You will get instant entry to Pass4sure CompTIA CAS-002 practice questions along with answers. Make total use of the actual valuable CAS-002 study materials along with be about the road towards CompTIA CompTIA certification. You will always be very proud in the CompTIA CAS-002 certificate and get a satisfactory job throughout IT area. Pass4sures experts have got constantly revise along with update the CompTIA CompTIA CAS-002 exam dumps. You can find some modifications in the CompTIA actual exam every 12 months. Our examination makers will determine out the latest changes along with renovate our CompTIA CompTIA exam products. We ensure that every candidate will pass the actual CompTIA CAS-002 real examination with the help of our own CompTIA CAS-002 Pdf questions and answers. Or else, you can claim the actual full refund or perhaps another CompTIA CompTIA merchandise without any fees within the same price if you fail.

2021 Mar CAS-002 exam question

Q61. - (Topic 3) 

An architect has been engaged to write the security viewpoint of a new initiative. Which of the following BEST describes a repeatable process that can be used for establishing the security architecture? 

A. Inspect a previous architectural document. Based on the historical decisions made, consult the architectural control and pattern library within the organization and select the controls that appear to best fit this new architectural need. 

B. Implement controls based on the system needs. Perform a risk analysis of the system. For any remaining risks, perform continuous monitoring. 

C. Classify information types used within the system into levels of confidentiality, integrity, and availability. Determine minimum required security controls. Conduct a risk analysis. Decide on which security controls to implement. 

D. Perform a risk analysis of the system. Avoid extreme risks. Mitigate high risks. Transfer medium risks and accept low risks. Perform continuous monitoring to ensure that the system remains at an adequate security posture. 

Answer:


Q62. - (Topic 2) 

An enterprise must ensure that all devices that connect to its networks have been previously approved. The solution must support dual factor mutual authentication with strong identity assurance. In order to reduce costs and administrative overhead, the security architect wants to outsource identity proofing and second factor digital delivery to the third party. Which of the following solutions will address the enterprise requirements? 

A. Implementing federated network access with the third party. 

B. Using a HSM at the network perimeter to handle network device access. 

C. Using a VPN concentrator which supports dual factor via hardware tokens. 

D. Implementing 802.1x with EAP-TTLS across the infrastructure. 

Answer:


Q63. - (Topic 2) 

ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security? (Select THREE). 

A. Establish a list of users that must work with each regulation 

B. Establish a list of devices that must meet each regulation 

C. Centralize management of all devices on the network 

D. Compartmentalize the network 

E. Establish a company framework 

F. Apply technical controls to meet compliance with the regulation 

Answer: B,D,F 


Q64. - (Topic 4) 

A security administrator is shown the following log excerpt from a Unix system: 

2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2 

2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2 

2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2 

2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2 

Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO). 

A. An authorized administrator has logged into the root account remotely. 

B. The administrator should disable remote root logins. 

C. Isolate the system immediately and begin forensic analysis on the host. 

D. A remote attacker has compromised the root account using a buffer overflow in sshd. 

E. A remote attacker has guessed the root password using a dictionary attack. 

F. Use iptables to immediately DROP connections from the IP 198.51.100.23. 

G. A remote attacker has compromised the private key of the root account. 

H. Change the root password immediately to a password not found in a dictionary. 

Answer: C,E 


Q65. - (Topic 1) 

After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart. 

SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT); 

The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping cart’s items? 

A. Input validation 

B. SQL injection 

C. TOCTOU 

D. Session hijacking 

Answer:


Avant-garde CAS-002 practice:

Q66. - (Topic 4) 

A security engineer is troubleshooting a possible virus infection, which may have spread to multiple desktop computers within the organization. The company implements enterprise antivirus software on all desktops, but the enterprise antivirus server’s logs show no sign of a virus infection. The border firewall logs show suspicious activity from multiple internal hosts trying to connect to the same external IP address. The security administrator decides to post the firewall logs to a security mailing list and receives confirmation from other security administrators that the firewall logs indicate internal hosts are compromised with a new variant of the Trojan.Ransomcrypt.G malware not yet detected by most antivirus software. Which of the following would have detected the malware infection sooner? 

A. The security administrator should consider deploying a signature-based intrusion detection system. 

B. The security administrator should consider deploying enterprise forensic analysis tools. 

C. The security administrator should consider installing a cloud augmented security service. 

D. The security administrator should consider establishing an incident response team. 

Answer:


Q67. - (Topic 2) 

A security tester is testing a website and performs the following manual query: 

https://www.comptia.com/cookies.jsp?products=5%20and%201=1 

The following response is received in the payload: 

“ORA-000001: SQL command not properly ended” 

Which of the following is the response an example of? 

A. Fingerprinting 

B. Cross-site scripting 

C. SQL injection 

D. Privilege escalation 

Answer:


Q68. - (Topic 3) 

Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ. 

Which of the following is the MOST important to be considered before going ahead with the service? 

A. Internal auditors have approved the outsourcing arrangement. 

B. Penetration testing can be performed on the externally facing web system. 

C. Ensure there are security controls within the contract and the right to audit. 

D. A physical site audit is performed on Company XYZ’s management / operation. 

Answer:


Q69. - (Topic 3) 

The Linux server at Company A hosts a graphical application widely used by the company designers. One designer regularly connects to the server from a Mac laptop in the designer’s office down the hall. When the security engineer learns of this it is discovered the connection is not secured and the password can easily be obtained via network sniffing. Which of the following would the security engineer MOST likely implement to secure this connection? 

Linux Server: 192.168.10.10/24 

Mac Laptop: 192.168.10.200/24 

A. From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200. 

B. From the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer Authentication and the CredSSP security provider. 

C. From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1. 

D. From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 

127.0.0.1. 

Answer:


Q70. - (Topic 4) 

Continuous monitoring is a popular risk reduction technique in many large organizations with formal certification processes for IT projects. In order to implement continuous monitoring in an effective manner which of the following is correct? 

A. Only security related alerts should be forwarded to the network team for resolution. 

B. All logs must be centrally managed and access to the logs restricted only to data storage staff. 

C. Logging must be set appropriately and alerts delivered to security staff in a timely manner. 

D. Critical logs must be monitored hourly and adequate staff must be assigned to the network team. 

Answer: