[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 41-50

Ensurepass

QUESTION 41

A number of security incidents have been reported involving mobile web-based code developed by a consulting company. Performing a root cause analysis, the security administrator of the consulting company discovers that the problem is a simple programming error that results in extra information being loaded into the memory when the proper format is selected by the user. After repeating the process several times, the security administrator is able to execute unintentional instructions through this method. Which of the following BEST describes the problem that is occurring, a good mitigation technique to use to prevent future occurrences, and why it a security concern?

 

A.

Problem: Cross-site scripting

Mitigation Technique. Input validation

Security Concern: Decreases the company’s profits and cross-site scripting can enable malicious actors to compromise the confidentiality of network connections or interrupt the availability of the network.

B.

Problem: Buffer overflow

Mitigation Technique: Secure coding standards

Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data.

C.

Problem: SQL injection

Mitigation Technique: Secure coding standards

Security Concern: Exposes the company to liability SQL injection and can enable malicious actors to compromise the confidentiality of data or interrupt the availability of a system.

D.

Problem: Buffer overflow

Mitigation Technique: Output validation

Security Concern: Exposing the company to public scrutiny buffer overflows can enable malicious actors to interrupt the availability of a system.

 

Correct Answer: B

 

 

 

 

 

 

 

QUESTION 42

A company which manufactures ASICs for use in an IDS wants to ensure that the ASICs’ code is not prone to buffer and integer overflows. The ASIC technology is copyrighted and theconfidentiality of the ASIC code design is exceptionally important. The company is required to conduct internal vulnerability testing as well as testing by a third party. Which of the following should be implemented in the SDLC to achieve these requirements?

 

A.

Regression testing by the manufacturer and integration testing by the third party

B.

User acceptance testing by the manufacturer and black box testing by the third party

C.

Defect testing by the manufacturer and user acceptance testing by the third party

D.

White box unit testing by the manufacturer and black box testing by the third party

 

Correct Answer: D

 

 

QUESTION 43

The company’s marketing department needs to provide more real-time interaction with its partners and consumers and decides to move forward with a presence on multiple social networking sites for sharing information. Which of the following minimizes the potential exposure of proprietary information?

 

A.

Require each person joining the company’s social networking initiative to accept a non-disclosure agreement.

B.

Establish a specific set of trained people that can release information on the organization’s behalf.

C.

Require a confidential statement be attached to all information released to the social networking sites.

D.

Establish a social media usage policy and provide training to all marketing employees.

 

Correct Answer: B

 

 

QUESTION 44

A project has been established in a large bank to develop a new secure online banking platform. Half way through the development it was discovered that a key piece of software used as part of the base platform is now susceptible to recently published exploits. Who should be contacted FIRST by the project team to discuss potential changes to the platform requirements?

 

A.

Engineers

B.

Facilities Manager

C.

Stakeholders

D.

Human Resources

 

Correct Answer: C

 

 

QUESTION 45

Which of the following is the MOST appropriate control measure for lost mobile devices?

 

A.

Disable unnecessary wireless interfaces such as Bluetooth.

B.

Reduce the amount of sensitive data stored on the device.

C.

Require authentication before access is given to the device.

D.

Require that the compromised devices be remotely wiped.

 

Correct Answer: D

 

 

QUESTION 46

Which of the following is true about an unauthenticated SAMLv2 transaction?

 

A.

The browser asks the SP for a resource. The SP provides the browser with an XHTML format. The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access.

B.

The browser asks the IdP for a resource. The IdP provides the browser with an XHTML format. The browser asks the SP to validate the user, and then provides the XHTML to the IdP for access.

C.

The browser asks the IdP to validate the user. The IdP sends an XHTML form to the SP and a cookie to the browser. The browser asks for a resource to the SP, which verifies the cookie and XHTML format for access.

D.

The browser asks the SP to validate the user. The SP sends an XHTML form to the IdP. The IdP provides the XHTML form back to the SP, and then the browser asks the SP for a resource.

 

Correct Answer: A

 

 

QUESTION 47

A company is evaluating a new marketing strategy involving the use of social networking sites to reach its customers. The marketing director wants to be able to report important company news, product updates, and special promotions on the social websites. After an initial and successful pilot period, other departments want to use the social websites to post their updates as well. The Chief Information Officer (CIO) has asked the company security administrator to document three negative security impacts of allowing IT staff to post work related information on such websites. Which of the following are the major risks the security administrator should report back to the CIO? (Select THREE).

 

A.

Brute force attacks

B.

Malware infection

C.

DDOS attacks

D.

Phishing attacks

E.

SQL injection attacks

F.

Social engineering attacks

 

Correct Answer: BDF

 

 

QUESTION 48

A user reports that the workstation’s mouse pointer is moving and files are opening automatically. Which of the following should the user perform?

 

A.

Unplug the network cable to avoid network activity.

B.

Reboot the workstation to see if problem occurs again.

C.

Turn off the computer to avoid any more issues.

D.

Contact the incident response team for direction.

 

Correct Answer: D

 

 

 

QUESTION 49

A network engineer at Company ABC observes the following raw HTTP request:

 

GET /disp_reports.php?SectionEntered=57&GroupEntered=- 1&report_type=alerts&to_date=01-01-0101&Run=

 

Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10- 2010&TypesEntered=1

 

HTTP/1.1

 

Host: test.example.net

 

Accept: */*

 

Accept-Language: en

 

Connection: close

 

Cookie: java14=1; java15=1; java16=1; js=1292192278001;

 

Which of the following should be the engineer’s GREATEST concern?

 

A.

The HTTPS is not being enforced so the system is vulnerable.

B.

The numerical encoding on the session ID is limited to hexadecimal characters, making it susceptible to a brute force attack.

C.

Sensitive data is transmitted in the URL.

D.

The dates entered are outside a normal range, which may leave the system vulnerable to a denial of service attack.

 

Correct Answer: C

 

 

QUESTION 50

A small company has a network with 37 workstations, 3 printers, a 48 port switch, an enterprise class router, and a firewall at the boundary to the ISP. The workstations have the latest patches and all have up-to-date anti-virus software. User authentication is a two- factor system with fingerprint scanners and passwords. Sensitive data on each workstation is encrypted. The network is configured to use IPv4 and is a standard Ethernet network. The network also has a captive portal based wireless hot-spot to accommodate visitors. Which of the following is a problem with the security posture of this company?

 

A.

No effective controls in place

B.

No transport security controls are implemented

C.

Insufficient user authentication controls are implemented

D.

IPv6 is not incorporated in the network

 

Correct Answer: B

 

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.