CAS-001試験無料問題集（495題）「CompTIA Advanced Security Practitioner 認定」

出題：1

An IT administrator has been tasked by the Chief Executive Officer with implementing security using a single device based on the following requirements:
1.Selective sandboxing of suspicious code to determine malicious intent.
2.VoIP handling for SIP and H.323 connections.
3.Block potentially unwanted applications.
Which of the following devices would BEST meet all of these requirements?

A. HSM

B. WAF

C. UTM

D. NIDS

E. HIDS

正解：C 解答を投票する

出題：2

There has been a recent security breach which has led to the release of sensitive customer information. As part of improving security and reducing the disclosure of customer data, a training company has been employed to educate staff. Which of the following should be the primary focus of the privacy compliance training program?

A. Focus on explaining the "how" and "why" customer data is being collected.

B. Remind staff of the company's data handling policy and have staff sign an NDA.

C. Explain how customer data is gathered, used, disclosed, and managed.

D. Republish the data classification and the confidentiality policy.

正解：C 解答を投票する

出題：3

As part of the ongoing information security plan in a large software development company, the Chief Information officer (CIO) has decided to review and update the company's privacy policies and procedures to reflect the changing business environment and business requirements.
Training and awareness of the new policies and procedures has been incorporated into the security awareness program which should be:

A. presented by top level management to only data handling staff.

B. customized for the various departments and staff roles.

C. technical in nature to ensure all development staff understand the procedures.

D. used to promote the importance of the security department.

正解：B 解答を投票する

出題：4

As a cost saving measure, a company has instructed the security engineering team to allow all consumer devices to be able to access the network. They have asked for recommendations on what is needed to secure the enterprise, yet offer the most flexibility in terms of controlling applications, and stolen devices. Which of the following is BEST suited for the requirements?

A. MEAP with TLS

B. Enterprise Appstore with client-side VPN software

C. MEAP with Enterprise Appstore

D. MEAP with MDM

正解：D 解答を投票する

出題：5

A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized. The Chief Information Office has become increasingly frustrated with frequent releases, stating that the organization needs everything to work completely, and the vendor should already have those desires built into the software product. The vendor has been in constant communication with personnel and groups within the organization to understand its business process and capture new software requirements from users. Which of the following methods of software development is this organization's configuration management process using?

A. Waterfall

B. SDL

C. Agile

D. Joint application development

正解：C 解答を投票する

出題：6

A court order has ruled that your company must surrender all the email sent and received by a certain employee for the past five years. After reviewing the backup systems, the IT administrator concludes that email backups are not kept that long. Which of the following policies MUST be reviewed to address future compliance?

A. Data loss prevention policies

B. Tape backup policies

C. Offsite backup policies

D. Data retention policies

正解：D 解答を投票する

出題：7

CORRECT TEXT
You are a new security administrator at Company A.
You have the following network diagram and console window access to a single device on the network.
Gather the information required to fill in hostname, purpose and IP address(es) for each device on the diagram.
Instructions:
Type "help" at any command prompt for a list of available commands.
Each purpose will be used at LEAST once
Some purposes may be used multiple times.
Host names may only be used once.

正解：

Pending

出題：8

Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software form running on mobile devices?

A. Single sign-on

B. Identity propagation

C. Remote attestation

D. Secure code review

正解：C 解答を投票する

出題：9

Which of the following is a security advantage of single sign-on? (Select TWO).

A. Authentication is secured by the certificate authority.

B. Less time and complexity removing user access.

C. Users only have to remember one password.

D. All password transactions are encrypted.

E. Applications need to validate authentication tokens.

正解：B,C 解答を投票する

CAS-001試験無料問題集「CompTIA Advanced Security Practitioner 認定」