CompTIA CAS-002 Online Practice Questions and Exam Preparation

CompTIA CAS-002 Online Questions & Answers

• Question 401:

  A vulnerability research team has detected a new variant of a stealth Trojan that disables itself when it detects that it is running on a virtualized environment. The team decides to use dedicated hardware and local network to identify the Trojan's behavior and the remote DNS and IP addresses it connects to. Which of the following tools is BEST suited to identify the DNS and IP addresses the stealth Trojan communicates with after its payload is decrypted?

  A. HIDS
  B. Vulnerability scanner
  C. Packet analyzer
  D. Firewall logs
  E. Disassembler
  C. Packet analyzer

• Question 402:

  Capital Reconnaissance, LLC is building a brand new research and testing location, and the physical security manager wants to deploy IP-based access control and video surveillance. These two systems are essential for keeping the building open for operations. Which of the following controls should the security administrator recommend to determine new threats against the new IP-based access control and video surveillance systems?

  A. Develop a network traffic baseline for each of the physical security systems.
  B. Air gap the physical security networks from the administrative and operational networks.
  C. Require separate non-VLANed networks and NIPS for each physical security system network.
  D. Have the Network Operations Center (NOC) review logs and create a CERT to respond to breaches.
  A. Develop a network traffic baseline for each of the physical security systems.

• Question 403:

  A developer is coding the crypto routine of an application that will be installed on a standard headless and diskless server connected to a NAS housed in the datacenter. The developer has written the following six lines of code to add entropy to the routine: 1 - If VIDEO input exists, use video data for entropy 2 - If AUDIO input exists, use audio data for entropy 3 - If MOUSE input exists, use mouse data for entropy 4 - IF KEYBOARD input exists, use keyboard data for entropy 5 - IF IDE input exists, use IDE data for entropy 6 - IF NETWORK input exists, use network data for entropy Which of the following lines of code will result in the STRONGEST seed when combined?

  A. 2 and 1
  B. 3 and 5
  C. 5 and 2
  D. 6 and 4
  D. 6 and 4

• Question 404:

  An IT manager is working with a project manager from another subsidiary of the same multinational organization. The project manager is responsible for a new software development effort that is being outsourced overseas, while customer acceptance testing will be performed in house. Which of the following capabilities is MOST likely to cause issues with network availability?

  A. Source code vulnerability scanning
  B. Time-based access control lists
  C. ISP to ISP network jitter
  D. File-size validation
  E. End to end network encryption
  B. Time-based access control lists

• Question 405:

  The threat abatement program manager tasked the software engineer with identifying the fastest implementation of a hash function to protect passwords with the least number of collisions. Which of the following should the software engineer implement to best meet the requirements?

  A. hash = sha512(password + salt); for (k = 0; k < 4000; k++) { hash = sha512 (hash); }
  B. hash = md5(password + salt); for (k = 0; k < 5000; k++) { hash = md5 (hash); }
  C. hash = sha512(password + salt); for (k = 0; k < 3000; k++) { hash = sha512 (hash + password + salt); }
  D. hash1 = sha1(password + salt); hash = sha1 (hash1);
  C. hash = sha512(password + salt); for (k = 0; k < 3000; k++) { hash = sha512 (hash + password + salt); }

• Question 406:

  A small company's Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company's security posture with regard to targeted attacks. Which of the following should the CSO conduct FIRST?

  A. Survey threat feeds from analysts inside the same industry.
  B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.
  C. Conduct an internal audit against industry best practices to perform a gap analysis.
  D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
  A. Survey threat feeds from analysts inside the same industry.

• Question 407:

  A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital's guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital's system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).

  A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.
  B. Device encryption has not been enabled and will result in a greater likelihood of data loss.
  C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.
  D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.
  E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.
  A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.
  D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.

• Question 408:

  An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the vendor choices down to two platforms. The integrator chosen to assist the organization with the deployment has many clients running a mixture of the possible combinations of environments. Which of the following is the MOST comprehensive method for evaluating the two platforms?

  A. Benchmark each possible solution with the integrators existing client deployments.
  B. Develop testing criteria and evaluate each environment in-house.
  C. Run virtual test scenarios to validate the potential solutions.
  D. Use results from each vendor's test labs to determine adherence to project requirements.
  B. Develop testing criteria and evaluate each environment in-house.

• Question 409:

  A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night. Which of the following presents the MOST risk to confidentiality in this scenario?

  A. Loss of physical control of the servers
  B. Distribution of the job to multiple data centers
  C. Network transmission of cryptographic keys
  D. Data scraped from the hardware platforms
  D. Data scraped from the hardware platforms

• Question 410:

  A network administrator with a company's NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company's physical security, which of the following can the network administrator use to detect the presence of a malicious actor physically accessing the company's network or information systems from within? (Select TWO).

  A. RAS
  B. Vulnerability scanner
  C. HTTP intercept
  D. HIDS
  E. Port scanner
  F. Protocol analyzer
  D. HIDS
  F. Protocol analyzer