[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 181-190

Ensurepass

QUESTION 181

What of the following vulnerabilities is present in the below source code file named `AuthenticatedArea.php’?

 

<html><head><title>AuthenticatedArea</title></head>

 

<?

 

include (“/inc/common.php”);

 

$username = $_REQUEST[`username’];

 

if ($username != “”) {

 

echo “Your username is: ” . $_REQUEST[`username’];

 

}else {

 

header)(“location: /login.php”

 

}

 

?>

 

</html>

 

A.

Header manipulation

B.

Account disclosure

C.

Unvalidated file inclusion

D.

Cross-site scripting

 

Correct Answer: D

 

 

 

 

QUESTION 182

Which of the following are security components provided by an application security library or framework? (Select THREE).

 

A.

Authorization database

B.

Fault injection

C.

Input validation

D.

Secure logging

E.

Directory services

F.

Encryption and decryption

 

Correct Answer: CDF

 

 

QUESTION 183

An organization recently upgraded its wireless infrastructure to support WPA2 and requires all clients to use this method. After the upgrade, several critical wireless clients fail to connect because they are only WEP compliant. For the foreseeable future, none of the affected clients have an upgrade path to put them into compliance with the WPA2 requirement. Which of the following provides the MOST secure method of integrating the non-compliant clients into the network?

 

A.

Create a separate SSID and WEP key to support the legacy clients and enable detection of rogue APs.

B.

Create a separate SSID and WEP key on a new network segment and only allow required communication paths.

C.

Create a separate SSID and require the legacy clients to connect to the wireless network using certificate-based 802.1x.

D.

Create a separate SSID and require the use of dynamic WEP keys.

 

Correct Answer: B

 

 

QUESTION 184

The company is considering issuing non-standard tablet computers to executive management. Which of the following is the FIRST step the security manager should perform?

 

A.

Apply standard security policy settings to the devices.

B.

Set up an access control system to isolate the devices from the network.

C.

Integrate the tablets into standard remote access systems.

D.

Develop the use case for the devices and perform a risk analysis.

 

Correct Answer: D

 

 

QUESTION 185

An ecommerce application on a Linux server does not properly track the number of incoming connections to the server and may leave the server vulnerable to which of following?

 

A.

Buffer Overflow Attack

B.

Storage Consumption Attack

C.

Denial of Service Attack

D.

Race Condition

Correct Answer: C

 

 

QUESTION 186

An administrator of a secure web server has several clients with top security clearance and prefers security over performance. By default, which of the following cipher suites would provide strong security, but at the same time the worst performance?

 

A.

3DES – SHA

B.

DES – MD5

C.

Camellia – SHA

D.

RC4 – MD5

 

Correct Answer: A

 

 

QUESTION 187

A company data center provides Internet based access to email and web services.

 

The firewall is separated into four zones:

 

clip_image002RED ZONE is an Internet zone

clip_image002[1]ORANGE ZONE a Web DMZ

clip_image002[2]YELLOW ZONE an email DMZ

clip_image002[3]GREEN ZONE is a management interface

 

There are 15 email servers and 10 web servers. The data center administrator plugs a laptop into the management interface to make firewall changes. The administrator would like to secure this environment but has a limited budget. Assuming each addition is an appliance, which of the following would provide the MOST appropriate placement of security solutions while minimizing the expenses?

 

A.

RED ZONE: none

ORANGE ZONE: WAF

YELLOW ZONE: SPAM Filter

GREEN ZONE: none

B.

RED ZONE: Virus Scanner, SPAM Filter

ORANGE ZONE: NIPS

YELLOW ZONE: NIPS

GREEN ZONE: NIPS

C.

RED ZONE: WAF, Virus Scanner

ORANGE ZONE: NIPS

YELLOW ZONE: NIPS

GREEN ZONE: SPAM Filter

D.

RED ZONE: NIPS

ORANGE ZONE: WAF

YELLOW ZONE: Virus Scanner, SPAM Filter

GREEN ZONE: none

 

Correct Answer: D

 

 

 

 < /font>

QUESTION 188

During a specific incident response and recovery process action, the response team determines that it must first speak to the person ultimately responsible for the data. With whom should the response team speak FIRST?

 

A.

Data User

B.

Data Owner

C.

Business Owner

D.

Data Custodian

 

Correct Answer: B

 

 

QUESTION 189

The database t
eam has suggested deploying a SOA based system across the enterprise. The Chief Information Officer (CIO) has decided to consult the security manager about the risk implications for adopting this architecture. Which of the following are concerns that the security manager should present to the CIO concerning the SOA system? (Select TWO).

 

A.

Users and services are centralized and only available within the enterprise.

B.

Users and services are distributed, often times over the Internet

C.

SOA centrally manages legacy systems, and opens the internal network to vulnerabilities.

D.

SOA abstracts legacy systems as a virtual device and is susceptible to VMEscape.

E.

SOA abstracts legacy systems as web services, which are often exposed to outside threats.

 

Correct Answer: BE

 

 

QUESTION 190

A company recently experienced a malware outbreak. It was caused by a vendor using an approved non-company device on the company’s corporate network that impacted manufacturing lines, causing a week of downtime to recover from the attack. Which of the following reduces this threat and minimizes potential impact on the manufacturing lines?

 

A.

Disable remote access capabilities on manufacturing SCADA systems.

B.

Require a NIPS for all communications to and from manufacturing SCADA systems.

C.

Add anti-virus and client firewall capabilities to the manufacturing SCADA systems.

D.

Deploy an ACL that restricts access from the corporate network to the manufacturing SCADA systems.

 

Correct Answer: D

 

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Acce
ss to Free VCE Files: CompTIA | VMware | SAP …

Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.