지난 몇년동안 IT산업의 지속적인 발전과 성장을 통해 CompTIA Advanced Security Practitioner CAS-001시험은 IT인증시험중의 이정표로 되어 많은 인기를 누리고 있습니다. IT인증시험을 Pass4Test덤프로 준비해야만 하는 이유는 Pass4Test덤프는 IT업계전문가들이 실제시험문제를 연구하여 CompTIA Advanced Security Practitioner CAS-001시험문제에 대비하여 예상문제를 제작했다는 점에 있습니다.
NO.1 As part of a new wireless implementation, the Chief Information Officer's (CIO's) main objective
is to immediately deploy a system that supports the 802.11r standard, which will help wireless VoIP
devices in moving vehicles. However, the 802.11r standard was not ratified by the IETF. The wireless
vendor's products do support the pre-ratification version of 802.11r. The security and network
administrators have tested the product and do not see any security or compatibility issues; however,
they are concerned that the standard is not yet final. Which of the following is the BEST way to
proceed?
A. Purchase the equipment now, but do not use 802.11r until the standard is ratified.
B. Do not purchase the equipment now as the client devices do not yet support 802.11r.
C. Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r
standard.
D. Do not purchase the equipment now; delay the implementation until the IETF has ratified the final
802.11r standard.
Answer: C
NO.2 A company has been purchased by another agency and the new security architect has
identified new security goals for the organization. The current location has video surveillance
throughout the building and entryways. The following requirements must be met:
1.Ability to log entry of all employees in and out of specific areas
2.Access control into and out of all sensitive areas
3.Two-factor authentication
Which of the following would MOST likely be implemented to meet the above requirements and
provide a secure solution? (Select TWO).
A. Proximity readers
B. Visitor logs
C. Biometric readers
D. Motion detection sensors
E. Mantrap
Answer: A,C
NO.3 CORRECT TEXT
An administrator wants to install a patch to an application. Given the scenario, download, verify and
install the patch in the most secure manner. Instructions The last install that is completed will be the
final submission
Answer:
You need to check the hash value of download software with md5 utility.
Explanation:
Check the below images for more details:
NO.4 A wholesaler has decided to increase revenue streams by selling direct to the public through
an on-line system. Initially this will be run as a short term trial and if profitable, will be expanded and
form part of the day to day business. The risk manager has raised two main business risks for the
initial trial:
1.IT staff has no experience with establishing and managing secure on-line credit card processing.
2.An internal credit card processing system will expose the business to additional compliance
requirements.
Which of the following is the BEST risk mitigation strategy?
A. Transfer the risks to another internal department, who have more resources to accept the risk.
B. Accept the risks and log acceptance in the risk register. Once the risks have been accepted close
them out.
C. Transfer the initial risks by outsourcing payment processing to a third party service provider.
D. Mitigate the risks by hiring additional IT staff with the appropriate experience and certifications.
Answer: C
NO.5 A security administrator was doing a packet capture and noticed a system communicating with
an address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing
into or out of the network. Which of the following is the BEST course of action?
A. Investigate the network traffic and block UDP port 3544 at the firewall
B. Remove the system from the network and disable IPv6 at the router
C. Locate and remove the unauthorized 6to4 relay from the network
D. Disable the switch port and block the 2001::/32 traffic at the firewall
Answer: A
NO.6 A manager who was attending an all-day training session was overdue entering bonus and
payroll information for subordinates. The manager felt the best way to get the changes entered while
in training was to log into the payroll system, and then activate desktop sharing with a trusted
subordinate. The manager granted the subordinate control of the desktop thereby giving the
subordinate full access to the payroll system. The subordinate did not have authorization to be in the
payroll system. Another employee reported the incident to the security team. Which of the following
would be the MOST appropriate method for dealing with this issue going forward?
A. Provide targeted security awareness training and impose termination for repeat violators.
B. Block desktop sharing and web conferencing applications and enable use only with approval.
C. Actively monitor the data traffic for each employee using desktop sharing or web conferencing
applications.
D. Permanently block desktop sharing and web conferencing applications and do not allow its use at
the company.
Answer: A
NO.7 A system administrator is troubleshooting a possible denial of service on a sensitive system.
The system seems to run properly for a few hours after it is restarted, but then it suddenly stops
processing transactions. The system administrator suspects an internal DoS caused by a disgruntled
developer who is currently seeking a new job while still working for the company. After looking into
various system logs, the system administrator looks at the following output from the main system
service responsible for processing incoming transactions.
DATE/TIMEPIDCOMMAND%CPUMEM
031020141030002055com.proc10.2920K
031020141100002055com.proc12.35.2M
031020141230002055com.proc22.022M
031020141300002055com.proc33.01.6G
031020141330002055com.proc30.28.0G
Which of the following is the MOST likely cause for the DoS?
A. The system does not implement proper garbage collection.
B. The system is susceptible to integer overflow.
C. The system does not implement input validation.
D. The system does not protect against buffer overflows properly.
Answer: A
NO.8 Company Z is merging with Company A to expand its global presence and consumer base. This
purchase includes several offices in different countries. To maintain strict internal security and
compliance requirements, all employee activity may be monitored and reviewed. Which of the
following would be the MOST likely cause for a change in this practice?
A. The excessive time it will take to merge the company's information systems.
B. Countries may have different legal or regulatory requirements.
C. Company A might not have adequate staffing to conduct these reviews.
D. The companies must consolidate security policies during the merger.
Answer: B