CA1-001 CompTIA Advanced Security Practitioner Practice Exam Set 7

The Top Level Management contains the Board of Directors (BOD) and the Chief Executive

Officer (CEO) or General Manager (GM) or Managing Director (MO) or President. What are the

roles of the top level management?

Each correct answer represents a complete solution. Choose all that apply.

A. The Top Level Management decides the objectives, policies, and plans of the organization.

B. The Top Level Management prepares long-term plans of the organization.

C. The Top Level Management has minimum authority and responsibility to take few decisions.

D. The Top Level Management assembles the available resources.




Options are :

  • A,B,D (Correct)
  • A,B,C
  • B,C,D
  • C,D,A

Answer : A,B,D

Derrick works as a Security Administrator for a police station. He wants to determine the minimum

CIA levels for his organization. Which of the following best represents the minimum CIA levels for

a police departments data systems?



Options are :

  • Confidentiality = moderate. Integrity = moderate, Availability = high
  • Confidentiality = high, Integrity = high, Availability = high
  • Confidentiality = low. Integrity = low. Availability = low
  • Confidentiality = high, Integrity = moderate, Availability = moderate (Correct)

Answer : Confidentiality = high, Integrity = moderate, Availability = moderate

Which scanning is one of the more unique scan types, as it does not exactly determine whether

the port is open/closed, but whether the port is filtered/unfiltered?



Options are :

  • TCP FIN scanning
  • UDP scanning
  • ACK scanning (Correct)
  • TCP SYN scanning

Answer : ACK scanning

Juan is working as a Security Administrator for a credit card processing company. He is concerned

about PCI compliance and so, he uses network segmentation. How does segmentation help

Juan?



Options are :

  • Segmentation is required by PCI regulations.
  • Segmentation would help prevent viruses.
  • Segmentation would have no effect.
  • Segmentation reduces the scope of machines that need to be PCI compliant. (Correct)

Answer : Segmentation reduces the scope of machines that need to be PCI compliant.

Which of the following are the reasons to use SAN?

Each correct answer represents a complete solution. Choose all that apply.

A. Faster backup of large amounts of data

B. Fast and extensive disaster recovery

C. Better disk utilization

D. Cost effectiveness

E. Better availability for applications



Options are :

  • A,B,C,E (Correct)
  • C,D,E,A
  • B,C,D,E
  • A,B,C,D

Answer : A,B,C,E

_________ consists of very large-scale virtualized, distributed computing systems. They cover

multiple administrative domains and enable virtual organizations.



Options are :

  • Edge computing
  • Cloud computing
  • Virtualized computing
  • Grid computing (Correct)

Answer : Grid computing

Compliance is described as dutifulness, obligingness, pliability, tolerance, and tractability. Which

of the following are multitude of standards that a project must comply?

Each correct answer represents a complete solution. Choose all that apply.

A. Process compliance

B. Decision oversight

C. Control compliance

D. Standards compliance




Options are :

  • A,B,C
  • A,B,D (Correct)
  • C,D,A
  • B,C,D

Answer : A,B,D

Which of the following statements are true about Risk analysis? Each correct answer represents a

complete solution. Choose three.

A. It recognizes risks, quantifies the impact of threats, and supports budgeting for security.

B. It adjusts the requirements and objectives of the security policy with the business objectives

and motives.

C. It provides the higher management the details necessary to determine the risks that should be

mitigated, transferred, and accepted.

D. It uses public key cryptography to digitally sign records for a DNS lookup.





Options are :

  • A,B,D
  • A,B,C (Correct)
  • B,C,D
  • C,D,A

Answer : A,B,C

Dipen is looking for a method to effectively get security policies read by staff and management,

which of the following is the best solution?




Options are :

  • Email blast
  • Routine informational meetings
  • Printed policies
  • Intranet Website (Correct)

Answer : Intranet Website

Which of the following teams has the responsibility of accounting for personnel and rendering aid?



Options are :

  • Emergency response team (Correct)
  • Damage assessment team
  • Physical security team
  • Emergency management team

Answer : Emergency response team

In which of the following level of likelihood is the threat-source highly motivated and sufficiently

capable, and controls to prevent the vulnerability from being exercised are ineffective?




Options are :

  • Low
  • High (Correct)
  • Medium
  • Average

Answer : High

Consider the following scenario.

A user receive an email with a link to a video about a news item, but another valid page, for

instance a product page on ebay.com, can be hidden on top underneath the 'Play' button of the

news video. The user tries to play' the video but actually buys' the product from ebay.com.

Which malicious technique is used in the above scenario?




Options are :

  • Click-jacking (Correct)
  • Malicious add-ons
  • Cross-Site Request Forgery
  • Non-blind spoofing

Answer : Click-jacking

Interceptor is a pseudo proxy server that performs HTTP diagnostics, which of the following

features are provided by HTTP Interceptor? Each correct answer represents a complete solution.

Choose all that apply.

A. It controls cookies being sent and received.

B. It allows to browse anonymously by withholding Referrer tag, and user agent.

C. It can view each entire HTTP header.

D. It debugs DOC, DOCX, and JPG file.



Options are :

  • A,B,C (Correct)
  • A,B,D
  • B,C,D
  • C,D,A

Answer : A,B,C

Your manager has approached you regarding her desire to outsource certain functions to an

external firm. The manager would like for you to create a document for sending to three vendors

asking them for solutions for these functions that your organization is to outsource. Which type of

a procurement document will you create and send to the vendors to accomplish the task?





Options are :

  • Request for Proposal (Correct)
  • Invitation for Bid
  • Request for Quote
  • Request for Information

Answer : Request for Proposal

You work as a security administrator for uCertify Inc. You are conducting a security awareness

campaign for the employees of the organization. What information will you provide to the

employees about the security awareness program?

Each correct answer represents a complete solution. Choose three.

A. It improves awareness of the need to protect system resources.

B. It improves the possibility for career advancement of the IT staff.

C. It enhances the skills and knowledge so that the computer users can perform their jobs more

securely.

D. It constructs in-depth knowledge, as needed, to design, implement, or operate security

programs for organizations and systems.



Options are :

  • C,D,A (Correct)
  • A,B,D
  • A,B,C
  • B,C,D

Answer : C,D,A

Juan realizes that more and more employees at his company are using smart phones. He wants to

assess the risk posed by these devices. Which of the following best describes the most significant

risk from smart phones?



Options are :

  • Smart phones can be a distraction to employees
  • Smart phones pose no real additional risks
  • Smart phones can be a way for employees to steal data
  • Smart phones extend the network and introduce new attack vectors (Correct)

Answer : Smart phones extend the network and introduce new attack vectors

Fill in the blank with the appropriate word.

____________encryption protects a file as it travels over protocols, such as FTPS (SSL), SFTP

(SSH), and HTTPS.



Options are :

  • proocol
  • Hard disk
  • Adding
  • Transport (Correct)

Answer : Transport

Which of the following is a document used to solicit proposals from prospective sellers which

require a significant amount of negotiation?



Options are :

  • RFI
  • RFP (Correct)
  • RFQ
  • RPQ

Answer : RFP

Which of the following concepts are included in the security of a SAN? Each correct answer

represents a complete solution. Choose all that apply.

A. Host adapter-based security

B. Storage-controller mapping

C. Switch zoning

D. IDS implementation





Options are :

  • C,D,A
  • A,B,D
  • B,C,D
  • A,B,C (Correct)

Answer : A,B,C

John is concerned about internal security threats on the network he administers. He believes that

he has taken every reasonable precaution against external threats, but is concerned that he may

have gaps in his internal security. Which of the following is the most likely internal threat?



Options are :

  • Employees not following security policy (Correct)
  • Privilege Escalation
  • Employees selling sensitive data
  • SQL Injection

Answer : Employees not following security policy

Which of the following steps are involved in a generic cost-benefit analysis process: Each correct

answer represents a complete solution. Choose three.

A. Compile a list of key players

B. Assess potential risks that may impact the solution

C. Select measurement and collect all cost and benefits elements

D. Establish alternative projects/programs




Options are :

  • A,B,D
  • C,D,A (Correct)
  • A,B,C
  • B,C,D

Answer : C,D,A

Which of the following refers to an operating system that provides sufficient support for multilevel

security and evidence of correctness to meet a particular set of government requirements?





Options are :

  • Trusted OS (Correct)
  • Distributed operating system
  • Real time operating system
  • Network operating system

Answer : Trusted OS

Which of the following statements are true about distributed computing? Each correct answer

represents a complete solution. Choose all that apply.

A. In distributed computing, the computers interact with each other in order to achieve a common

goal

B. A distributed system consists of multiple autonomous computers that communicate through a

computer network.

C. In distributed computing, a problem is divided into many tasks, each of which is solved by a

programmer.

D. Distributed computing refers to the use of distributed systems to solve computational problems.




Options are :

  • C,D,A
  • A,B,C
  • B,C,D
  • A,B,D (Correct)

Answer : A,B,D

Which of the following features are provided by SAN for SQL servers? Each correct answer

represents a complete solution. Choose all that apply.

A. Faster disaster recovery

B. Non-clustered environment

C. Storage efficiencies

D. Increased database size




Options are :

  • A,B,C
  • A,B,D
  • B,C,D
  • C,D,A (Correct)

Answer : C,D,A

Comment / Suggestion Section
Point our Mistakes and Post Your Suggestions