★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on:
https://www.certleader.com/CAS-002-dumps.html
Q171. - (Topic 3)
The Linux server at Company A hosts a graphical application widely used by the company designers. One designer regularly connects to the server from a Mac laptop in the designer’s office down the hall. When the security engineer learns of this it is discovered the connection is not secured and the password can easily be obtained via network sniffing. Which of the following would the security engineer MOST likely implement to secure this connection?
Linux Server: 192.168.10.10/24
Mac Laptop: 192.168.10.200/24
A. From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200.
B. From the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer Authentication and the CredSSP security provider.
C. From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1.
D. From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to
127.0.0.1.
Answer: D
Q172. - (Topic 4)
Which of the following is an example of single sign-on?
A. An administrator manages multiple platforms with the same username and hardware token. The same username and token is used across all the platforms.
B. Multiple applications have been integrated with a centralized LDAP directory for authentication and authorization. A user has to authenticate each time the user accesses an application.
C. A password is synchronized between multiple platforms and the user is required to authenticate with the same password across each platform.
D. A web access control infrastructure performs authentication and passes attributes in a HTTP header to multiple applications.
Answer: D
Q173. - (Topic 1)
News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit, network mapping and fingerprinting is conducted to prepare for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections?
A. Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.
B. Implement an application whitelist at all levels of the organization.
C. Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring.
D. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.
Answer: B
Q174. - (Topic 4)
Company XYZ has just purchased Company ABC through a new acquisition. A business decision has been made to integrate the two company’s networks, application, and several basic services.
The initial integration of the two companies has specified the following requirements:
Which of the following network security solutions will BEST meet the above requirements?
A. Place a Company ABC managed firewall in Company XYZ’s hub site; then place Company ABC’s file, print, authentication, and secure FTP servers in a zone off the firewall. Ensure that Company ABC’s business partner firewalls are opened up for web intranet access and other required services.
B. Require Company XYZ to manage the router ACLs, controlling access to Company ABC resources, but with Company ABC approving the change control to the ACLs. Open up Company ABC’s business partner firewall to permit access to Company ABC’s file, print, secure FTP server, authentication servers and web intranet access.
C. Place no restrictions on internal network connectivity between Company XYZ and Company ABC. Open up Company ABC’s business partner firewall to permit access to Company ABC’s file, print, secure FTP server, authentication servers and web intranet access.
D. Place file, print, secure FTP server and authentication domain servers at Company XYZ’s hub site. Open up Company ABC’s business partner firewall to permit access to ABC’s web intranet access and other required services.
Answer: A
Q175. - (Topic 3)
Which of the following is the BEST place to contractually document security priorities, responsibilities, guarantees, and warranties when dealing with outsourcing providers?
A. NDA
B. OLA
C. MOU
D. SLA
Answer: D
Q176. - (Topic 4)
A security administrator is shown the following log excerpt from a Unix system:
2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2
2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2
2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2
2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2
2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2
2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2
Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).
A. An authorized administrator has logged into the root account remotely.
B. The administrator should disable remote root logins.
C. Isolate the system immediately and begin forensic analysis on the host.
D. A remote attacker has compromised the root account using a buffer overflow in sshd.
E. A remote attacker has guessed the root password using a dictionary attack.
F. Use iptables to immediately DROP connections from the IP 198.51.100.23.
G. A remote attacker has compromised the private key of the root account.
H. Change the root password immediately to a password not found in a dictionary.
Answer: C,E
Q177. - (Topic 1)
Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command string:
user@hostname:~$ sudo nmap –O 192.168.1.54
Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:
TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778
Based on this information, which of the following operating systems is MOST likely running on the unknown node?
A. Linux
B. Windows
C. Solaris
D. OSX
Answer: C
Q178. - (Topic 5)
A security company is developing a new cloud-based log analytics platform. Its purpose is to allow:
Customers to upload their log files to the “big data” platform
Customers to perform remote log search
Customers to integrate into the platform using an API so that third party business intelligence tools can be used for the purpose of trending, insights, and/or discovery
Which of the following are the BEST security considerations to protect data from one customer being disclosed to other customers? (Select THREE).
A. Secure storage and transmission of API keys
B. Secure protocols for transmission of log files and search results
C. At least two years retention of log files in case of e-discovery requests
D. Multi-tenancy with RBAC support
E. Sanitizing filters to prevent upload of sensitive log file contents
F. Encrypted storage of all customer log files
Answer: A,B,D
Q179. - (Topic 2)
An IT manager is working with a project manager to implement a new ERP system capable of transacting data between the new ERP system and the legacy system. As part of this process, both parties must agree to the controls utilized to secure data connections between the two enterprise systems. This is commonly documented in which of the following formal documents?
A. Memorandum of Understanding
B. Information System Security Agreement
C. Interconnection Security Agreement
D. Interoperability Agreement
E. Operating Level Agreement
Answer: C
Q180. - (Topic 4)
Company A needs to export sensitive data from its financial system to company B’s database, using company B’s API in an automated manner. Company A’s policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company A’s financial system and company B’s destination server using the supplied API. Additionally, company A’s legacy financial software does not support encryption, while company B’s API supports encryption. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?
A. Company A must install an SSL tunneling service on the financial system.
B. Company A’s security administrator should use an HTTPS capable browser to transfer the data.
C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.
D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls.
Answer: A