CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 461:

    Company A is trying to implement controls to reduce costs and time spent on litigation.

    To accomplish this, Company A has established several goals:

    Prevent data breaches from lost/stolen assets

    Reduce time to fulfill e-discovery requests

    Prevent PII from leaving the network

    Lessen the network perimeter attack surface

    Reduce internal fraud

    Which of the following solutions accomplishes the MOST of these goals?

    A. Implement separation of duties; enable full encryption on USB devices and cell phones, allow cell phones to remotely connect to e-mail and network VPN, enforce a 90 day data retention policy.
    B. Eliminate VPN access from remote devices. Restrict junior administrators to read-only shell access on network devices. Install virus scanning and SPAM filtering. Harden all servers with trusted OS extensions.
    C. Create a change control process with stakeholder review board, implement separation of duties and mandatory vacation, create regular SAN snapshots, enable GPS tracking on all cell phones and laptops, and fully encrypt all email in transport.
    D. Implement outgoing mail sanitation and incoming SPAM filtering. Allow VPN for mobile devices; cross train managers in multiple disciplines, ensure all corporate USB drives are provided by Company A and de-duplicate all server storage.

  • Question 462:

    A web administrator develops a web form for users to respond to the company via a web page. Which of the following should be practiced to avoid a security risk?

    A. SQL injection
    B. XSS scripting
    C. Click jacking
    D. Input validation

  • Question 463:

    The security administrator is reviewing the business continuity plan which consists of virtual infrastructures at corporate headquarters and at the backup site. The administrator is concerned that the VLAN used to perform live migrations of virtual machines to the backup site is across the network provider's MPLS network.

    This is a concern due to which of the following?

    A. The hypervisor virtual switches only support Q-in-Q VLANS, not MPLS. This may cause live migrations to the backup site to fail.
    B. VLANs are not compatible with MPLS, which may cause intermittent failures while performing live migrations virtual machines during a disaster.
    C. Passwords are stored unencrypted in memory, which are then transported across the MPLS network.
    D. Transport encryption is being used during the live migration of virtual machines which will impact the performance of the MPLS network.

  • Question 464:

    An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies.

    Which of the following can be used to BEST achieve the CISO's objectives?

    A. CoBIT
    B. UCF
    C. ISO 27002
    D. eGRC

  • Question 465:

    A system architect has the following constraints from the customer:

    Confidentiality, Integrity, and Availability (CIA) are all of equal importance.

    Average availability must be at least 6 nines (99.9999%).

    All devices must support collaboration with every other user device.

    All devices must be VoIP and teleconference ready.

    Which of the following security controls is the BEST to apply to this architecture?

    A. Deployment of multiple standard images based on individual hardware configurations, employee choice of hardware and software requirements, triple redundancy of all processing equipment.
    B. Enforcement of strict network access controls and bandwidth minimization techniques, a single standard software image, high speed processing, and distributed backups of all equipment in the datacenter.
    C. Deployment of a unified VDI across all devices, SSD RAID in all servers, multiple identical hot sites, granting administrative rights to all users, backup of system critical data.
    D. Enforcement of security policies on mobile/remote devices, standard images and device hardware configurations, multiple layers of redundancy, and backup on all storage devices.

  • Question 466:

    Company ABC has grown yearly through mergers and acquisitions. This has led to over 200 internal custom web applications having standalone identity stores. In order to reduce costs and improve operational efficiencies a project has been initiated to implement a centralized security infrastructure.

    The requirements are as follows:

    Reduce costs

    Improve efficiencies and time to market

    Manageable

    Accurate identity information

    Standardize on authentication and authorization

    Ensure a reusable model with standard integration patterns

    Which of the following security solution options will BEST meet the above requirements? (Select THREE).

    A. Build an organization-wide fine grained access control model stored in a centralized policy data store.
    B. Implement self service provisioning of identity information, coarse grained, and fine grained access control.
    C. Implement a web access control agent based model with a centralized directory model providing coarse grained access control and single sign-on capabilities.
    D. Implement a web access controlled reverse proxy and centralized directory model providing coarse grained access control and single sign-on capabilities.
    E. Implement automated provisioning of identity information; coarse grained, and fine grained access control.
    F. Move each of the applications individual fine grained access control models into a centralized directory with fine grained access control.
    G. Implement a web access control forward proxy and centralized directory model, providing coarse grained access control, and single sign-on capabilities.

  • Question 467:

    A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?

    A. The tool could show that input validation was only enabled on the client side
    B. The tool could enumerate backend SQL database table and column names
    C. The tool could force HTTP methods such as DELETE that the server has denied
    D. The tool could fuzz the application to determine where memory leaks occur

  • Question 468:

    A security administrator wants to perform an audit of the company password file to ensure users are not using personal information such as addresses and birthdays as part of their password. The company employs 200,000 users, has virtualized environments with cluster and cloud-based computing resources, and enforces a minimum password length of 14 characters.

    Which of the following options is BEST suited to run the password auditing software and produce a report in the SHORTEST amount of time?

    A. The system administrator should take advantage of the company's cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform.
    B. The system administrator should upload the password file to a virtualized de-duplicated storage system to reduce the password entries and run a password cracker on that file.
    C. The system administrator should build a virtual machine on the administrator's desktop, transfer the password file to it, and run the a password cracker on the virtual machine.
    D. The system administrator should upload the password file to cloud storage and use on- demand provisioning to build a purpose based virtual machine to run a password cracker on all the users.

  • Question 469:

    A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP protocol anomalies from causing problems with the web server.

    Which of the following is the MOST likely solution?

    A. Application firewall and NIPS
    B. Edge firewall and HIDS
    C. ACLs and anti-virus
    D. Host firewall and WAF

  • Question 470:

    A project has been established in a large bank to develop a new secure online banking platform. Half way through the development it was discovered that a key piece of software used as part of the base platform is now susceptible to recently published exploits.

    Who should be contacted FIRST by the project team to discuss potential changes to the platform requirements?

    A. Engineers
    B. Facilities Manager
    C. Stakeholders
    D. Human Resources

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.