CompTIA CAS-002 Online Practice Questions and Exam Preparation

CompTIA CAS-002 Online Questions & Answers

• Question 231:

  Wireless users are reporting issues with the company's video conferencing and VoIP systems. The security administrator notices internal DoS attacks from infected PCs on the network causing the VoIP system to drop calls. The security administrator also notices that the SIP servers are unavailable during these attacks. Which of the following security controls will MOST likely mitigate the VoIP DoS attacks on the network? (Select TWO).

  A. Install a HIPS on the SIP servers
  B. Configure 802.1X on the network
  C. Update the corporate firewall to block attacking addresses
  D. Configure 802.11e on the network
  E. Configure 802.1q on the network
  A. Install a HIPS on the SIP servers
  D. Configure 802.11e on the network

• Question 232:

  A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:

  A. An administrative control
  B. Dual control
  C. Separation of duties
  D. Least privilege
  E. Collusion
  C. Separation of duties

• Question 233:

  A security solutions architect has argued consistently to implement the most secure method of encrypting corporate messages. The solution has been derided as not being cost effective by other members of the IT department. The proposed solution uses symmetric keys to encrypt all messages and is very resistant to unauthorized decryption. The method also requires special handling and security for all key material that goes above and beyond most encryption systems.

  Which of the following is the solutions architect MOST likely trying to implement?

  A. One time pads
  B. PKI
  C. Quantum cryptography
  D. Digital rights management
  A. One time pads

• Question 234:

  The IT Security Analyst for a small organization is working on a customer's system and identifies a possible intrusion in a database that contains PII. Since PII is involved, the analyst wants to get the issue addressed as soon as possible. Which of the following is the FIRST step the analyst should take in mitigating the impact of the potential intrusion?

  A. Contact the local authorities so an investigation can be started as quickly as possible.
  B. Shut down the production network interfaces on the server and change all of the DBMS account passwords.
  C. Disable the front-end web server and notify the customer by email to determine how the customer would like to proceed.
  D. Refer the issue to management for handling according to the incident response process.
  D. Refer the issue to management for handling according to the incident response process.

• Question 235:

  A university Chief Information Security Officer is analyzing various solutions for a new project involving the upgrade of the network infrastructure within the campus. The campus has several dorms (two-four person rooms) and administrative buildings. The network is currently setup to provide only two network ports in each dorm room and ten network ports per classroom. Only administrative buildings provide 2.4 GHz wireless coverage.

  The following three goals must be met after the new implementation:

  1.

  Provide all users (including students in their dorms) connections to the Internet.

  2.

  Provide IT department with the ability to make changes to the network environment to improve performance.

  3.

  Provide high speed connections wherever possible all throughout campus including sporting event areas.

  Which of the following risk responses would MOST likely be used to reduce the risk of network outages and financial expenditures while still meeting each of the goals stated above?

  A. Avoid any risk of network outages by providing additional wired connections to each user and increasing the number of data ports throughout the campus.
  B. Transfer the risk of network outages by hiring a third party to survey, implement and manage a 5.0 GHz wireless network.
  C. Accept the risk of possible network outages and implement a WLAN solution to provide complete 5.0 GHz coverage in each building that can be managed centrally on campus.
  D. Mitigate the risk of network outages by implementing SOHO WiFi coverage throughout the dorms and upgrading only the administrative buildings to 5.0 GHz coverage using a one for one AP replacement.
  C. Accept the risk of possible network outages and implement a WLAN solution to provide complete 5.0 GHz coverage in each building that can be managed centrally on campus.

• Question 236:

  Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company's purchased application? (Select TWO).

  A. Code review
  B. Sandbox
  C. Local proxy
  D. Fuzzer
  E. Web vulnerability scanner
  C. Local proxy
  D. Fuzzer

• Question 237:

  Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).

  A. Check log files for logins from unauthorized IPs.
  B. Check /proc/kmem for fragmented memory segments.
  C. Check for unencrypted passwords in /etc/shadow.
  D. Check timestamps for files modified around time of compromise.
  E. Use lsof to determine files with future timestamps.
  F. Use gpg to encrypt compromised data files.
  G. Verify the MD5 checksum of system binaries.
  H. Use vmstat to look for excessive disk I/O.
  A. Check log files for logins from unauthorized IPs.
  D. Check timestamps for files modified around time of compromise.
  G. Verify the MD5 checksum of system binaries.

• Question 238:

  A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Which of the following controls has likely been implemented by the developers?

  A. SSL certificate revocation
  B. SSL certificate pinning
  C. Mobile device root-kit detection
  D. Extended Validation certificates
  B. SSL certificate pinning

• Question 239:

  A security audit has uncovered a lack of security controls with respect to employees' network account management. Specifically, the audit reveals that employee's network accounts are not disabled in a timely manner once an employee departs the organization. The company policy states that the network account of an employee should be disabled within eight hours of termination. However, the audit shows that 5% of the accounts were not terminated until three days after a dismissed employee departs. Furthermore, 2% of the accounts are still active. Which of the following is the BEST course of action that the security officer can take to avoid repeat audit findings?

  A. Review the HR termination process and ask the software developers to review the identity management code.
  B. Enforce the company policy by conducting monthly account reviews of inactive accounts.
  C. Review the termination policy with the company managers to ensure prompt reporting of employee terminations.
  D. Update the company policy to account for delays and unforeseen situations in account deactivation.
  C. Review the termination policy with the company managers to ensure prompt reporting of employee terminations.

• Question 240:

  Company A has a remote work force that often includes independent contractors and out of state full time employees. Company A's security engineer has been asked to implement a solution allowing these users to collaborate on projects with the following goals: All communications between parties need to be encrypted in transport

  

  Users must all have the same application sets at the same version

  

  All data must remain at Company A's site All users must not access the system between 12:00 and 1:00 as that is the maintenance window

  

  

  Easy to maintain, patch and change application environment

  

  Which of the following solutions should the security engineer recommend to meet the MOST goals?

  A. Create an SSL reverse proxy to a collaboration workspace. Use remote installation service to maintain application version. Have users use full desktop encryption. Schedule server downtime from 12:00 to 1:00 PM.
  B. Install an SSL VPN to Company A's datacenter, have users connect to a standard virtual workstation image, set workstation time of day restrictions.
  C. Create an extranet web portal using third party web based office applications. Ensure that Company A maintains the administrative access.
  D. Schedule server downtime from 12:00 to 1:00 PM, implement a Terminal Server Gateway, use remote installation services to standardize application on user's laptops.
  B. Install an SSL VPN to Company A's datacenter, have users connect to a standard virtual workstation image, set workstation time of day restrictions.