Latest CompTIA CASP CAS-001 Real Exam Download 331-340

EnsurepassQUESTION 331 A Security Manager is part of a team selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following are the MAIN concerns of the security manager? (Select THREE). A. Security of data storage B. The cost of the solution C. System availability D. User authentication strategy E. PBX integration of the service                  Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 321-330

EnsurepassQUESTION 321 The Chief Information Security Officer (CISO) regularly receives reports of a single department repeatedly violating the corporate security policy. The head of the department in question informs the CISO that the offending behaviors are a result of necessary business activities. The CISO assigns a junior security administrator to solve the issue. Which of the following is the BEST course of action for the junior security administrator to take? A. Work with the department head Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 311-320

EnsurepassQUESTION 311 A security administrator is tasked with securing a company’s headquarters and branch offices move to unified communications. The Chief Information Officer (CIO) wants to integrate the corporate users’ email, voice mail, telephony, presence and corporate messaging to internal computers, mobile users, and devices. Which of the following actions would BEST meet the CIO’s goals while providing maximum unified communications security? A. Create presence groups, restrict IM protocols Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 301-310

EnsurepassQUESTION 301 The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees: Employee A. Works in the accounts receivable office and is in charge of entering data into the finance system. Employee B. Works in the accounts payable office and is in charge of approving purchase orders. Employee C. Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 291-300

EnsurepassQUESTION 291 Staff from the sales department have administrator rights to their corporate standard operating  environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network? A. Implement a network access control (NAC) solution that assesses the Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 281-290

EnsurepassQUESTION 281 A Chief Information Security Officer (CISO) of a major consulting firm has significantly increased the company’s security posture; however, the company is still plagued by data breaches of misplaced assets. These data breaches as a result have led to the compromise of sensitive corporate and client data on at least 25 occasions. Each employee in the company is provided a laptop to perform company business. Which of the following actions can the CISO take to mitigate the breaches? Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 271-280

EnsurepassQUESTION 271 A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re- usable patterns into account. Which of the following would BEST help to achieve these objectives? Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 261-270

EnsurepassQUESTION 261 A WAF without customization will protect the infrastructure from which of the following attack combinations? A. DDoS, DNS poisoning, Boink, Teardrop B. Reflective XSS, HTTP exhaustion, Teardrop C. SQL Injection, DOM based XSS, HTTP exhaustion D. SQL Injection, CSRF, Clickjacking   Answer: C     QUESTION 262 Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ.  Which of the Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 251-260

EnsurepassQUESTION 251 The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing regiment into the security management plan specifically for the development area. The CISO’s requirements are that testing must have a low risk of impacting system stability, can be scripted, and is very thorough. The development team claims that this will lead to a higher degree of test script maintenance and that it would be preferable if the testing was outsourced to a third Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 241-250

EnsurepassQUESTION 241 An administrator at a small company replaces servers whenever budget money becomes available. Over the past several years the company has acquired and still uses 20 servers and 50 desktops from five different computer manufacturers. Which of the following are management challenges and risks associated with this style of technology lifecycle management? A. Decreased security posture, decommission of outdated hardware, inability to centrally manage, and performance bottlenecks Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 231-240

EnsurepassQUESTION 231 A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP protocol anomalies from causing problems with the web server. Which of the following is the MOST likely solution? A. Application firewall and NIPS B. Edge firewall and HIDS C. ACLs and anti-virus D. Host firewall and WAF   Answer: D     QUESTION 232 An administrator is reviewing Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 221-230

EnsurepassQUESTION 221 A large organization has gone through several mergers, acquisitions, and de-mergers over the past decade. As a result, the internal networks have been integrated but have complex dependencies and interactions between systems. Better integration is needed in order to simplify the underlying complexity. Which of the following is the MOST suitable integration platform to provide event-driven and standards-based secure software architecture? A. Service oriented architecture (SOA) Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 211-220

EnsurepassQUESTION 211 A database administrator comes across the below records in one of the databases during an internal audit of the payment system: UserIDAddressCredit Card No.Password jsmith123 fake street55XX-XXX-XXXX-1397Password100 jqdoe234 fake street42XX-XXX-XXXX-202717DEC12 From a security perspective, which of the following should be the administrator’s GREATEST concern, and what will correct the concern? A. Concern: Passwords are stored in plain text. Correction: Require a minimum of Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 201-210

EnsurepassQUESTION 201 Company A has a remote work force that often includes independent contractors and out of state full time employees. Company A’s security engineer has been asked to implement a solution allowing these users to collaborate on projects with the following goals: – All communications between parties need to be encrypted in transport – Users must all have the same application sets at the same version – All data must remain at Company A’s site – All users must not access the system Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 191-200

EnsurepassQUESTION 191 An administrator is unable to connect to a server via VNC. Upon investigating the host firewall configuration, the administrator sees the following lines: – A INPUT -m state –state NEW -m tcp -p tcp –dport 3389 -j DENY – A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j DENY – A INPUT -m state –state NEW -m tcp -p tcp –dport 10000 -j ACCEPT – A INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j DENY – A INPUT -m state –state NEW -m tcp -p tcp –sport 3389 -j Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 181-190

EnsurepassQUESTION 181 Which of the following are security components provided by an application security library or framework? (Select THREE). A. Authorization database                  B. Fault injection C. Input validation D. Secure logging E. Directory services F. Encryption and decryption   Answer: C,D,F     QUESTION 182 Which of the following potential vulnerabilities exists in the following code Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 171-180

EnsurepassQUESTION 171 A Chief Information Security Officer (CISO) has been trying to eliminate some IT security risks for several months. These risks are not high profile but still exist. Furthermore, many of these risks have been mitigated with innovative solutions. However, at this point in time, the budget is insufficient to deal with the risks. Which of the following risk strategies should be used? A. Transfer the risks B. Avoid the risks C. Accept the risks D. Mitigate the risks                  Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 161-170

EnsurepassQUESTION 161 A firm’s Chief Executive Officer (CEO) is concerned that its IT staff lacks the knowledge to identify complex vulnerabilities that may exist in the payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted, in a risk management meeting that code base confidentiality is of upmost importance to allow the company to exceed the competition Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 151-160

EnsurepassQUESTION 151 An administrator implements a new PHP application into an existing website and discovers the newly added PHP pages do not work. The rest of the site also uses PHP and is functioning correctly. The administrator tested the new application on their personal workstation thoroughly before uploading to the server and did not run into any errors. Checking the Apache configuration file, the administrator verifies that the new virtual directory is added as listed: <VirtualHost *:80> Read more […]

Continue reading


Latest CompTIA CASP CAS-001 Real Exam Download 141-150

EnsurepassQUESTION 141 Company XYZ is selling its manufacturing business consisting of one plant to a competitor, Company QRS. All of the people will become QRS employees, but will retain permissions to plant- specific information and resources for one month. To ease the transition, Company QRS also connected the plant and employees to the Company QRS network. Which of the following threats is the HIGHEST risk to Company XYZ? A. Malware originating from Company XYZ’s network B. Co-mingling of company Read more […]

Continue reading