★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: https://www.certleader.com/CAS-002-dumps.html


It is more faster and easier to pass the CompTIA CAS-002 exam by using Validated CompTIA CompTIA Advanced Security Practitioner (CASP) questuins and answers. Immediate access to the Latest CAS-002 Exam and find the same core area CAS-002 questions with professionally verified answers, then PASS your exam with a high score now.

2021 Mar CAS-002 exam fees

Q81. - (Topic 2) 

During an incident involving the company main database, a team of forensics experts is hired to respond to the breach. The team is in charge of collecting forensics evidence from the company’s database server. Which of the following is the correct order in which the forensics team should engage? 

A. Notify senior management, secure the scene, capture volatile storage, capture non-volatile storage, implement chain of custody, and analyze original media. 

B. Take inventory, secure the scene, capture RAM, capture had drive, implement chain of custody, document, and analyze the data. 

C. Implement chain of custody, take inventory, secure the scene, capture volatile and non-volatile storage, and document the findings. 

D. Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement chain of custody. 

Answer:


Q82. - (Topic 4) 

A Security Manager is part of a team selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following are the MAIN concerns of the security manager? (Select THREE). 

A. Security of data storage 

B. The cost of the solution 

C. System availability 

D. User authentication strategy 

E. PBX integration of the service 

F. Operating system compatibility 

Answer: A,C,D 


Q83. - (Topic 5) 

The IT manager is evaluating IPS products to determine which would be most effective at stopping network traffic that contains anomalous content on networks that carry very specific types of traffic. Based on the IT manager’s requirements, which of the following types of IPS products would be BEST suited for use in this situation? 

A. Signature-based 

B. Rate-based 

C. Anomaly-based 

D. Host-based 

Answer:


Q84. - (Topic 2) 

Wireless users are reporting issues with the company’s video conferencing and VoIP systems. The security administrator notices internal DoS attacks from infected PCs on the network causing the VoIP system to drop calls. The security administrator also notices that the SIP servers are unavailable during these attacks. Which of the following security controls will MOST likely mitigate the VoIP DoS attacks on the network? (Select TWO). 

A. Install a HIPS on the SIP servers 

B. Configure 802.1X on the network 

C. Update the corporate firewall to block attacking addresses 

D. Configure 802.11e on the network 

E. Configure 802.1q on the network 

Answer: A,D 


Q85. - (Topic 4) 

Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZ’s hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning PII, and administrative complexity on the proposal. Which of the following BEST describes the core concerns of the security architect? 

A. Most of company XYZ’s customers are willing to accept the risks of unauthorized disclosure and access to information by outside users. 

B. The availability requirements in SLAs with each hosted customer would have to be re-written to account for the transfer of virtual machines between physical platforms for regular maintenance. 

C. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer. 

D. Not all of company XYZ’s customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings. 

Answer:


Update CAS-002 exams:

Q86. - (Topic 2) 

An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO). 

A. /etc/passwd 

B. /etc/shadow 

C. /etc/security 

D. /etc/password 

E. /sbin/logon 

F. /bin/bash 

Answer: A,B 


Q87. - (Topic 3) 

A financial institution wants to reduce the costs associated with managing and troubleshooting employees’ desktops and applications, while keeping employees from copying data onto external storage. The Chief Information Officer (CIO) has asked the security team to evaluate four solutions submitted by the change management group. Which of the following BEST accomplishes this task? 

A. Implement desktop virtualization and encrypt all sensitive data at rest and in transit. 

B. Implement server virtualization and move the application from the desktop to the server. 

C. Implement VDI and disable hardware and storage mapping from the thin client. 

D. Move the critical applications to a private cloud and disable VPN and tunneling. 

Answer:


Q88. - (Topic 2) 

VPN users cannot access the active FTP server through the router but can access any server in the data center. 

Additional network information: 

DMZ network – 192.168.5.0/24 (FTP server is 192.168.5.11) 

VPN network – 192.168.1.0/24 

Datacenter – 192.168.2.0/24 

User network - 192.168.3.0/24 

HR network – 192.168.4.0/24\ 

Traffic shaper configuration: 

VLAN Bandwidth Limit (Mbps) 

VPN50 

User175 

HR250 

Finance250 

Guest0 

Router ACL: 

ActionSourceDestination 

Permit192.168.1.0/24192.168.2.0/24 

Permit192.168.1.0/24192.168.3.0/24 

Permit192.168.1.0/24192.168.5.0/24 

Permit192.168.2.0/24192.168.1.0/24 

Permit192.168.3.0/24192.168.1.0/24 

Permit192.168.5.1/32192.168.1.0/24 

Deny192.168.4.0/24192.168.1.0/24 

Deny192.168.1.0/24192.168.4.0/24 

Denyanyany 

Which of the following solutions would allow the users to access the active FTP server? 

A. Add a permit statement to allow traffic from 192.168.5.0/24 to the VPN network 

B. Add a permit statement to allow traffic to 192.168.5.1 from the VPN network 

C. IPS is blocking traffic and needs to be reconfigured 

D. Configure the traffic shaper to limit DMZ traffic 

E. Increase bandwidth limit on the VPN network 

Answer:


Q89. - (Topic 2) 

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected from various security devices compiled from a report through the company’s security information and event management server. 

Logs: 

Log 1: 

Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 10.2.5.81 3 packets 

Log 2: 

HTTP://www.company.com/index.php?user=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 

Log 3: Security Error Alert Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream 

and has disconnected the client 

Log 4: 

Encoder oe = new OracleEncoder (); 

String query = “Select user_id FROM user_data WHERE user_name = ‘ ” 

+ oe.encode ( req.getParameter(“userID”) ) + “ ‘ and user_password = ‘ “ 

+ oe.encode ( req.getParameter(“pwd”) ) +” ‘ “; 

Vulnerabilities 

Buffer overflow 

SQL injection 

ACL 

XSS 

Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO). 

A. Log 1 

B. Log 2 

C. Log 3 

D. Log 4 

E. Buffer overflow 

F. ACL 

G. XSS 

H. SQL injection 

Answer: B,E 


Q90. - (Topic 2) 

A company provides on-demand cloud computing resources for a sensitive project. The company implements a fully virtualized datacenter and terminal server access with two-factor authentication for customer access to the administrative website. The security administrator at the company has uncovered a breach in data confidentiality. Sensitive data from customer A was found on a hidden directory within the VM of company B. Company B is not in the same industry as company A and the two are not competitors. Which of the following has MOST likely occurred? 

A. Both VMs were left unsecured and an attacker was able to exploit network vulnerabilities to access each and move the data. 

B. A stolen two factor token was used to move data from one virtual guest to another host on the same network segment. 

C. A hypervisor server was left un-patched and an attacker was able to use a resource exhaustion attack to gain unauthorized access. 

D. An employee with administrative access to the virtual guests was able to dump the guest memory onto a mapped disk. 

Answer: