CAS-001の無料問題集（495題）、CAS-001認定試験参考書

CompTIA CAS-001 問題集

試験コード：CAS-001

試験名称：CompTIA Advanced Security Practitioner

最近更新時間：2024-12-16

問題と解答：全495問

CAS-001 無料でデモをダウンロード：

PDF版 Demo ソフト版 Demo オンライン版 Demo

無料問題集CAS-001 資格取得

質問 1：
Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. Ann has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should Ann suggest to BEST secure this environment?
A. Create an IP camera network and deploy NIPS to prevent unauthorized access.
B. Create an IP camera network and only allow SSL access to the cameras.
C. Create an IP camera network and restrict access to cameras from a single management host.
D. Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.
正解：D

質問 2：
Two universities are making their 802.11n wireless networks available to the other
university's students. The infrastructure will pass the student's credentials back to the home school for authentication via the Internet.
The requirements are: Mutual authentication of clients and authentication server The design should not limit connection speeds Authentication must be delegated to the home school No passwords should be sent unencrypted The following design was implemented: WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be used to forward authentication requests to the home school The RADIUS servers will have certificates from a common public certificate authority A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?
A. The RADIUS servers should have local accounts for the visiting students
B. The transport layer between the RADIUS servers should be secured
C. WPA Enterprise should be used to decrease the network overhead
D. Students should be given certificates to use for authentication to the network
正解：B

質問 3：
A company has been purchased by another agency and the new security architect has identified new security goals for the organization. The current location has video surveillance throughout the building and entryways. The following requirements must be met:
1.Ability to log entry of all employees in and out of specific areas
2.Access control into and out of all sensitive areas
3.Two-factor authentication
Which of the following would MOST likely be implemented to meet the above requirements and provide a secure solution? (Select TWO).
A. Visitor logs
B. Mantrap
C. Motion detection sensors
D. Biometric readers
E. Proximity readers
正解：D,E

質問 4：
An online banking application has had its source code updated and is soon to be relaunched. The underlying infrastructure has not been changed. In order to ensure that the application has an appropriate security posture, several security-related activities are required.
Which of the following security activities should be performed to provide an appropriate level of security testing coverage? (Select TWO).
A. Penetration test across the application with accounts of varying access levels (i.e. non-authenticated, authenticated, and administrative users).
B. Fingerprinting across all of the online banking servers to ascertain open ports and services.
C. Vulnerability assessment across all of the online banking servers to ascertain host and container configuration lock-down and patch levels.
D. Black box code review across the entire code base to ensure that there are no security defects present.
E. Code review across critical modules to ensure that security defects, Trojans, and backdoors are not present.
正解：A,E

質問 5：
A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?
A. The tool could show that input validation was only enabled on the client side
B. The tool could fuzz the application to determine where memory leaks occur
C. The tool could force HTTP methods such as DELETE that the server has denied
D. The tool could enumerate backend SQL database table and column names
正解：A

質問 6：
Which of the following does SAML uses to prevent government auditors or law enforcement from identifying specific entities as having already connected to a service provider through an SSO operation?
A. Restful interfaces
B. Transient identifiers
C. Security bindings
D. Directory services
正解：B

質問 7：
The security team for Company XYZ has determined that someone from outside the organization has obtained sensitive information about the internal organization by querying the external DNS server of the company. The security manager is tasked with making sure this problem does not occur in the future. How would the security manager address this problem?
A. Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain authoritative records for internal systems.
B. Implement a split DNS, only allowing the external DNS server to contain information about internal domain resources that the outside world would be interested in, and an internal DNS server to maintain authoritative records for internal systems.
C. Implement a split DNS, only allowing the internal DNS server to contain information about domains the outside world should be aware of, and an external DNS server to maintain authoritative records for internal systems.
D. Implement a split DNS, only allowing the external DNS server to contain information about domains that only the outside world should be aware, and an internal DNS server to maintain non-authoritative records for external systems.
正解：A

質問 8：
New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should a security manager do to manage the risks of these attack vectors? (Select TWO).
A. Maintain a list of critical systems.
B. Update all network diagrams.
C. Backup the router and firewall configurations.
D. Create an inventory of applications.
E. Establish an emergency response call tree.
正解：A,D

安全的な支払方式を利用しています

Credit Cardは今まで全世界の一番安全の支払方式です。少数の手続きの費用かかる必要がありますとはいえ、保障があります。お客様の利益を保障するために、弊社のCAS-001問題集は全部Credit Cardで支払われることができます。

領収書について：社名入りの領収書が必要な場合、メールで社名に記入していただき送信してください。弊社はPDF版の領収書を提供いたします。

弊社は失敗したら全額で返金することを承諾します

我々は弊社のCAS-001問題集に自信を持っていますから、試験に失敗したら返金する承諾をします。我々のCompTIA CAS-001を利用して君は試験に合格できると信じています。もし試験に失敗したら、我々は君の支払ったお金を君に全額で返して、君の試験の失敗する経済損失を減少します。

一年間の無料更新サービスを提供します

君が弊社のCompTIA CAS-001をご購入になってから、我々の承諾する一年間の更新サービスが無料で得られています。弊社の専門家たちは毎日更新状態を検査していますから、この一年間、更新されたら、弊社は更新されたCompTIA CAS-001をお客様のメールアドレスにお送りいたします。だから、お客様はいつもタイムリーに更新の通知を受けることができます。我々は購入した一年間でお客様がずっと最新版のCompTIA CAS-001を持っていることを保証します。

弊社のCompTIA CAS-001を利用すれば試験に合格できます

弊社のCompTIA CAS-001は専門家たちが長年の経験を通して最新のシラバスに従って研究し出した勉強資料です。弊社はCAS-001問題集の質問と答えが間違いないのを保証いたします。

この問題集は過去のデータから分析して作成されて、カバー率が高くて、受験者としてのあなたを助けて時間とお金を節約して試験に合格する通過率を高めます。我々の問題集は的中率が高くて、100％の合格率を保証します。我々の高質量のCompTIA CAS-001を利用すれば、君は一回で試験に合格できます。

弊社は無料CompTIA CAS-001サンプルを提供します

お客様は問題集を購入する時、問題集の質量を心配するかもしれませんが、我々はこのことを解決するために、お客様に無料CAS-001サンプルを提供いたします。そうすると、お客様は購入する前にサンプルをダウンロードしてやってみることができます。君はこのCAS-001問題集は自分に適するかどうか判断して購入を決めることができます。

CAS-001試験ツール：あなたの訓練に便利をもたらすために、あなたは自分のペースによって複数のパソコンで設置できます。

TopExamは君にCAS-001の問題集を提供して、あなたの試験への復習にヘルプを提供して、君に難しい専門知識を楽に勉強させます。TopExamは君の試験への合格を期待しています。

CompTIA Advanced Security Practitioner 認定 CAS-001 試験問題:

1. A security audit has uncovered a lack of security controls with respect to employees' network account management. Specifically, the audit reveals that employee's network accounts are notdisabled in a timely manner once an employee departs the organization. The company policy states that the network account of an employee should be disabled within eight hours of termination. However, the audit shows that 5% of the accounts were not terminated until three days after a dismissed employee departs. Furthermore, 2% of the accounts are still active.
Which of the following is the BEST course of action that the security officer can take to avoid repeat audit findings?

A) Update the company policy to account for delays and unforeseen situations in account deactivation.
B) Enforce the company policy by conducting monthly account reviews of inactive accounts.
C) Review the termination policy with the company managers to ensure prompt reporting of employee terminations.
D) Review the HR termination process and ask the software developers to review the identity management code.

2. The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The network administrator reviews the tickets and compiles the following information for the security administrator:
Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0 Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0 Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0 All callers are connected to the same switch and are routed by a router with five built-in
interfaces. The upstream router interface's MAC is 00-01-42-32-ab-1a
The security administrator brings a laptop to the finance office, connects it to one of the
wall jacks, starts up a network analyzer, and notices the following:
09:05:10.937590 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
09:05:15.934840 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
09:05:19.931482 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)
Which of the following can the security administrator determine from the above
information?

A) A man in the middle attack is underway - implementing static ARP entries is a possible solution.
B) The router is being advertised on a separate network - router reconfiguration is a possible solution.
C) An ARP flood attack targeted at the router is causing intermittent communication - implementing IPS is a possible solution.
D) The default gateway is being spoofed - implementing static routing with MD5 is a possible solution.

3. A security engineer wants to implement forward secrecy but still wants to ensure the number of requests handled by the web server is not drastically reduced due to the larger computational overheads. Browser compatibility is not a concern; however system performance is. Which of the following, when implemented, would BEST meet the engineer's requirements?

A) DHE
B) ECDHE
C) AES128-SHA
D) DH

4. At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which everything runs properly again. The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO).

A) Add guests with more memory to increase capacity of the infrastructure.
B) Booting all the lab desktops at the same time is creating excessive I/O.
C) Install faster SSD drives in the storage system used in the infrastructure.
D) Install more memory in the thin clients to handle the increased load while booting.
E) A backup is running on the thin clients at 9am every morning.
F) The lab desktops are using more memory than is available to the host systems.
G) The lab desktops are saturating the network while booting.
H) Install 10-Gb uplinks between the hosts and the lab to increase network capacity.

5. A database administrator comes across the below records in one of the databases during an internal audit of the payment system:
UserIDAddressCredit Card No.Password
jsmith123 fake street55XX-XXX-XXXX-1397Password100
jqdoe234 fake street42XX-XXX-XXXX-202717DEC12
From a security perspective, which of the following should be the administrator's GREATEST concern, and what will correct the concern?

A) Concern: User IDs are confidential private information.
Correction: Require encryption of user IDs.
B) Concern: More than four digits within a credit card number are stored.
Correction: Only store the last four digits of a credit card to protect sensitive financial
information.
C) Concern: User IDs are also usernames, and could be enumerated, thereby disclosing
sensitive account information.
Correction: Require user IDs to be more complex by using alphanumeric characters and
hash the UserIDs.
D) Concern: Passwords are stored in plain text.
Correction: Require a minimum of 8 alphanumeric characters and hash the password.