IT인증,IT자격증,IT자격증시험,IT인증시험

http://www.pass4test.net/

CompTIA Advanced Security Practitioner CAS-001덤프데모

지난 몇년동안 IT산업의 지속적인 발전과 성장을 통해  CompTIA Advanced Security Practitioner CAS-001시험은 IT인증시험중의 이정표로 되어 많은 인기를 누리고 있습니다. IT인증시험을 Pass4Test덤프로 준비해야만 하는 이유는 Pass4Test덤프는 IT업계전문가들이 실제시험문제를 연구하여 CompTIA Advanced Security Practitioner CAS-001시험문제에 대비하여 예상문제를 제작했다는 점에 있습니다.

 

NO.1 As part of a new wireless implementation, the Chief Information Officer's (CIO's) main objective

is to immediately deploy a system that supports the 802.11r standard, which will help wireless VoIP

devices in moving vehicles. However, the 802.11r standard was not ratified by the IETF. The wireless

vendor's products do support the pre-ratification version of 802.11r. The security and network

administrators have tested the product and do not see any security or compatibility issues; however,

they are concerned that the standard is not yet final. Which of the following is the BEST way to

proceed?

A. Purchase the equipment now, but do not use 802.11r until the standard is ratified.

B. Do not purchase the equipment now as the client devices do not yet support 802.11r.

C. Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r

standard.

D. Do not purchase the equipment now; delay the implementation until the IETF has ratified the final

802.11r standard.

Answer: C

 

NO.2 A company has been purchased by another agency and the new security architect has

identified new security goals for the organization. The current location has video surveillance

throughout the building and entryways. The following requirements must be met:

1.Ability to log entry of all employees in and out of specific areas

2.Access control into and out of all sensitive areas

3.Two-factor authentication

Which of the following would MOST likely be implemented to meet the above requirements and

provide a secure solution? (Select TWO).

A. Proximity readers

B. Visitor logs

C. Biometric readers

D. Motion detection sensors

E. Mantrap

Answer: A,C

 

NO.3 CORRECT TEXT

An administrator wants to install a patch to an application. Given the scenario, download, verify and

install the patch in the most secure manner. Instructions The last install that is completed will be the

final submission

Answer:

You need to check the hash value of download software with md5 utility.

Explanation:

Check the below images for more details:

 

NO.4 A wholesaler has decided to increase revenue streams by selling direct to the public through

an on-line system. Initially this will be run as a short term trial and if profitable, will be expanded and

form part of the day to day business. The risk manager has raised two main business risks for the

initial trial:

1.IT staff has no experience with establishing and managing secure on-line credit card processing.

2.An internal credit card processing system will expose the business to additional compliance

requirements.

Which of the following is the BEST risk mitigation strategy?

A. Transfer the risks to another internal department, who have more resources to accept the risk.

B. Accept the risks and log acceptance in the risk register. Once the risks have been accepted close

them out.

C. Transfer the initial risks by outsourcing payment processing to a third party service provider.

D. Mitigate the risks by hiring additional IT staff with the appropriate experience and certifications.

Answer: C

 

NO.5 A security administrator was doing a packet capture and noticed a system communicating with

an address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing

into or out of the network. Which of the following is the BEST course of action?

A. Investigate the network traffic and block UDP port 3544 at the firewall

B. Remove the system from the network and disable IPv6 at the router

C. Locate and remove the unauthorized 6to4 relay from the network

D. Disable the switch port and block the 2001::/32 traffic at the firewall

Answer: A

 

NO.6 A manager who was attending an all-day training session was overdue entering bonus and

payroll information for subordinates. The manager felt the best way to get the changes entered while

in training was to log into the payroll system, and then activate desktop sharing with a trusted

subordinate. The manager granted the subordinate control of the desktop thereby giving the

subordinate full access to the payroll system. The subordinate did not have authorization to be in the

payroll system. Another employee reported the incident to the security team. Which of the following

would be the MOST appropriate method for dealing with this issue going forward?

A. Provide targeted security awareness training and impose termination for repeat violators.

B. Block desktop sharing and web conferencing applications and enable use only with approval.

C. Actively monitor the data traffic for each employee using desktop sharing or web conferencing

applications.

D. Permanently block desktop sharing and web conferencing applications and do not allow its use at

the company.

Answer: A

 

NO.7 A system administrator is troubleshooting a possible denial of service on a sensitive system.

The system seems to run properly for a few hours after it is restarted, but then it suddenly stops

processing transactions. The system administrator suspects an internal DoS caused by a disgruntled

developer who is currently seeking a new job while still working for the company. After looking into

various system logs, the system administrator looks at the following output from the main system

service responsible for processing incoming transactions.

DATE/TIMEPIDCOMMAND%CPUMEM

031020141030002055com.proc10.2920K

031020141100002055com.proc12.35.2M

031020141230002055com.proc22.022M

031020141300002055com.proc33.01.6G

031020141330002055com.proc30.28.0G

Which of the following is the MOST likely cause for the DoS?

A. The system does not implement proper garbage collection.

B. The system is susceptible to integer overflow.

C. The system does not implement input validation.

D. The system does not protect against buffer overflows properly.

Answer: A

 

NO.8 Company Z is merging with Company A to expand its global presence and consumer base. This

purchase includes several offices in different countries. To maintain strict internal security and

compliance requirements, all employee activity may be monitored and reviewed. Which of the

following would be the MOST likely cause for a change in this practice?

A. The excessive time it will take to merge the company's information systems.

B. Countries may have different legal or regulatory requirements.

C. Company A might not have adequate staffing to conduct these reviews.

D. The companies must consolidate security policies during the merger.

Answer: B

 

Posted 2015/1/20 11:29:41  |  Category: CompTIA  |  Tag: CAS-001덤프데모