Proper study guides for Improved CompTIA CompTIA Advanced Security Practitioner certified begins with CompTIA CAS-001 preparation products which designed to deliver the Verified CAS-001 questions by making you pass the CAS-001 test at your first time. Try the free CAS-001 demo right now.
2021 Aug CAS-001 practice exam
Q291. - (Topic 5)
The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary?
A. The corporate network is the only network that is audited by regulators and customers.
B. The aggregation of employees on a corporate network makes it a more valuable target for attackers.
C. Home networks are unknown to attackers and less likely to be targeted directly.
D. Employees are more likely to be using personal computers for general web browsing when they are at home.
Answer: B
Q292. - (Topic 2)
A company has a primary DNS server at address 192.168.10.53 and a secondary server at
192.168.20.53. An administrator wants to secure a company by only allowing secure zone
transfers to the secondary server. Which of the following should appear in the primary DNS
configuration file to accomplish this?
A. key company-key.{
algorithm hmac-rc4;
secret "Hdue8du9jdknkhdoLksdlkeYEIks83K=";
};
allow transfer { 192.168.20.53; }
B. key company-key.{
algorithm hmac-md5;
secret "Hdue8du9jdknkhdoLksdlkeYEIks83K=";
};
allow transfer { 192.168.10.53; }
C. key company-key.{
algorithm hmac-md5;
secret "Hdue8du9jdknkhdoLksdlkeYEIks83K=";
};
allow transfer { 192.168.20.53; }
D. key company-key.{
algorithm hmac-rc4;
secret "Hdue8du9jdknkhdoLksdlkeYEIks83K=";
};
allow transfer { 192.168.10.53; }
Answer: C
Topic 3, Volume C
Q293. - (Topic 3)
A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number of hosts located in the application zone, the production zone, and the core network. The 50 hosts in the core network are a mixture of Windows and Linux based systems, used by development staff todevelop new applications. The single Windows host in the application zone is used exclusively by the production team to control software deployments into the production zone. There are 10 UNIX web application hosts in the production zone which are publically accessible.
Development staff is required to install and remove various types of software from their hosts on a regular basis while the hosts in the zone rarely require any type of configuration changes.
Which of the following when implemented would provide the BEST level of protection with the LEAST amount of disruption to staff?
A. NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware across all Windows hosts.
B. NIPS in the production zone, NIDS in the application zone, HIPS in the core network, and anti-virus / anti-malware across all hosts.
C. HIPS in the production zone, NIPS in the application zone, and HIPS in the core network.
D. NIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware across all hosts.
Answer: A
Q294. - (Topic 2)
The firm’s CISO has been working with the Chief Procurement Officer (CPO) and the Senior Project Manager (SPM) on soliciting bids for a series of HIPS and NIPS products for a major installation in the firm’s new Hong Kong office. After reviewing RFQs received from three vendors, the CPO and the SPM have not gained any real data regarding the specifications about any of the solutions and want that data before the procurement continues. Which of the following will the CPO and SPM have the CISO do at this point to get back on track in this procurement process?
A. Ask the three submitting vendors for a full blown RFP so that the CPO and SPM can move to the next step.
B. Contact the three submitting vendor firms and have them submit supporting RFIs to provide more detailed information about their product solutions.
C. Provide the CPO and the SPM a personalized summary from what the CISO knows about these three submitting vendors.
D. Inform the three submitting vendors that there quotes are null and void at this time and that they are disqualified based upon their RFQs.
Answer: B
Q295. - (Topic 1)
A security consultant is evaluating forms which will be used on a company website. Which of the following techniques or terms is MOST effective at preventing malicious individuals from successfully exploiting programming flaws in the website?
A. Anti-spam software
B. Application sandboxing
C. Data loss prevention
D. Input validation
Answer: D
Up to date CAS-001 free download:
Q296. - (Topic 2)
A company has recently implemented a video conference solution that uses the H.323 protocol. The security engineer is asked to make recommendations on how to secure video conferences to protect confidentiality. Which of the following should the security engineer recommend?
A. Implement H.235 extensions with DES to secure the audio and video transport.
B. Recommend moving to SIP and RTP as those protocols are inherently secure.
C. Recommend implementing G.711 for the audio channel and H.264 for the video.
D. Encapsulate the audio channel in the G.711 codec rather than the unsecured Speex.
Answer: A
Q297. - (Topic 3)
A Physical Security Manager is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. The Security Manager has several security guard desks on different networks that must be able to view the cameras without unauthorized peopleviewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should the Security Manager suggest to BEST secure this environment?
A. Create an IP camera network and deploy NIPS to prevent unauthorized access.
B. Create an IP camera network and only allow SSL access to the cameras.
C. Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.
D. Create an IP camera network and restrict access to cameras from a single management host.
Answer: C
Q298. - (Topic 2)
A firm’s Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted, in a risk managementmeeting that code base confidentiality is of upmost importance to allow the company to exceed the competition in terms of product reliability, stability and performance. The CEO also highlighted that company reputation for secure products is extremely important. Which of the following will provide the MOST thorough testing and satisfy the CEO’s requirements?
A. Use the security assurance team and development team to perform Grey box testing.
B. Sign a NDA with a large consulting firm and use the firm to perform Black box testing.
C. Use the security assurance team and development team to perform Black box testing.
D. Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.
Answer: D
132. - (Topic 2)
A mid-level company is rewriting its security policies and has halted the rewriting progress because the company’s executives believe that its major vendors, who have cultivated a strong personal and professional relationship with the senior level staff, have a good handle on compliance and regulatory standards. Therefore, the executive level managers are allowing vendors to play a large role in writing the policy. Having experienced this type of environment in previous positions, and being aware that vendors may not always put the company’s interests first, the IT Director decides that while vendor support is important, it is critical that the company writes the policy objectively. Which of the following is the recommendation the IT Director should present to senior staff?
A. 1) Consult legal, moral, and ethical standards; 2) Draft General Organizational Policy; 3)Specify Functional Implementing Policies; 4) Allow vendors to review and participate in the establishment of focused compliance standards, plans, and procedures
B. 1) Consult legal and regulatory requirements; 2) Draft General Organizational Policy; 3)Specify Functional Implementing Policies; 4) Establish necessary standards, procedures, baselines, and guidelines
C. 1) Draft General Organizational Policy; 2) Establish necessary standards and compliance documentation; 3) Consult legal and industry security experts; 4) Determine acceptable tolerance guidelines
D. 1) Draft a Specific Company Policy Plan; 2) Consult with vendors to review and collaborate with executives; 3) Add industry compliance where needed; 4) Specify Functional Implementing Policies
Answer: B
Q299. - (Topic 4)
An Association is preparing to upgrade their firewalls at five locations around the United States. Each of the three vendor’s RFP responses is in-line with the security and other requirements. Which of the following should the security administrator do to ensure the firewall platform is appropriate for the Association?
A. Correlate current industry research with the RFP responses to ensure validity.
B. Create a lab environment to evaluate each of the three firewall platforms.
C. Benchmark each firewall platform’s capabilities and experiences with similar sized companies.
D. Develop criteria and rate each firewall platform based on information in the RFP responses.
Answer: B
Q300. - (Topic 3)
A process allows a LUN to be available to some hosts and unavailable to others. Which of the following causes such a process to become vulnerable?
A. LUN masking
B. Data injection
C. Data fragmentation
D. Moving the HBA
Answer: D