CompTIA qualifications, which operates highest importance in buying it employment market, could prevent "pirate talent" having its expensive price and also rigid applying procedure, specially the lessons regarding practice, offer the trainees to learn an item should have had and also maintain that it is unique "solid characteristic." The particular strictness connected with CompTIA qualifications is usually world-famous and also all those who have purchased the particular official document possessed received typically three to four situations teaching. These days, there is even now hardly any the particular track record that a person who may have handed the particular qualifications test out simply just is usually taught at least.
2021 Dec CAS-002 test preparation
Q181. - (Topic 4)
select id, firstname, lastname from authors User input= firstname= Hack;man lastname=Johnson Which of the following types of attacks is the user attempting?
A. XML injection
B. Command injection
C. Cross-site scripting
D. SQL injection
Answer: D
Q182. - (Topic 3)
A developer is coding the crypto routine of an application that will be installed on a standard headless and diskless server connected to a NAS housed in the datacenter. The developer has written the following six lines of code to add entropy to the routine:
1 - If VIDEO input exists, use video data for entropy 2 - If AUDIO input exists, use audio data for entropy 3 - If MOUSE input exists, use mouse data for entropy 4 - IF KEYBOARD input exists, use keyboard data for entropy 5 - IF IDE input exists, use IDE data for entropy 6 - IF NETWORK input exists, use network data for entropy
Which of the following lines of code will result in the STRONGEST seed when combined?
A. 2 and 1
B. 3 and 5
C. 5 and 2
D. 6 and 4
Answer: D
Q183. - (Topic 4)
Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process?
A. Collection, Identification, Preservation, Examination, Analysis, Presentation.
B. Identification, Preservation, Collection, Examination, Analysis, Presentation.
C. Collection, Preservation, Examination, Identification, Analysis, Presentation.
D. Identification, Examination, Preservation, Collection, Analysis, Presentation.
Answer: B
Q184. - (Topic 1)
The source workstation image for new accounting PCs has begun blue-screening. A technician notices that the date/time stamp of the image source appears to have changed. The desktop support director has asked the Information Security department to determine if any changes were made to the source image. Which of the following methods would BEST help with this process? (Select TWO).
A. Retrieve source system image from backup and run file comparison analysis on the two images.
B. Parse all images to determine if extra data is hidden using steganography.
C. Calculate a new hash and compare it with the previously captured image hash.
D. Ask desktop support if any changes to the images were made.
E. Check key system files to see if date/time stamp is in the past six months.
Answer: A,C
Q185. - (Topic 5)
For companies seeking to move to cloud services, variances in regulation between jurisdictions can be addressed in which of the following ways?
A. Ensuring the cloud service provides high availability spanning multiple regions.
B. Using an international private cloud model as opposed to public IaaS.
C. Encrypting all data moved to or processed in a cloud-based service.
D. Tagging VMs to ensure they are only run in certain geographic regions.
Answer: D
Most up-to-date CAS-002 test questions:
Q186. - (Topic 5)
The sales team is considering the deployment of a new CRM solution within the enterprise. The IT and Security teams are members of the project; however, neither team has expertise or experience with the proposed system. Which of the following activities should be performed FIRST?
A. Visit a company who already has the technology, sign an NDA, and read their latest risk assessment.
B. Contact the top vendor, assign IT and Security to work together to implement a demo and pen test the system.
C. Work with Finance to do a second ROI calculation before continuing further with the project.
D. Research the market, select the top vendors and solicit RFPs from those vendors.
Answer: D
Q187. - (Topic 4)
A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed?
A. Establish a risk matrix
B. Inherit the risk for six months
C. Provide a business justification to avoid the risk
D. Provide a business justification for a risk exception
Answer: D
Q188. - (Topic 1)
An application present on the majority of an organization’s 1,000 systems is vulnerable to a buffer overflow attack. Which of the following is the MOST comprehensive way to resolve the issue?
A. Deploy custom HIPS signatures to detect and block the attacks.
B. Validate and deploy the appropriate patch.
C. Run the application in terminal services to reduce the threat landscape.
D. Deploy custom NIPS signatures to detect and block the attacks.
Answer: B
Q189. - (Topic 3)
The Linux server at Company A hosts a graphical application widely used by the company designers. One designer regularly connects to the server from a Mac laptop in the designer’s office down the hall. When the security engineer learns of this it is discovered the connection is not secured and the password can easily be obtained via network sniffing. Which of the following would the security engineer MOST likely implement to secure this connection?
Linux Server: 192.168.10.10/24
Mac Laptop: 192.168.10.200/24
A. From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.
B. From the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer Authentication and the CredSSP security provider.
C. From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.
D. From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to
127.0.0.1.
Answer: D
Q190. - (Topic 3)
A University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing. Which of the following is the BEST course of action?
A. Notify the transaction system vendor of the security vulnerability that was discovered.
B. Use a protocol analyzer to reverse engineer the transaction system’s protocol.
C. Contact the computer science students and threaten disciplinary action if they continue their actions.
D. Install a NIDS in front of all the transaction system terminals.
Answer: B