質問 1:An online banking application has had its source code updated and is soon to be relaunched. The underlying infrastructure has not been changed. In order to ensure that the application has an appropriate security posture, several security-related activities are required.
Which of the following security activities should be performed to provide an appropriate level of security testing coverage? (Select TWO).
A. Penetration test across the application with accounts of varying access levels (i.e. non-authenticated, authenticated, and administrative users).
B. Fingerprinting across all of the online banking servers to ascertain open ports and services.
C. Vulnerability assessment across all of the online banking servers to ascertain host and container configuration lock-down and patch levels.
D. Black box code review across the entire code base to ensure that there are no security defects present.
E. Code review across critical modules to ensure that security defects, Trojans, and backdoors are not present.
正解:A,E
質問 2:The security administrator has been tasked with providing a solution that would not only eliminate the need for physical desktops, but would also centralize the location of all desktop applications, without losing physical control of any network devices. Which of the following would the security manager MOST likely implement?
A. VLANs
B. VDI
C. IaaS
D. PaaS
正解:B
質問 3:The manager of the firewall team is getting complaints from various IT teams that firewall changes are causing issues. Which of the following should the manager recommend to BEST address these issues?
A. Set up a weekly review for relevant teams to discuss upcoming changes likely to have a broad impact.
B. Require every new firewall rule go through a secondary firewall administrator for review before pushing the firewall policy.
C. Update the change request form so that requesting teams can provide additional details about the requested changes.
D. Require the firewall team to verify the change with the requesting team before pushing the updated firewall policy.
正解:A
質問 4:DRAG DROP
Company A has experienced external attacks on their network and wants to minimize the attacks from reoccurring. Modify the network diagram to prevent SQL injections. XSS attacks, smurf attacks, e-mail spam, downloaded malware. viruses and ping attacks. The company can spend a MAXIMUM of 550.000 USD. A cost list for each item is listed below
1. Anti-Virus Server- $10,000 2 Firewall-$15,000 3 Load Balanced Server - $10,000 4 NIDS/NIPS-$10,000
5. Packet Analyzer-55.000 6 Patch Server-$15,000 7 Proxy Server-$20,000 8. Router - S10.000 9 Spam Filter - S5 000 10 Traffic Shaper - $20,000
11. Web Application Firewall - $10,000
Instructions: Not all placeholders in the diagram need to be filled and items can only be used once.
正解:
質問 5:An administrator implements a new PHP application into an existing website and discovers the newly added PHP pages do not work. The rest of the site also uses PHP and is functioningcorrectly. The administrator tested the new application on their personal workstation thoroughly before uploading to the server and did not run into any errors. Checking the Apache configuration file, the administrator verifies that the new virtual directory is added as listed:
<VirtualHost *:80>
DocumentRoot "/var/www"
<Directory "/home/administrator/app">
AllowOveride none
Order allow, deny
Allow from all
</Directory>
</VirtualHost>
Which of the following is MOST likely occurring so that this application does not run properly?
A. The directory had an explicit allow statement rather than the implicit deny.
B. SELinux is preventing HTTP access to home directories.
C. PHP is overriding the Apache security settings.
D. PHP has not been restarted since the additions were added.
正解:B
質問 6:Which of the following authentication types is used primarily to authenticate users through the use of tickets?
A. Kerberos
B. LDAP
C. RADIUS
D. TACACS+
正解:A
質問 7:A security administrator is tasked with securing a company's headquarters and branch offices move to unified communications. The Chief Information Officer (CIO) wants to integrate the corporate users' email, voice mail, telephony, presence and corporate messaging to internal computers, mobile users, and devices. Which of the following actions would BEST meet the CIO's goals while providing maximum unified communications security?
A. Create presence groups, restrict IM protocols to the internal networks, encrypt remote devices, and restrict access to services to local network and VPN clients.
B. Establish presence privacy groups, restrict all IM protocols, allow secure RTP on session border gateways, enable full disk encryptions, and transport encryption for email security.
C. Enable discretionary email forwarding restrictions, utilize QoS and Secure RTP, allow external IM protocols only over TLS, and allow port 2000 incoming to the internal firewall interface for secure SIP
D. Set presence to invisible by default, restrict IM to invite only, implement QoS on SIP and RTP traffic, discretionary email forwarding, and full disk encryption.
正解:A
質問 8:A security consultant is called into a small advertising business to recommend which security policies and procedures would be most helpful to the business. The business is comprised of 20 employees, operating off of two shared servers. One server houses employee data and the other houses client data. All machines are on the same local network. Often these employees must work remotely from client sites, but do not access either of the servers remotely. Assuming no security policies or procedures are in place right now, which of the following would be the MOST applicable for implementation? (Select TWO).
A. Wireless Access Procedure
B. Data Classification Policy
C. Password Policy
D. VPN Policy
E. Database Administrative Procedure
正解:B,C
安全的な支払方式を利用しています
Credit Cardは今まで全世界の一番安全の支払方式です。少数の手続きの費用かかる必要がありますとはいえ、保障があります。お客様の利益を保障するために、弊社のCAS-001問題集は全部Credit Cardで支払われることができます。
領収書について:社名入りの領収書が必要な場合、メールで社名に記入していただき送信してください。弊社はPDF版の領収書を提供いたします。
弊社は失敗したら全額で返金することを承諾します
我々は弊社のCAS-001問題集に自信を持っていますから、試験に失敗したら返金する承諾をします。我々のCompTIA CAS-001を利用して君は試験に合格できると信じています。もし試験に失敗したら、我々は君の支払ったお金を君に全額で返して、君の試験の失敗する経済損失を減少します。
一年間の無料更新サービスを提供します
君が弊社のCompTIA CAS-001をご購入になってから、我々の承諾する一年間の更新サービスが無料で得られています。弊社の専門家たちは毎日更新状態を検査していますから、この一年間、更新されたら、弊社は更新されたCompTIA CAS-001をお客様のメールアドレスにお送りいたします。だから、お客様はいつもタイムリーに更新の通知を受けることができます。我々は購入した一年間でお客様がずっと最新版のCompTIA CAS-001を持っていることを保証します。
弊社のCompTIA CAS-001を利用すれば試験に合格できます
弊社のCompTIA CAS-001は専門家たちが長年の経験を通して最新のシラバスに従って研究し出した勉強資料です。弊社はCAS-001問題集の質問と答えが間違いないのを保証いたします。
この問題集は過去のデータから分析して作成されて、カバー率が高くて、受験者としてのあなたを助けて時間とお金を節約して試験に合格する通過率を高めます。我々の問題集は的中率が高くて、100%の合格率を保証します。我々の高質量のCompTIA CAS-001を利用すれば、君は一回で試験に合格できます。
弊社は無料CompTIA CAS-001サンプルを提供します
お客様は問題集を購入する時、問題集の質量を心配するかもしれませんが、我々はこのことを解決するために、お客様に無料CAS-001サンプルを提供いたします。そうすると、お客様は購入する前にサンプルをダウンロードしてやってみることができます。君はこのCAS-001問題集は自分に適するかどうか判断して購入を決めることができます。
CAS-001試験ツール:あなたの訓練に便利をもたらすために、あなたは自分のペースによって複数のパソコンで設置できます。
TopExamは君にCAS-001の問題集を提供して、あなたの試験への復習にヘルプを提供して、君に難しい専門知識を楽に勉強させます。TopExamは君の試験への合格を期待しています。
CompTIA Advanced Security Practitioner 認定 CAS-001 試験問題:
1. There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data, a training company has been employed to educate staff. Which of the following should be the primary focus of the privacy compliance training program?
A) Remind staff of the company's data handling policy and have staff sign an NDA.
B) Focus on explaining the "how" and "why" customer data is being collected.
C) Republish the data classification and the confidentiality policy.
D) Explain how customer data is gathered, used, disclosed, and managed.
2. During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution?
A) Implement an IPS to block the application on the network
B) Implement the remote application out to the rest of the servers
C) Implement SSL VPN with SAML standards for federation
D) Implement an ACL on the firewall with NAT for remote access
3. A systems security consultant is hired by Corporation X to analyze the current enterprise network environment and make recommendations for increasing network security. It is the consultant's first day on the job. Which of the following network design considerations should the consultant consider? (Select THREE).
A) What outside threats are most likely to compromise network security?
B) What corporate assets need to be protected?
C) What is the budget for this project?
D) What time and resources are needed to carry out the security plan?
E) What are the business needs of the organization?
F) What hardware and software would work best for securing the network?
4. A Physical Security Manager is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. The Security Manager has several security guard desks on different networks that must be able to view the cameras without unauthorized peopleviewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should the Security Manager suggest to BEST secure this environment?
A) Create an IP camera network and deploy NIPS to prevent unauthorized access.
B) Create an IP camera network and only allow SSL access to the cameras.
C) Create an IP camera network and restrict access to cameras from a single management host.
D) Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.
5. A developer is coding the crypto routine of an application that will be installed on a standard headless and diskless server connected to a NAS housed in the datacenter. The developer has written the following six lines of code to add entropy to the routine:
1 - If VIDEO input exists, use video data for entropy 2 - If AUDIO input exists, use audio data for entropy 3 - If MOUSE input exists, use mouse data for entropy 4 - IF KEYBOARD input exists, use keyboard data for entropy 5 - IF IDE input exists, use IDE data for entropy 6 - IF NETWORK input exists, use network data for entropy
Which of the following lines of code will result in the STRONGEST seed when combined?
A) 2 and 1
B) 3 and 5
C) 5 and 2
D) 6 and 4
質問と回答:
質問 # 1 正解: D | 質問 # 2 正解: C | 質問 # 3 正解: A、B、E | 質問 # 4 正解: D | 質問 # 5 正解: D |