[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 151-160

Ensurepass

QUESTION 151

A user on a virtual machine downloads a large file using a popular peer-to-peer torrent program. The user is unable to execute the program on their VM. A security administrator scans the VM and detects a virus in the program. The administrator reviews the hypervisor logs and correlates several access attempts to the time of execution of the virus. Which of the following is the MOST likely explanation for this behavior?

 

A.

The hypervisor host does not have hardware acceleration enabled and does not allow DEP.

B.

The virus scanner on the VM changes file extensions of all programs downloaded via P2P to prevent execution.

C.

The virtual machine is configured to require administrator rights to execute all programs.

D.

The virus is trying to access a virtual device which the hypervisor is configured to restrict.

 

Correct Answer: D

 

 

QUESTION 152

Company ABC has entered into a marketing agreement with Company XYZ, whereby ABC will share some of its customer information with XYZ. However, XYZ can only contact ABC customers who explicitly agreed to being contacted by third parties. Which of the following documents would contain the details of this marketing agreement?

 

A.

BPA

B.

ISA

C.

NDA

D.

SLA

 

Correct Answer: A

 

 

QUESTION 153

A programming team is deploying a new PHP module to be run on a Solar
is 10 server with trusted extensions. The server is configured with three zones, a management zone, a customer zone, and a backend zone. The security model is constructed so that only programs in the management zone can communicate data between the zones. After installation of the new PHP module, which handles on-line customer payments, it is not functioning correctly. Which of the following is the MOST likely cause of this problem?

 

A.

The PHP module is written to transfer data from the customer zone to the management zone, and then from the management zone to the backend zone.

B.

The iptables configuration is not configured correctly to permit zone to zone communications between the customer and backend zones.

C.

The PHP module was installed in the management zone, but is trying to call a routine in the customer zone to transfer data directly to a MySQL database in the backend zone.

D.

The ipfilters configuration is configured to disallow loopback traffic between the physical NICs associated with each zone.

 

Correct Answer: C

 

 

QUESTION 154

A database is hosting information assets with a computed CIA aggregate value of high. The database is located within a secured network zone where there is flow control between the client and datacenter networks. Which of the following is the MOST likely threat?

 

A.

Inappropriate administrator access

B.

Malicious code

C.

Internal business fraud

D.

Regulatory compliance

 

Correct Answer: A

QUESTION 155

The security team for Company XYZ has determined that someone from outside the organization has obtained sensitive information about the internal organization by querying the external DNS server of the company. The security manager is tasked with making sure this problem does not occur in the future. How would the security manager address this problem?

 

A.

Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain authoritative records for internal systems.

B.

Implement a split DNS, only allowing the external DNS server to contain information about internal domain resources that the outside world would be interested in, and an internal DNS server to maintain authoritative records for internal systems.

C.

Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain non-authoritative records for external systems.

D.

Implement a split DNS, only allowing the internal DNS server to contain information about domains the outside world should be aware of, and an external DNS server to maintain authoritative records for internal systems.

 

Correct Answer: A

 

 

QUESTION 156

Which of the following activities could reduce the security benefits of mandatory vacations?

 

A.

Have a replacement employee run the same applications as the vacationing employee.

B.

Have a replacement employee perform tasks in a different order from the vacationing employee.

C.

Have a replacement employee perform the job from a different workstation than the vacationing employee.

D.

Have a replacement employee run several daily scripts developed by the vacationing employee.

 

Correct Answer: D

 

 

QUESTION 157

A security administrator wants to perform an audit of the company password file to ensure users are not using personal information such as addresses and birthdays as part of their password. The company employs 200,000 users, has virtualized environments with cluster and cloud-based computing resources, and enforces a minimum password length of 14 characters. Which of the following options is BEST suited to run the password auditing software and produce a report in the SHORTEST amount of time?

 

A.

The system administrator should take advantage of the company’s cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform.

B.

The system administrator should upload the password file to a virtualized de-duplicated storage system to reduce the password entries and run a password cracker on that file.

C.

The system administrator should build a virtual machine on the administrator’s desktop, transfer the password file to it, and run the a password cracker on the virtual machine.

D.

The system administrator should upload the password file to cloud storage and use on- demand provisioning to build a purpose based virtual machine to run a password cracker on all the users.

 

Correct Answer: A

 

 

QUESTION 158

A growing corporation is responding to the needs of its employees to access corporate email and other resources while traveling. The company is implementing remote access for company laptops. Which of the following security systems should be implemented for remote access? (Select TWO).

 

A.

Virtual Private Network

B.

Secure Sockets Layer for web servers

C.

Network monitoring

D.

Multifactor authentication for users

E.

Full disk encryption

F.

Intrusion detection systems

 

Correct Answer: AD

 

 

QUESTION 159

When Company A and Company B merged, the network security administrator for Company A was tasked with joining the two networks. Which of the following should be done FIRST?

 

A.

Implement a unified IPv6 addressing scheme on the entire network.

B.

Conduct a penetration test of Company B’s network.

C.

Perform a vulnerability assessment on Company B’s network.

D.

Perform a peer code review on Company B’s application.

 

Correct Answer: C

 

 

QUESTION 160

A company decides to purchase COTS software. This can introduce new security risks to the network. Which of the following is the BEST description of why this is true?

 

A.

COTS software is typically well known and widely available. Information concerning vulnerabilities and viable attack patterns are never revealed by the developer to avoid a lawsuit.

B.

COTS software is not well known and is only available in limited quantities. Information concerning vulnerabilities is kept internal to the company that developed the software.

C.

COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically ignored within the IT community.

D.

COTS software is well known and widely available. Information concerning vulnerabilities and viable attack patterns is typically shared within the IT community.

 

Correct Answer: D

 

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.