we provide Verified CompTIA CAS-002 practice exam which are the best for clearing CAS-002 test, and to get certified by CompTIA CompTIA Advanced Security Practitioner (CASP). The CAS-002 Questions & Answers covers all the knowledge points of the real CAS-002 exam. Crack your CompTIA CAS-002 Exam with latest dumps, guaranteed!
P.S. Verified CAS-002 bundle are available on Google Drive, GET MORE: https://drive.google.com/open?id=1D1OsvtV6EsmahSAfh5egZO5fZVoFYzmV
New CompTIA CAS-002 Exam Dumps Collection (Question 15 - Question 24)
Q1. A security administrator is shown the following log excerpt from a Unix system:
2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port
37914 ssh2
2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port
37915 ssh2
2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port
37916 ssh2
2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port
37918 ssh2
2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port
37920 ssh2
2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port
37924 ssh2
Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).
A. An authorized administrator has logged into the root account remotely.
B. The administrator should disable remote root logins.
C. Isolate the system immediately and begin forensic analysis on the host.
D. A remote attacker has compromised the root account using a buffer overflow in sshd.
E. A remote attacker has guessed the root password using a dictionary attack.
F. Use iptables to immediately DROP connections from the IP 198.51.100.23.
G. A remote attacker has compromised the private key of the root account.
H. Change the root password immediately to a password not found in a dictionary.
Answer: C,E
Q2. Customers have recently reported incomplete purchase history and other anomalies while accessing their account history on the web server farm. Upon investigation, it has been determined that there are version mismatches of key e-commerce applications on the production web servers. The development team has direct access to the production servers and is most likely the cause of the different release versions. Which of the following process level solutions would address this problem?
A. Implement change control practices at the organization level.
B. Adjust the firewall ACL to prohibit development from directly accessing the production server farm.
C. Update the vulnerability management plan to address data discrepancy issues.
D. Change development methodology from strict waterfall to agile.
Answer: A
Q3. A risk manager has decided to use likelihood and consequence to determine the risk of an event occurring to a company asset. Which of the following is a limitation of this approach to risk management?
A. Subjective and based on an individual's experience.
B. Requires a high degree of upfront work to gather environment details.
C. Difficult to differentiate between high, medium, and low risks.
D. Allows for cost and benefit analysis.
E. Calculations can be extremely complex to manage.
Answer: A
Q4. A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented. Organize the following security requirements into the correct hierarchy required for an SRTM.
Requirement 1: The system shall provide confidentiality for data in transit and data at rest. Requirement 2: The system shall use SSL, SSH, or SCP for all data transport. Requirement 3: The system shall implement a file-level encryption scheme.
Requirement 4: The system shall provide integrity for all data at rest. Requirement 5: The system shall perform CRC checks on all files.
A. Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5
B. Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5
under 4
C. Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under
4; Level 3: Requirement 3 under 2
D. Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5
Answer: B
Q5. A security administrator wants to calculate the ROI of a security design which includes the purchase of new equipment. The equipment costs $50,000 and it will take 50 hours to install and configure the equipment. The administrator plans to hire a contractor at a rate of
$100/hour to do the installation. Given that the new design and equipment will allow the company to increase revenue and make an additional $100,000 on the first year, which of the following is the ROI expressed as a percentage for the first year?
A. -45 percent
B. 5.5 percent
C. 45 percent
D. 82 percent
Answer: D
Q6. A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?
A. Ensure web services hosting the event use TCP cookies and deny_hosts.
B. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.
C. Contract and configure scrubbing services with third-party DDoS mitigation providers.
D. Purchase additional bandwidth from the companyu2021s Internet service provider.
Answer: C
Q7. Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of the following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO).
A. Jailbroken mobile device
B. Reconnaissance tools
C. Network enumerator
D. HTTP interceptor
E. Vulnerability scanner
F. Password cracker
Answer:: D,E
Q8. A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company servers via REST/JSON calls. The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following controls MUST be implemented to enable stateless communication?
A. Generate a one-time key as part of the device registration process.
B. Require SSL between the mobile application and the web services gateway.
C. The jsession cookie should be stored securely after authentication.
D. Authentication assertion should be stored securely on the client.
Answer:: D
Q9. A large enterprise acquires another company which uses antivirus from a different vendor. The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the following tools can BEST meet the CISOu2021s requirement?
A. GRC
B. IPS
C. CMDB
D. Syslog-ng
E. IDS
Answer: A
Q10. VPN users cannot access the active FTP server through the router but can access any
server in the data center.
Additional network information:
DMZ network u2013 192.168.5.0/24 (FTP server is 192.168.5.11) VPN network u2013 192.168.1.0/24
Datacenter u2013 192.168.2.0/24 User network - 192.168.3.0/24 HR network u2013 192.168.4.0/24\
Traffic shaper configuration: VLAN Bandwidth Limit (Mbps) VPN50
User175 HR250
Finance250 Guest0
Router ACL: ActionSourceDestination Permit192.168.1.0/24192.168.2.0/24 Permit192.168.1.0/24192.168.3.0/24 Permit192.168.1.0/24192.168.5.0/24 Permit192.168.2.0/24192.168.1.0/24 Permit192.168.3.0/24192.168.1.0/24 Permit192.168.5.1/32192.168.1.0/24 Deny192.168.4.0/24192.168.1.0/24 Deny192.168.1.0/24192.168.4.0/24
Denyanyany
Which of the following solutions would allow the users to access the active FTP server?
A. Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network
B. Add a permit statement to allow traffic to 192.168.5.1 from the VPN network
C. IPS is blocking traffic and needs to be reconfigured
D. Configure the traffic shaper to limit DMZ traffic
E. Increase bandwidth limit on the VPN network
Answer: A
P.S. Easily pass CAS-002 Exam with Certifytools Verified Dumps & pdf vce, Try Free: https://www.certifytools.com/CAS-002-exam.html (532 New Questions)