NO.1 Which of the following is an example of single sign-on?
A. Multiple applications have been integrated with a centralized LDAP directory for authentication
and authorization. A user has to authenticate each time the user accesses an application.
B. A password is synchronized between multiple platforms and the user is required to authenticate
with the same password across each platform.
C. An administrator manages multiple platforms with the same username and hardware token. The
same username and token is used across all the platforms.
D. A web access control infrastructure performs authentication and passes attributes in a HTTP
header to multiple applications.
NO.2 In order to reduce costs and improve employee satisfaction, a large corporation is creating a
BYOD policy. It will allow access to email and remote connections to the corporate enterprise from
personal devices; provided they are on an approved device list. Which of the following security
measures would be MOST effective in securing the enterprise under the new policy? (Select TWO).
A. Enable time of day restrictions for personal devices.
B. Provide free email software for personal devices.
C. Require smart card authentication for all devices.
D. Implement NAC to limit insecure devices access.
E. Encrypt data in transit for remote access.
In this question, we are allowing access to email and remote connections to the corporate enterprise
from personal devices. When providing remote access to corporate systems, you should always
ensure that data traveling between the corporate network and the remote device is encrypted.
We need to provide access to devices only if they are on an approved device list. Therefore, we need
a way to check the device before granting the device access to the network if it is an approved
device. For this we can use NAC (Network Access Control).
When a computer connects to a computer network, it is not permitted to access anything unless it
complies with a business defined policy; including anti-virus protection level, system update level and
configuration. While the computer is being checked by a pre-installed software agent, it can only
access resources that can remediate (resolve or update) any issues. Once the policy is met, the
computer is able to access network resources and the Internet, within the policies defined within the
NAC solutions allow network operators to define policies, such as the types of computers or roles of
users allowed to access areas of the network, and enforce them in switches, routers, and network
NO.3 A security architect has been engaged during the implementation stage of the SDLC to review a
new HR software installation for security gaps. With the project under a tight schedule to meet
market commitments on project delivery, which of the following security activities should be
prioritized by the security architect? (Select TWO).
A. Determine if the information security standards have been complied with by the project
B. Secure code review of the HR solution to identify security gaps that could be exploited
C. Perform a security risk assessment with recommended solutions to close off high-rated risks
D. Perform access control testing to ensure that privileges have been configured correctly
E. Perform penetration testing over the HR solution to identify technical vulnerabilities
In this question, we are pushed for time to get the project completed. Therefore, we have to
prioritize our security testing as we do not have time to fully test everything.
One of the priorities from a security perspective should be to perform a security risk assessment with
recommended solutions to close off high-rated risks. This is to test for the most potentially damaging
risks and to remediate them.
The other priority is to determine if the information security standards have been complied with by
the project. Security of information/data is the most important aspect of security. Loss of data can be
very damaging for a company in terms of liability and litigation.
NO.4 DRAG DROP
An organization is implementing a project to simplify the management of its firewall network flows
and implement security controls. The following requirements exist. Drag and drop the BEST security
solution to meet the given requirements. Options may be used once or not at all. All placeholders
must be filled.
To permit users to work securely from home, we can use a VPN. A VPN is used to provide secure
access for remote users by encrypting data sent between the remote location and the local network.
To permit users to access their account only from certain countries, we need to implement risk
profiling of any connecting device. Risk profiling uses rules to determine 'risk'. Rules can include
source IP which would determine the country.
To detect credit card information leaving the organization, we can implement a DLP (Data Loss
Prevention) solution. Data loss prevention (DLP) is a strategy for making sure that end users do not
send sensitive or critical information outside the corporate network.
The infrastructure we should deploy to permit users to access the Internet should include a forward
proxy server. A forward proxy server retrieves data from external sources on behalf of users internal
to the organization. For example, a user's web browser will send a request for a web page to the
forward proxy, the proxy will then request the web page from an Internet web server and then the
proxy will return the web page to the web browser.
The infrastructure we should deploy to permit customers to access their account balance should
include a reverse proxy server. A reverse proxy server retrieves data from internal sources on behalf
of users (customers) external to the organization. The reverse proxy server receives the request from
an external user, retrieves the data from an internal server then returns the information to the
試験科目：CompTIA Advanced Security Practitioner (CASP)
問題と解答：全465問 CAS-002 合格
JPexamは最新のC-C4C10-2015問題集と高品質のAWS-Solutions-Architect-Professional問題と回答を提供します。JPexamの156-315.77 VCEテストエンジンとC-THR81-1602試験ガイドはあなたが一回で試験に合格するのを助けることができます。高品質の1z1-436 PDFトレーニング教材は、あなたがより迅速かつ簡単に試験に合格することを100％保証します。試験に合格して認証資格を取るのはそのような簡単なことです。