CA1-001 CompTIA Advanced Security Practitioner Practice Exam Set 1

which of the following is the randomness collected by an operating system or application for use in

cryptography or other uses that require random data?



Options are :

  • Confusion
  • Entropy (Correct)
  • Digital signature
  • Diffusion

Answer : Entropy

Mark works as a Network Security Administrator for uCertify Inc. The organization is using an

intranet to distribute information to its employees. A database residing on the network contains

employees' information, such as employee name, designation, department, phone extension, date

of birth, date of joining, etc. He is concerned about the security because the database has all

information about employees, which can help an unauthorized person to recognize an individual.

Which Personally Identifiable Information should be removed from the database so that the

unauthorized person cannot identify an individual?



Options are :

  • Employee name
  • Date of joining
  • Employee code
  • Date of birth (Correct)

Answer : Date of birth

Which of the following statements best describe the advantages of Simple Object Access Protocol

(SOAP): Each correct answer represents a complete solution. Choose three.

A. It is versatile enough to allow for the use of different transport protocols.

B. It is simple and extensible.

C. It allows easier communication through proxies and firewalls than previous remote execution

technology.

D. It is language and platform dependent.



Options are :

  • B,C,D
  • A,B,C (Correct)
  • C,D,A
  • A,B,D

Answer : A,B,C

Which of the following is a written document and is used in those cases where parties do not imply

a legal commitment or in those situations where the parties are unable to create a legally

enforceable agreement?



Options are :

  • Patent law
  • Certification and Accreditation (COA or CnA)
  • Memorandum of understanding (MOU) (Correct)
  • Memorandum of agreement (MOA)

Answer : Memorandum of understanding (MOU)

Which of the following is the best description of vulnerability assessment?



Options are :

  • Determining the likelihood of a given threat being exploited.
  • Determining what threats exist to your network.
  • Determining the weaknesses in your network that would allow a threat to be exploited (Correct)
  • Determining the impact to your network if a threat is exploited.

Answer : Determining the weaknesses in your network that would allow a threat to be exploited

Risk assessment helps in determining the extent of potential threats and risks associated with an

IT system throughout its SDLC. Which of the following steps covered by the risk assessment

methodology?

Each correct answer represents a complete solution. Choose three.

A. Vulnerability Identification

B. Cost Analysis

C. Threat Identification

D. System Characterization




Options are :

  • A,C,D (Correct)
  • B,C,D
  • A,B,C
  • B,C,D

Answer : A,C,D

You have considered the security of the mobile devices on your corporate network from viruses

and malware. Now, you need to plan for remotely enforcing policies for device management and

security, which of the following things are includes in the configuration management of mobile

devices?

Each correct answer represents a part of the solution. Choose three.

A. Controlling the apps deployed on devices

B. Managing the OS version of devices

C. Supporting other preferred corporate policy

D. Managing application and security patches



Options are :

  • A,B
  • C,D
  • B,D (Correct)
  • B,C

Answer : B,D

Which of the following statements are true about capability-based security?



Options are :

  • It is a concept in the design of secure computing systems, one of the existing security models.
  • It is a computer security model based on the Actor model of computation.
  • It is a concept in the design of secure computing systems. (Correct)
  • It is a scheme used by some computers to control access to memory.

Answer : It is a concept in the design of secure computing systems.

An organization s network uses public keys for message encryption. Which of the following

manages security credentials in the network and issues certificates to confirm the identity and

other attributes of a certificate in relation to other entities?



Options are :

  • Certificate Revocation List
  • Online Certificate Status Protocol
  • Public Key Infrastructure
  • Certificate Authority (Correct)

Answer : Certificate Authority

Allen needs a program that injects automatically semi-random data into a program or stacks and

detects bugs. What will he use?



Options are :

  • Fuzzer (Correct)
  • Happy path
  • Agile testing
  • Boundary value analysis

Answer : Fuzzer

_____________applies enterprise architecture concepts and practices in the information security

domain.





Options are :

  • ESA (Correct)
  • OWASP
  • OVAL
  • AAR

Answer : ESA

Which of the following is a set of interactive telecommunication technologies which allow two or

more locations to interact via two-way video and audio transmissions simultaneously?




Options are :

  • Video conferencing (Correct)
  • Instant messaging
  • Electronic mail
  • Audio conferencing

Answer : Video conferencing

Which of the following is a flexible set of design principles used during tine phases of systems

development and integration?



Options are :

  • Service-oriented architecture (SOA) (Correct)
  • Service-oriented modeling and architecture (SOMA)
  • Sherwood Applied Business Security Architecture (SABSA)
  • Service-oriented modeling framework (SOMF)

Answer : Service-oriented architecture (SOA)

Which of the following statements are true about Fibre Channel over Ethernet (FCoE)?

Each correct answer represents a complete solution. Choose three.

A. It replaces the FCO and FC1 layers of the Fibre Channel stack with Ethernet.

B. It is an encapsulation of Fibre Channel frames over Ethernet networks.

C. It allows Fibre Channel to use 10 Gigabit Ethernet networks while preserving the Fibre Channel

protocol.

D. It maps Fibre Channel over selected half duplex IEEE 802.3.



Options are :

  • A,B,C (Correct)
  • C,D,A
  • A,B,D
  • B,C,D

Answer : A,B,C

Which is the process of comparing the business processes and performance metrics including

cost, cycle time, productivity, or quality?



Options are :

  • Benchmarking (Correct)
  • COBIT
  • Agreement
  • Service Improvement Plan

Answer : Benchmarking

A user has entered a user name and password at the beginning of the session, and accesses

multiple applications. He does not need to re-authenticate for accessing each application. Which

of the following authentication processes is he using?




Options are :

  • File authentication
  • Mutual authentication
  • SSO authentication (Correct)
  • Biometric authentication

Answer : SSO authentication

Which of the following is the capability to correct flows in the existing functionality without affecting

other components of the system?



Options are :

  • Availability
  • Maintainability (Correct)
  • Manageability
  • Reliability

Answer : Maintainability

Which of the following is an approximate of the average or mean time until a component's first

failure or disruption in the operation of the product, process, procedure, or design takes place?



Options are :

  • MTF (Correct)
  • MSDS
  • HMA
  • MTBF

Answer : MTF


Which of the following is a structured review process to analyze what happened, why it happened,

and how it can be done better, by the participants and those responsible for the project or event?




Options are :

  • After action summary
  • After action review (Correct)
  • After action analysis
  • After action report

Answer : After action review

Which of the following federal regulations requires federal agencies to be able to monitor activity in

a "meaningful and actionable way"?



Options are :

  • FISMA (Correct)
  • CAN SPAM
  • Sarbanes-Oxley
  • HIPAA

Answer : FISMA

Which of the following are the purposes of the Cost-benefit analysis process? Each correct answer

represents a complete solution. Choose two.

A. To determine if an investment is sound

B. To describe the future value on the investment of the project

C. To see how it compares with alternate projects

D. To support benefit management, measurement, and reporting



Options are :

  • A,B
  • C,D
  • B,C
  • A,C (Correct)

Answer : A,C

Which of the following helps an employee to access his corporation's network while traveling?



Options are :

  • Remote Assistance
  • Task Manager
  • Remote access (Correct)
  • Computer management

Answer : Remote access

Which of the following types of Incident Response Teams (IRT) is responsible for a logical or

physical segment of the infrastructure, usually of a large organization or one that is geographically

dispersed?





Options are :

  • Coordinating IRT
  • Outsourced IRT
  • Distributed IRT (Correct)
  • Central IRT

Answer : Distributed IRT

Which of the following statements are true about prototypes?

Each correct answer represents a complete solution. Choose three.

A. It reduces initial project risks within a business organization.

B. It reduces the closeness between what a developer has defined for application architecture and

what business management has understood.

C. It confirms technology recommendations for an application.

D. It helps verify some of the application requirements that are not dearly defined by a user.



Options are :

  • B,C,D
  • C,D,A (Correct)
  • A,B,D
  • A,B,C

Answer : C,D,A

___________is defined as maintaining ongoing awareness of information.



Options are :

  • Intrusion detection
  • Vulnerability assessment
  • Continuous Monitoring (Correct)
  • Security Awareness

Answer : Continuous Monitoring

Juan is trying to perform a risk analysis of his network. He has chosen to use OCTAVE. What is

OCTAVE primarily used for?



Options are :

  • A comprehensive risk assessment model (Correct)
  • A language for vulnerability assessment
  • An impact analysis tool
  • A threat assessment tool

Answer : A comprehensive risk assessment model

Which of the following standard organizations promulgates worldwide proprietary industrial and

commercial standards?



Options are :

  • ANSI
  • IEEE
  • W3C
  • ISO (Correct)

Answer : ISO

Which of the following is a log that contains records of login/logout activity or other security-related

events specified by the systems audit policy?



Options are :

  • Process tracking
  • Object Manager
  • Logon event
  • Security Log (Correct)

Answer : Security Log

Which of the following elements are essential elements of a privacy policy? Each correct answer

represents a complete solution. Choose two.




Options are :

  • Availability
  • Reliability
  • Notification (Correct)
  • Opt-out provision

Answer : Notification

Which of the following is used to provide for the systematic review, retention and destruction of

documents received or created in the course of business?




Options are :

  • Document compliance policy
  • Document retention policy (Correct)
  • Document research policy
  • Document entitled policy

Answer : Document retention policy

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions