CompTIA CA1-001 CompTIA Advanced Security Practitioner (CASP) Beta Exam 20 Q&A
Version DEMO
http://www.selfexamprep.com/ca1-001.htm
Important Note, Please Read Carefully Other prep2pass products A) Offline Testing engine Use the offline Testing engine product topractice the questions in an exam environment. Build a foundation of knowledge which will be useful also after passing the exam. Latest Version We are constantly reviewing our products. New material is added and old material is revised. Free updates are available for 90 days after the purchase. You should check your member zone at prep2pass and update 3-4 days before the scheduled exam date. Here is the procedure to get the latest version: 1.Go towww.prep2pass.com 2.Click on Log in 3.The latest versions of all purchased products are downloadable from here. Just click the links. For most updates,it is enough just to print the new questions at the end of the new version, not the whole document. Feedback If you spot a possible improvement then please let us know. We always interested in improving product quality. Feedback should be send to feedback@prep2pass.com. You should include the following: Exam number, version, page number, question number, and your login Email. Our experts will answer your mail promptly. Copyright Each iPAD file is a green exe file. if we find out that a particular iPAD Viewer file is being distributed by you, prep2pass reserves the right to take legal action against you according to the International Copyright Laws. Explanations This product does not include explanations at the moment. If you are interested in providing explanations for this exam, please contact feedback@prep2pass.com.
Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-2-
www.prep2pass.com Q: 1 John is concerned about internal security threats on the network he administers. He believes that he has taken every reasonable precaution against external threats, but is concerned that he may have gaps in his internal security. Which of the following is the most likely internal threat? A. B. C. D.
Employees not following security policy Privilege Escalation SQL Injection Employees selling sensitive data
Answer: A www.prep2pass.com Q: 2 Juanita is a network administrator for a large insurance company. She is concerned about the security risks posed by the employees of the company. There are very thorough and comprehensive security policies at the company. Which of the following would be most effective action for Juanita to take? A. B. C. D.
Putting the company policies on the corporate intranet Make all employees sign the company policy Coordinate with HR to fire anyone who violates any policy Improve employee security education
Answer: D www.prep2pass.com Q: 3 Juan realizes that more and more employees at his company are using smart phones. He wants to assess the risk posed by these devices. Which of the following best describes the most significant risk from smart phones? A. B. C. D.
Smart phones extend the network and introduce new attack vectors Smart phones can be a way for employees to steal data Smart phones pose no real additional risks Smart phones can be a distraction to employees
Answer: A
Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-3-
www.prep2pass.com Q: 4 David works as a Network Administrator for a large company. The company recently decided to extend their intranet access, to allow trusted third party vendors access to the corporate intranet, what is the best approach for David to take in securing intranet? A. Tighten user access controls on the intranet servers B. Patch the OS on the intranet servers C. Place intranet servers in a DMZ so both corporate users and trusted vendors can access it D. Install an IDS on the intranet servers
Answer: C www.prep2pass.com Q: 5 _________ consists of very large-scale virtualized, distributed computing systems. They cover multiple administrative domains and enable virtual organizations. A. B. C. D.
Edge computing Grid computing Cloud computing Virtualized computing
Answer: B www.prep2pass.com Q: 6 Which of the following statements are true about mergers? Each correct answer represents a complete solution. Choose all that apply. A. Mergers occur when the merging companies have their different consent. B. Mergers present the involved parties with special challenges that must be navigated unto agreement. C. Mergers refer to the aspect of corporate strategy, corporate finance and management dealing with the buying, selling, dividing, and combining of different companies, D. Mergers can be vertical, horizontal, congeneric or conglomerate, depending or the nature of the merging companies.
Answer: A, C, D www.prep2pass.com Q: 7 What is this formula for SC information system = [(confidentiality, impact), (integrity, impact), (availability, impact)}? Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-4-
A. B. C. D.
Calculate firewall security Calculate SLE Calculate CIA aggregate score Calculate ALE
Answer: C www.prep2pass.com Q: 8 Derrick works as a Security Administrator for a police station. He wants to determine the minimum CIA levels for his organization. Which of the following best represents the minimum CIA levels for a police departments data systems? A. B. C. D.
Confidentiality = high, Integrity = high, Availability = high Confidentiality = moderate. Integrity = moderate, Availability = high Confidentiality = low. Integrity = low. Availability = low Confidentiality = high, Integrity = moderate, Availability = moderate
Answer: D www.prep2pass.com Q: 9 John is establishing CIA levels required for a high schools grade server. This server only has grades. It does not have student or faculty private information (such as social security number, address, phone number, etc.). Which of the following CIA levels will be used by John? A. B. C. D.
Confidentiality = moderate, integrity = moderate. Availability = high Confidentiality = low, Integrity = moderate, Availability = low Confidentiality = high. Integrity = moderate, Availability = moderate Confidentiality = high. Integrity = high, Availability = high
Answer: B www.prep2pass.com Q: 10 Denish is the administrator for a cloud computing vendor. He is evaluating the security benefits and threats of cloud computing. Cloud computing has a number of challenges, which of the following is a cloud less susceptible to, than a traditionally hosted server? A. Internal Data Theft B. Privilege Escalation C. DDoS attacks Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-5-
D. Hard drive failure
Answer: C www.prep2pass.com Q: 11 Software and systems as a service in the cloud provide flexibility for administrators. The administrator can create, shutdown, and restart virtual servers as needed. However this flexibility also leads to a problem. Which of the following problems is directly related to that? A. B. C. D.
Fragmented hard drives User authentication VM Sprawl Virus spreading
Answer: C www.prep2pass.com Q: 12 A memorandum of understanding (MOU) includes various aspects that are helpful in defining a bilateral or multilateral agreement between two parties. which of the following are various aspects included in a memorandum of understanding (MOU)? Each correct answer represents a complete solution. Choose three. A. B. C. D.
Compensation Details Enforceable agreement Communication Details Terms of Agreement
Answer: A, C, D www.prep2pass.com Q: 13 Which of the following are the examples of the biometric identifiers? Each correct answer represents a complete solution, Choose three. A. B. C. D.
Iris scan Voiceprint Fingerprint Subdermal chip
Answer: A, B, C Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-6-
www.prep2pass.com Q: 14 You work as a security administrator for uCertify Inc. You are conducting a security awareness campaign for the employees of the organization. What information will you provide to the employees about the security awareness program? Each correct answer represents a complete solution. Choose three. A. It improves awareness of the need to protect system resources. B. It improves the possibility for career advancement of the IT staff. C. It enhances the skills and knowledge so that the computer users can perform their jobs more securely. D. It constructs in-depth knowledge, as needed, to design, implement, or operate security programs for organizations and systems.
Answer: A, C, D www.prep2pass.com Q: 15 Which of the following is a security incident in which sensitive or confidential data is copied, transmitted, viewed, or stolen by unauthorized person? A. B. C. D.
Security token Data masking Data breach Data erasure
Answer: C www.prep2pass.com Q: 16 Which of the following is the process of salvaging data from damaged, failed, corrupted, or inaccessible secondary storage media when it cannot be accessed normally? A. B. C. D.
Data handling Data recovery Data Erasure Data breach
Answer: B
Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-7-
www.prep2pass.com Q: 17 You work as a Desktop Support Technician for uCertify Inc. A user reports that the security log on his Windows 7 computer is full. After analyzing, you observe that the security log is full of logon events, access, and other security events. The user does not want these events to be stored in the security log, what should you do to resolve the issue? A. B. C. D.
Clear the security log and assign some more space to it. Add the user to the Power Users group Upgrade the hard drive of the users computer. Disable all auditing on the user's computer.
Answer: D www.prep2pass.com Q: 18 Which of the following statements are true about Risk analysis? Each correct answer represents a complete solution. Choose three. A. It recognizes risks, quantifies the impact of threats, and supports budgeting for security. B. It adjusts the requirements and objectives of the security policy with the business objectives and motives. C. It provides the higher management the details necessary to determine the risks that should be mitigated, transferred, and accepted. D. It uses public key cryptography to digitally sign records for a DNS lookup.
Answer: A, B, C www.prep2pass.com Q: 19 Which of the following steps are involved in a generic cost-benefit analysis process: Each correct answer represents a complete solution. Choose three. A. B. C. D.
Compile a list of key players Assess potential risks that may impact the solution Select measurement and collect all cost and benefits elements Establish alternative projects/programs
Answer: A, C, D www.prep2pass.com Q: 20 Which of the following is the predicted elapsed time between inherent failures of a system during operation?
Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-8-
A. B. C. D.
Mean time to recovery Mean time to repair Mean time between failures Mean down time
Answer: C
Leading the way in IT testing and certification tools, www.SelfExamPrep.com
-9-