An administrator implements a new PHP application into an existing website and discovers the newly added PHP pages do not work. The rest of the site also uses PHP and is functioning correctly. The administrator tested the new application
on their personal workstation thoroughly before uploading to the server and did not run into any errors. Checking the Apache configuration file, the administrator verifies that the new virtual directory is added as listed:
DocumentRoot "/var/www"
AllowOveride none
Order allow, deny
Allow from all
Which of the following is MOST likely occurring so that this application does not run properly?
A. PHP is overriding the Apache security settings.
B. SELinux is preventing HTTP access to home directories.
C. PHP has not been restarted since the additions were added.
D. The directory had an explicit allow statement rather than the implicit deny.
A company data center provides Internet based access to email and web services.
The firewall is separated into four zones: RED ZONE is an Internet zone
ORANGE ZONE a Web DMZ
YELLOW ZONE an email DMZ
GREEN ZONE is a management interface
There are 15 email servers and 10 web servers. The data center administrator plugs a laptop into the management interface to make firewall changes. The administrator would like to secure this environment but has a limited budget. Assuming each addition is an appliance, which of the following would provide the MOST appropriate placement of security solutions while minimizing the expenses?
A. RED ZONE: none ORANGE ZONE: WAF YELLOW ZONE: SPAM Filter GREEN ZONE: none
B. RED ZONE: Virus Scanner, SPAM Filter ORANGE ZONE: NIPS YELLOW ZONE: NIPS GREEN ZONE: NIPS
C. RED ZONE: WAF, Virus Scanner ORANGE ZONE: NIPS YELLOW ZONE: NIPS GREEN ZONE: SPAM Filter
D. RED ZONE: NIPS ORANGE ZONE: WAF YELLOW ZONE: Virus Scanner, SPAM Filter GREEN ZONE: none
An administrator would like to connect a server to a SAN. Which of the following processes would BEST allow for availability and access control?
A. Install a dual port HBA on the SAN, create a LUN on the server, and enable deduplication and data snapshots.
B. Install a multipath LUN on the server with deduplication, and enable LUN masking on the SAN.
C. Install 2 LUNs on the server, cluster HBAs on the SAN, and enable multipath and data deduplication.
D. Install a dual port HBA in the server; create a LUN on the SAN, and enable LUN masking and multipath.
A small company has recently placed a newly installed DNS server on the DMZ and wants to secure it by allowing Internet hosts to query the DNS server. Since the company deploys an internal DNS server, all DNS queries to that server coming from the company network should be blocked. An IT administrator has placed the following ACL on the company firewall:
Testing shows that the DNS server in the DMZ is not working. Which of the following should the administrator do to resolve the problem?
A. Modify the SRC and DST ports of ACL 1
B. Modify the SRC IP of ACL 1 to 0.0.0.0/32
C. Modify the ACTION of ACL 2 to Permit
D. Modify the PROTO of ACL 1 to TCP
A newly-hired Chief Information Security Officer (CISO) is faced with improving security for a company with low morale and numerous disgruntled employees. After reviewing the situation for several weeks the CISO publishes a more comprehensive security policy with associated standards. Which of the following issues could be addressed through the use of technical controls specified in the new security policy?
A. Employees publishing negative information and stories about company management on social network sites and blogs.
B. An employee remotely configuring the email server at a relative's company during work hours.
C. Employees posting negative comments about the company from personal phones and PDAs.
D. External parties cloning some of the company's externally facing web pages and creating look-alike sites.
A new malware spreads over UDP Port 8320 and several network hosts have been infected. A new security administrator has determined a possible cause, and the infected machines have been quarantined. Which of the following actions could a new security administrator take to further mitigate this issue?
A. Limit source ports on the firewall to specific IP addresses.
B. Add an explicit deny-all and log rule as the final entry of the firewall rulebase.
C. Implement stateful UDP filtering on UDP ports above 1024.
D. Configure the firewall to use IPv6 by default.
A security engineer wants to implement forward secrecy but still wants to ensure the number of requests handled by the web server is not drastically reduced due to the larger computational overheads. Browser compatibility is not a concern; however system performance is. Which of the following, when implemented, would BEST meet the engineer's requirements?
A. DHE
B. ECDHE
C. AES128-SHA
D. DH
A security manager has started a new job and has identified that a key application for a new client does not have an accreditation status and is currently not meeting the compliance requirement for the contract's SOW. The security manager has competing priorities and wants to resolve this issue quickly with a system determination and risk assessment. Which of the following approaches presents the MOST risk to the security assessment?
A. The security manager reviews the system description for the previous accreditation, but does not review application change records.
B. The security manager decides to use the previous SRTM without reviewing the system description.
C. The security manager hires an administrator from the previous contract to complete the assessment.
D. The security manager does not interview the vendor to determine if the system description is accurate.
The audit department at a company requires proof of exploitation when conducting internal network penetration tests. Which of the following provides the MOST conclusive proof of compromise without further compromising the integrity of the system?
A. Provide a list of grabbed service banners.
B. Modify a file on the system and include the path in the test's report.
C. Take a packet capture of the test activity.
D. Add a new test user account on the system.
A company is in the process of implementing a new front end user interface for its customers, the goal is to provide them with more self service functionality. The application has been written by developers over the last six months and the project is currently in the test phase.
Which of the following security activities should be implemented as part of the SDL in order to provide the MOST security coverage over the solution? (Select TWO).
A. Perform unit testing of the binary code
B. Perform code review over a sampling of the front end source code
C. Perform black box penetration testing over the solution
D. Perform grey box penetration testing over the solution
E. Perform static code review over the front end source code
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.