CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 351:

    A WAF without customization will protect the infrastructure from which of the following attack combinations?

    A. DDoS, DNS poisoning, Boink, Teardrop
    B. Reflective XSS, HTTP exhaustion, Teardrop
    C. SQL Injection, DOM based XSS, HTTP exhaustion
    D. SQL Injection, CSRF, Clickjacking

  • Question 352:

    A database is hosting information assets with a computed CIA aggregate value of high. The database is located within a secured network zone where there is flow control between the client and datacenter networks. Which of the following is the MOST likely threat?

    A. Inappropriate administrator access
    B. Malicious code
    C. Internal business fraud
    D. Regulatory compliance

  • Question 353:

    The audit department at a company requires proof of exploitation when conducting internal network penetration tests.

    Which of the following provides the MOST conclusive proof of compromise without further compromising the integrity of the system?

    A. Provide a list of grabbed service banners.
    B. Modify a file on the system and include the path in the test's report.
    C. Take a packet capture of the test activity.
    D. Add a new test user account on the system.

  • Question 354:

    A security administrator needs a secure computing solution to use for all of the company's security audit log storage, and to act as a central server to execute security functions from. Which of the following is the BEST option for the server in this scenario?

    A. A hardened Red Hat Enterprise Linux implementation running a software firewall
    B. Windows 7 with a secure domain policy and smartcard based authentication
    C. A hardened bastion host with a permit all policy implemented in a software firewall
    D. Solaris 10 with trusted extensions or SE Linux with a trusted policy

  • Question 355:

    The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company's contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO).

    A. Block traffic from the ISP's networks destined for blacklisted IPs.
    B. Prevent the ISP's customers from querying DNS servers other than those hosted by the ISP.
    C. Block traffic with a source IP not allocated to the ISP from exiting the ISP's network.
    D. Scan the ISP's customer networks using an up-to-date vulnerability scanner.
    E. Notify customers when services they run are involved in an attack.

  • Question 356:

    The security administrator finds unauthorized tables and records, which were not present before, on a Linux database server. The database server communicates only with one web server, which connects to the database server via an account with SELECT only privileges. Web server logs show the following:

    90.76.165.40 - [08/Mar/2014:10:54:04] "GET calendar.php?create%20table%20hidden HTTP/1.1" 200 5724 90.76.165.40 - [08/Mar/2014:10:54:05] "GET ../../../root/.bash_history HTTP/1.1" 200 5724 90.76.165.40 - [08/Mar/2014:10:54:04]

    "GET index.php? user= HTTP/1.1" 200 5724

    The security administrator also inspects the following file system locations on the database server using the command `ls -al /root' drwxrwxrwx 11 root root 4096 Sep 28 22:45 .

    drwxr-xr-x 25 root root 4096 Mar 8 09:30 ..

    -rws------ 25 root root 4096 Mar 8 09:30 .bash_history -rw------- 25 root root 4096 Mar 8 09:30 .bash_history -rw------- 25 root root 4096 Mar 8 09:30 .profile -rw------- 25 root root 4096 Mar 8 09:30 .ssh

    Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO).

    A. Privilege escalation
    B. Brute force attack
    C. SQL injection
    D. Cross-site scripting
    E. Using input validation, ensure the following characters are sanitized.
    F. Update crontab with: find / \( -perm -4000 \) type f print0 | xargs -0 ls l | email.sh
    G. Implement the following PHP directive: $clean_user_input = addslashes($user_input)
    H. Set an account lockout policy

  • Question 357:

    A company is evaluating a new marketing strategy involving the use of social networking sites to reach its customers. The marketing director wants to be able to report important company news, product updates, and special promotions on the

    social websites.

    After an initial and successful pilot period, other departments want to use the social websites to post their updates as well.

    The Chief Information Officer (CIO) has asked the company security administrator to document three negative security impacts of allowing IT staff to post work related information on such websites.

    Which of the following are the major risks the security administrator should report back to the CIO? (Select THREE).

    A. Brute force attacks
    B. Malware infection
    C. DDOS attacks
    D. Phishing attacks
    E. SQL injection attacks
    F. Social engineering attacks

  • Question 358:

    A corporation has Research and Development (RandD) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department objectives. The corporation's Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does not want to increase the hardware footprint within the datacenter.

    Which of the following should the ISO consider to provide the independent functionality required by each department's IT teams?

    A. Put both departments behind the firewall and assign administrative control for each department to the corporate firewall.
    B. Provide each department with a virtual firewall and assign administrative control to the physical firewall.
    C. Put both departments behind the firewall and incorporate restrictive controls on each department's network.
    D. Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device.

  • Question 359:

    For companies seeking to move to cloud services, variances in regulation between jurisdictions can be addressed in which of the following ways?

    A. Ensuring the cloud service provides high availability spanning multiple regions.
    B. Using an international private cloud model as opposed to public IaaS.
    C. Encrypting all data moved to or processed in a cloud-based service.
    D. Tagging VMs to ensure they are only run in certain geographic regions.

  • Question 360:

    An administrator receives reports that the network is running slow for users connected to a certain switch. Viewing the network traffic, the administrator reviews the following:

    18:51:59.042108 IP linuxwksta.55467 > dns.company.com.domain: 39462+ PTR? 222.17.4.10.in-addr.arpa. (42)

    18:51:59.055732 IP dns.company.com.domain > linuxwksta.55467: 39462 NXDomain 0/0/0 (42)

    18:51:59.055842 IP linuxwksta.48287 > dns.company.com.domain: 46767+ PTR? 255.19.4.10.in-addr.arpa. (42)

    18:51:59.069816 IP dns.company.com.domain > linuxwksta.48287: 46767 NXDomain 0/0/0 (42)

    18:51:59.159060 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [P.], seq 1989625106:1989625154, ack 2067334822, win 1525, options [nop,nop,TS val 16021424 ecr 215646227], length 48

    18:51:59.159145 IP linuxwksta.48854 > dns.company.com.domain: 3834+ PTR? 72.17.4.10.in- addr.arpa. (41)

    18:51:59.159314 IP 10.4.17.72.iscsi-target > linuxwksta.42491: Flags [P.], seq 1:49, ack 48, win 124, options [nop,nop,TS val 215647479 ecr 16021424], length

    18:51:59.159330 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [.], ack 49, win 1525, options [nop,nop,TS val 16021424 ecr 215647479], length 0

    18:51:59.165342 IP dns.company.com.domain > linuxwksta.48854: 3834 NXDomain 0/0/0 (41)

    18:51:59.397461 ARP, Request who-has 10.4.16.58 tell 10.4.16.1, length 46

    18:51:59.397597 IP linuxwksta.37684 > dns.company.com.domain: 15022+ PTR? 58.16.4.10.in- addr.arpa. (41)

    Given the traffic report, which of the following is MOST likely causing the slow traffic?

    A. DNS poisoning
    B. Improper network zoning
    C. ARP poisoning
    D. Improper LUN masking

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.