CompTIA CAS-002 問題集

質問 1：
A company receives a subpoena for email that is four years old. Which of the following should the company consult to determine if it can provide the email in question?
A. Data retention policy
B. Backup and archive processes
C. Electronic inventory
D. Business continuity plan
正解：A

質問 2：
A large enterprise introduced a next generation firewall appliance into the Internet facing DMZ. All Internet traffic passes through this appliance. Four hours after implementation the network engineering team discovered that traffic through the DMZ now has un-acceptable latency, and is recommending that the new firewall be taken offline. At what point in the implementation process should this problem have been discovered?
A. When testing the appliance
B. During the network traffic analysis phase
C. During the product selection phase
D. When writing the RFP for the purchase process
正解：A

質問 3：
A developer is coding the crypto routine of an application that will be installed on a standard headless and diskless server connected to a NAS housed in the datacenter. The developer has written the following six lines of code to add entropy to the routine:
1 - If VIDEO input exists, use video data for entropy
2 - If AUDIO input exists, use audio data for entropy 3 - If MOUSE input exists, use mouse data for entropy
4 - IF KEYBOARD input exists, use keyboard data for entropy
5 - IF IDE input exists, use IDE data for entropy
6 - IF NETWORK input exists, use network data for entropy
Which of the following lines of code will result in the STRONGEST seed when combined?
A. 2 and 1
B. 3 and 5
C. 5 and 2
D. 6 and 4
正解：D

質問 4：
An IT administrator has been tasked by the Chief Executive Officer with implementing security using a single device based on the following requirements:
1 . Selective sandboxing of suspicious code to determine malicious intent.
2 . VoIP handling for SIP and H.323 connections.
3 . Block potentially unwanted applications.
Which of the following devices would BEST meet all of these requirements?
A. UTM
B. HIDS
C. WAF
D. NIDS
E. HSM
正解：A

質問 5：
An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers. Which of the following are management challenges and risks associated with this style of technology lifecycle management?
A. Inability to use virtualization, trusted OS complexities, and multiple patch versions based on OS dependency.
B. Increased mean time to failure rate of legacy servers, OS variances, patch availability, and ability to restore to dissimilar hardware.
C. Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks on old hardware.
D. OS end-of-support issues, ability to backup data, hardware parts availability, and firmware update availability and management.
正解：B

質問 6：
A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture quickly with regard to targeted attacks.
Which of the following should the CSO conduct FIRST?
A. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.
B. Conduct an internal audit against industry best practices to perform a qualitative analysis.
C. Survey threat feeds from services inside the same industry.
D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
正解：C

質問 7：
Wireless users are reporting issues with the company's video conferencing and VoIP systems. The security administrator notices internal DoS attacks from infected PCs on the network causing the VoIP system to drop calls. The security administrator also notices that the SIP servers are unavailable during these attacks. Which of the following security controls will MOST likely mitigate the VoIP DoS attacks on the network? (Select TWO).
A. Configure 802.11e on the network
B. Configure 802.1X on the network
C. Install a HIPS on the SIP servers
D. Update the corporate firewall to block attacking addresses
E. Configure 802.1q on the network
正解：A,C

質問 8：
A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable?
A. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network.
B. This information can be found by querying the network's DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts.
C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections.
D. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.
正解：D