[Free] Download New Updated (December) CompTIA CAS-002 Exam Questions 351-360

Ensurepass

QUESTION 351

A security engineer is troubleshooting a possible virus infection, which may have spread to multiple desktop computers within the organization. The company implements enterprise antivirus software on all desktops, but the enterprise antivirus server’s logs show no sign of a virus infection. The border firewall logs show suspicious activity from multiple internal hosts trying to connect to the same external IP address. The security administrator decides to post the firewall logs to a security mailing list and receives confirmation from other security administrators that the firewall logs indicate internal hosts are compromised with a new variant of the Trojan.Ransomcrypt.G malware not yet detected by most antivirus software. Which of the following would have detected the malware infection sooner?

 

A.

The security administrator should consider deploying a signature-based intrusion detection system.

B.

The security administrator should consider deploying enterprise forensic analysis tools.

C.

The security administrator should consider installing a cloud augmented security service.

D.

The security administrator should consider establishing an incident response team.

 

Correct Answer: C

 

 

QUESTION 352

Which of the following activities is commonly deemed “OUT OF SCOPE” when undertaking a penetration test?

 

A.

Test password complexity of all login fields and input validation of form fields

B.

Reverse engineering any thick client software that has been provided for the test

C.

Undertaking network-based denial of service attacks in production environment

D.

Attempting to perform blind SQL injection and reflected cross-site scripting attacks

E.

Running a vulnerability scanning tool to assess network and host weaknesses

 

Correct Answer: C

 

 

QUESTION 353

A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank’s share price decreasing in value by 50% and regulatory intervention and monitoring.

 

The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues.

 

The business has specified that the solution needs to be enterprise grade and meet the following requirements:

 

clip_image002Be across all major platforms, applications and infrastructure.

clip_image002[1]Be able to track user and administrator activity.

clip_image002[2]Does not significantly degrade the performance of production platforms, applications, and infrastructures.

clip_image002[3]Real time incident reporting.

clip_image002[4]Manageable and has meaningful information.

clip_image002[5]Business units are able to generate reports in a timely manner of the unit’s system assets.

 

In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE).

 

A.

Implement a security operations center to provide real time monitoring and incident response with self service reporting capability.

B.

Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms, applications, and infrastructure.

C.

Implement a security operations center to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capability.

D.

Ensure that the network operations center has the tools to provide real time monitoring and incident response and an event correlation dashboard wi
th self service reporting capabilities.

E.

Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures.

F.

Ensure appropriate auditing is enabled to capture the required information.

G.

Manually pull the logs from the major platforms, applications, and infrastructures to a central secure server.

 

Correct Answer: BCF

 

 

QUESTION 354

Some mobile devices are jail-broken by connecting via USB cable and then exploiting software vulnerabilities to get kernel-level access. Which of the following attack types represents this scenario? (Select TWO).

 

A.

Session management attack

B.

Protocol fuzzing

C.

Root-kit compromise

D.

Physical attack

E.

Privilege escalation

F.

Man-in-the-middle

 

Correct Answer: DE

 

 

QUESTION 355

A new IDS device is generating a very large number of irrelevant events. Which of the following would BEST remedy this problem?

 

A.

Change the IDS to use a heuristic anomaly filter.

B.

Adjust IDS filters to decrease the number of false positives.

C.

Change the IDS filter to data mine the false positives for statistical trending data.

D.

Adjust IDS filters to increase the number of false negatives.

 

Correct Answer: B

 

 

 

 

 

 

 

 

 

QUESTION 356

The Information Security Officer (ISO) is reviewing new policies that have been recently made effective and now apply to the company. Upon review, the ISO identifies a new requirement to implement two-factor authentication on the company’s wireless system. Due to budget constraints, the company will be unable to implement the requirement for the next two years. The ISO is required to submit a policy exception form to the Chief Information Officer (CIO). Which of the following are MOST important to include when submitting the exception form? (Select THREE).

 

A.

Business or technical justification for not implementing the requirements.

B.

Risks associated with the inability to implement the requirements.

C.

Industry best practices with respect to the technical implementation of the current controls.

D.

All section of the policy that may justify non-implementation of the requirements.

E.

A revised DRP and COO
P plan to the exception form.

F.

Internal procedures that may justify a budget submission to implement the new requirement.

G.

Current and planned controls to mitigate the risks.

 

Correct Answer: ABG

 

 

QUESTION 357

A security auditor is conducting an audit of a corporation where 95% of the users travel or work from non-corporate locations a majority of the time. While the employees are away from the corporate offices, they retain full access to the corporate network and use of corporate laptops. The auditor knows that the corporation processes PII and other sensitive data with applications requiring local caches of any data being manipulated. Which of the following security controls should the auditor check for and recommend to be implemented if missing from the laptops?

 

A.

Trusted operating systems

B.

Full disk encryption

C.

Host-based firewalls

D.

Command shell restrictions

 

Correct Answer: B

 

 

QUESTION 358

A systems administrator establishes a CIFS share on a Unix device to share data to windows systems. The security authentication on the windows domain is set to the highest level. Windows users are stating that they cannot authenticate to the Unix share. Which of the following settings on the Unix server is the cause of this problem?

 

A.

Refuse LM and only accept NTLMv2

B.

Accept only LM

C.

Refuse NTLMv2 and accept LM

D.

Accept only NTLM

 

Correct Answer: A

 

 

 

 

 

 

QUESTION 359

A medium-sized company has recently launched an online product catalog. It has decided to keep the credit card purchasing in-house as a secondary potential income stream has been identified in relation to sales leads. The company has decided to undertake a PCI assessment in order to determine the amount of effort required to meet the business objectives. Which compliance category would this task be part of?

 

A.

Government regulation

B.

Industry standard

C.

Company guideline

D.

Company policy

 

Correct Answer: B

 

 

QUESTION 360

A Security Manager is part of a team selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following are the MAIN concerns of the security manager? (Select THREE).

 

A.

Security of data storage

B.

The cost of the solution

C.

System availability

D.

User authentication strategy

E.

PBX integration of the service

F.

Operating system compatibility

 

Correct Answer: ACD

 

Free VCE & PDF File for CompTIA CAS-002 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in CAS-002 Exam Questions (December) and tagged , , , , , , . Bookmark the permalink.