Pass4sure provide the CompTIA CompTIA exam questions along with answers which using highest standards involving accuracy. Our certified subject matter experts are focused to the development of the CompTIA CAS-001 exam dumps. We ensure that you will reach your goals in the CompTIA CAS-001 exam by simply using our own CompTIA CompTIA practice questions and answers. When our CompTIA certification exam demos never prove any kind of help for the CompTIA exam preparation, you can consider advantage of the actual money-back policy.
2021 Aug CAS-001 actual test
Q111. - (Topic 3)
A team of security engineers has applied regulatory and corporate guidance to the design of a corporate network. The engineers have generated an SRTM based on their work and a thorough analysis of the complete set of functional and performance requirements in the network specification. Which of the following BEST describes the purpose of an SRTM in this scenario?
A. To ensure the security of the network is documented prior to customer delivery
B. To document the source of all functional requirements applicable to the network
C. To facilitate the creation of performance testing metrics and test plans
D. To allow certifiers to verify the network meets applicable security requirements
Answer: D
Q112. - (Topic 1)
A technician states that workstations that are on the network in location B are unable to validate certificates, while workstations that are on the main location A’s network are having no issues. Which of the following methods allows a certificate to be validated by a single server that returns the validity of that certificate?
A. XACML
B. OCSP
C. ACL
D. CRL
Answer: B
Q113. - (Topic 3)
A new company requirement mandates the implementation of multi-factor authentication to access network resources. The security administrator was asked to research and implement the most cost-effective solution that would allow for the authentication of both hardware and users. The company wants to leverage the PKI infrastructure which is already well established. Which of the following solutions should the security administrator implement?
A. Issue individual private/public key pairs to each user, install the private key on the central authentication system, and protect the private key with the user’s credentials. Require each user to install the public key on their computer.
B. Deploy USB fingerprint scanners on all desktops, and enable the fingerprint scanner on all laptops. Require all network users to register their fingerprint using the reader and store the information in the central authentication system.
C. Issue each user one hardware token. Configure the token serial number in the user properties of the central authentication system for each user and require token authentication with PIN for network logon.
D. Issue individual private/public key pairs to each user, install the public key on the central authentication system, and require each user to install the private key on their computer and protect it with a password.
Answer: D
Q114. - (Topic 2)
A small company has recently placed a newly installed DNS server on the DMZ and wants to secure it by allowing Internet hosts to query the DNS server. Since the company deploys an internal DNS server, all DNS queries to that server coming from the company network should be blocked. An IT administrator has placed the following ACL on the company firewall:
Testing shows that the DNS server in the DMZ is not working. Which of the following should the administrator do to resolve the problem?
A. Modify the SRC and DST ports of ACL 1
B. Modify the SRC IP of ACL 1 to 0.0.0.0/32
C. Modify the ACTION of ACL 2 to Permit
D. Modify the PROTO of ACL 1 to TCP
Answer: A
Q115. - (Topic 3)
A security researcher is about to evaluate a new secure VoIP routing appliance. The appliance manufacturer claims the new device is hardened against all known attacks and several un-disclosed zero day exploits. The code base used for the device is a combination of compiled C and TC/TKL scripts. Which of the following methods should the security research use to enumerate the ports and protocols in use by the appliance?
A. Device fingerprinting
B. Switchport analyzer
C. Grey box testing
D. Penetration testing
Answer: A
Far out CAS-001 exam question:
Q116. - (Topic 3)
A security administrator wants to verify and improve the security of a business process which is tied to proven company workflow. The security administrator was able to improve security by applying controls that were defined by the newly released company security standard. Such controls included code improvement, transport encryption, and interface restrictions. Which of the following can the security administrator do to further increase security after having exhausted all the technical controls dictated by the company’s security standard?
A. Modify the company standard to account for higher security and meet with upper management for approval to implement the new standard.
B. Conduct a gap analysis and recommend appropriate non-technical mitigating controls, and incorporate the new controls into the standard.
C. Conduct a risk analysis on all current controls, and recommend appropriate mechanisms to increase overall security.
D. Modify the company policy to account for higher security, adapt the standard accordingly, and implement new technical controls.
Answer: B
Q117. - (Topic 1)
A small bank is introducing online banking to its customers through its new secured website. The firewall has three interfaces: one for the Internet connection, another for the DMZ, and the other for the internal network. Which of the following will provide the MOST protection from all likely attacks on the bank?
A. Implement NIPS inline between the web server and the firewall.
B. Implement a web application firewall inline between the web server and the firewall.
C. Implement host intrusion prevention on all machines at the bank.
D. Configure the firewall policy to only allow communication with the web server using SSL.
Answer: C
Q118. - (Topic 5)
Every year, the accounts payable employee, Ann, takes a week off work for a vacation. She typically completes her responsibilities remotely during this week. Which of the following policies, when implemented, would allow the company to audit this employee's work and potentially discover improprieties?
A. Job rotation
B. Mandatory vacations
C. Least privilege
D. Separation of duties
Answer: A
Q119. - (Topic 3)
An administrator is reviewing logs and sees the following entry:
Message: Access denied with code 403 (phase 2). Pattern match "\bunion\b.{1,100}?\bselect\b" at ARGS:$id. [data "union all select"] [severity "CRITICAL"] [tag "WEB_ATTACK"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"]
Action: Intercepted (phase 2) Apache-Handler: php5-script
Which of the following attacks was being attempted?
A. Session hijacking
B. Cross-site script
C. SQL injection
D. Buffer overflow
Answer: C
221. - (Topic 3)
In an effort to reduce internal email administration costs, a company is determining whether to outsource its email to a managed service provider that provides email, spam, and malware protection. The security manager is asked to provide input regarding any security implications of this change.
Which of the following BEST addresses risks associated with disclosure of intellectual property?
A. Require the managed service provider to implement additional data separation.
B. Require encrypted communications when accessing email.
C. Enable data loss protection to minimize emailing PII and confidential data.
D. Establish an acceptable use policy and incident response policy.
Answer: C
Q120. - (Topic 3)
A company receives an e-discovery request for the Chief Information Officer’s (CIO’s) email data. The storage administrator reports that the data retention policy relevant to their industry only requires one year of email data. However the storage administrator also reports that there are three years of email data on the server and five years of email data on backup tapes. How many years of data MUST the company legally provide?
A. 1
B. 2
C. 3
D. 5
Answer: D