[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 201-210

Ensurepass

QUESTION 201

A small company hosting multiple virtualized client servers on a single host is considering adding a new host to create a cluster. The new host hardware and operating system will be different from the first host, but the underlying virtualization technology will be compatible. Both hosts will be connected to a shared iSCSI storage solution. Which of the following is the hosting company MOST likely trying to achieve?

 

A.

Increased customer data availability

B.

Increased customer data confidentiality

C.

Increased security through provisioning

D.

Increased security through data integrity

 

Correct Answer: A

 

QUESTION 202

Several business units ha
ve requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?

 

A.

Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation.

B.

Hire an outside consultant firm to perform both a quantitative and a qualitative risk- based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur.

C.

Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked.

D.

Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited.

 

Correct Answer: D

 

 

QUESTION 203

A new web application system was purchased from a vendor and configured by the internal development team. Before the web application system was moved into production, a vulnerability assessment was conducted. A review of the vulnerability assessment report indicated that the testing team discovered a minor security issue with the configuration of the web application. The security issue should be reported to:

 

A.

CISO immediately in an exception report.

B.

Users of the new web application system.

C.

The vendor who supplied the web application system.

D.

Team lead in a weekly report.

 

Correct Answer: D

 

 

QUESTION 204

An organization has had component integration related vulnerabilities exploited in
consecutive releases of the software it hosts. The only reason the company was able to identify thecompromises was because of a correlation of slow server performance and an attentive security analyst noticing unusual outbound network activity from the application servers. End-to-end management of the development process is the responsibility of the applications development manager and testing is done by various teams of programmers. Which of the following will MOST likely reduce the likelihood of similar incidents?

 

A.

Conduct monthly audits to verify that application modifications do not introduce new vulnerabilities.

B.

Implement a peer code review requirement prior to releasing code into production.

C.

Follow secure coding practices to minimize the likelihood of creating vulnerable applications.

D.

Establish cross-functional planning and testing requirements for software development activities.

 

Correct Answer: D

 

 

QUESTION 205

Company ABC is planning to outsource
its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ. Which of the following is the MOST important to be considered before going ahead with the service?

 

A.

Internal auditors have approved the outsourcing arrangement.

B.

Penetration testing can be performed on the externally facing web system.

C.

Ensure there are security controls within the contract and the right to audit.

D.

A physical site audit is performed on Company XYZ’s management / operation.

 

Correct Answer: C

 

 

QUESTION 206

Which of the following should be used to identify overflow vulnerabilities?

 

A.

Fuzzing

B.

Input validation

C.

Privilege escalation

D.

Secure coding standards

 

Correct Answer: A

 

 

QUESTION 207

A WAF without customization will protect the infrastructure from which of the following attack combinations?

 

A.

DDoS, DNS poisoning, Boink, Teardrop

B.

Reflective XSS, HTTP exhaustion, Teardrop

C.

SQL Injection, DOM based XSS, HTTP exhaustion

D.

SQL Injection, CSRF, Clickjacking

 

Correct Answer: C

 

 

QUESTION 208

An administrator receives reports that the network is running slow for users connected to a certain switch. Viewing the network traffic, the administrator reviews the following:

 

18:51:59.042108 IP linuxwksta.55467 > dns.company.com.domain: 39462+ PTR? 222.17.4.10.in-addr.arpa. (42)

 

18:51:59.055732 IP dns.company.com.domain > linuxwksta.55467: 39462 NXDomain 0/0/0 (42)

 

18:51:59.055842 IP linuxwksta.48287 > dns.company.com.domain: 46767+ PTR? 255.19.4.10.in-addr.arpa. (42)

 

18:51:59.069816 IP dns.company.com.domain > linuxwksta.48287: 46767 NXDomain 0/0/0 (42)

 

18:51:59.159060 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [P.], seq 1989625106:1989625154, ack 2067334822, win 1525, options [nop,nop,TS val 16021424 ecr 215646227], length 48

 

18:51:59.159145 IP linuxwksta.48854 > dns.company.com.domain: 3834+ PTR? 72.17.4.10.in-addr.arpa. (41)

 

18:51:59.159314 IP 10.4.17.72.iscsi-target > linuxwksta.42491: Flags [P.], seq 1:49, ack 48, win 124, options [nop,nop,TS val 215647479 ecr 16021424], length 48

 

18:51:59.159330 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [.], ack 49, win 1525, options [nop,nop,TS val 16021424 ecr 215647479], length 0

 

18:51:59.165342 IP dns.company.com.domain > linuxwksta.48854: 3834 NXDomain 0/0/0 (41)

 

18:51:59.397461 ARP, Request who-has 10.4.16.58 tell 10.4.16.1, length 46

 

18:51:59.397597 IP linuxwksta.37684 > dns.company.com.domain: 15022+ PTR? 58.16.4.10.in-addr.arpa. (41)

 

Given the traffic report, which of the following is MOST likely causing the slow traffic?

 

A.

DNS poisoning

B.

Improper network zoning

C.

ARP poisoning

D.

Improper LUN masking

 

Correct Answer: B

 

 

QUESTION 209

A developer is coding the crypto routine of an application that will be installed on a standard headless and diskless server connected to a NAS housed in the datacenter. The developer has written the following six lines of code to add entropy to the routine:

 

1 – If VIDEO input exists, use video data for entropy

 

2 – If AUDIO input exists, use audio data for entropy

 

3 – If MOUSE input exists, use mouse data for entropy

 

4 – IF KEYBOARD input exists, use keyboard data for entropy

 

5 – IF IDE input exists, use IDE data for entropy

 

6 – IF NETWORK input exists, use network data for entropy

 

Which of the following lines of code will result in the STRONGEST seed when combined?

 

A.

2 and 1

B.

3 and 5

C.

5 and 2

D.

6 and 4

 

Correct Answer: D

 

 

 

 

QUESTION 210

A large corporation which is heavily reliant on IT platforms and systems is in financial difficulty and needs to drastically reduce costs in the short term to survive. The Chief Financial Officer (CFO) has mandated that all IT and architectural functions will be outsourced and a mixture of providers will be selected. One provider will manage the desktops for five years, another provider will manage the network for ten years, another provider will be responsible for security for four years, and an offshore provider will perform day to day business processing functions for two years. At the end of each contract the incumbent may be renewed or a new provider may be selected. Which of the following are the MOST likely risk implications of the CFO’s business decision?

 

A.

Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will remain unchanged. The risk position of the organization will decline as specialists now maintain the environment. The implementation of security controls and security updates will improve. Internal knowledge of IT systems will improve as providers maintain system documentation.

B.

Strategic architecture will improve as more time can be dedicated to strategy. System stability will improve as providers use specialists and tested processes to maintain systems. Vendor management costs will increase and the organization’s flexibility to react to new market conditions will be reduced slightly. Internal knowledge of IT systems will improve as providers maintain system documentation. The risk position of the organization will remain unchanged.

C.

Strategic architecture will not be impacted in the short term, but will be adversely impacted in the long term through the segregation of duties between the providers. Vendor management costs will stay the same and the organization’s flexibility to react to new market conditions will be improved through best of breed technology implementations. Internal knowledge of IT systems will decline over time. The implementation of security controls and security updates will not change.

D.

Strategic architecture will be adversely impacted through the segregation of duties between the providers. Vendor management costs will increase and the organization’s flexibility to react to new market conditions will be reduced. Internal knowledge of IT systems will decline anddecrease future platform development. The implementation of security controls and security updates will take longer as responsibility crosses multiple boundaries.

 

Correct Answer: D

 

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.