CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 471:

    A high-tech company dealing with sensitive data seized the mobile device of an employee suspected of leaking company secrets to a competitive organization. Which of the following is the BEST order for mobile phone evidence extraction?

    A. Device isolation, evidence intake, device identification, data processing, verification of data accuracy, documentation, reporting, presentation and archival.
    B. Evidence intake, device identification, preparation to identify the necessary tools, device isolation, data processing, verification of data accuracy, documentation, reporting, presentation and archival.
    C. Evidence log, device isolation ,device identification, preparation to identify the necessary tools, data processing, verification of data accuracy, presentation and archival.
    D. Device identification, evidence log, preparation to identify the necessary tools, data processing, verification of data accuracy, device isolation, documentation, reporting, presentation and archival.

  • Question 472:

    Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company's purchased application? (Select TWO).

    A. Code review
    B. Sandbox
    C. Local proxy
    D. Fuzzer
    E. Web vulnerability scanner

  • Question 473:

    An intrusion detection system logged an attack attempt from a remote IP address. One week later, the attacker successfully compromised the network. Which of the following MOST likely occurred?

    A. The IDS generated too many false negatives.
    B. The attack occurred after hours.
    C. The IDS generated too many false positives.
    D. No one was reviewing the IDS event logs.

  • Question 474:

    An administrator notices the following file in the Linux server's /tmp directory.

    -rwsr-xr-x. 4 root root 234223 Jun 6 22:52 bash*

    Which of the following should be done to prevent further attacks of this nature?

    A. Never mount the /tmp directory over NFS
    B. Stop the rpcidmapd service from running
    C. Mount all tmp directories nosuid, noexec
    D. Restrict access to the /tmp directory

  • Question 475:

    A user reports that the workstation's mouse pointer is moving and files are opening automatically. Which of the following should the user perform?

    A. Unplug the network cable to avoid network activity.
    B. Reboot the workstation to see if problem occurs again.
    C. Turn off the computer to avoid any more issues.
    D. Contact the incident response team for direction.

  • Question 476:

    A security incident happens three times a year on a company's web server costing the company $1,500 in downtime, per occurrence. The web server is only for archival access and is scheduled to be decommissioned in five years. The cost of implementing software to prevent this incident would be $15,000 initially, plus $1,000 a year for maintenance.

    Which of the following is the MOST cost-effective manner to deal with this risk?

    A. Avoid the risk
    B. Transfer the risk
    C. Accept the risk
    D. Mitigate the risk

  • Question 477:

    During a specific incident response and recovery process action, the response team determines that it must first speak to the person ultimately responsible for the data. With whom should the response team speak FIRST?

    A. Data User
    B. Data Owner
    C. Business Owner
    D. Data Custodian

  • Question 478:

    Company XYZ has just purchased Company ABC through a new acquisition. A business decision has been made to integrate the two company's networks, application, and several basic services.

    The initial integration of the two companies has specified the following requirements:

    Company XYZ requires access to the web intranet, file, print, secure FTP server, and authentication domain resources

    Company XYZ is being on boarded into Company ABC's authentication domain

    Company XYZ is considered partially trusted

    Company XYZ does not want performance issues when accessing ABC's systems

    Which of the following network security solutions will BEST meet the above requirements?

    A. Place a Company ABC managed firewall in Company XYZ's hub site; then place Company ABC's file, print, authentication, and secure FTP servers in a zone off the firewall. Ensure that Company ABC's business partner firewalls are opened up for web intranet access and other required services.
    B. Require Company XYZ to manage the router ACLs, controlling access to Company ABC resources, but with Company ABC approving the change control to the ACLs. Open up Company ABC's business partner firewall to permit access to Company ABC's file, print, secure FTP server, authentication servers and web intranet access.
    C. Place no restrictions on internal network connectivity between Company XYZ and Company ABC. Open up Company ABC's business partner firewall to permit access to Company ABC's file, print, secure FTP server, authentication servers and web intranet access.
    D. Place file, print, secure FTP server and authentication domain servers at Company XYZ's hub site. Open up Company ABC's business partner firewall to permit access to ABC's web intranet access and other required services.

  • Question 479:

    An Information Security Officer (ISO) has asked a security team to randomly retrieve discarded computers from the warehouse dumpster. The security team was able to retrieve two older computers and a broken MFD network printer. The security team was able to connect the hard drives from the two computers and the network printer to a computer equipped with forensic tools. The security team was able to retrieve PDF files from the network printer hard drive but the data on the two older hard drives was inaccessible.

    Which of the following should the Warehouse Manager do to remediate the security issue?

    A. Revise the hardware and software maintenance contract.
    B. Degauss the printer hard drive to delete data.
    C. Implement a new change control process.
    D. Update the hardware decommissioning procedures.

  • Question 480:

    A security engineer at a bank has detected a Zeus variant, which relies on covert communication channels to receive new instructions and updates from the malware developers. As a result, NIPS and AV systems did not detect the configuration files received by staff in emails that appeared as normal files.

    Which of the following BEST describes the technique used by the malware developers?

    A. Perfect forward secrecy
    B. Stenography
    C. Diffusion
    D. Confusion
    E. Transport encryption

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.