CAS-001 Frequently Asked Questions
Q1: Can I use CAS-001 exam Q&As in my phone?
Yes, PassQuestion provides CompTIA Advanced Security Practitioner CAS-001 pdf Q&As which you can download to study on your computer or mobile device, we also provide CAS-001 pdf free demo which from the full version to check its quality before purchasing.
Q2: What are the formats of your CompTIA CAS-001 exam questions?
PassQuestion provides CompTIA CAS-001 exam questions with pdf format and software format, pdf file will be sent in attachment and software file in a download link, you need to download the link in a week, it will be automatically invalid after a week.
Q3: How can I download my CAS-001 test questions after purchasing?
We will send CompTIA Advanced Security Practitioner CAS-001 test questions to your email once we receive your order, pls make sure your email address valid or leave an alternate email.
Q4: How long can I get my CompTIA Advanced Security Practitioner CAS-001 questions and answers after purchasing?
We will send CompTIA Advanced Security Practitioner CAS-001 questions and answers to your email in 10 minutes in our working time and no less than 12 hours in our off time.
GMT+8: Monday- Saturday 8:00 AM-18:00 PM
GMT: Monday- Saturday 0:00 AM-10:00 AM
Q5: Can I pass my test with your CompTIA Advanced Security Practitioner CAS-001 practice questions only?
Sure! All of PassQuestion CompTIA Advanced Security Practitioner CAS-001 practice questions come from real test. If you can practice well and get a good score in our practice Q&As, we ensure you can pass your CompTIA Advanced Security Practitioner exam easily.
Q6: How can I know my CAS-001 updated?
You can check the number of questions, if it is changed,that means we have updated this exam ,you can contact us anytime to ask for an free update. our sales email : [email protected]
Q7: What is your refund process if I fail CompTIA CAS-001 test?
If you fail your CAS-001 test in 60 days by studying our study material, just scan your score report and send to us in attchment,when we check, we will give you full refund.
Q8. What other payment menthod can I use except Paypal?
If your country don't support Paypal, we offer another Payment method Western Union,it is also safe and fast. Pls contact us for the details, we will send it to your email.
Question No : 1
Which of the following are critical when using TSIG? (Select TWO).
A. Periodic key changes once the initial keys are established between the DNS name servers.
B. Secure exchange of the key values between the two DNS name servers.
C. A secure NTP source used by both DNS name servers to avoid message rejection.
D. DNS configuration files on both DNS name servers must be identically encrypted.
E. AES encryption with a SHA1 hash must be used to encrypt the configuration files on both DNS name servers.
Question No : 2
Which of the following provides the MOST secure method of integrating the non-compliant clients into the network?
A. Create a separate SSID and WEP key to support the legacy clients and enable detection of rogue APs.
B. Create a separate SSID and WEP key on a new network segment and only allow required communication paths.
C. Create a separate SSID and require the legacy clients to connect to the wireless network using certificate-based 802.1x.
D. Create a separate SSID and require the use of dynamic WEP keys.
Question No : 3
A. Session management attack
B. Protocol fuzzing
C. Root-kit compromise
D. Physical attack
E. Privilege escalation
Question No : 4
Which of the following is the BEST list of factors the security manager should consider while performing a risk assessment?
A. Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the track record of the vendor in publicizing and correcting security flaws in their products; predicted costs associated with maintaining, integrating and securing the devices.
B. Ability to remotely administer the devices, apply security controls remotely, and remove the SSD; the track record of the vendor in securely implementing IPv6 with IPSec; predicted costs associated with securing the devices.
C. Ability to remotely monitor the devices, remove security controls remotely, and decrypt the SSD; the track record of the vendor in publicizing and preventing security flaws in their products; predicted costs associated with maintaining, destroying and tracking the devices.
D. Ability to remotely sanitize the devices, apply security controls locally, encrypt the SSD; the track record of the vendor in adapting the open source operating system to their platform; predicted costs associated with inventory management, maintaining, integrating and securing the devices.
Question No : 5
A. Least privilege
B. Job rotation
C. Mandatory vacation
D. Separation of duties
Question No : 6
A. The iSCSI initiator was not restarted.
B. The NTFS LUNs are snapshots.
C. The HBA allocation is wrong.
D. The UNIX server is multipathed.
Question No : 7
Which of the following risk strategies should be used?
A. Transfer the risks
B. Avoid the risks
C. Accept the risks
D. Mitigate the risks
Question No : 8
Which of the following BEST describes the problem that is occurring, a good mitigation technique to use to prevent future occurrences, and why it a security concern?
A. Problem: Cross-site scripting Mitigation Technique. Input validation Security Concern: Decreases the company¡¯s profits and cross-site scripting can enable malicious actors to compromise the confidentiality of network connections or interrupt the availability of the network.
B. Problem: Buffer overflow Mitigation Technique. Secure coding standards Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data.
C. Problem: SQL injection Mitigation Technique. Secure coding standards Security Concern: Exposes the company to liability SQL injection and can enable malicious actors to compromise the confidentiality of data or interrupt the availability of a system.
D. Problem: Buffer overflow Mitigation Technique. Output validation Security Concern: Exposing the company to public scrutiny buffer overflows can enable malicious actors to interrupt the availability of a system.
Question No : 9
A. Outdated antivirus definitions
B. Insecure wireless
C. Infected USB device
D. SQL injection
Question No : 10
A. The company¡¯s IDS signatures were not updated.
B. The company¡¯s custom code was not patched.
C. The patch caused the system to revert to http.
D. The software patch was not cryptographically signed.
E. The wrong version of the patch was used.
F. Third-party plug-ins were not patched.
Question No : 11
A. Buffer overflow
B. Click jacking
C. SQL injection
D. XSS attack
Question No : 12
A. Block traffic from the ISP¡¯s networks destined for blacklisted IPs.
B. Prevent the ISP¡¯s customers from querying DNS servers other than those hosted by the ISP.
C. Block traffic with a source IP not allocated to the ISP from exiting the ISP¡¯s network.
D. Scan the ISP¡¯s customer networks using an up-to-date vulnerability scanner.
E. Notify customers when services they run are involved in an attack.
Question No : 13
Which of the following is a best practice in end user security?
A. Employee identity badges and physical access controls to ensure only staff are allowed onsite.
B. A training program that is consistent, ongoing, and relevant.
C. Access controls to prevent end users from gaining access to confidential data.
D. Access controls for computer systems and networks with two-factor authentication.
Question No : 14
Who should be contacted FIRST by the project team to discuss potential changes to the platform requirements?
B. Facilities Manager
D. Human Resources
Question No : 15
Which of the following is the MOST comprehensive method for evaluating the two platforms?
A. Benchmark each possible solution with the integrators existing client deployments.
B. Develop testing criteria and evaluate each environment in-house.
C. Run virtual test scenarios to validate the potential solutions.
D. Use results from each vendor¡¯s test labs to determine adherence to project requirements.