[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 251-260

Ensurepass

QUESTION 251

A security engineer is implementing a new solution designed to process e-business transactions and record them in a corporate audit database. The project has multiple technical stakeholders. The database team controls the physical database resources, the internal audit division controls the audit records in the database, the web hosting team is responsible for implementing the website front end and shopping cart application, and the accounting department is responsible for processing the transaction and interfacing with the payment processor. As the solution owner, the security engineer is responsible for ensuring which of the following?

 

A.

Ensure the process functions in a secure manner from customer input to audit review.

B.

Security solutions result in zero additional processing latency.

C.

Ensure the process of storing audit records is in compliance with applicable laws.

D.

Web transactions are conducted in a secure network channel.

 

Correct Answer: A

 

&n
bsp;

QUESTION 252

A data processing server uses a Linux based file system to remotely mount physical disks on a shared SAN. The server administrator reports problems related to processing of files where the file appears to be incompletely written to the disk. The network administration team has conducted a thorough review of all network infrastructure and devices and found everything running at optimal performance. Other SAN customers are unaffected. The data being processed consists of millions of small files being written to disk from a network source one file at a time. These files are then accessed by a local Java program for processing before being transferred over the network to a SE Linux host for processing. Which of the following is the MOST likely cause of the processing problem?

 

A.

The administrator has a PERL script running which disrupts the NIC by restarting the CRON process every 65 seconds.

B.

The Java developers accounted for network latency only for the read portion of the processing and not the write process.

C.

The virtual file system on the SAN is experiencing a race condition between the reads and writes of network files.

D.

The Linux file system in use cannot write files as fast as they can be read by the Java program resulting in the errors.

 

Correct Answer: D

 < /font>

 

QUESTION 253

Customer Need:

 

“We need the system to produce a series of numbers with no discernible mathematical progression for use by our Java based, PKI-enabled, customer facing website.”

 

Which of the following BEST restates the customer need?

 

A.

The system shall use a pseudo-random number generator seeded the same every time.

B.

The system shall generate a pseudo-random number upon invocation by the existing Java program.

C.

The system shall generate a truly random number based upon user PKI certificates.

D.

The system shall implement a pseudo-random number generator for use by corporate customers.

 

Correct Answer: B

 

 

QUESTION 254

The Chief Information Officer (CIO) of a technology company is likely to move away from a de-perimeterized model for employee owned devices. This is because there were too many issues with lack of patching, malware incidents, and data leakage due to lost/stolen devices which did not have full-disk encryption. The `bring your own computing’ approach was originally introduced because different business units preferred different operating systems and application stacks. Based on the issues and user needs, which of the following is the BEST recommendation for the CIO to make?

 

A.

The de-perimeterized model should be kept as this is major industry trend and other companies are following this direction. Advise that the issues being faced are standard business as usual concerns in a modern IT environment.

B.

Update the policy to disallow non-company end-point devices on the corporate network. Develop security-focused standard operating environments (SOEs) for all required operating systems and ensure the needs of each business unit are met.

C.

The de-perimeterized model should be kept but update company policies to state that non-company end-points require full disk encryption, anti-virus software, and regular patching.

D.

Update the policy to disallow non-company end-point devices on the corporate network. Allow only one type of outsourced SOE to all users as this will be easier to provision, secure, and will save money on operating costs.

 

Correct Answer: B

 

 

QUESTION 255

Company ABC was formed by combining numerous companies which all had multiple databases, web portals, and cloud data sets. Each data store had a unique set of custom developed authentication mechanisms and schemas. Which of the following approaches to combining the disparate mechanisms has the LOWEST up front development costs?

 

A.

Attestation

B.

PKI

C.

Biometrics

D.

Federated IDs

Correct Answer: D

 

 

QUESTION 256

The <nameID> element in SAML can be provided in which of the following predefined formats? (Select TWO).

 

A.

X.509 subject name

B.

PTR DNS record

C.

EV certificate OID extension

D.

Kerberos principal name

E.

WWN record name

 

Correct Answer: AD

 

 

QUESTION 257

Within the company, there is executive management pressure to start advertising to a new target market. Due to the perceived schedule and budget inefficiencies of engaging a technology business unit to commission a new micro-site, the marketing department is engaging third parties to develop the site in order to meet time-to-market demands. From a security perspective, which of the following options BEST balances the needs between marketing and risk management?

 

A.

The third party should be contractually obliged to perform adequate security activities, and evidence of those activities should be confirmed by the company prior to launch.

B.

Outsourcing is a valid option to increase time-to-market. If a security incident occurs, it is not of great concern as the reputational damage will be the third party’s responsibility.

C.

The company should never outsource any part of the business that could cause a security or privacy incident. It could lead to legal and compliance issues.

D.

If the third party has an acceptable record to date on security compliance and is provably faster and cheaper, then it makes sense to outsource in this specific situation
.

 

Correct Answer: A

 

 

QUESTION 258

A data breach has occurred at Company A and as a result, the Chief Information Officer (CIO) has resigned. The CIO’s laptop, cell phone and PC were all wiped of data per company policy. A month later, prosecutors in litigation with Company A suspect the CIO knew about the data breach long before it was discovered and have issued a subpoena requesting all the CIO’s email from the last 12 months. The corporate retention policy recommends keeping data for no longer than 90 days. Which of the following should occur?

 

A.

Restore the CIO’s email from an email server backup and provide the last 90 days from the date of the subpoena request.

B.

Inform the litigators that the CIOs information has been deleted as per corporate policy.

C.

Restore the CIO’s email from an email server backup and provide the last 90 days from the date of the CIO resignation.

D.

Restore the CIO’s email from an email server backup and provide whatever is available up
to the last 12 months from the subpoena date.

 

Correct Answer: D

 

 

QUESTION 259

A team is established to create a secure connection between software packages in order to list employee’s remaining or unused benefits on their paycheck stubs. Which of the following business roles would be MOST effective on this team?

 

A.

Network Administrator, Database Administrator, Programmers

B.

Network Administrator, Emergency Response Team, Human Resources

C.

Finance Officer, Human Resources, Security Administrator

D.

Database Administrator, Facilities Manager, Physical Security Manager

 

Correct Answer: C

 

 

QUESTION 260

An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers. Which of the following are management challenges and risks associated with this style of technology lifecycle management?

 

A.

Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks on old hardware.

B.

Increased mean time to failure rate of legacy servers, OS variances, patch availability, and ability to restore to dissimilar hardware.

C.

OS end-of-support issues, ability to backup data, hardware parts availability, and firmware update availability and management.

D.

Inability to use virtualization, trusted OS complexities, and multiple patch versions based on OS dependency.

 

Correct Answer: B

 

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.