[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 61-70

Ensurepass

QUESTION 61

The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and wants to connect it to the internal network. The Chief Information Security Officer (CISO) was told to research and recommend how to secure this device. Which of the following should be implemented, keeping in mind that the CEO has stated that this access is required?

 

A.

Mitigate and Transfer

B.

Accept and Transfer

C.

Transfer and Avoid

D.

Avoid and Mitigate

 

Correct Answer: A

 

 

QUESTION 62

A security administrator has been conducting a security assessment of Company XYZ for the past two weeks. All of the penetration tests and other assessments have revealed zero flaws in the systems at Company XYZ. However, Company XYZ reports that it has been the victim of numerous security incidents in the past six months. In each of these incidents, the criminals have managed to exfiltrate large volumes of data from the secure servers at the company. Which of the following techniques should the investigation team consider in the next phase of their assessment in hopes of uncovering the attack vector the criminals used?

 

A.

Vulnerability assessment

B.

Code review

C.

Social engineering

D.

Reverse engineering

 

Correct Answer: C

 

 

QUESTION 63

Which of the following precautions should be taken to harden network d
evices in case of VMEscape?

 

A.

Database servers should be on the same virtual server as web servers in the DMZ network segment.

B.

Web servers should be on the same physical server as database servers in the network segment.

C.

Virtual servers should only be on the same physical server as others in their network segment.

D.

Physical servers should only be on the same WAN as other physical servers in their network.

 

Correct Answer: C

 

 

QUESTION 64

A security consultant is evaluating forms which will be used on a company website. Which of the following techniques or terms is MOST effective at preventing malicious individuals from successfully exploiting programming flaws in the website?

 

A.

Anti-spam software

B.

Application sandboxing

C.

Data loss prevention

D.

Input validation

 

Correct Answer: D

 

 

QUESTION 65

After a security incident, an administrator revokes the SSL certificate for their web server www.company.com. Later, users begin to inform the help desk that a few other servers are generating certificate errors: ftp.company.com, mail.company.com, and partners.company.com. Which of the following is MOST likely the reason for this?

 

A.

Each of the servers used the same EV certificate.

B.

The servers used a wildcard certificate.

C.

The web server was the CA for the domain.

D.

Revoking a certificate can only be done at the domain level.

 

Correct Answer: B

 

 

QUESTION 66

A corporate executive lost their smartphone while on an overseas business trip. The phone was equipped with file encryption and secured with a strong passphrase. The phone contained over 60GB of proprietary data. Given this scenario, which of the following is the BEST course of action?

 

A.

File an insurance claim and assure the executive the data is secure because it is encrypted.

B.

Immediately implement a plan to remotely wipe all data from the device.

C.

Have the executive change all passwords and issue the executive a new phone.

D.

Execute a plan to remotely disable the device and report the loss to the police.

 

Correct Answer: B

 

 

 

 

 

 

QUESTION 67

A security manager at Company ABC, needs to perform a risk assessment of a new mobile device which the Chief Information Officer (CIO) wants to immediately deploy to all employees in the company. The product is commercially available, runs a popular mobile operating system, and can connect to IPv6 networks wirelessly. The model the CIO wants to procure also includes the upgraded 160GB solid state hard drive. The producer of the device will not reveal exact numbers but experts estimate that over 73 million of the devices have been sold worldwide. Which of the following is the BEST lis
t of factors the security manager should consider while performing a risk assessment?

 

A.

Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the track record of the vendor in publicizing and correcting security flaws in their products; predicted costs associated with maintaining, integrating and securing the devices.

B.

Ability to remotely administer the devices, apply security controls remotely, and remove the SSD; the track record of the vendor in securely implementing IPv6 with IPSec; predicted costs associated with securing the devices.

C.

Ability to remotely monitor the devices, remove security controls remotely, and decrypt the SSD; the track record of the vendor in publicizing and preventing security flaws in their products; predicted costs associated with maintaining, destroying and tracking the devices.

D.

Ability to remotely sanitize the devices, apply security controls locally, encrypt the SSD; the track record of the vendor in adapting the open source operating system to their platform; predicted costs associated with inventory management, maintaining, integrating and securing the devices.

 

Correct Answer: A

 

 

QUESTION 68

A replacement CRM has had its business case approved. In preparation for a requirements workshop, an architect is working with a business analyst to ensure that appropriate security requirements have been captured. Which of the following documents BEST captures the security requirements?

 

A.

Business requirements document

B.

Requirements traceability matrix document

C.

Use case and viewpoints document

D.

Solution overview document

 

Correct Answer: A

 

 

QUESTION 69

A business is currently in the process of upgrading its network infrastructure to accommodate a personnel growth of over fifty percent within the next six months. All preliminary planning has been completed and a risk assessment plan is being adopted to decide which security controls to put in plac
e throughout each phase. Which of the following risk responses is MOST likely being considered if the business is creating an SLA with a third party?

 

A.

Accepting risk

B.

Mitigating risk

C.

Identifying risk

D.

Transferring risk

 

Correct Answer: D

 

QUESTION 70

An organization must comply with a new regulation that requires the organization to determine if an external attacker is able to gain access to its systems from outside the network. Which of the following should the company conduct to meet the regulation’s criteria?

 

A.

Conduct a compliance review

B.

Conduct a vulnerability assessment

C.

Conduct a black box penetration test

D.

Conduct a full system audit

 

Correct Answer: C

 

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.