[Free] Download New Updated (December) CompTIA CAS-002 Exam Questions 301-310

Ensurepass

QUESTION 301

A network administrator notices a security intrusion on the web server. Which of the following is noticed by http://test.com/modules.php?op=modload&name=XForum&file=[hostilejavascript]&fid=2 in the log file?

 

A.

Buffer overflow

B.

Click jacking

C.

SQL injection

D.

XSS attack

 

Correct Answer: D

 

 

QUESTION 302

DRAG DROP

Company A has experienced external attacks on their network and wants to minimize the attacks from reoccurring. Modify the network diagram to prevent SQL injections. XSS attacks, smurf attacks, e-mail spam, downloaded malware. viruses and ping attacks. The company can spend a MAXIMUM of 550.000 USD. A cost list for each item is listed below

 

1. Anti-Virus Server- $10,000

2. Firewall-$15,000

3. Load Balanced Server – $10,000

4. NIDS/NIPS-$10,000

5. Packet Analyzer-55.000

6. Patch Server-$15,000

7. Proxy Server-$20,000

8. Router – S10.000

9. Spam Filter – S5 000

10. Traffic Shaper – $20,000

11. Web Application Firewall – $10,000

 

Instructions:

Not all placeholders in the diagram need to be filled and items can only be used once.

 

clip_image002

clip_image004

 

Correct Answer:

clip_image006

 

 

QUESTION 303

A security consultant is called into a small advertising business to recommend which security policies and procedures would be most helpful to the business. The business is comprised of 20 employees, operating off of two shared servers. One server houses employee data and the other houses client data. All machines are on the same local network. Often these employees must work remotely from client sites, but do not access either of the servers remotely. Assuming no security policies or procedures are in place right now, which of the following would be the MOST applicable for implementation? (Select TWO).

 

A.

Password Policy

B.

Data Classification Policy

C.

Wireless Access Procedure

D.

VPN Policy

E.

Database Administrative Procedure

 

Correct Answer: AB

 

 

 

 

 

 

 

 

 

QUESTION 304

An organization did not know its internal customer and financial databases were compromised until the attacker published sensitive portions of the database on several popular attacker websites. The organization was unable to determine when, how, or who conducted the attacks but rebuilt, restored, and updated the compromised database server to continue operations. Which of the following is MOST likely the cause for the organization’s inability to determine what really occurred?

 

A.

Too few layers of protection between the Internet and internal network

B.

Lack of a defined security auditing methodology

C.

Poor intrusion prevention system placement and maintenance

D.

Insufficient logging and mechanisms for review

 

Correct Answer: D

 

 

QUESTION 305

A health service provider is considering the impact of allowing doctors and nurses access to the internal email system from their personal smartphones. The Information Security Officer (ISO) has received a technical document from the security administrator explaining that the current email system is capable of enforcing security policies to personal smartphones, including screen lockout and mandatory PINs. Additionally, the system is able to remotely wipe a phone if reported lost or stolen. Which of the following should the Information Security Officer be MOST concerned with based on this scenario? (Select THREE).

 

A.

The email system may become unavailable due to overload.

B.

Compliance may not be supported by all smartphones.

C.

Equipment loss, theft, and data leakage.

D.

Smartphone radios can interfere with health equipment.

E.

Data usage cost could significantly increase.

F.

Not all smartphones natively support encryption.

G.

Smartphones may be used as rogue access points.

 

Correct Answer: BCF

 

 

QUESTION 306

A team is established to create a secure connection between software packages in order to list employee’s remaining or unused benefits on their paycheck stubs. Which of the following business roles would be MOST effective on this team?

 

A.

Network Administrator, Database Administrator, Programmers

B.

Network Administrator, Emergency Response Team, Human Resources

C.

Finance Officer, Human Resources, Security Administrator

D.

Database Administrator, Facilities Manager, Physical Security Manager

 

Correct Answer: C

 

 

 

 

 

 

 

QUESTION 307

An organization has had component integration related vulnerabilities exploited in consecutive releases of the software it hosts. The only reason the company was able to identify the compromises was because of a correlation of slow server performance and an attentive security analyst noticing unusual outbound network activity from the application servers. End-to-end management of the development process is the responsibility of the applications development manager and testing is done by various teams of programmers. Which of the following will MOST likely reduce the likelihood of similar incidents?

 

A.

Conduct monthly audits to verify that application modifications do not introduce new vulnerabilities.

B.

Implement a peer code review requirement prior to releasing code into production.

C.

Follow secure coding practices to minimize the likelihood of creating vulnerable applications.

D.

Establish cross-functional planning and testing requirements for software development activities.

 

Correct Answer: D

 

 

QUESTION 308

The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing regiment into the security management plan specifically for the development area. The CISO’s requirements are that testing must have a low risk of impacting system stability, can be scripted, and is very thorough. The development team claims that this will lead to a higher degree of test script maintenance and that it would be preferable if the testing was outsourced to a third party. The CISO still maintains that third-party testing would not be as thorough as the third party lacks the introspection of the development team. Which of the following will satisfy the CISO requirements?

 

A.

Grey box testing performed by a major external consulting firm who have signed a NDA.

B.

Black box testing performed by a major external consulting firm who have signed a NDA.

C.

White box testing performed by the development and security assurance teams.

D.

Grey box testing performed by the development and security assurance teams.

 

Correct Answer: C

 

 

QUESTION 309

A small customer focused bank with implemented least privilege principles, is concerned about the possibility of branch staff unintentionally aiding fraud in their day to day interactions with customers. Bank staff has been encouraged to build friendships with customers to make the banking experience feel more personal. The security and risk team have decided that a policy needs to be implemented across all branches to address the risk. Which of the following BEST addresses the security and risk team’s concerns?

 

A.

Information disclosure policy

B.

Awareness training

C.

Job rotation

D.

Separation of duties

 

Correct Answer: B

 

 

 

 

QUESTION 310

A morphed worm carrying a 0-day payload has infiltrated the company network and is now spreading across the organization. The security administrator was able to isolate the worm communication and payload distribution channel to TCP port 445. Which of the following can the administrator do in the short term to minimize the attack?

 

A.

Deploy the following ACL to the HIPS: DENY – TCP – ANY – ANY – 445.

B.

Run a TCP 445 port scan across the organization and patch hosts with open ports.

C.

Add the following ACL to the corporate firewall: DENY – TCP – ANY – ANY – 445.

D.

Force a signature update and full system scan from the enterprise anti-virus solution.

 

Correct Answer: A

 

Free VCE & PDF File for CompTIA CAS-002 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …