CompTIA CAS-002 Online Practice Questions and Exam Preparation

CompTIA CAS-002 Online Questions & Answers

• Question 361:

  A corporation has Research and Development (RandD) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department objectives. The corporation's Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does not want to increase the hardware footprint within the datacenter. Which of the following should the ISO consider to provide the independent functionality required by each department's IT teams?

  A. Put both departments behind the firewall and assign administrative control for each department to the corporate firewall.
  B. Provide each department with a virtual firewall and assign administrative control to the physical firewall.
  C. Put both departments behind the firewall and incorporate restrictive controls on each department's network.
  D. Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device.
  D. Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device.

• Question 362:

  DRAG DROP

  IT staff within a company often conduct remote desktop sharing sessions with vendors to troubleshoot vendor product-related issues. Drag and drop the following security controls to match the associated security concern. Options may be used once or not at all.

  Select and Place:

  

  

• Question 363:

  After a recent outbreak of malware attacks, the Chief Information Officer (CIO) tasks the new security manager with determining how to keep these attacks from reoccurring. The company has a standard image for all laptops/workstations and uses a host-based firewall and anti-virus. Which of the following should the security manager suggest to INCREASE each system's security level?

  A. Upgrade all system's to use a HIPS and require daily anti-virus scans.
  B. Conduct a vulnerability assessment of the standard image and remediate findings.
  C. Upgrade the existing NIDS to NIPS and deploy the system across all network segments.
  D. Rebuild the standard image and require daily anti-virus scans of all PCs and laptops.
  B. Conduct a vulnerability assessment of the standard image and remediate findings.

• Question 364:

  A security auditor is conducting an audit of a corporation where 95% of the users travel or work from non- corporate locations a majority of the time. While the employees are away from the corporate offices, they retain full access to the corporate network and use of corporate laptops. The auditor knows that the corporation processes PII and other sensitive data with applications requiring local caches of any data being manipulated. Which of the following security controls should the auditor check for and recommend to be implemented if missing from the laptops?

  A. Trusted operating systems
  B. Full disk encryption
  C. Host-based firewalls
  D. Command shell restrictions
  B. Full disk encryption

• Question 365:

  A bank provides single sign on services between its internally hosted applications and externally hosted CRM. The following sequence of events occurs:

  1.

  The banker accesses the CRM system, a redirect is performed back to the organization's internal systems.

  2.

  A lookup is performed of the identity and a token is generated, signed and encrypted.

  3.

  A redirect is performed back to the CRM system with the token.

  4.

  The CRM system validates the integrity of the payload, extracts the identity and performs a lookup.

  5.

  If the banker is not in the system and automated provisioning request occurs.

  6.

  The banker is authenticated and authorized and can access the system. This is an example of which of the following?

  A. Service provider initiated SAML 2.0
  B. Identity provider initiated SAML 1.0
  C. OpenID federated single sign on
  D. Service provider initiated SAML 1.1
  A. Service provider initiated SAML 2.0

• Question 366:

  A security administrator needs a secure computing solution to use for all of the company's security audit log storage, and to act as a central server to execute security functions from. Which of the following is the BEST option for the server in this scenario?

  A. A hardened Red Hat Enterprise Linux implementation running a software firewall
  B. Windows 7 with a secure domain policy and smartcard based authentication
  C. A hardened bastion host with a permit all policy implemented in a software firewall
  D. Solaris 10 with trusted extensions or SE Linux with a trusted policy
  D. Solaris 10 with trusted extensions or SE Linux with a trusted policy

• Question 367:

  A completely new class of web-based vulnerabilities has been discovered. Claims have been made that all common web-based development frameworks are susceptible to attack. Proof-of-concept details have emerged on the Internet. A security advisor within a company has been asked to provide recommendations on how to respond quickly to these vulnerabilities. Which of the following BEST describes how the security advisor should respond?

  A. Assess the reliability of the information source, likelihood of exploitability, and impact to hosted data. Attempt to exploit via the proof-of-concept code. Consider remediation options.
  B. Hire an independent security consulting agency to perform a penetration test of the web servers. Advise management of any `high' or `critical' penetration test findings and put forward recommendations for mitigation.
  C. Review vulnerability write-ups posted on the Internet. Respond to management with a recommendation to wait until the news has been independently verified by software vendors providing the web application software.
  D. Notify all customers about the threat to their hosted data. Bring the web servers down into "maintenance mode" until the vulnerability can be reliably mitigated through a vendor patch.
  A. Assess the reliability of the information source, likelihood of exploitability, and impact to hosted data. Attempt to exploit via the proof-of-concept code. Consider remediation options.

• Question 368:

  A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two

  are not expected to be upgraded or removed from the network.

  Which of the following processes should be followed?

  A. Establish a risk matrix
  B. Inherit the risk for six months
  C. Provide a business justification to avoid the risk
  D. Provide a business justification for a risk exception
  D. Provide a business justification for a risk exception

• Question 369:

  A network engineer at Company ABC observes the following raw HTTP request:

  GET /disp_reports.php?SectionEntered=57andGroupEntered=-1andreport_type=alertsandto_date=01- 01- 0101andRun= RunandUserEntered=dsmithandSessionID=5f04189bcandfrom_date=31-10-2010andTypesEntered=1

  HTTP/1.1 Host: test.example.net Accept: */* Accept-Language: en Connection: close Cookie: java14=1; java15=1; java16=1; js=1292192278001;

  Which of the following should be the engineer's GREATEST concern?

  A. The HTTPS is not being enforced so the system is vulnerable.
  B. The numerical encoding on the session ID is limited to hexadecimal characters, making it susceptible to a brute force attack.
  C. Sensitive data is transmitted in the URL.
  D. The dates entered are outside a normal range, which may leave the system vulnerable to a denial of service attack.
  C. Sensitive data is transmitted in the URL.

• Question 370:

  Which of the following must be taken into consideration for e-discovery purposes when a legal case is first presented to a company?

  A. Data ownership on all files
  B. Data size on physical disks
  C. Data retention policies on only file servers
  D. Data recovery and storage
  D. Data recovery and storage