CompTIA Advanced Security Practitioner 認定 CAS-001 試験問題:

1. ----
A system architect has the following constraints from the customer:
Confidentiality, Integrity, and Availability (CIA) are all of equal importance.
Average availability must be at least 6 nines (99.9999%).
All devices must support collaboration with every other user device.
All devices must be VoIP and teleconference ready.
Which of the following security controls is the BEST to apply to this architecture?

A) Enforcement of security policies on mobile/remote devices, standard images and device hardware configurations, multiple layers of redundancy, and backup on all storage devices.
B) Enforcement of strict network access controls and bandwidth minimization techniques, a single standard software image, high speed processing, and distributed backups of all equipment in the datacenter.
C) Deployment of multiple standard images based on individual hardware configurations, employee choice of hardware and software requirements, triple redundancy of all processing equipment.
D) Deployment of a unified VDI across all devices, SSD RAID in all servers, multiple identical hot sites, granting administrative rights to all users, backup of system critical data.

2. A bank provides single sign on services between its internally hosted applications and externally hosted CRM. The following sequence of events occurs:
1.The banker accesses the CRM system, a redirect is performed back to the organization's internal systems.
2.A lookup is performed of the identity and a token is generated, signed and encrypted.
3.A redirect is performed back to the CRM system with the token.
4.The CRM system validates the integrity of the payload, extracts the identity and performs
a lookup.
5.If the banker is not in the system and automated provisioning request occurs.
6.The banker is authenticated and authorized and can access the system.
This is an example of which of the following?

A) OpenID federated single sign on
B) Service provider initiated SAML 2.0
C) Identity provider initiated SAML 1.0
D) Service provider initiated SAML 1.1

3. A security engineer has inherited an authentication project which integrates 1024-bit PKI certificates into the company infrastructure and now has a new requirement to integrate 2048-bit PKI certificates so that the entire company will be interoperable with its vendors when the project is completed. The project is now 25% complete, with 15% of the company staff being issued 1024-bit certificates. The provisioning of network based accounts has not occurred yet due to other project delays. The project is now expected to be over budget and behind its original schedule. Termination of the existing project and beginning a new project is a consideration because of the change in scope. Which of the following is the security engineer's MOST serious concern with implementing this solution?

A) Succession planning
B) Availability
C) Performance
D) Maintainability

4. Company Z is merging with Company A to expand its global presence and consumer base. This purchase includes several offices in different countries. To maintain strict internal security and compliance requirements, all employee activity may be monitored and reviewed. Which of the following would be the MOST likely cause for a change in this practice?

A) The companies must consolidate security policies during the merger.
B) Countries may have different legal or regulatory requirements.
C) The excessive time it will take to merge the company's information systems.
D) Company A might not have adequate staffing to conduct these reviews.

5. For companies seeking to move to cloud services, variances in regulation between jurisdictions can be addressed in which of the following ways?

A) Using an international private cloud model as opposed to public IaaS.
B) Ensuring the cloud service provides high availability spanning multiple regions.
C) Encrypting all data moved to or processed in a cloud-based service.
D) Tagging VMs to ensure they are only run in certain geographic regions.

質問と回答：