[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 1-10

Ensurepass

QUESTION 1

The IT department of a pharmaceutical research company is considering whether the company should allow or block access to social media websites during lunch time. The company is considering the possibility of allowing access only through the company’s guest wireless network, which is logically separated from the internal research network. The company prohibits the use of personal devices; therefore, such access will take place from company owned laptops. Which of the following is the HIGHEST risk to the organization?

 

A.

Employee’s professional reputation

B.

Intellectual property confidentiality loss

C.

Downloaded viruses on the company laptops

D.

Workstation compromise affecting availability

 

Correct Answer: B

 

 

QUESTION 2

A company has purchased a new system, but security personnel are spending a great deal of time on system maintenance. A new third party vendor has been selected to maintain and manage thecompany’s system. Which of the following document types would need to be created before any work is performed?

 

A.

IOS

B.

ISA

C.

SLA

D.

OLA

 

Correct Answer: C

 

 

QUESTION 3

A company has decided to relocate and the security manager has been tasked to perform a site survey of the new location to help in the design of the physical infrastructure. The current location has video surveillance throughout the building and entryways.

 

The following requirements must be met:

 

clip_image002Able to log entry of all employees in and out of specific areas

clip_image002[1]Access control into and out of all sensitive areas

clip_image002[2]Tailgating prevention

 

Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO).

 

A.

Discretionary Access control

B.

Man trap

C.

Visitor logs

D.

Proximity readers

E.

Motion detection sensors

 

Correct Answer: BD

 

 

QUESTION 4

The security administrator has been tasked with providing a solution that would not only eliminate the need for physical desktops, but would also centralize the location of all desktop applications, without losing physical control of any network devices. Which of the following would the security manager MOST likely implement?

 

A.

VLANs

B.

VDI

C.

PaaS

D.

IaaS

 

Correct Answer: B

 

 

QUESTION 5

An administrator is assessing the potential risk impact on an accounting system and categorizes it as follows:

 

Administrative Files = {(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Low)}

 

Vendor Information = {(Confidentiality, Moderate), (Integrity, Low), (Availability, Low)}

 

Payroll Data = {(Confidentiality, High), (Integrity, Moderate), (Availability, Low)}

 

Which of the following is the aggregate risk impact on the accounting system?

 

A.

{(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Moderate)}

B.

{(Confidentiality, High), (Integrity, Low), (Availability, Low)}

C.

{(Confidentiality, High), (Integrity, Moderate), (Availability, Low)}

D.

{(Confidentiality, Moderate), (Integrity, Moderate), (Availability, Low)}

 

Correct Answer: C

 

 

QUESTION 6

A security audit has uncovered that some of the encryption keys used to secure the company B2B financial transactions with its partners may be too weak. The security administrator needs to implement a process to ensure that financial transactions will not be compromised if a weak encryption key is found. Which of the following should the security administrator implement?

 

A.

Entropy should be enabled on all SSLv2 transactions.

B.

AES256-CBC should be implemented for all encrypted data.

C.

PFS should be implemented on all VPN tunnels.

D.

PFS should be implemented on all SSH connections.

 

Correct Answer: C

 

 

QUESTION 7

A system designer needs to factor in CIA requirements for a new SAN. Which of the CIA requirements is BEST met by multipathing?

 

A.

Confidentiality

B.

Authentication

C.

Integrity

D.

Availability

 

Correct Answer: D

 

 

QUESTION 8

An online banking application has had its source code updated and is soon to be re-launched. The underlying infrastructure has not been changed. In order to ensure that the application has an appropriate security posture, several security-related activities are required. Which of the following security activities should be performed to provide an appropriate level of security testing coverage? (Select TWO).

 

A.

Penetration test across the application with accounts of varying access levels (i.e. non- authenticated, authenticated, and administrative users).

B.

Code review across critical modules to ensure that security defects, Trojans, and backdoors are not present.

C.

Vulnerability assessment across all of the online banking servers to ascertain host and container configuration lock-down and patch levels.

D.

Fingerprinting across all of the online banking servers to ascertain open ports and services.

E.

Black box code review across the entire code base to ensure that there are no security defects present.

 

Correct Answer: AB

 

 

QUESTION 9

A company currently does not use any type of authentication or authorization service for remote access. The new security policy states that all remote access must be locked down to only authorized personnel. The policy also dictates that only authorized external networks will be allowed to access certain internal resources. Which of the following would MOST likely need to be implemented and configured on the company’s perimeter network to comply with the new security policy? (Select TWO).

 

A.

VPN concentrator

B.

Firewall

C.

Proxy server

D.

WAP

E.

Layer 2 switch

 

Correct Answer: AB

 

 

QUESTION 10

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and connected it to the internal network. The CEO proceeded to download sensitive financial documents through their email. The device was then lost in transit to a conference. The CEO notified the company helpdesk about the lost device and another one was shipped out, after which the helpdesk ticket was closed stating the issue was resolved. This data breach was not properly reported due to insufficient training surrounding which of the following processes?

 

A.

E-Discovery

B.

Data handling

C.

Incident response

D.

Data recovery and storage

 

Correct Answer: C

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.