★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/CAS-002-dumps.html


It is impossible to pass CompTIA CAS-002 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed CompTIA CAS-002 practice questions. You will get a surprising result by our Up to date CompTIA Advanced Security Practitioner (CASP) practice guides.

2021 Nov comptia casp cas-002:

Q351. - (Topic 1) 

A security administrator is shown the following log excerpt from a Unix system: 

2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2 

2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2 

2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2 

2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2 

Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO). 

A. An authorized administrator has logged into the root account remotely. 

B. The administrator should disable remote root logins. 

C. Isolate the system immediately and begin forensic analysis on the host. 

D. A remote attacker has compromised the root account using a buffer overflow in sshd. 

E. A remote attacker has guessed the root password using a dictionary attack. 

F. Use iptables to immediately DROP connections from the IP 198.51.100.23. 

G. A remote attacker has compromised the private key of the root account. 

H. Change the root password immediately to a password not found in a dictionary. 

Answer: C,E 


Q352. - (Topic 5) 

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO). 

A. Physical penetration test of the datacenter to ensure there are appropriate controls. 

B. Penetration testing of the solution to ensure that the customer data is well protected. 

C. Security clauses are implemented into the contract such as the right to audit. 

D. Review of the organizations security policies, procedures and relevant hosting certifications. 

E. Code review of the solution to ensure that there are no back doors located in the software. 

Answer: C,D 


Q353. - (Topic 2) 

Wireless users are reporting issues with the company’s video conferencing and VoIP systems. The security administrator notices internal DoS attacks from infected PCs on the network causing the VoIP system to drop calls. The security administrator also notices that the SIP servers are unavailable during these attacks. Which of the following security controls will MOST likely mitigate the VoIP DoS attacks on the network? (Select TWO). 

A. Install a HIPS on the SIP servers 

B. Configure 802.1X on the network 

C. Update the corporate firewall to block attacking addresses 

D. Configure 802.11e on the network 

E. Configure 802.1q on the network 

Answer: A,D 


Q354. - (Topic 3) 

At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed read/write access to the backend database of a financial company. At 10:45 a.m. the security administrator received multiple alerts from the company’s statistical anomaly-based IDS about a company database administrator performing unusual transactions. At 

10:55 a.m. the security administrator resets the database administrator’s password. 

At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual transactions from the same user. Which of the following is MOST likely the cause of the alerts? 

A. The IDS logs are compromised. 

B. The new password was compromised. 

C. An input validation error has occurred. 

D. A race condition has occurred. 

Answer:


Q355. - (Topic 5) 

During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution? 

A. Implement an IPS to block the application on the network 

B. Implement the remote application out to the rest of the servers 

C. Implement SSL VPN with SAML standards for federation 

D. Implement an ACL on the firewall with NAT for remote access 

Answer:


Abreast of the times comptia casp cas-002 pdf:

Q356. - (Topic 5) 

A security administrator is investigating the compromise of a SCADA network that is not physically connected to any other network. Which of the following is the MOST likely cause of the compromise? 

A. Outdated antivirus definitions 

B. Insecure wireless 

C. Infected USB device 

D. SQL injection 

Answer:


Q357. - (Topic 5) 

A security engineer at a bank has detected a Zeus variant, which relies on covert communication channels to receive new instructions and updates from the malware developers. As a result, NIPS and AV systems did not detect the configuration files received by staff in emails that appeared as normal files. Which of the following BEST describes the technique used by the malware developers? 

A. Perfect forward secrecy 

B. Stenography 

C. Diffusion 

D. Confusion 

E. Transport encryption 

Answer:


Q358. - (Topic 1) 

There have been some failures of the company’s internal facing website. A security engineer has found the WAF to be the root cause of the failures. System logs show that the WAF has been unavailable for 14 hours over the past month, in four separate situations. One of these situations was a two hour scheduled maintenance time, aimed at improving the stability of the WAF. Using the MTTR based on the last month’s performance figures, which of the following calculations is the percentage of uptime assuming there were 722 hours in the month? 

A. 92.24 percent 

B. 98.06 percent 

C. 98.34 percent 

D. 99.72 percent 

Answer:


Q359. - (Topic 1) 

A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO). 

A. The user’s certificate private key must be installed on the VPN concentrator. 

B. The CA’s certificate private key must be installed on the VPN concentrator. 

C. The user certificate private key must be signed by the CA. 

D. The VPN concentrator’s certificate private key must be signed by the CA and installed on the VPN concentrator. 

E. The VPN concentrator’s certificate private key must be installed on the VPN concentrator. 

F. The CA’s certificate public key must be installed on the VPN concentrator. 

Answer: E,F 


Q360. - (Topic 4) 

A company’s security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information? 

A. Require all development to follow secure coding practices. 

B. Require client-side input filtering on all modifiable fields. 

C. Escape character sequences at the application tier. 

D. Deploy a WAF with application specific signatures. 

Answer: