CAS-001の無料問題集（495題）、CAS-001認定試験参考書

CompTIA CAS-001 問題集

試験コード：CAS-001

試験名称：CompTIA Advanced Security Practitioner

最近更新時間：2025-01-18

問題と解答：全495問

CAS-001 無料でデモをダウンロード：

PDF版 Demo ソフト版 Demo オンライン版 Demo

無料問題集CAS-001 資格取得

質問 1：
---
Company XYZ provides residential television cable service across a large region.
The company's board of directors is in the process of approving a deal with the following three companies:
A National landline telephone provider
A Regional wireless telephone provider
An international Internet service provider
The board of directors at Company XYZ wants to keep the companies and billing separated.
While the Chief Information Officer (CIO) at Company XYZ is concerned about the confidentiality of Company XYZ's customer data and wants to share only minimal information about its customers for the purpose of accounting, billing, and customer authentication.
The proposed solution must use open standards and must make it simple and seamless for Company XYZ's customers to receive all four services.
Which of the following solutions is BEST suited for this scenario?
A. Company XYZ needs to install the IdP, while the partner companies need to install the SP portion of a Federated identity solution.
B. Company XYZ must implement VPN and strict access control to allow the other three companies to access the internal LDAP.
C. Company XYZ needs to install the SP, while the partner companies need to install the WAYF portion of a Federated identity solution.
D. All four companies must implement a TACACS+ web based single sign-on solution with associated captive portal technology.
正解：A

質問 2：
A security engineer at a major financial institution is prototyping multiple secure network configurations. The testing is focused on understanding the impact each potential design will have on the three major security tenants of the network. All designs must take into account the stringent compliance and reporting requirements for most worldwide financial institutions.Which of the following is the BEST list of security lifecycle related concerns related to deploying the final design?
A. Ensuring smooth transition of maintenance resources to support the new network, updating all whole disk encryption keys to be compatible with IPv6, and maximizing profits for bank shareholders.
B. Decommissioning the existing network smoothly, implementing maintenance and operations procedures for the new network in advance, and ensuring compliance with applicable regulations and laws.
C. Decommissioning plan for the new network, proper disposal protocols for the existing network equipment, transitioning operations to the new network on day one, and ensuring compliance with corporate data retention policies.
D. Resistance of the new network design to DDoS attacks, ability to ensure confidentiality of all data in transit, security of change management processes and procedures, and resilience of the firewalls to power fluctuations.
E. Interoperability with the Security Administration Remote Access protocol, integrity of the data at rest, overall network availability, and compliance with corporate and government regulations and policies.
正解：B

質問 3：
A security incident happens three times a year on a company's web server costing the company $1,500 in downtime, per occurrence. The web server is only for archival access and is scheduled to be decommissioned in five years. The cost of implementing software to prevent this incident would be $15,000 initially, plus $1,000 a year for maintenance. Which of the following is the MOST cost-effective manner to deal with this risk?
A. Accept the risk
B. Avoid the risk
C. Transfer the risk
D. Mitigate the risk
正解：D

質問 4：
The network administrator has been tracking the cause of network performance problems and decides to take a look at the internal and external router stats.

Which of the following should the network administrator do to resolve the performance issue after analyzing the above information?
A. An ACL should be placed on the internal router to drop layer 4 packets to and from port 0.
B. The TCP flags of business related traffic should be modified accordingly.
C. The IP TOS field of business related network traffic should be modified accordingly.
D. An ACL should be placed on the external router to drop incoming ICMP packets.
正解：C

質問 5：
A trust relationship has been established between two organizations with web based services. One organization is acting as the Requesting Authority (RA) and the other acts as the Provisioning Service Provider (PSP). Which of the following is correct about the trust relationship?
A. The trust relationship uses SPML in the SAML header. The SAML body transports the SPML requests / responses.
B. The trust relationship uses SAML in the SOAP header. The SOAP body transports the SPML requests / responses.
C. The trust relationship uses SPML in the SOAP header. The SOAP body transports the SAML requests / responses.
D. The trust relationship uses XACML in the SAML header. The SAML body transports the SOAP requests / responses.
正解：B

質問 6：
Which of the following is a security advantage of single sign-on? (Select TWO).
A. Applications need to validate authentication tokens.
B. Authentication is secured by the certificate authority.
C. All password transactions are encrypted.
D. Less time and complexity removing user access.
E. Users only have to remember one password.
正解：D,E

質問 7：
A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security items should the company have in place before implementation? (Select TWO).
A. Senior staff blogs should be ghost written by marketing professionals.
B. The finance department must provide a cost benefit analysis for social media.
C. The company should ensure that the company has sufficient bandwidth to allow for social media traffic.
D. The security policy needs to be reviewed to ensure that social media policy is properly implemented.
E. The company must dedicate specific staff to act as social media representatives of the company.
F. All staff needs to be instructed in the proper use of social media in the work environment.
正解：D,E

質問 8：
When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their smartphones.
Which of the following would impact the security of conference's resources?
A. Wireless network security may need to be decreased to allow for increased access of mobile devices.
B. Network security may need to be increased by reducing the number of available physical network jacks.
C. Physical security may need to be increased to deter or prevent theft of mobile devices.
D. Wireless network security may need to be increased to decrease access of mobile devices.
正解：B

安全的な支払方式を利用しています

Credit Cardは今まで全世界の一番安全の支払方式です。少数の手続きの費用かかる必要がありますとはいえ、保障があります。お客様の利益を保障するために、弊社のCAS-001問題集は全部Credit Cardで支払われることができます。

領収書について：社名入りの領収書が必要な場合、メールで社名に記入していただき送信してください。弊社はPDF版の領収書を提供いたします。

弊社は失敗したら全額で返金することを承諾します

我々は弊社のCAS-001問題集に自信を持っていますから、試験に失敗したら返金する承諾をします。我々のCompTIA CAS-001を利用して君は試験に合格できると信じています。もし試験に失敗したら、我々は君の支払ったお金を君に全額で返して、君の試験の失敗する経済損失を減少します。

一年間の無料更新サービスを提供します

君が弊社のCompTIA CAS-001をご購入になってから、我々の承諾する一年間の更新サービスが無料で得られています。弊社の専門家たちは毎日更新状態を検査していますから、この一年間、更新されたら、弊社は更新されたCompTIA CAS-001をお客様のメールアドレスにお送りいたします。だから、お客様はいつもタイムリーに更新の通知を受けることができます。我々は購入した一年間でお客様がずっと最新版のCompTIA CAS-001を持っていることを保証します。

弊社のCompTIA CAS-001を利用すれば試験に合格できます

弊社のCompTIA CAS-001は専門家たちが長年の経験を通して最新のシラバスに従って研究し出した勉強資料です。弊社はCAS-001問題集の質問と答えが間違いないのを保証いたします。

この問題集は過去のデータから分析して作成されて、カバー率が高くて、受験者としてのあなたを助けて時間とお金を節約して試験に合格する通過率を高めます。我々の問題集は的中率が高くて、100％の合格率を保証します。我々の高質量のCompTIA CAS-001を利用すれば、君は一回で試験に合格できます。

弊社は無料CompTIA CAS-001サンプルを提供します

お客様は問題集を購入する時、問題集の質量を心配するかもしれませんが、我々はこのことを解決するために、お客様に無料CAS-001サンプルを提供いたします。そうすると、お客様は購入する前にサンプルをダウンロードしてやってみることができます。君はこのCAS-001問題集は自分に適するかどうか判断して購入を決めることができます。

CAS-001試験ツール：あなたの訓練に便利をもたらすために、あなたは自分のペースによって複数のパソコンで設置できます。

TopExamは君にCAS-001の問題集を提供して、あなたの試験への復習にヘルプを提供して、君に難しい専門知識を楽に勉強させます。TopExamは君の試験への合格を期待しています。

CompTIA Advanced Security Practitioner 認定 CAS-001 試験問題:

1. The security manager of a company has hired an external consultant to conduct a security assessment of the company network. The contract stipulates that the consultant is not allowed to transmit any data on the company network while performing wired and wireless security assessments. Which of the following technical means can the consultant use to determine the manufacturer and likely operating system of the company wireless and wired network devices, as well as the computers connected to the company network?

A) Port scanner
B) Social engineering
C) Protocol analyzer
D) Grey box testing

2. Company A is purchasing Company B, and will import all of Company B's users into its authentication system. Company A uses 802.1x with a RADIUS server, while Company B uses a captive SSL portal with an LDAP backend. Which of the following is the BEST way to integrate these two networks?

A) Enable RADIUS and end point security on Company B's network devices.
B) Enable 802.1x on Company B's network devices.
C) Enable LDAP authentication on Company A's network devices.
D) Enable LDAP/TLS authentication on Company A's network devices.

3. The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router's external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company's external router's IP which is 128.20.176.19:
11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400
Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration?

A) After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication.
B) After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks.
C) After the senior engineer used a network analyzer to identify an active Fraggle attack, the company's ISP should be contacted and instructed to block the malicious packets.
D) After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company's external router to block incoming UDP port 19 traffic.

4. A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital's guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital's system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).

A) Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.
B) Malware may be on BYOD devices which can extract data via key logging and screen scrapes.
C) Privacy could be compromised as patient records can be viewed in uncontrolled areas.
D) Device encryption has not been enabled and will result in a greater likelihood of data loss.
E) The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.

5. A security administrator must implement a SCADA style network overlay to ensure secure remote management of all network management and infrastructure devices. Which of the following BEST describes the rationale behind this architecture?

A) A physically isolated network that allows for secure metric collection.
B) A physically isolated network with inband management that uses two factor authentication.
C) A logically isolated network with inband management that uses secure two factor authentication.
D) An isolated network that provides secure out-of-band remote management.

質問と回答：

質問 # 1
正解： C

質問 # 2
正解： B

質問 # 3
正解： C

質問 # 4
正解： B、C

質問 # 5
正解： D