.

    2.

    A lookup is performed of the identity and a token is generated, signed and encrypted.

    3.

    A redirect is performed back to the CRM system with the token.

    4.

    The CRM system validates the integrity of the payload, extracts the identity and performs a lookup.

    5.

    If the banker is not in the system and automated provisioning request occurs.

    6.

    The banker is authenticated and authorized and can access the system. This is an example of which of the following?

    A. Service provider initiated SAML 2.0
    B. Identity provider initiated SAML 1.0
    C. OpenID federated single sign on
    D. Service provider initiated SAML 1.1

  • Question 273:

    Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices.

    Which of the following should Ann implement to stop modified copies of her software form running on mobile devices?

    A. Single sign-on
    B. Identity propagation
    C. Remote attestation
    D. Secure code review

  • Question 274:

    A network administrator notices a security intrusion on the web server.

    Which of the following is noticed by http://test.com/modules.php? op=modloadandname=XForumandfile=[hostilejavascript]andfid=2 in the log file?

    A. Buffer overflow
    B. Click jacking
    C. SQL injection
    D. XSS attack

  • Question 275:

    Virtual hosts with different security requirements should be:

    A. encrypted with a one-time password.
    B. stored on separate physical hosts.
    C. moved to the cloud.
    D. scanned for vulnerabilities regularly.

  • Question 276:

    Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. Ann has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level.

    Which of the following should Ann suggest to BEST secure this environment?

    A. Create an IP camera network and deploy NIPS to prevent unauthorized access.
    B. Create an IP camera network and only allow SSL access to the cameras.
    C. Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.
    D. Create an IP camera network and restrict access to cameras from a single management host.

  • Question 277:

    Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to avoid a large investment in computing resources which will only be used for a short time.

    Assuming the provisioned resources are dedicated to a single company, which of the following is the MAIN vulnerability associated with on-demand provisioning?

    A. Traces of proprietary data which can remain on the virtual machine and be exploited
    B. Remnants of network data from prior customers on the physical servers during a compute job
    C. Exposure of proprietary data when in-transit to the cloud provider through IPSec tunnels
    D. Failure of the de-provisioning mechanism resulting in excessive charges for the resources

  • Question 278:

    A security architect is locked into a given cryptographic design based on the allowable software at the company. The key length for applications is already fixed as is the cipher and algorithm in use. The security architect advocates for the use of well-randomized keys as a mitigation to brute force and rainbow attacks.

    Which of the following is the security architect trying to increase in the design?

    A. Key stretching
    B. Availability
    C. Entropy
    D. Root of trust
    E. Integrity

  • Question 279:

    An Association is preparing to upgrade their firewalls at five locations around the United States. Each of the three vendor's RFP responses is in-line with the security and other requirements. Which of the following should the security administrator do to ensure the firewall platform is appropriate for the Association?

    A. Correlate current industry research with the RFP responses to ensure validity.
    B. Create a lab environment to evaluate each of the three firewall platforms.
    C. Benchmark each firewall platform's capabilities and experiences with similar sized companies.
    D. Develop criteria and rate each firewall platform based on information in the RFP responses.

  • Question 280:

    A company has decided to use the SDLC for the creation and production of a new information system. The security administrator is training all users on how to protect company information while using the new system, along with being able to recognize social engineering attacks. Senior Management must also formally approve of the system prior to it going live.

    In which of the following phases would these security controls take place?

    A. Operations and Maintenance
    B. Implementation
    C. Acquisition and Development
    D. Initiation

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.