Products for CompTIA provider are being used by millions of the public for numerous a many years. Any CompTIA qualification are called a tattoo for reliability together with approval. It is assumed this in order to verify by yourself on the market, you will need one documentation of the Pass4sure CAS-001. To acquire a CompTIA, it is advisable to invest time together with accomplish efforts. One of the biggest road blocks for transferring a CompTIA Advanced Security Practitioner CAS-001 review is how you can commence. Generally speaking, finding your way through a CompTIA CAS-001 documentation review ought to produce a detailed options. Plan hard documentation offers the appropriate starting point which system can assist you clear up the condition simply.
2021 Sep CAS-001 free exam questions
Q121. - (Topic 5)
The audit department at a company requires proof of exploitation when conducting internal network penetration tests. Which of the following provides the MOST conclusive proof of compromise without further compromising the integrity of the system?
A. Provide a list of grabbed service banners.
B. Modify a file on the system and include the path in the test’s report.
C. Take a packet capture of the test activity.
D. Add a new test user account on the system.
Answer: C
Q122. - (Topic 4)
Which of the following activities is commonly deemed “OUT OF SCOPE” when undertaking a penetration test?
A. Test password complexity of all login fields and input validation of form fields
B. Reverse engineering any thick client software that has been provided for the test
C. Undertaking network-based denial of service attacks in production environment
D. Attempting to perform blind SQL injection and reflected cross-site scripting attacks
E. Running a vulnerability scanning tool to assess network and host weaknesses
Answer: C
Q123. - (Topic 4)
Some mobile devices are jail-broken by connecting via USB cable and then exploiting software vulnerabilities to get kernel-level access. Which of the following attack types represents this scenario? (Select TWO).
A. Session management attack
B. Protocol fuzzing
C. Root-kit compromise
D. Physical attack
E. Privilege escalation
F. Man-in-the-middle
Answer: D,E
Q124. - (Topic 5)
Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international standards. He has recommended that the company use his cryptographic method. Which of the following methodologies should be adopted?
A. The company should develop an in-house solution and keep the algorithm a secret.
B. The company should use the CEO’s encryption scheme.
C. The company should use a mixture of both systems to meet minimum standards.
D. The company should use the method recommended by other respected information security organizations.
Answer: D
Q125. - (Topic 1)
A manufacturing company is having issues with unauthorized access and modification of the controls operating the production equipment. A communication requirement is to allow
the free flow of data between all network segments at the site. Which of the following BEST remediates the issue?
A. Implement SCADA security measures.
B. Implement NIPS to prevent the unauthorized activity.
C. Implement an AAA solution.
D. Implement a firewall to restrict access to only a single management station.
Answer: C
Far out CAS-001 exam answers:
Q126. - (Topic 1)
Which of the following attacks does Unicast Reverse Path Forwarding prevent?
A. Man in the Middle
B. ARP poisoning
C. Broadcast storm
D. IP Spoofing
Answer: D
Q127. - (Topic 2)
There have been some failures of the company’s customer-facing website. A security engineer has analyzed the root cause to be the WAF. System logs show that the WAF has been down for 14 total hours over the past month in four separate situations. One of these situations was a two hour scheduled maintenance activity aimed to improve the stability of the WAF. Which of the following is the MTTR, based on the last month’s performance figures?
A. 3 hours
B. 3.5 hours
C. 4 hours
D. 4.666 hours
Answer: C
148. - (Topic 2)
A systems security consultant is hired by Corporation X to analyze the current enterprise network environment and make recommendations for increasing network security. It is the consultant’s first day on the job. Which of the following network design considerations should the consultant consider? (Select THREE).
A. What hardware and software would work best for securing the network?
B. What corporate assets need to be protected?
C. What are the business needs of the organization?
D. What outside threats are most likely to compromise network security?
E. What is the budget for this project?
F. What time and resources are needed to carry out the security plan?
Answer: B,C,D
Q128. - (Topic 1)
Which of the following must be taken into consideration for e-discovery purposes when a legal case is first presented to a company?
A. Data ownership on all files
B. Data size on physical disks
C. Data retention policies on only file servers
D. Data recovery and storage
Answer: D
Q129. - (Topic 2)
An administrator implements a new PHP application into an existing website and discovers the newly added PHP pages do not work. The rest of the site also uses PHP and is functioningcorrectly. The administrator tested the new application on their personal workstation thoroughly before uploading to the server and did not run into any errors. Checking the Apache configuration file, the administrator verifies that the new virtual directory is added as listed:
<VirtualHost *:80>
DocumentRoot "/var/www"
<Directory "/home/administrator/app">
AllowOveride none
Order allow, deny
Allow from all
</Directory>
</VirtualHost>
Which of the following is MOST likely occurring so that this application does not run properly?
A. PHP is overriding the Apache security settings.
B. SELinux is preventing HTTP access to home directories.
C. PHP has not been restarted since the additions were added.
D. The directory had an explicit allow statement rather than the implicit deny.
Answer: B
Q130. - (Topic 2)
Corporate policy states that the systems administrator should not be present during system audits. The security policy that states this is:
A. Separation of duties.
B. Mandatory vacation.
C. Non-disclosure agreement.
D. Least privilege.
Answer: A