CompTIA CAS-002 Online Practice Questions and Exam Preparation

CompTIA CAS-002 Online Questions & Answers

• Question 391:

  The helpdesk manager wants to find a solution that will enable the helpdesk staff to better serve company employees who call with computer-related problems. The helpdesk staff is currently unable to perform effective troubleshooting and relies on callers to describe their technology problems. Given that the helpdesk staff is located within the company headquarters and 90% of the callers are telecommuters, which of the following tools should the helpdesk manager use to make the staff more effective at troubleshooting while at the same time reducing company costs? (Select TWO).

  A. Web cameras
  B. Email
  C. Instant messaging
  D. BYOD
  E. Desktop sharing
  F. Presence
  C. Instant messaging
  E. Desktop sharing

• Question 392:

  The Chief Executive Officer (CEO) has asked a security project manager to provide recommendations on the breakout of tasks for the development of a new product. The CEO thinks that by assigning areas of work appropriately the overall

  security of the product will be increased, because staff will focus on their areas of expertise. Given the below groups and tasks select the BEST list of assignments.

  Groups: Networks, Development, Project Management, Security, Systems Engineering, Testing Tasks:

  Decomposing requirements, Secure coding standards, Code stability, Functional validation, Stakeholder engagement, Secure transport

  A. Systems Engineering. Decomposing requirements Development: Secure coding standards Testing. Code stability Project Management: Stakeholder engagement Security: Secure transport Networks: Functional validation
  B. Systems Engineering. Decomposing requirements Development: Code stability Testing. Functional validation Project Management: Stakeholder engagement Security: Secure coding standards Networks: Secure transport
  C. Systems Engineering. Functional validation Development: Stakeholder engagement Testing. Code stability Project Management: Decomposing requirements Security: Secure coding standards Networks: Secure transport
  D. Systems Engineering. Decomposing requirements Development: Stakeholder engagement Testing. Code stability Project Management: Functional validation Security: Secure coding standards Networks: Secure transport
  B. Systems Engineering. Decomposing requirements Development: Code stability Testing. Functional validation Project Management: Stakeholder engagement Security: Secure coding standards Networks: Secure transport

• Question 393:

  A security administrator is shown the following log excerpt from a Unix system:

  2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2

  2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2

  2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2

  2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2

  2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2

  2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2

  Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).

  A. An authorized administrator has logged into the root account remotely.
  B. The administrator should disable remote root logins.
  C. Isolate the system immediately and begin forensic analysis on the host.
  D. A remote attacker has compromised the root account using a buffer overflow in sshd.
  E. A remote attacker has guessed the root password using a dictionary attack.
  F. Use iptables to immediately DROP connections from the IP 198.51.100.23.
  G. A remote attacker has compromised the private key of the root account.
  H. Change the root password immediately to a password not found in a dictionary.
  C. Isolate the system immediately and begin forensic analysis on the host.
  E. A remote attacker has guessed the root password using a dictionary attack.

• Question 394:

  An administrator is troubleshooting availability issues on a FCoE based storage array that uses deduplication. An administrator has access to the raw data from the SAN and wants to restore the data to different hardware. Which of the following issues may potentially occur?

  A. The existing SAN may be read-only.
  B. The existing SAN used LUN masking.
  C. The new SAN is not FCoE based.
  D. The data may not be in a usable format.
  D. The data may not be in a usable format.

• Question 395:

  The internal auditor at Company ABC has completed the annual audit of the company's financial system. The audit report indicates that the accounts receivable department has not followed proper record disposal procedures during a COOP/ BCP tabletop exercise involving manual processing of financial transactions.

  Which of the following should be the Information Security Officer's (ISO's) recommendation? (Select TWO).

  A. Wait for the external audit results
  B. Perform another COOP exercise
  C. Implement mandatory training
  D. Destroy the financial transactions
  E. Review company procedures
  C. Implement mandatory training
  E. Review company procedures

• Question 396:

  A security manager has received the following email from the Chief Financial Officer (CFO):

  "While I am concerned about the security of the proprietary financial data in our ERP application, we have had a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance targets. As things

  currently stand, we do not allow employees to work from home but this is something I am willing to allow so we can get back on track. What should we do first to securely enable this capability for my group?"

  Based on the information provided, which of the following would be the MOST appropriate response to the CFO?

  A. Remote access to the ERP tool introduces additional security vulnerabilities and should not be allowed.
  B. Allow VNC access to corporate desktops from personal computers for the users working from home.
  C. Allow terminal services access from personal computers after the CFO provides a list of the users working from home.
  D. Work with the executive management team to revise policies before allowing any remote access.
  D. Work with the executive management team to revise policies before allowing any remote access.

• Question 397:

  The security administrator has been tasked with providing a solution that would not only eliminate the need for physical desktops, but would also centralize the location of all desktop applications, without losing physical control of any network devices. Which of the following would the security manager MOST likely implement?

  A. VLANs
  B. VDI
  C. PaaS
  D. IaaS
  B. VDI

• Question 398:

  An administrator receives reports that the network is running slow for users connected to a certain switch. Viewing the network traffic, the administrator reviews the following:

  18:51:59.042108 IP linuxwksta.55467 > dns.company.com.domain: 39462+ PTR? 222.17.4.10.in- addr.arpa. (42)

  18:51:59.055732 IP dns.company.com.domain > linuxwksta.55467: 39462 NXDomain 0/0/0 (42)

  18:51:59.055842 IP linuxwksta.48287 > dns.company.com.domain: 46767+ PTR? 255.19.4.10.in- addr.arpa. (42)

  18:51:59.069816 IP dns.company.com.domain > linuxwksta.48287: 46767 NXDomain 0/0/0 (42)

  18:51:59.159060 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [P.], seq 1989625106:1989625154, ack 2067334822, win 1525, options [nop,nop,TS val 16021424 ecr 215646227], length 48

  18:51:59.159145 IP linuxwksta.48854 > dns.company.com.domain: 3834+ PTR? 72.17.4.10.in-addr.arpa.

  (41)

  18:51:59.159314 IP 10.4.17.72.iscsi-target > linuxwksta.42491: Flags [P.], seq 1:49, ack 48, win 124, options [nop,nop,TS val 215647479 ecr 16021424], length 18:51:59.159330 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [.], ack 49, win 1525, options [nop,nop,TS val 16021424 ecr 215647479], length 0 18:51:59.165342 IP dns.company.com.domain > linuxwksta.48854: 3834 NXDomain 0/0/0 (41) 18:51:59.397461 ARP, Request who-has 10.4.16.58 tell 10.4.16.1, length 46 18:51:59.397597 IP linuxwksta.37684 > dns.company.com.domain: 15022+ PTR? 58.16.4.10.in-addr.arpa.

  (41)

  Given the traffic report, which of the following is MOST likely causing the slow traffic?

  A. DNS poisoning
  B. Improper network zoning
  C. ARP poisoning
  D. Improper LUN masking
  B. Improper network zoning

• Question 399:

  A company is developing a new web application for its Internet users and is following a secure coding methodology. Which of the following methods would BEST assist the developers in determining if any unknown vulnerabilities are present?

  A. Conduct web server load tests.
  B. Conduct static code analysis.
  C. Conduct fuzzing attacks.
  D. Conduct SQL injection and XSS attacks.
  C. Conduct fuzzing attacks.

• Question 400:

  A university requires a significant increase in web and database server resources for one week, twice a year, to handle student registration. The web servers remain idle for the rest of the year. Which of the following is the MOST cost effective way for the university to securely handle student registration?

  A. Virtualize the web servers locally to add capacity during registration.
  B. Move the database servers to an elastic private cloud while keeping the web servers local.
  C. Move the database servers and web servers to an elastic private cloud.
  D. Move the web servers to an elastic public cloud while keeping the database servers local.
  D. Move the web servers to an elastic public cloud while keeping the database servers local.