CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 421:

    An IT administrator has been tasked with implementing an appliance-based web proxy server to control external content accessed by internal staff. Concerned with the threat of corporate data leakage via web-based email, the IT administrator wants to decrypt all outbound HTTPS sessions and pass the decrypted content to an ICAP server for inspection by the corporate DLP software.

    Which of the following is BEST at protecting the internal certificates used in the decryption process?

    A. NIPS
    B. HSM
    C. UTM
    D. HIDS
    E. WAF
    F. SIEM

  • Question 422:

    Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive information on it?

    A. Write over the data
    B. Purge the data
    C. Incinerate the DVD
    D. Shred the DVD

  • Question 423:

    Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN.

    Which of the following controls would BEST protect the corporate network?

    A. Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access.
    B. Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments.
    C. Provide sales staff with a separate laptop with no administrator access just for sales visits.
    D. Update the acceptable use policy and ensure sales staff read and acknowledge the policy.

  • Question 424:

    A security audit has uncovered a lack of security controls with respect to employees' network account management. Specifically, the audit reveals that employee's network accounts are not disabled in a timely manner once an employee departs the organization. The company policy states that the network account of an employee should be disabled within eight hours of termination. However, the audit shows that 5% of the accounts were not terminated until three days after a dismissed employee departs. Furthermore, 2% of the accounts are still active.

    Which of the following is the BEST course of action that the security officer can take to avoid repeat audit findings?

    A. Review the HR termination process and ask the software developers to review the identity management code.
    B. Enforce the company policy by conducting monthly account reviews of inactive accounts.
    C. Review the termination policy with the company managers to ensure prompt reporting of employee terminations.
    D. Update the company policy to account for delays and unforeseen situations in account deactivation.

  • Question 425:

    The sales team is considering the deployment of a new CRM solution within the enterprise. The IT and Security teams are members of the project; however, neither team has expertise or experience with the proposed system. Which of the following activities should be performed FIRST?

    A. Visit a company who already has the technology, sign an NDA, and read their latest risk assessment.
    B. Contact the top vendor, assign IT and Security to work together to implement a demo and pen test the system.
    C. Work with Finance to do a second ROI calculation before continuing further with the project.
    D. Research the market, select the top vendors and solicit RFPs from those vendors.

  • Question 426:

    A new malware spreads over UDP Port 8320 and several network hosts have been infected. A new security administrator has determined a possible cause, and the infected machines have been quarantined. Which of the following actions could a new security administrator take to further mitigate this issue?

    A. Limit source ports on the firewall to specific IP addresses.
    B. Add an explicit deny-all and log rule as the final entry of the firewall rulebase.
    C. Implement stateful UDP filtering on UDP ports above 1024.
    D. Configure the firewall to use IPv6 by default.

  • Question 427:

    The risk committee has endorsed the adoption of a security system development life cycle (SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organization's mission. Which of the following BEST describes the correct order of implementing a five phase SSDLC?

    A. Initiation, assessment/acquisition, development/implementation, operations/maintenance and sunset.
    B. Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset.
    C. Assessment, initiation/development, implementation/assessment, operations/maintenance and disposal.
    D. Acquisition, initiation/development, implementation/assessment, operations/maintenance and disposal.

  • Question 428:

    The Linux server at Company A hosts a graphical application widely used by the company designers. One designer regularly connects to the server from a Mac laptop in the designer's office down the hall. When the security engineer learns of this it is discovered the connection is not secured and the password can easily be obtained via network sniffing.

    Which of the following would the security engineer MOST likely implement to secure this connection?

    Linux Server: 192.168.10.10/24 Mac Laptop: 192.168.10.200/24

    A. From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.
    B. From the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer Authentication and the CredSSP security provider.
    C. From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.
    D. From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 127.0.0.1.

  • Question 429:

    The firm's CISO has been working with the Chief Procurement Officer (CPO) and the Senior Project Manager (SPM) on soliciting bids for a series of HIPS and NIPS products for a major installation in the firm's new Hong Kong office. After reviewing RFQs received from three vendors, the CPO and the SPM have not gained any real data regarding the specifications about any of the solutions and want that data before the procurement continues.

    Which of the following will the CPO and SPM have the CISO do at this point to get back on track in this procurement process?

    A. Ask the three submitting vendors for a full blown RFP so that the CPO and SPM can move to the next step.
    B. Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions.
    C. Provide the CPO and the SPM a personalized summary from what the CISO knows about these three submitting vendors.
    D. Inform the three submitting vendors that there quotes are null and void at this time and that they are disqualified based upon their RFQs.

  • Question 430:

    To prevent a third party from identifying a specific user as having previously accessed a service provider through an SSO operation, SAML uses which of the following?

    A. Transient identifiers
    B. SOAP calls
    C. Discovery profiles
    D. Security bindings

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.