CAS-001 Exam Details

  • Exam Code
    :CAS-001
  • Exam Name
    :CompTIA Advanced Security Practitioner
  • Certification
    :CompTIA Advanced Security Practitioner
  • Vendor
    :CompTIA
  • Total Questions
    :493 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-001 Online Questions & Answers

  • Question 81:

    The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ.

    Which of the following questions is the MOST important?

    A. What are the protections against MITM?
    B. What accountability is built into the remote support application?
    C. What encryption standards are used in tracking database?
    D. What snapshot or "undo" features are present in the application?
    E. What encryption standards are used in remote desktop and file transfer functionality?

  • Question 82:

    The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The network administrator reviews the tickets and compiles the following information for the security administrator:

    Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0 Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0 Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0

    All callers are connected to the same switch and are routed by a router with five built-in interfaces. The upstream router interface's MAC is 00-01-42-32-ab-1a ------ The security administrator brings a laptop to the finance office, connects it to one of the wall jacks, starts up a network analyzer, and notices the following:

    09:05:10.937590 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52) 09:05:15.934840 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52) 09:05:19.931482 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)

    Which of the following can the security administrator determine from the above information?

    A. A man in the middle attack is underway - implementing static ARP entries is a possible solution.
    B. An ARP flood attack targeted at the router is causing intermittent communication implementing IPS is a possible solution.
    C. The default gateway is being spoofed - implementing static routing with MD5 is a possible solution.
    D. The router is being advertised on a separate network - router reconfiguration is a possible solution.

  • Question 83:

    As part of the ongoing information security plan in a large software development company, the Chief Information officer (CIO) has decided to review and update the company's privacy policies and procedures to reflect the changing business environment and business requirements.

    Training and awareness of the new policies and procedures has been incorporated into the security awareness program which should be:

    A. presented by top level management to only data handling staff.
    B. customized for the various departments and staff roles.
    C. technical in nature to ensure all development staff understand the procedures.
    D. used to promote the importance of the security department.

  • Question 84:

    A security administrator is shown the following log excerpt from a Unix system:

    2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2 2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2 2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2 2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2 2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2 2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2

    Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).

    A. An authorized administrator has logged into the root account remotely.
    B. The administrator should disable remote root logins.
    C. Isolate the system immediately and begin forensic analysis on the host.
    D. A remote attacker has compromised the root account using a buffer overflow in sshd.
    E. A remote attacker has guessed the root password using a dictionary attack.
    F. Use iptables to immediately DROP connections from the IP 198.51.100.23.
    G. A remote attacker has compromised the private key of the root account.
    H. Change the root password immediately to a password not found in a dictionary.

  • Question 85:

    Company XYZ is building a new customer facing website which must access some corporate resources. The company already has an internal facing web server and a separate server supporting an extranet to which suppliers have access. The extranet web server is located in a network DMZ. The internal website is hosted on a laptop on the internal corporate network. The internal network does not restrict traffic between any internal hosts.

    Which of the following locations will BEST secure both the intranet and the customer facing website?

    A. The existing internal network segment
    B. Dedicated DMZ network segments
    C. The existing extranet network segment
    D. A third-party web hosting company

  • Question 86:

    A company's security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information?

    A. Require all development to follow secure coding practices.
    B. Require client-side input filtering on all modifiable fields.
    C. Escape character sequences at the application tier.
    D. Deploy a WAF with application specific signatures.

  • Question 87:

    A health service provider is considering the impact of allowing doctors and nurses access to the internal email system from their personal smartphones. The Information Security Officer (ISO) has received a technical document from the security administrator explaining that the current email system is capable of enforcing security policies to personal smartphones, including screen lockout and mandatory PINs. Additionally, the system is able to remotely wipe a phone if reported lost or stolen.

    Which of the following should the Information Security Officer be MOST concerned with based on this scenario? (Select THREE).

    A. The email system may become unavailable due to overload.
    B. Compliance may not be supported by all smartphones.
    C. Equipment loss, theft, and data leakage.
    D. Smartphone radios can interfere with health equipment.
    E. Data usage cost could significantly increase.
    F. Not all smartphones natively support encryption.
    G. Smartphones may be used as rogue access points.

  • Question 88:

    A technician states that workstations that are on the network in location B are unable to validate certificates, while workstations that are on the main location A's network are having no issues. Which of the following methods allows a certificate to be validated by a single server that returns the validity of that certificate?

    A. XACML
    B. OCSP
    C. ACL
    D. CRL

  • Question 89:

    A security consultant is evaluating forms which will be used on a company website.

    Which of the following techniques or terms is MOST effective at preventing malicious individuals from successfully exploiting programming flaws in the website?

    A. Anti-spam software
    B. Application sandboxing
    C. Data loss prevention
    D. Input validation

  • Question 90:

    A financial institution wants to reduce the costs associated with managing and troubleshooting employees' desktops and applications, while keeping employees from copying data onto external storage. The Chief Information Officer (CIO) has asked the security team to evaluate four solutions submitted by the change management group.

    Which of the following BEST accomplishes this task?

    A. Implement desktop virtualization and encrypt all sensitive data at rest and in transit.
    B. Implement server virtualization and move the application from the desktop to the server.
    C. Implement VDI and disable hardware and storage mapping from the thin client.
    D. Move the critical applications to a private cloud and disable VPN and tunneling.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-001 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.