CompTIA Advanced Security Practitioner (CAS-001) Free Practice Test

Question 1

Executive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary information and closely guarded corporate trade secrets.
The information security team has been a part of the department meetings and come away with the following notes:
-Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee management application, a cloud-based SaaS application.
-Sales is asking for easy order tracking to facilitate feedback to customers.
-Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership questions and legal jurisdiction.
-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to be quick and easy.
-Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. They would like read-only access to the entire workflow process for monitoring and baselining.
The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation, custom fields, and data encryption.
Which of the following departments' request is in contrast to the favored solution?

A. Human resources

B. Legal

C. Quality assurance

D. Sales

E. Manufacturing

Correct Answer: A

Question 2

A security administrator wants to perform an audit of the company password file to ensure users are not using personal information such as addresses and birthdays as part of their password. The company employs 200,000 users, has virtualized environments with cluster and cloud-based computing resources, and enforces a minimum password length of 14 characters. Which of the following options is BEST suited to run the password auditing software and produce a report in the SHORTEST amount of time?

A. The system administrator should upload the password file to a virtualized de-duplicated storage system to reduce the password entries and run a password cracker on that file.

B. The system administrator should build a virtual machine on the administrator's desktop, transfer the password file to it, and run the a password cracker on the virtual machine.

C. The system administrator should upload the password file to cloud storage and use on-demand provisioning to build a purpose based virtual machine to run a password cracker on all the users.

D. The system administrator should take advantage of the company's cluster based computing resources, upload the password file to the cluster, and run the password cracker on that platform.

Correct Answer: D

Question 3

News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit network mapping and fingerprinting occurs in preparation for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections, reduce detection time, and minimize any damage that might be done?

A. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.

B. Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring.

C. Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.

D. Implement an application whitelist at all levels of the organization.

Correct Answer: D

Question 4

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. Theaudit discovers that 40% of the desktops do not meet requirements. Which of the following is the cause of the noncompliance?

A. The desktop applications were configured with the default username and password.

B. The patch management system is causing the devices to be noncompliant after issuing the latest patches.

C. 40% of the devices have been compromised.

D. The devices are being modified and settings are being overridden in production.

Correct Answer: D

Explanation: Only visible for TestSimulate members. You can sign-up / login (it's free).

Question 5

The Chief Information Officer (CIO) comes to the security manager and asks what can be done to reduce the potential of sensitive data being emailed out of the company. Which of the following is an active security measure to protect against this threat?

A. Sanitize outgoing content.

B. Require a digital signature on all outgoing emails.

C. Implement a SPAM filter.

D. Implement a data classification policy.

Correct Answer: A

Question 6

A legacy system is not scheduled to be decommissioned for two years and requires the use of the standard Telnet protocol. Which of the following should be used to mitigate the security risks of this system?

A. Use LDAPs for authentication.

B. Migrate the system to RSH.

C. Move the system to a secure VLAN.

D. Migrate the system to IPv6.

Correct Answer: C

Question 7

A security consultant is hired by a company to determine if an internally developed web application is vulnerable to attacks. The consultant spent two weeks testing the application, and determines that no vulnerabilities are present. Based on the results of the tools and tests available, which of the following statements BEST reflects the security status of the application?

A. There are no vulnerabilities in the application.

B. There are no known vulnerabilities at this time.

C. The company's software lifecycle management improved the security of the application.

D. The company should deploy a web application firewall to ensure extra security.

Correct Answer: B

Question 8

A security consultant is called into a small advertising business to recommend which security policies and procedures would be most helpful to the business. The business is comprised of 20 employees, operating off of two shared servers. One server houses employee data and the other houses client data. All machines are on the same local network. Often these employees must work remotely from client sites, but do not access either of the servers remotely. Assuming no security policies or procedures are in place right now, which of the following would be the MOST applicable for implementation? (Select TWO).

A. Data Classification Policy

B. VPN Policy

C. Wireless Access Procedure

D. Database Administrative Procedure

E. Password Policy

Correct Answer: A,E

Question 9

A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant affect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings?

A. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.

B. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.

C. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.

D. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.

Correct Answer: B

Question 10

A trust relationship has been established between two organizations with web based services. One organization is acting as the Requesting Authority (RA) and the other acts as the Provisioning Service Provider (PSP). Which of the following is correct about the trust relationship?

A. The trust relationship uses SPML in the SAML header. The SAML body transports the SPML requests / responses.

B. The trust relationship uses SAML in the SOAP header. The SOAP body transports the SPML requests / responses.

C. The trust relationship uses SPML in the SOAP header. The SOAP body transports the SAML requests / responses.

D. The trust relationship uses XACML in the SAML header. The SAML body transports the SOAP requests / responses.

Correct Answer: B

Question 11

Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?

A. Hire an outside consultant firm to perform both a quantitative and a qualitative risk-based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur.

B. Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited.

C. Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation.

D. Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked.

Correct Answer: B

Question 12

An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers. Which of the following are management challenges and risks associated with this style of technology lifecycle management?

A. Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks on old hardware.

B. Increased mean time to failure rate of legacy servers, OS variances, patch availability, and ability to restore to dissimilar hardware.

C. Inability to use virtualization, trusted OS complexities, and multiple patch versions based on OS dependency.

D. OS end-of-support issues, ability to backup data, hardware parts availability, and firmware update availability and management.

Correct Answer: B

Question 13

Company XYZ has transferred all of the corporate servers, including web servers, to a cloud hosting provider to reduce costs. All of the servers are running unpatched, outdated versions of Apache. Furthermore, the corporate financial data is also hosted by the cloud services provider, but it is encrypted when not in use. Only the DNS server is configured to audit user and administrator actions and logging is disabled on the other virtual machines. Given this scenario, which of the following is the MOST significant risk to the system?

A. Server services have been virtualized and outsourced.

B. Logging is disabled on critical servers.

C. Financial data is processed without being encrypted.

D. All servers are unpatched and running old versions.

Correct Answer: D

Welcome to TestSimulate

CompTIA Advanced Security Practitioner (CAS-001) Free Practice Test