[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 301-310

Ensurepass

QUESTION 301

A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO).

 

A.

The user’s certificate private key must be installed on the VPN concentrator.

B.

The CA’s certificate private key must be installed on the VPN concentrator.

C.

The user certificate private key must be signed by the CA.

D.

The VPN concentrator’s certificate private key must be signed by the CA and installed on the VPN concentrator.

E.

The VPN concentrator’s certificate private key must be installed on the VPN concentrator.

F.

The CA’s certificate public key must be installed on the VPN concentrator.

 

Correct Answer: EF

 

 

QUESTION 302

A UNIX administrator notifies the storage administrator that extra LUNs can be seen on a UNIX server. The LUNs appear to be NTFS file systems. Which of the following MOST likely happened?

 

A.

The iSCSI initiator was not restarted.

B.

The NTFS LUNs are snapshots.

C.

The HBA allocation is wrong.

D.

The UNIX server is multipathed.

 

Correct Answer: C

 

 

 

 

QUESTION 303

A business owner has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security infrastructure, but corporate assets are still found to be vulnerable. The business recently implemented a patch management product and SOE hardening initiative. A third party auditor reported findings against the business because some systems were missing patches. Which of the following statements BEST describes this situation?

 

A.

The business owner is at fault because they are responsible for patching the systems and have already been given patch management and SOE hardening products.

B.

The audit findings are invalid because remedial steps have already been applied to patch servers and the remediation takes time to complete.

C.

The CISO has not selected the correct controls and the audit findings should be assigned to them instead of the business owner.

D.

Security controls are generally never 100% effective and gaps should be explained to stakeholders and managed accordingly.

 

Correct Answer: D

 

 

QUESTION 304

A trust relationship has been established between two organizations with web based services. One organization is acting as the Requesting Authority (RA) and the other acts as the Provisioning Service Provider (PSP). Which of the following is correct about the trust relationship?

 

A.

The trust relationship uses SAML in the SOAP header. The SOAP body transports the SPML requests / responses.

B.

The trust relationship uses XACML in the SAML header. The SAML body transports the SOAP requests / responses.

C.

The trust relationship uses SPML in the SOAP header. The SOAP body transports the SAML requests / responses.

D.

The trust relationship uses SPML in the SAML header. The SAML body transports the SPML requests / responses.

 

Correct Answer: A

 

 

QUESTION 305

A vulnerability research team has detected a new variant of a stealth Trojan that disables itself when it detects that it is running on a virtualized environment. The team decides to use dedicated hardware and local network to identify the Trojan’s behavior and the remote DNS and IP addresses it connects to. Which of the following tools is BEST suited to identify the DNS and IP addresses the stealth Trojan communicates with after its payload is decrypted?

 

A.

HIDS

B.

Vulnerability scanner

C.

Packet analyzer

D.

Firewall logs

E.

Disassembler

 

Correct Answer: C

 

 

 

QUESTION 306

Company ABC’s SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN?

 

A.

Enable multipath to increase availability

B.

Enable deduplication on the storage pools

C.

Implement snapshots to reduce virtual disk size

D.

Implement replication to offsite datacenter

 

Correct Answer: B

 

 

QUESTION 307

In order to reduce costs and improve employee satisfaction, a large corporation is creating a BYOD policy. It will allow access to email and remote connections to the corporate enterprise from personal devices; provided they are on an approved device list. Which of the following security measures would be MOST effective in securing the enterprise under the new policy? (Select TWO).

 

A.

Provide free email software for personal devices.

B.

Encrypt data in transit for remote access.

C.

Require smart card authentication for all devices

D.

Implement NAC to limit insecure devices access.

E.

Enable time of day restrictions for personal devices.

 

Correct Answer: BD

 

 

QUESTION 308

An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies. Which of the following can be used to BEST achieve the CISO’s objectives?

 

A.

CoBIT

B.

UCF

C.

ISO 27002

D.

eGRC

 

Correct Answer: D

 

 

QUESTION 309

When generating a new key pair, a security application asks the user to move the mouse and type random characters on the keyboard. Which of the following BEST describes why this is necessary?

 

A.

The user needs a non-repudiation data source in order for the application to generate the key pair.

B.

The user is providing entropy so the application can use random data to create the key pair.

C.

The user is providing a diffusion point to the application to aid in creating the key pair.

D.

The application is requesting perfect forward secrecy from the user in order to create the key pair.

 

Correct Answer: B

 

 

QUESTION 310

Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software form running on mobile devices?

 

A.

Single sign-on

B.

Identity propagation

C.

Remote attestation

D.

Secure code review

 

Correct Answer: C

 

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.