Once you acquire our CAS-001 exam dumps, you are going to receive the practice questions as well as answers in two forms. One is printable Pdf format along with the other is downloadable Test Motor format. Absolutely no other internet site can provide your high standard involving accuracy and good quality of CompTIA CompTIA exam questions as well as answers. You will find every one of the necessary understanding points regarding the CAS-001 exam in the CompTIA CompTIA practice braindumps. You are going to go beyond your passing score after using our CompTIA online training check. You can require a practice test just before buy the CompTIA CompTIA products. Therefore you can pay more attention for the weak points within later study. Using the CAS-001 dumps study guide may make your preparation easier.
2021 Aug CAS-001 practice exam
Q141. - (Topic 4)
An administrator attempts to install the package "named.9.3.6-12-x86_64.rpm" on a server. Even though the package was downloaded from the official repository, the server states the package cannot be installed because no GPG key is found. Which of the following should the administrator perform to allow the program to be installed?
A. Download the file from the program publisher's website.
B. Generate RSA and DSA keys using GPG.
C. Import the repository's public key.
D. Run sha1sum and verify the hash.
Answer: C
Q142. - (Topic 1)
Company Z is merging with Company A to expand its global presence and consumer base. This purchase includes several offices in different countries. To maintain strict internal security and compliance requirements, all employee activity may be monitored and reviewed. Which of the following would be the MOST likely cause for a change in this practice?
A. The excessive time it will take to merge the company’s information systems.
B. Countries may have different legal or regulatory requirements.
C. Company A might not have adequate staffing to conduct these reviews.
D. The companies must consolidate security policies during the merger.
Answer: B
Q143. - (Topic 5)
The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO).
A. Block traffic from the ISP’s networks destined for blacklisted IPs.
B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP.
C. Block traffic with a source IP not allocated to the ISP from exiting the ISP’s network.
D. Scan the ISP’s customer networks using an up-to-date vulnerability scanner.
E. Notify customers when services they run are involved in an attack.
Answer: C,E
Q144. - (Topic 2)
A company is planning to deploy an in-house Security Operations Center (SOC).
One of the new requirements is to deploy a NIPS solution into the Internet facing environment.
The SOC highlighted the following requirements:
. Perform fingerprinting on unfiltered inbound traffic to the company . Monitor all inbound and outbound traffic to the DMZ's
In which of the following places should the NIPS be placed in the network?
A. In front of the Internet firewall and in front of the DMZs
B. In front of the Internet firewall and in front of the internal firewall
C. In front of the Internet firewall and behind the internal firewall
D. Behind the Internet firewall and in front of the DMZs
Answer: A
Q145. - (Topic 2)
The root cause analysis of a recent security incident reveals that an attacker accessed a printer from the Internet. The attacker then accessed the print server, using the printer as a launch pad for a shell exploit. The print server logs show that the attacker was able to exploit multiple accounts, ultimately launching a successful DoS attack on the domain controller.
Defending against which of the following attacks should form the basis of the incident mitigation plan?
A. DDoS
B. SYN flood
C. Buffer overflow
D. Privilege escalation
Answer: D
Latest CAS-001 exam prep:
Q146. - (Topic 5)
Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an AD backend and
two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete?
A. They should logon to the system using the username concatenated with the 6-digit code and their original password.
B. They should logon to the system using the newly assigned global username: first.lastname#### where #### is the second factor code.
C. They should use the username format: LAN\first.lastname together with their original password and the next 6-digit code displayed when the token button is depressed.
D. They should use the username format: first.lastname@company.com, together with a password and their 6-digit code.
Answer: D
Q147. - (Topic 5)
The Chief Risk Officer (CRO) has requested that the MTD, RTO and RPO for key business applications be identified and documented. Which of the following business documents would MOST likely contain the required values?
A. MOU
B. BPA
C. RA
D. SLA
E. BIA
Answer: E
Q148. - (Topic 5)
A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).
A. Physical penetration test of the datacenter to ensure there are appropriate controls.
B. Penetration testing of the solution to ensure that the customer data is well protected.
C. Security clauses are implemented into the contract such as the right to audit.
D. Review of the organizations security policies, procedures and relevant hosting certifications.
E. Code review of the solution to ensure that there are no back doors located in the software.
Answer: C,D
Q149. - (Topic 1)
A security analyst at Company A has been trying to convince the Information Security Officer (ISO) to allocate budget towards the purchase of a new intrusion prevention system (IPS) capable of analyzing encrypted web transactions.
Which of the following should the analyst provide to the ISO to support the request? (Select TWO).
A. Emerging threat reports
B. Company attack tends
C. Request for Quote (RFQ)
D. Best practices
E. New technologies report
Answer: A,B
Q150. - (Topic 3)
In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which of the following BEST covers the data lifecycle end-to-end?
A. Creation and secure destruction of mail accounts, emails, and calendar items
B. Information classification, vendor selection, and the RFP process
C. Data provisioning, processing, in transit, at rest, and de-provisioning
D. Securing virtual environments, appliances, and equipment that handle email
Answer: C