CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 321:

    SIMULATION An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. Instructions The last install that is completed will be the final submission

  • Question 322:

    Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international standards. He has recommended that the company use his cryptographic method.

    Which of the following methodologies should be adopted?

    A. The company should develop an in-house solution and keep the algorithm a secret.
    B. The company should use the CEO's encryption scheme.
    C. The company should use a mixture of both systems to meet minimum standards.
    D. The company should use the method recommended by other respected information security organizations.

  • Question 323:

    A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seems to be a manageable volume of infrequently exploited security vulnerabilities.

    The likelihood of a malicious attacker exploiting one of the vulnerabilities is low; however, the director still has some reservations about approving the system because of which of the following?

    A. The resulting impact of even one attack being realized might cripple the company financially.
    B. Government health care regulations for the pharmaceutical industry prevent the director from approving a system with vulnerabilities.
    C. The director is new and is being rushed to approve a project before an adequate assessment has been performed.
    D. The director should be uncomfortable accepting any security vulnerabilities and should find time to correct them before the system is deployed.

  • Question 324:

    A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re- usable patterns into account.

    Which of the following would BEST help to achieve these objectives?

    A. Construct a library of re-usable security patterns
    B. Construct a security control library
    C. Introduce an ESA framework
    D. Include SRTM in the SDLC

  • Question 325:

    Two storage administrators are discussing which SAN configurations will offer the MOST confidentiality. Which of the following configurations would the administrators use? (Select TWO).

    A. Deduplication
    B. Zoning
    C. Snapshots
    D. Multipathing
    E. LUN masking

  • Question 326:

    On Monday, the Chief Information Officer (CIO) of a state agency received an e-discovery request for the release of all emails sent and received by the agency board of directors for the past five years. The CIO has contacted the email administrator and asked the administrator to provide the requested information by end of day on Friday.

    Which of the following has the GREATEST impact on the ability to fulfill the e-discovery request?

    A. Data retention policy
    B. Backup software and hardware
    C. Email encryption software
    D. Data recovery procedures

  • Question 327:

    A security manager is concerned about performance and patch management, and, as a result, wants to implement a virtualization strategy to avoid potential future OS vulnerabilities in the host system. The IT manager wants a strategy that would provide the hypervisor with direct communications with the underlying physical hardware allowing the hardware resources to be paravirtualized and delivered to the guest machines.

    Which of the following recommendations from the server administrator BEST meets the IT and security managers' requirements? (Select TWO).

    A. Nested virtualized hypervisors
    B. Type 1 hypervisor
    C. Hosted hypervisor with a three layer software stack
    D. Type 2 hypervisor
    E. Bare metal hypervisor with a software stack of two layers

  • Question 328:

    A company receives a subpoena for email that is four years old.

    Which of the following should the company consult to determine if it can provide the email in question?

    A. Data retention policy
    B. Business continuity plan
    C. Backup and archive processes
    D. Electronic inventory

  • Question 329:

    An administrator wants to virtualize the company's web servers, application servers, and database servers. Which of the following should be done to secure the virtual host machines? (Select TWO).

    A. Establish VLANs for each virtual guest's NIC on the virtual switch.
    B. Enable virtual switch layer 2 security precautions.
    C. Only access hosts through a secure management interface.
    D. Distribute guests to hosts by application role or trust zone.
    E. Restrict physical and network access to the host console.

  • Question 330:

    A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant affect on overall availability.

    Which of the following would be the FIRST process to perform as a result of these findings?

    A. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.
    B. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.
    C. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.
    D. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.