Want to know Testking CAS-001 Exam practice test features? Want to lear more about CompTIA CompTIA Advanced Security Practitioner certification experience? Study Printable CompTIA CAS-001 answers to Up to date CAS-001 questions at Testking. Gat a success with an absolute guarantee to pass CompTIA CAS-001 (CompTIA Advanced Security Practitioner) test on your first attempt.
2021 Aug CAS-001 exam engine
Q1. - (Topic 2)
During user acceptance testing, the security administrator believes to have discovered an issue in the login prompt of the company’s financial system. While entering the username and password, the program crashed and displayed the system command prompt. The security administrator believes that one of the fields may have been mistyped and wants to reproduce the issue to report it to the software developers. Which of the following should the administrator use to reproduce the issue?
A. The administrator should enter a username and use an offline password cracker in brute force mode.
B. The administrator should use a network analyzer to determine which packet caused the system to crash.
C. The administrator should extract the password file and run an online password cracker in brute force mode against the password file.
D. The administrator should run an online fuzzer against the login screen.
Answer: D
Q2. - (Topic 5)
As a cost saving measure, a company has instructed the security engineering team to allow all consumer devices to be able to access the network. They have asked for recommendations on what is needed to secure the enterprise, yet offer the most flexibility in terms of controlling applications, and stolen devices. Which of the following is BEST suited for the requirements?
A. MEAP with Enterprise Appstore
B. Enterprise Appstore with client-side VPN software
C. MEAP with TLS
D. MEAP with MDM
Answer: D
Q3. - (Topic 2)
A storage administrator would like to make storage available to some hosts and unavailable to other hosts. Which of the following would be used?
A. LUN masking
B. Deduplication
C. Multipathing
D. Snapshots
Answer: A
Q4. - (Topic 1)
A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seems to be a manageable volume of infrequently exploited security vulnerabilities. The likelihood of a malicious attacker exploiting one of the vulnerabilities is low; however, the director still has some reservations about approving the system because of which of the following?
A. The resulting impact of even one attack being realized might cripple the company financially.
B. Government health care regulations for the pharmaceutical industry prevent the director from approving a system with vulnerabilities.
C. The director is new and is being rushed to approve a project before an adequate assessment has been performed.
D. The director should be uncomfortable accepting any security vulnerabilities and should find time to correct them before the system is deployed.
Answer: A
Q5. - (Topic 5)
A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized. The Chief Information Office has become increasingly frustrated with frequent releases, stating that the organization needs everything to work completely, and the vendor should already have those desires built into the software product. The vendor has been in constant communication with personnel and groups within the organization to understand its business process and capture new software requirements from users. Which of the following methods of software development is this organization’s configuration management process using?
A. Agile
B. SDL
C. Waterfall
D. Joint application development
Answer: A
Up to the minute CAS-001 exam question:
Q6. - (Topic 3)
A new web application system was purchased from a vendor and configured by the internal development team. Before the web application system was moved into production, a
vulnerability assessment was conducted. A review of the vulnerability assessment report indicated that the testing team discovered a minor security issue with the configuration of the web application. The security issue should be reported to:
A. CISO immediately in an exception report.
B. Users of the new web application system.
C. The vendor who supplied the web application system.
D. Team lead in a weekly report.
Answer: D
Q7. - (Topic 2)
A newly-hired Chief Information Security Officer (CISO) is faced with improving security for a company with low morale and numerous disgruntled employees. After reviewing the situation for several weeks the CISO publishes a more comprehensive security policy with associated standards. Which of the following issues could be addressed through the use of technical controls specified in the new security policy?
A. Employees publishing negative information and stories about company management on social network sites and blogs.
B. An employee remotely configuring the email server at a relative’s company during work hours.
C. Employees posting negative comments about the company from personal phones and PDAs.
D. External parties cloning some of the company’s externally facing web pages and creating look-alike sites.
Answer: B
Q8. - (Topic 5)
An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO).
A. LDAP/S
B. SAML
C. NTLM
D. OAUTH
E. Kerberos
Answer: B,E
Q9. - (Topic 2)
.....
An administrator is unable to connect to a server via VNC.
Upon investigating the host firewall configuration, the administrator sees the following lines:
A INPUT -m state --state NEW -m tcp -p tcp --dport 3389 -j DENY A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j DENY A INPUT -m state --state NEW -m tcp -p tcp --dport 10000 -j ACCEPT A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j DENY A INPUT -m state --state NEW -m tcp -p tcp --sport 3389 -j ACCEPT
Which of the following should occur to allow VNC access to the server?
A. DENY needs to be changed to ACCEPT on one line.
B. A line needs to be added.
C. A line needs to be removed.
D. Fix the typo in one line.
Answer: B
Q10. - (Topic 1)
Based on the results of a recent audit, a company rolled out a standard computer image in an effort to provide consistent security configurations across all computers. Which of the following controls provides the GREATEST level of certainty that unauthorized changes are not occurring?
A. Schedule weekly vulnerability assessments
B. Implement continuous log monitoring
C. Scan computers weekly against the baseline
D. Require monthly reports showing compliance with configuration and updates
Answer: C