[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 161-170

Ensurepass

QUESTION 161

The increasing complexity of attacks on corporate networks is a direct result of more and more corporate employees connecting to corporate networks with mobile and personal devices. In most cases simply banning these connections and devices is not practical because they support necessary business needs. Which of the following are typical risks and mitigations associated with this new trend?

 

A.

Risks: Data leakage, lost data on destroyed mobile devices, smaller network attack surface, prohibitive telecommunications costs

Mitigations: Device Encryptions, lock screens, certificate based authentication, corporate telecom plans

B.

Risks: Confidentiality leaks through cell conversations, availability of remote corporate data, integrity of data stored on the devices

Mitigations: Cellular privacy extensions, mobile VPN clients, over-the-air backups.

C.

Risks: Data exfiltration, loss of data via stolen mobile devices, increased data leakage at the network edge

Mitigations: Remote data wipe capabilities, implementing corporate security on personally owned devices

D.

Risks: Theft of mobile devices, unsanctioned applications, minimal device storage, call quality

Mitigations: GPS tracking, centralized approved appl
ication deployment, over-the-air backups, QoS implementation

 

Correct Answer: C

 

 

QUESTION 162

Which of the following is the MOST secure way to ensure third party applications and introduce only acceptable risk?

 

A.

Line by line code review and simu-lation; uncovers hidden vulnerabilities and allows for behavior to be observed with minimal risk.

B.

Technical exchange meetings with the application’s vendor; vendors have more in depth knowledge of the product.

C.

Pilot trial; minimizes the impact to the enterprise while still providing services to enterprise users.

D.

Full deployment with crippled features; allows for large scale testing and observation of the applications security profile.

 

Correct Answer: A

 

 

QUESTION 163

Which of the following implementations of a continuous monitoring risk mitigation strategy is correct?

 

A.

Audit successful and failed events, transfer logs to a centralized server, institute computer assisted audit reduction, and email alerts to NOC staff hourly.

B.

Audit successful and critical failed events, transfer logs to a centralized server once a month, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are approached.

C.

Audit successful and failed events, transfer logs to a centralized server, institute computer assisted audit reduction, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are exceeded.

D.

Audit failed events only, transfer logs to a centralized server, implement manual audit reduction, tailor logged event thresholds to meet organization goals, and display alerts in real time when thresholds are approached and exceeded.

 

Correct Answer: C

 

 

 

 

 

 

QUESTION 164

Company ABC has grown yearly through mergers and acquisitions. This has led to over 200 internal custom web applications having standalone identity stores. In order to reduce costs and improve operational efficiencies a project has been initiated to implement a centralized security infrastructure.

 

The requirements are as follows:

 

clip_image002Reduce costs

clip_image002[1]Improve efficiencies and time to market

clip_image002[2]Manageable

clip_image002[3]< /a>Accurate identity information

clip_image002[4]Standardize on authentication and authorization

clip_image002[5]Ensure a reusable model with standard integration patterns

 

Which of the following security solution options will BEST meet the above requirements? (Select THREE).

 

A.

Build an organization-wide fine grained access control model stored in a centralized policy data store.

B.

Implement self service provisioning of identity information, coarse grained, and fine grained access control.

C.

Implement a web access control agent based model with a centralized directory model providing coarse grained access control and single sign-on capabilities.

D.

Implement a web access controlled reverse proxy and centralized directory model providing coarse grained access control and single sign-on capabilities.

E.

Implement automated provisioning of identity information; coarse grained, and fine grained access control.

F.

Move each of the applications individual fine grained access control models into a centralized directory with fine grained access control.

G.

Implement a web access control forward proxy and centralized directory model, providing coarse grained access control, and single sign-on capabilities.

 

Correct Answer: ADE

 

 

QUESTION 165

SAML entities can operate in a variety of different roles. Valid SAML roles include which of the following?

 

A.

Attribute authority and certificate authority

B.

Certificate authority and attribute requestor

C.

Identity provider and service provider

D.

Service provider and administrator

 

Correct Answer: C

 

 

 

 

 

 

 

QUESTION 166

The security manager is in the process of writing a business case to replace a legacy secure web gateway so as to meet an availability requirement of 99.9% service availability. According to the vendor, the newly acquired firewall has been rated with an MTBF of 10,000 hours and has an MTTR of 2 hours. This equates to 1.75 hours per year of downtime. Based on this, which of the following is the MOST accurate statement?

 < /font>

A.

The firewall will meet the availability requirement because availability will be 99.98%.

B.

The firewall will not meet the availability requirement because availability will be 85%.

C.

The firewall will meet the availability requirement because availability will be 99.993%.

D.

The firewall will not meet the availability requirement because availability will be 99.2%.

 

Correct Answer: A

 

 

QUESTION 167

There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data, a training company has been employed to educate staff. Which of the following should be the primary focus of the privacy compliance training program?

 

A.

Explain how customer data is gathered, used, disclosed, and managed.

B.

Remind staff of the company’s data handling policy and have staff sign an NDA.

C.

Focus on explaining the “how” and “why” customer data is being collected.

D.

Republish the data classification and the confidentiality policy.

 

Correct Answer: A

 

 

QUESTION 168

Company XYZ is selling its manufacturing business consisting of one plant to a competitor, Company QRS. All of the people will become QRS employees, but will retain permissions to plant-specific information and resources for one month. To ease the transition, Company QRS also connected the plant and employees to the Company QRS network. Which of the following threats is the HIGHEST risk to Company XYZ?

 

A.

Malware originating from Company XYZ’s network

B.

Co-mingling of company networks

C.

Lack of an IPSec connection between the two networks

D.

Loss of proprietary plant information

 

Correct Answer: B

 

 

QUESTION 169

The Chief Information Security Officer (CISO) has just returned from attending a security conference and now wants to implement a Security Operations Center (SOC) to improve and coordinate the detection of unauthorized access to the enterprise. The CISO’s biggest concern is the increased number of attacks that the current infrastructure cannot detect. Which of the following is MOST likely to be used in a SOC to address the CISO’s concerns?

 

A.

DLP, Analytics, SIEM, Forensics, NIPS, HIPS, WIPS and eGRC

B.

Forensics, White box testing, Log correlation, HIDS, and SSO

C.

Vulnerability assessments, NIDP, HIDS, SCAP, Analytics and SIEM

D.

eGRC, WIPS, Federated ID, Network enumerator, NIPS and Port Scanners

 

Correct Answer: A

 

 

QUESTION 170

A wholesaler has decided to increase revenue streams by selling direct to the public through an on-line system. Initially this will be run as a short term trial and if profitable, will be expanded and form part of the day to day business. The risk manager has raised two main business risks for the initial trial:

 

1. IT staff has no experience with establishing and managing secure on-line credit card processing.

2. An internal credit card processing system will expose the business to additional compliance requirements.

 

Which of the following is the BEST risk mitigation strategy?

 

A.

Transfer the risks to another internal department, who have more resources to accept the risk.

B.

Accept the risks and log acceptance in the risk register. Once the risks have been accepted close them out.

C.

Transfer the initial risks by outsourcing payment processing to a third party service provider.

D.

Mitigate the risks by hiring additional IT staff with the appropriate experience and certifications.

 

Correct Answer: C

 

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.