CA1-001 CompTIA Advanced Security Practitioner Practice Exam Set 2

Denise works as a Security Administrator for a community college. She is assessing the various

risks to her network. Which of the following is not a category of risk assessment?




Options are :

  • Vulnerability assessment
  • Risk determination
  • Cost determination (Correct)
  • Likelihood assessment

Answer : Cost determination

Mark works as a Human Resource Manager for uCertify Inc. He is responsible to hiring some new

employees for the company and improving the organization's overall security by turning

employees among numerous job positions. What will Mark do to accomplish the task?




Options are :

  • Separation of duties
  • Job rotation (Correct)
  • Mandatory Vacations
  • Job responsibility

Answer : Job rotation

Which of the following are examples of privilege escalation? Each correct answer represents a

complete solution. Choose two.

A. John uses SQL commands to login to a website he does not have authorization to

B. Juan logs in with his account, then takes over Anita's privileges

C. John logs in as a standard user but uses a flaw in the system to get admin privilege

D. Fred uses Ophcrack to get a Windows XP password



Options are :

  • A,B
  • D,A
  • C,D
  • B,C (Correct)

Answer : B,C

You work as a System Administrator for uCertify Inc. The company has a Windows-based

network. A user requests you to provide him instructions regarding the installation of application

software’s on his computer. You want to show the user how to perform the configuration by taking

control of his desktop. Which of the following tools will you use to accomplish the task?



Options are :

  • Remote desktop
  • Computer Management
  • Remote Assistance (Correct)
  • Task Manager

Answer : Remote Assistance

Which of the following refers to any system whereby things that are of value to an entity or group

are monitored and maintained?



Options are :

  • Service management
  • Product management
  • Asset management (Correct)
  • Investment management

Answer : Asset management

Which of the following is the process of salvaging data from damaged, failed, corrupted, or

inaccessible secondary storage media when it cannot be accessed normally?




Options are :

  • Virtual backup appliance
  • Data recovery (Correct)
  • File carving
  • Backup

Answer : Data recovery

Allen is using a security feature that ensures that if hackers want to compromise a private key,

they will only be able to access data in transit protected by that key and not any future data

because future data will not be associated with that compromised key?

Which security feature is he using?



Options are :

  • IPSec
  • PFS (Correct)
  • PGP
  • SPKI

Answer : PFS

What is the goal of a black-box penetration testing?



Options are :

  • To simulate an external hacking or cyber warfare attack (Correct)
  • To simulate a malicious insider who has some knowledge and possibly basic credentials to the target system
  • To simulate an attacker who has some knowledge of the organization and its infrastructure
  • To simulate a user to include customizable scripts, additional tools and configurable kernels in personalized distributions

Answer : To simulate an external hacking or cyber warfare attack

Which of the following is the process of creating or altering the systems; and the models and

methodologies that people use to develop these systems?



Options are :

  • Security Requirements Traceability Matrix
  • Security Development Life Cycle
  • Product lifecycle management
  • System Development Life Cycle (Correct)

Answer : System Development Life Cycle

Allen is a network administrator for a hosting company. Multiple different companies store data on

the same server. Which of the following is the best method to reduce security issues from comingling?




Options are :

  • Install each data set on a separate VM (Correct)
  • Install each data set on a separate partition
  • Install each data set on a separate drive
  • Install each data set on the same drive, but use EFS to encrypt each data set separately.

Answer : Install each data set on a separate VM

Which of the following is a meeting of minds between two or more legally competent parties, about

their relative duties and rights regarding current or future performance?




Options are :

  • Agreement (Correct)
  • Contract negotiation
  • Service Improvement Plan
  • Scope

Answer : Agreement

Mark works as a Network Security Administrator for a public school. He has decided that a hot site

is appropriate for the schools grade servers, so they can have 1005= uptime, even in the event of

a major disaster. Was this appropriate?



Options are :

  • No, a hot site is usually not required by most organizations.
  • No, a school needs do not require a hot site. (Correct)
  • Yes, a hot site is required for the school
  • Yes, a hot site is always a good idea.

Answer : No, a school needs do not require a hot site.

Denish works as a Security Administrator for a United States defense contractor. He wants to

ensure that all systems have appropriate security precautions, based on their total score. Which of

the following standards should he refer to?



Options are :

  • DIACAP (Correct)
  • OWASP
  • OVAL
  • CIA

Answer : DIACAP

Juan is responsible for IT security at an insurance firm. He has several severs that are going to be

retired. Which of the following is NOT one of the steps in decommissioning equipment?



Options are :

  • Plan
  • Communicate
  • Review (Correct)
  • Follow through

Answer : Review

Which of the following protocols is used by voice terminal to communicate with the VoIP server?

Each correct answer represents a complete solution. Choose all that apply.

A. SIP

B. H.323

C. MGCP

D. RSTP



Options are :

  • C,D
  • A,B (Correct)
  • B,C
  • D,A

Answer : A,B

Which of the following solutions best accomplishes storage integration?



Options are :

  • Raid 5
  • Virtualization
  • Cloud computing (Correct)
  • Co-location

Answer : Cloud computing

SCADA stands for supervisory control and data acquisition. Which of the following statements are

true about SCADA? Each correct answer represents a complete solution. Choose all that apply.

A. SCADA systems also records and logs all events into a file stored on a hard disk.

B. SCADA systems include only software components.

C. SCADA is a category of software application program for process control, the gathering of data

in real time from remote locations in order to control equipment and conditions.

D. SCADA is used in power plants as well as in oil and gas refining, telecommunications,

transportation, and water and waste control.

Answer: A,C,D



Options are :

  • B,C,D
  • A,B,C
  • A,B,D
  • C,D,A (Correct)

Answer : C,D,A

What routine security measure is most effective in protecting against emerging threats?




Options are :

  • Properly configuring the firewall
  • Vulnerability assessments
  • System patches (Correct)
  • Updating the disaster recovery plan

Answer : System patches

Which of the following provides cryptographic security services for electronic messaging

applications?



Options are :

  • POP3
  • EFS
  • SMTP
  • S/MIME (Correct)

Answer : S/MIME

Cloud computing is best described as which of the following?




Options are :

  • Delivering software as a service (Correct)
  • Distributed virtualized servers
  • Distributed load balanced servers
  • Large scale distributed computing

Answer : Delivering software as a service

Which of the following is a financial estimate whose purpose is to help consumers and enterprise

managers determine direct and indirect costs of a product or system?



Options are :

  • Activity-based costing
  • Total cost of ownership (Correct)
  • Total cost of acquisition
  • Total benefits of ownership
  • None of the Above

Answer : Total cost of ownership

Which of the following is a process of discovering the technological principles of a device, object,

or system through analysis of its structure, function, and operation?



Options are :

  • Cost engineering
  • Value engineering
  • Forensic engineering
  • Reverse engineering (Correct)

Answer : Reverse engineering

Which of the following is a method of providing an acknowledgement to the sender of the data and

an assurance of the senders identity to the receiver, so that neither sender nor the receiver can

later deny the data having processed by them?



Options are :

  • Digital certificate
  • Non-repudiation (Correct)
  • Information assurance
  • Digital signature

Answer : Non-repudiation

Which of the following statements are true about Security Requirements Traceability Matrix

(SRTM)? Each correct answer represents a complete solution. Choose two.

A. It consists of various security practices that are grouped under seven phases.

B. It is a software development security assurance process proposed by Microsoft.

C. It allows requirements and tests to be easily traced back to one another.

D. It provides documentation and easy presentation of what is necessary for the security of a

system.



Options are :

  • B,C
  • C,D (Correct)
  • A,B
  • D,A

Answer : C,D

A user can divide network traffic into which of the following classes of service? Each correct

answer represents a complete solution. Choose three.

A. Video payload

B. Voice and video payload

C. Voice payload

D. Voice and video signal traffic



Options are :

  • A,B,D
  • A,B,C
  • B,C,D
  • C,D,A (Correct)

Answer : C,D,A

Which of the following contains the complete terms and conditions which both the partners agree

to be bound by as a participant in the partner program?



Options are :

  • Business Partner Agreement (Correct)
  • Document automation
  • Implicit contract
  • Indenture

Answer : Business Partner Agreement

Which of the following are the advantages of the Virtual Desktop Infrastructure (VDI)? Each

correct answer represents a complete solution. Choose three.

A. Cost Efficiency

B. Green Solution

C. Improved Manageability

D. Server-Hosted




Options are :

  • A,B,C (Correct)
  • B,C,D
  • A,B,D
  • C,D,A

Answer : A,B,C

Which of the following elements of security means that the only authorized users are able to

modify data?




Options are :

  • Integrity (Correct)
  • Confidentiality
  • Authenticity
  • Availability

Answer : Integrity

What of the following statements is true about voice VLAN?




Options are :

  • It is used to separate common user data traffic from voice traffic. (Correct)
  • It is used to separate common user data traffic from TCP traffic.
  • It is used to separate VPN traffic from voice traffic.
  • It is used to separate common user data traffic from HTTP traffic.

Answer : It is used to separate common user data traffic from voice traffic.

John has been granted standard user access to an ecommerce portal. After logging in. he has

access to administrative privileges. What is this called?





Options are :

  • SQL Injection
  • Privilege Escalation (Correct)
  • Hacking
  • A rootkit

Answer : Privilege Escalation

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions