We supply 100% money again guarantee. In the event you don?¡¥t get certified inside the first attempt, email us your own score transcript and we will return your own money. As simple since that. It is time to take actions appropriate now. Start off earlier and have certified earlier. Actualtests.net provide 7/24 on the internet customer support. Our workers are usually knowledgeable and also dedicated which in turn promise a person satisfactory answers to virtually any questions.
2021 Oct CAS-001 exam cram
Q151. - (Topic 4)
In developing a new computing lifecycle process for a large corporation, the security team is developing the process for decommissioning computing equipment. In order to reduce the potential for data leakage, which of the following should the team consider? (Select TWO).
A. Erase all files on drive
B. Install of standard image
C. Remove and hold all drives
D. Physical destruction
E. Drive wipe
Answer: D,E
Q152. - (Topic 1)
As part of the testing phase in the SDLC, a software developer wants to verify that an application is properly handling user error exceptions. Which of the following is the BEST tool or process for the developer use?
A. SRTM review
B. Fuzzer
C. Vulnerability assessment
D. HTTP interceptor
Answer: B
Q153. - (Topic 5)
A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).
A. Demonstration of IPS system
B. Review vendor selection process
C. Calculate the ALE for the event
D. Discussion of event timeline
E. Assigning of follow up items
Answer: D,E
Q154. - (Topic 5)
An internal committee comprised of the facilities manager, the physical security manager, the network administrator, and a member of the executive team has been formed to address a recent breach at a company’s data center. It was discovered that during the breach, an HVAC specialist had gained entry to an area that contained server farms holding sensitive financial data. Although the HVAC specialist was there to fix a legitimate issue, the investigation concluded security be provided for the two entry and exit points for the server farm. Which of the following should be implemented to accomplish the recommendations of the investigation?
A. Implement a policy that all non-employees should be escorted in the data center.
B. Place a mantrap at the points with biometric security.
C. Hire an HVAC person for the company, eliminating the need for external HVAC people.
D. Implement CCTV cameras at both points.
Answer: B
Q155. - (Topic 4)
An organization has just released a new mobile application for its customers. The application has an inbuilt browser and native application to render content from existing websites and the organization’s new web services gateway. All rendering of the content is performed on the mobile application.
The application requires SSO between the application, the web services gateway and legacy UI. Which of the following controls MUST be implemented to securely enable SSO?
A. A registration process is implemented to have a random number stored on the client.
B. The identity is passed between the applications as a HTTP header over REST.
C. Local storage of the authenticated token on the mobile application is secured.
D. Attestation of the XACML payload to ensure that the client is authorized.
Answer: C
Most up-to-date CAS-001 question:
Q156. - (Topic 4)
Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company’s purchased application? (Select TWO).
A. Code review
B. Sandbox
C. Local proxy
D. Fuzzer
E. Web vulnerability scanner
Answer: C,D
Q157. - (Topic 2)
Which of the following are security components provided by an application security library or framework? (Select THREE).
A. Authorization database
B. Fault injection
C. Input validation
D. Secure logging
E. Directory services
F. Encryption and decryption
Answer: C,D,F
Q158. - (Topic 4)
Company ABC will test connecting networks with Company XYZ as part of their upcoming merger and are both concerned with minimizing security exposures to each others network throughout the test. Which of the following is the FIRST thing both sides should do prior to connecting the networks?
A. Create a DMZ to isolate the two companies and provide a security inspection point for all inter-company network traffic.
B. Determine the necessary data flows between the two companies.
C. Implement a firewall that restricts everything except the IPSec VPN traffic connecting the two companies.
D. Implement inline NIPS on the connection points between the two companies.
Answer: B
Q159. - (Topic 1)
Company ABC has recently completed the connection of its network to a national high speed private research network. Local businesses in the area are seeking sponsorship from Company ABC to connect to the high speed research network by directly connecting through Company ABC’s network. Company ABC’s Chief Information Officer (CIO) believes that this is an opportunity to increase revenues and visibility for the company, as well as promote research and development in the area.
Which of the following must Company ABC require of its sponsored partners in order to
document the technical security requirements of the connection?
A. SLA
B. ISA
C. NDA
D. BPA
Answer: B
Q160. - (Topic 4)
Company XYZ provides cable television service to several regional areas. They are currently installing fiber-to-the-home in many areas with hopes of also providing telephone and Internet services. The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. The board of directors wishes to keep the subsidiaries separate from the parent company. However all three companies must share customer data for the purposes of accounting, billing, and customer authentication. The solution must use open standards, and be simple and seamless for customers, while only sharing minimal data between the companies. Which of the following solutions is BEST suited for this scenario?
A. The companies should federate, with the parent becoming the SP, and the subsidiaries becoming an IdP.
B. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SSP.
C. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SP.
D. The companies should federate, with the parent becoming the ASP, and the subsidiaries becoming an IdP.
Answer: C