[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 131-140

Ensurepass

QUESTION 131

A firm’s Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted, in a risk managementmeeting that code base confidentiality is of upmost importance to allow the company to exceed the competition in terms of product reliability, stability and performance. The CEO also highlighted that company reputation for secure products is extremely important. Which of the following will provide the MOST thorough testing and satisfy the CEO’s requirements?

 

A.

Use the security assurance team and development team to perform Grey box testing.

B.

Sign a NDA with a large consulting firm and use the firm to perform Black box testing.

C.

Use the security assurance team and development team to perform Black box testing.

D.

Sign a NDA with a small consulting firm and use the firm to perform Grey box testing.

 

Correct Answer: D

 

 

QUESTION 132

Corporate policy states that the systems administrator should not be present during system audits. The security policy that states this is:

 

A.

Separation of duties.

B.

Mandatory vacation.

C.

Non-disclosure agreement.

D.

Least privilege.

 

Correct Answer: A

 

 

QUESTION 133

A mid-level company is rewriting its security policies and has halted the rewriting progress because the company’s executives believe that its major vendors, who have cultivated a strong personal and professional relationship with the senior level staff, have a good handle on compliance and regulatory standards. Therefore, the executive level managers are allowing vendors to play a large role in writing the policy. Having experienced this type of environment in previous positions, and being aware that vendors may not always put the company’s interests first, the IT Director decides that while vendor support is important, it is critical that the company writes the policy objectively. Which of the following is the recommendation the IT Director should present to senior staff?

 

A.

1) Consult legal, moral, and ethical standards;

2) Draft General Organizational Policy;

3)Specify Functional Implementing Policies;

4) Allow vendors to review and participate in the establishment of focused compliance standards, plans, and procedures

B.

1) Consult legal and regulatory requirements;

2) Draft General Organizational Policy;

3)Specify Functional Implementing Policies;

4) Establish necessary standards, procedures, baselines, and guidelines

C.

1) Draft General Organizational Policy;

2) Establish necessary standards and compliance documentation;

3) Consult legal and industry security experts;

4) Determine acceptable tolerance g
uidelines

D.

1) Draft a Specific Company Policy Plan;

2) Consult with vendors to review and collaborate with executives;

3) Add industry compliance where needed;

4) Specify Functional Implementing Policies

 

Correct Answer: B

 

 

QUESTION 134

A security engineer at a major financial institution is prototyping multiple secure network configurations. The testing is focused on understanding the impact each potential design will have on the three major security tenants of the network. All designs must take into account the stringent compliance and reporting requirements for most worldwide financial institutions.Which of the following is the BEST list of security lifecycle related concerns related to deploying the final design?

 

A.

Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable regulations and laws.

B.

Interoperability with the Security Administration Remote Access protocol, integrity of the data at rest, overall network availability, and compliance with corporate and government regulations and policies.

C.

Resistance of the new network design to DDoS attacks, ability to ensure confidentiality of all data in transit, security of change management processes and procedures, and resilience of the firewalls to power fluctuations.

D.

Decommissioning plan for the new network, proper disposal protocols for the existing network equipment, transitioning operations to the new network on day one, and ensuring compliance with corporate data retention policies.

E.

Ensuring smooth transition of maintenance resources to support the new network, updating all whole disk encryption keys to be compatible with IPv6, and maximizing profits for bank shareholders.

 

Correct Answer: A

 

 

QUESTION 135

A small company has recently placed a newly installed DNS server on the DMZ and wants to secure it by allowing Internet hosts to query the DNS server. Since the company deploys an internal DNS server, all DNS queries to that server coming from the company network should be blocked. An IT administrator has placed the following ACL on the company firewall: Testing shows that the DNS server in the DMZ is not working. Which of the following should the administrator do to resolve the problem?

 

A.

Modify the SRC and DST ports of ACL 1

B.

Modify the SRC IP of ACL 1 to 0.0.0.0/32

C.

Modify the ACTION of ACL 2 to Permit

D.

Modify the PROTO of ACL 1 to TCP

 

Correct Answer: A

 

 

QUESTION 136

Company A is purchasing Company B, and will import all of Company B’s users into its authentication system. Company A uses 802.1x with a RADIUS server, while Company B uses a captive SSL portal with an LDAP backend. Which of the following is the BEST way to integrate these two networks?

 

A.

Enable RADIUS and end point security on Company B’s network devices.

B.

Enable LDAP authentication on Company A’s network devices.

C.

Enable LDAP/TLS authentication on Company A’s network devices.

D.

Enable 802.1x on Company B’s network devices.

 

Correct Answer: D

 

 

QUESTION 137

The Chief Information Security Officer (CISO) is researching ways to reduce the risk associated with administrative access of six IT staff members while enforcing separation of duties. In the case where an IT staff member is absent, each staff member should be able to perform all the necessary duties of their IT co-workers. Which of the following policies should the CISO implement to reduce the risk?

 

A.

Require the use of an unprivileged account, and a second shared account only for administrative purposes.

B.

Require role-based security on primary role, and only provide access to secondary roles on a case-by-case basis.

C.

Require separation of duties ensuring no single administrator has access to all systems.

D.

Require on-going auditing of administrative activities, and evaluate against risk-based metrics.

 

Correct Answer: B

 

 

QUESTION 138

A network security engineer would like to allow authorized groups to access network devices with a shell restricted to only show information while still authenticating the administrator’s group to an unrestricted shell. Which of the following can be configured to authenticate and enforce these shell restrictions? (Select TWO).

 

A.

Single Sign On

B.

Active Directory

C.

Kerberos

D.

NIS+

E.

RADIUS

F.

TACACS+

 

Correct Answer: EF

 

 

QUESTION 139

A healthcare company recently purchased the building next door located on the same campus. The building previously did not have any IT infrastructure. The building manager has selected four potential locations to place IT equipment consisting of a half height open server rack with five switches, a router, a firewall, and two servers. Given the descriptions below, where would the security engineer MOST likely recommend placing the rack?

 

The Boiler Room: The rack can be placed 5 feet (1.5 meters) up on the wall, between the second and thi
rd boiler. The room is locked and only maintenance has access to it.

 

The Reception Area. The reception area is an open area right as customers enter. There is a closet 5 feet by 5 feet (1.5 meters by 1.5 meters) that the rack will be placed in with floor mounts. There is a 3 digit PIN lock that the receptionist sets.

 

The Rehabilitation Area. The rack needs to be out of the way from patients using the whirlpool bath, so it will be wall mounted 8 feet (2.4 meters) up as the area has high ceilings. The rehab area is staffed full time and admittance is by key card only.

 

The Finance Area. There is an unused office in the corner of the area that can be used for the server rack. The rack will be floor mounted. The finance area is locked and alarmed at night.

 

A.

The Rehabilitation Area

B.

The Reception Area

C.

The Boiler Room

D.

The Finance Area

 

Correct Answer: D

 

 

QUESTION 140

An ISP is peering with a new provider and wishes to disclose which autonomous system numbers should be allowed through BGP for network transport. Which of the following should contain this information?

 

A.

Memorandum of Understanding

B.

Interconnection Security Agreement

C.

Operating Level Agreement

D.

Service Level Agreement

Correct Answer: B

 

Free VCE & PDF File for CompTI
A CAS-001 Actual Tests


Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.