CAS-001 by CompTIA Valid Free Exam Practice Test

Question 1

The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The network administrator reviews the tickets and compiles the following information for the security administrator:
Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0 Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0 Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0 All callers are connected to the same switch and are routed by a router with five built-in
interfaces. The upstream router interface's MAC is 00-01-42-32-ab-1a
The security administrator brings a laptop to the finance office, connects it to one of the
wall jacks, starts up a network analyzer, and notices the following:
09:05:10.937590 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
09:05:15.934840 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
09:05:19.931482 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
Which of the following can the security administrator determine from the above
information?

A. An ARP flood attack targeted at the router is causing intermittent communication - implementing IPS is a possible solution. B. The default gateway is being spoofed - implementing static routing with MD5 is a possible solution. C. The router is being advertised on a separate network - router reconfiguration is a possible solution. D. A man in the middle attack is underway - implementing static ARP entries is a possible solution.

Correct Answer: D

Question 2

A system designer needs to factor in CIA requirements for a new SAN. Which of the CIA requirements is BEST met by multipathing?

A. Integrity B. Confidentiality C. Authentication D. Availability

Correct Answer: D

Question 3

In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which of the following BEST covers the data lifecycle end-to-end?

A. Information classification, vendor selection, and the RFP process B. Data provisioning, processing, in transit, at rest, and de-provisioning C. Securing virtual environments, appliances, and equipment that handle email D. Creation and secure destruction of mail accounts, emails, and calendar items

Correct Answer: B

Question 4

The Chief Information Security Officer (CISO) has just returned from attending a security conference and now wants to implement a Security Operations Center (SOC) to improve and coordinate the detection of unauthorized access to the enterprise. The CISO's biggest concern is the increased number of attacks that the current infrastructure cannot detect. Which of the following is MOST likely to be used in a SOC to address the CISO's concerns?

A. eGRC, WIPS, Federated ID, Network enumerator, NIPS and Port Scanners B. DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC C. Forensics, White box testing, Log correlation, HIDS, and SSO D. Vulnerability assessments, NIDP, HIDS, SCAP, Analytics and SIEM

Correct Answer: B

Question 5

The security manager of a company has hired an external consultant to conduct a security assessment of the company network. The contract stipulates that the consultant is not allowed to transmit any data on the company network while performing wired and wireless security assessments. Which of the following technical means can the consultant use to determine the manufacturer and likely operating system of the company wireless and wired network devices, as well as the computers connected to the company network?

A. Port scanner B. Social engineering C. Grey box testing D. Protocol analyzer

Correct Answer: D

Question 6

An administrator wants to integrate the Credential Security Support Provider (CredSSP) protocol network level authentication (NLA) into the remote desktop terminal services environment. Which of the following are supported authentication or encryption methods to
use while implementing this? (Select THREE).

A. Camellia B. NTLM C. Kerberos D. HMAC E. RADIUS F. TLS G. TACACS+

Correct Answer: B,C,F

Question 7

Which of the following is an example of single sign-on?

A. A password is synchronized between multiple platforms and the user is required to authenticate with the same password across each platform. B. A web access control infrastructure performs authentication and passes attributes in a HTTP header to multiple applications. C. Multiple applications have been integrated with a centralized LDAP directory for authentication and authorization. A user has to authenticate each time the user accesses an application. D. An administrator manages multiple platforms with the same username and hardware token. The same username and token is used across all the platforms.

Correct Answer: B

Question 8

A company has recently implemented a video conference solution that uses the H.323 protocol. The security engineer is asked to make recommendations on how to secure video conferences to protect confidentiality. Which of the following should the security engineer recommend?

A. Implement H.235 extensions with DES to secure the audio and video transport. B. Recommend implementing G.711 for the audio channel and H.264 for the video. C. Encapsulate the audio channel in the G.711 codec rather than the unsecured Speex. D. Recommend moving to SIP and RTP as those protocols are inherently secure.

Correct Answer: A

Question 9

A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night. Which of the following presents the MOST risk to confidentiality in this scenario?

A. Distribution of the job to multiple data centers B. Network transmission of cryptographic keys C. Loss of physical control of the servers D. Data scraped from the hardware platforms

Correct Answer: D

Question 10

An administrator wants to virtualize the company's web servers, application servers, and database servers. Which of the following should be done to secure the virtual host machines? (Select TWO).

A. Distribute guests to hosts by application role or trust zone. B. Restrict physical and network access to the host console. C. Establish VLANs for each virtual guest's NIC on the virtual switch. D. Enable virtual switch layer 2 security precautions. E. Only access hosts through a secure management interface.

Correct Answer: B,E

Question 11

A company is developing a new web application for its Internet users and is following a secure coding methodology. Which of the following methods would BEST assist the developers in determining if any unknown vulnerabilities are present?

A. Conduct static code analysis. B. Conduct SQL injection and XSS attacks. C. Conduct web server load tests. D. Conduct fuzzing attacks.

Correct Answer: D

Explanation: Only visible for ExamsLabs members. You can sign-up / login (it's free).

Question 12

A company is evaluating a new marketing strategy involving the use of social networking sites to reach its customers. The marketing director wants to be able to report important company news, product updates, and special promotions on the social websites.
After an initial and successful pilot period, other departments want to use the social websites to post their updates as well.
The Chief Information Officer (CIO) has asked the company security administrator to document three negative security impacts of allowing IT staff to post work related information on such websites.
Which of the following are the major risks the security administrator should report back to the CIO? (Select THREE).

A. Social engineering attacks B. SQL injection attacks C. DDOS attacks D. Brute force attacks E. Phishing attacks F. Malware infection

Correct Answer: A,E,F

Question 13

Several critical servers are unresponsive after an update was installed. Other computers that have not yet received the same update are operational, but are vulnerable to certain buffer overflow attacks. The security administrator is required to ensure all systems have the latest updates while minimizing any downtime.
Which of the following is the BEST risk mitigation strategy to use to ensure a system is properly updated and operational?

A. Distributed patch management system where all updates are tested in a lab environment prior to being installed on a live production system. B. Central patch management system where all systems in production are patched by automatic updates as they are released. C. Distributed patch management system where all systems in production are patched as updates are released. D. Central patch management system where all updates are tested in a lab environment after being installed on a live production system.

Correct Answer: A

Question 14

Based on the results of a recent audit, a company rolled out a standard computer image in an effort to provide consistent security configurations across all computers. Which of the following controls provides the GREATEST level of certainty that unauthorized changes are not occurring?

A. Schedule weekly vulnerability assessments B. Scan computers weekly against the baseline C. Implement continuous log monitoring D. Require monthly reports showing compliance with configuration and updates

Correct Answer: B

CompTIA Advanced Security Practitioner - CAS-001 Exam Practice Test