CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 31:

    Company XYZ provides cable television service to several regional areas. They are currently installing fiber-to-the-home in many areas with hopes of also providing telephone and Internet services. The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. The board of directors wishes to keep the subsidiaries separate from the parent company. However all three companies must share customer data for the purposes of accounting, billing, and customer authentication. The solution must use open standards, and be simple and seamless for customers, while only sharing minimal data between the companies.

    Which of the following solutions is BEST suited for this scenario?

    A. The companies should federate, with the parent becoming the SP, and the subsidiaries becoming an IdP.
    B. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SSP.
    C. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SP.
    D. The companies should federate, with the parent becoming the ASP, and the subsidiaries becoming an IdP.

  • Question 32:

    The Chief Executive Officer (CEO) has asked the IT administrator to protect the externally facing web server from SQL injection attacks and ensure the backend database server is monitored for unusual behavior while enforcing rules to terminate unusual behavior.

    Which of the following would BEST meet the CEO's requirements?

    A. WAF and DAM
    B. UTM and NIDS
    C. DAM and SIEM
    D. UTM and HSM
    E. WAF and SIEM

  • Question 33:

    A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seem to be a manageable volume of infrequently exploited security vulnerabilities. The director decides to implement continuous monitoring and other security controls to mitigate the impact of the vulnerabilities.

    Which of the following should the director require from the developers before agreeing to deploy the system?

    A. An incident response plan which guarantees response by tier two support within 15 minutes of an incident.
    B. A definitive plan of action and milestones which lays out resolutions to all vulnerabilities within six months.
    C. Business insurance to transfer all risk from the company shareholders to the insurance company.
    D. A prudent plan of action which details how to decommission the system within 90 days of becoming operational.

  • Question 34:

    The new security policy states that only authorized software will be allowed on the corporate network and all personally owned equipment needs to be configured by the IT security staff before being allowed on the network. The security administrator creates standard images with all the required software and proper security controls. These images are required to be loaded on all personally owned equipment prior to connecting to the corporate network. These measures ensure compliance with the new security policy.

    Which of the following security risks still needs to be addressed in this scenario?

    A. An employee copying gigabytes of personal video files from the employee's personal laptop to their company desktop to share files.
    B. An employee connecting their personal laptop to use a non-company endorsed accounting application that the employee used at a previous company.
    C. An employee using a corporate FTP application to transfer customer lists and other proprietary files to an external computer and selling them to a competitor.
    D. An employee accidentally infecting the network with a virus by connecting a USB drive to the employee's personal laptop.

  • Question 35:

    A security manager has provided a Statement of Work (SOW) to an external penetration testing firm for a web application security test. The web application starts with a very simple HTML survey form with two components: a country selection dropdown list and a submit button. The penetration testers are required to provide their test cases for this survey form in advance.

    In order to adequately test the input validation of the survey form, which of the following tools would be the BEST tool for the technician to use?

    A. HTTP interceptor
    B. Vulnerability scanner
    C. Port scanner
    D. Fuzzer

  • Question 36:

    The security administrator is worried about possible SPIT attacks against the VoIP system.

    Which of the following security controls would MOST likely need to be implemented to detect this type of attack?

    A. SIP and SRTP traffic analysis
    B. QoS audit on Layer 3 devices
    C. IP and MAC filtering logs
    D. Email spam filter log

  • Question 37:

    Within a large organization, the corporate security policy states that personal electronic devices are not allowed to be placed on the company network. There is considerable pressure from the company board to allow smartphones to connect and synchronize email and calendar items of board members and company executives.

    Which of the following options BEST balances the security and usability requirements of the executive management team?

    A. Allow only the executive management team the ability to use personal devices on the company network, as they have important responsibilities and need convenient access.
    B. Review the security policy. Perform a risk evaluation of allowing devices that can be centrally managed, remotely disabled, and have device-level encryption of sensitive data.
    C. Stand firm on disallowing non-company assets from connecting to the network as the assets may lead to undesirable security consequences, such as sensitive emails being leaked outside the company.
    D. Allow only certain devices that are known to have the ability of being centrally managed. Do not allow any other smartphones until the device is proven to be centrally managed.

  • Question 38:

    The company is considering issuing non-standard tablet computers to executive management. Which of the following is the FIRST step the security manager should perform?

    A. Apply standard security policy settings to the devices.
    B. Set up an access control system to isolate the devices from the network.
    C. Integrate the tablets into standard remote access systems.
    D. Develop the use case for the devices and perform a risk analysis.

  • Question 39:

    Which of the following is the MOST appropriate control measure for lost mobile devices?

    A. Disable unnecessary wireless interfaces such as Bluetooth.
    B. Reduce the amount of sensitive data stored on the device.
    C. Require authentication before access is given to the device.
    D. Require that the compromised devices be remotely wiped.

  • Question 40:

    The IT Manager has mandated that an extensible markup language be implemented which can be used to exchange provisioning requests and responses for account creation. Which of the following is BEST able to achieve this?

    A. XACML
    B. SAML
    C. SOAP
    D. SPML

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.