[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 241-250

Ensurepass

QUESTION 241

CORRECT TEXT

An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. Instructions The last install that is completed will be the final submission

 

clip_image002

 

Correct Answer:

You need to check the hash value of download software with md5 utility.

 

Explanation:

Check the below images for more details:

clip_image004

clip_image006

clip_image008

 

 

QUESTION 242

After three vendors submit their requested documentation, the CPO and the SPM can better understand what each vendor does and what solutions that they can provide. But now they want to see the intricacies of how these solutions can adequately match the requirements needed by the firm. Upon the directive of the CPO, the CISO s
hould submit which of the following to the three submitting firms?

 

A.

A T&M contract

B.

An RFP

C.

A FFP agreement

D.

A new RFQ

 

Correct Answer: B

 

 

QUESTION 243

At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed read/write access to the backend database of a financial company. At 10:45 a.m. the security administrator received multiple alerts from the company’s statistical anomaly- based IDS about a company database administrator performing unusual transactions. At 10:55 a.m. the security administrator resets the database administrator’s password. At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual transactions from the same user. Which of the following is MOST likely the cause of the alerts?

 

A.

The IDS logs are compromised.

B.

The new password was compromised.

C.

An input validation error has occurred.

D.

A race condition has occurred.

 

Correct Answer: D

 

 

 

QUESTION 244

A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security items should the company have in place before implementation? (Select TWO).

 

A.

The company must dedicate specific staff to act as social media representatives of the company.

B.

All staff needs to be instructed in the proper use of social media in the work environment.

C.

Senior staff blogs should be ghost written by marketing professionals.

D.

The finance department must provide a cost benefit analysis for social media.

E.

The security policy needs to be reviewed to ensure that social media policy is properly implemented.

F.

The company should ensure that the company has sufficient bandwidth to allow for social media traffic.

 

Correct A
nswer:
AE

 

 

QUESTION 245

An administrator is notified that contract workers will be onsite assisting with a new project. The administrator wants each worker to be aware of the corporate policy pertaining to USB storage devices. Which of the following should each worker review and understand before beginning work?

 

A.

Interconnection Security Agreement

B.

Memorandum of Understanding

C.

Business Partnership Agreement

D.

Non-Disclosure Agreement

 

Correct Answer: C

 

 

QUESTION 246

A security researcher is about to evaluate a new secure VoIP routing appliance. The appliance manufacturer claims the new device is hardened against all known attacks and several un-disclosed zero day exploits. The code base used for the device is a combination of compiled C and TC/TKL scripts. Which of the following methods should the security research use to enumerate the ports and protocols in use by the appliance?

 

A.

Device fingerprinting

B.

Switchport analyzer

C.

Grey box testing

D.

Penetration testing

 

Correct Answer: A

 

 

 

 

 

 

 

 

 

 

QUESTION 247

A University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing. Which of the following is the BEST course of action?

 

A.

Notify the transaction system vendor of the security vulnerability that was discovered.

B.

Use a protocol analyzer to reverse engineer the transaction system’s protocol.

C.

Contact the computer science students and threaten disciplinary action if they continue their actions.

D.

Install a NIDS in front of all the transaction system terminals.

 

Correct Answer: B

 

 

QUESTION 248

An organization did not know its internal customer and financial databases were compromised until the attacker published sensitive portions of the database on several popular attacker websites. The organization was unable to determine when, how, or who conducted the attacks but rebuilt, restored, and updated the compromised database server to continue operations. Which of the following is MOST likely the cause for the organization’s inability to determine what really occurred?

 

A.

Too few layers of protection between the Internet and internal network

B.

Lack of a defined security auditing methodology

C.

Poor intrusion prevention system placement and maintenance

D.

Insufficient logging and mechanisms for review

 

Correct Answer: D

 

 

QUESTION 249

In single sign-on, the secondary domain needs to trust the primary domain to do which of the following? (Select TWO).

 

A.

Correctly assert the identity and authorization credentials of the end user.

B.

Correctly assert the authentication and authorization credentials of the end user.

C.

Protect the authentication credentials used to verify the end user identity to the secondary domain for unauthorized use.

D.

Protect the authentication credentials used to verify the end user identity to the secondary domain for authorized use.

E.

Protect the accounting credentials used to verify the end user identity to the secondary domain for unauthorized use.

F.

Correctly assert the identity and authentication credentials of the end user.

 

Correct Answer: DF

 

 

 

 

 

 

 

QUESTION 250

The VoIP administrator starts receiving reports that users are having problems placing phone calls. The VoIP administrator cannot determine the issue, and asks the security administrator for help. The security administrator reviews the switch interfaces and does not see an excessive amount of network traffic on the voice network. Using a protocol analyzer, the security administrator does see an excessive number of SIP INVITE packets destined for the SIP proxy. Based on the information given, which of the following types of attacks is underway and how can it be remediated?

 

A.

Man in the middle attack; install an IPS in front of SIP proxy.

B.

Man in the middle attack; use 802.1x to secure voice VLAN.

C.

Denial of Service; switch to more secure H.323 protocol.

D.

Denial of Service; use rate limiting to limit traffic.

 

Correct Answer: D

 

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.