CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 331:

    An organization must comply with a new regulation that requires the organization to determine if an external attacker is able to gain access to its systems from outside the network. Which of the following should the company conduct to meet the regulation's criteria?

    A. Conduct a compliance review
    B. Conduct a vulnerability assessment
    C. Conduct a black box penetration test
    D. Conduct a full system audit

  • Question 332:

    Company XYZ has invested an increasing amount in security due to the changing threat landscape. The company is going through a cost cutting exercise and the Chief Financial Officer (CFO) has queried the security budget allocated to the Chief Information Security Officer (CISO). At the same time, the CISO is actively promoting business cases for additional funding to support new initiatives. These initiatives will mitigate several security incidents that have occurred due to ineffective controls.

    A security advisor is engaged to assess the current controls framework and to provide recommendations on whether preventative, detective, or corrective controls should be implemented. How should the security advisor respond when explaining which controls to implement?

    A. Preventative controls are useful before an event occurs, detective controls are useful during an event, and corrective controls are useful after an event has occurred. A combination of controls can be used.
    B. Corrective controls are more costly to implement, but are only needed for real attacks or high value assets; therefore, controls should only be put in place after a real attack has occurred.
    C. Detective controls are less costly to implement than preventative controls; therefore, they should be encouraged wherever possible. Corrective controls are used during an event or security incident. Preventative controls are hard to achieve in practice due to current market offerings.
    D. Always advise the use of preventative controls as this will prevent security incidents from occurring in the first place. Detective and corrective controls are redundant compensating controls and are not required if preventative controls are implemented.

  • Question 333:

    When Company A and Company B merged, the network security administrator for Company A was tasked with joining the two networks. Which of the following should be done FIRST?

    A. Implement a unified IPv6 addressing scheme on the entire network.
    B. Conduct a penetration test of Company B's network.
    C. Perform a vulnerability assessment on Company B's network.
    D. Perform a peer code review on Company B's application.

  • Question 334:

    A bank now has a major initiative to virtualize as many servers as possible, due to power and rack space capacity at both data centers. The bank has prioritized by virtualizing older servers first as the hardware is nearing end-of-life. The two initial migrations include:

    Windows 2000 hosts: domain controllers and front-facing web servers

    RHEL3 hosts: front-facing web servers

    Which of the following should the security consultant recommend based on best practices?

    A. One data center should host virtualized web servers and the second data center should host the virtualized domain controllers.
    B. One virtual environment should be present at each data center, each housing a combination of the converted Windows 2000 and RHEL3 virtual machines.
    C. Each data center should contain one virtual environment for the web servers and another virtual environment for the domain controllers.
    D. Each data center should contain one virtual environment housing converted Windows 2000 virtual machines and converted RHEL3 virtual machines.

  • Question 335:

    A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applications' compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings.

    If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted? (Select TWO).

    A. Establish the security control baseline to be assessed
    B. Build the application according to software development security standards
    C. Write the systems functionality requirements into the security requirements traceability matrix
    D. Review the results of user acceptance testing
    E. Categorize the applications according to use
    F. Consult with the stakeholders to determine which standards can be omitted

  • Question 336:

    After a recent outbreak of malware attacks, the Chief Information Officer (CIO) tasks the new security manager with determining how to keep these attacks from reoccurring. The company has a standard image for all laptops/workstations and uses a host-based firewall and anti-virus.

    Which of the following should the security manager suggest to INCREASE each system's security level?

    A. Upgrade all system's to use a HIPS and require daily anti-virus scans.
    B. Conduct a vulnerability assessment of the standard image and remediate findings.
    C. Upgrade the existing NIDS to NIPS and deploy the system across all network segments.
    D. Rebuild the standard image and require daily anti-virus scans of all PCs and laptops.

  • Question 337:

    An online banking application has had its source code updated and is soon to be re-launched. The underlying infrastructure has not been changed. In order to ensure that the application has an appropriate security posture, several security-related activities are required.

    Which of the following security activities should be performed to provide an appropriate level of security testing coverage? (Select TWO).

    A. Penetration test across the application with accounts of varying access levels (i.e. non- authenticated, authenticated, and administrative users).
    B. Code review across critical modules to ensure that security defects, Trojans, and backdoors are not present.
    C. Vulnerability assessment across all of the online banking servers to ascertain host and container configuration lock-down and patch levels.
    D. Fingerprinting across all of the online banking servers to ascertain open ports and services.
    E. Black box code review across the entire code base to ensure that there are no security defects present.

  • Question 338:

    In a SPML exchange, which of the following BEST describes the three primary roles?

    A. The Provisioning Service Target (PST) entity makes the provisioning request, the Provisioning Service Provider (PSP) responds to the PST requests, and the Provisioning Service Target (PST) performs the provisioning.
    B. The Provisioning Service Provider (PSP) entity makes the provisioning request, the Provisioning Service Target (PST) responds to the PSP requests, and the Provisioning Service Provider (PSP) performs the provisioning.
    C. The Request Authority (RA) entity makes the provisioning request, the Provisioning Service Target (PST) responds to the RA requests, and the Provisioning Service Provider (PSP) performs the provisioning.
    D. The Request Authority (RA) entity makes the provisioning request, the Provisioning Service Provider (PSP) responds to the RA requests, and the Provisioning Service Target (PST) performs the provisioning.

  • Question 339:

    A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank's share price decreasing in value by 50% and regulatory intervention and monitoring. The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues.

    The business has specified that the solution needs to be enterprise grade and meet the following requirements:

    Be across all major platforms, applications and infrastructure.

    Be able to track user and administrator activity.

    Does not significantly degrade the performance of production platforms, applications, and infrastructures.

    Real time incident reporting.

    Manageable and has meaningful information.

    Business units are able to generate reports in a timely manner of the unit's system assets.

    In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE).

    A. Implement a security operations center to provide real time monitoring and incident response with self service reporting capability.
    B. Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms, applications, and infrastructure.
    C. Implement a security operations center to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capability.
    D. Ensure that the network operations center has the tools to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capabilities.
    E. Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures.
    F. Ensure appropriate auditing is enabled to capture the required information.
    G. Manually pull the logs from the major platforms, applications, and infrastructures to a central secure server.

  • Question 340:

    Corporate policy states that the systems administrator should not be present during system audits. The security policy that states this is:

    A. Separation of duties.
    B. Mandatory vacation.
    C. Non-disclosure agreement.
    D. Least privilege.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.