[Free] Download New Updated (December) CompTIA CAS-002 Exam Questions 61-70

Ensurepass

QUESTION 61

The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company’s external router’s IP which is 128.20.176.19:

 

11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400

 

11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400

 

11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400

 

11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400

 

11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400

 

Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration?

 

A.

After the senior engineer used a network analyzer to identify an active Fraggle attack, the company’s ISP should be contacted and instructed to block the malicious packets.

B.

After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication.

C.

After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks.

D.

After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company’s external router to block incoming UDP port 19 traffic.

 

Correct Answer: A

 

 

QUESTION 62

A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task?

 

A.

Interview candidates, attend training, and hire a staffing company that specializes in technology jobs

B.

Interview employees and managers to discover the industry hot topics and trends

C.

Attend meetings with staff, internal training, and become certified in software management

D.

Attend conferences, webinars, and training to remain current with the industry and job requirements

Correct Answer: D

 

 

QUESTION 63

Which of the following provides the BEST risk calculation methodology?

 

A.

Annual Loss Expectancy (ALE) x Value of Asset

B.

Potential Loss x Event Probability x Control Failure Probability

C.

Impact x Threat x Vulnerability

D.

Risk Likelihood x Annual Loss Expectancy (ALE)

 

Correct Answer: B

 

 

QUESTION 64

After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart.

 

SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);

 

The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping cart’s items?

 

A.

Input validation

B.

SQL injection

C.

TOCTOU

D.

Session hijacking

 

Correct Answer: C

 

 

QUESTION 65

The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?

 

A.

What are the protections against MITM?

B.

What accountability is built into the remote support application?

C.

What encryption standards are used in tracking database?

D.

What snapshot or “undo” features are present in the application?

E.

What encryption standards are used in remote desktop and file transfer functionality?

 

Correct Answer: B

 

 

 

 

QUESTION 66

An attacker attempts to create a DoS event against the VoIP system of a company. The attacker uses a tool to flood the network with a large number of SIP INVITE traffic. Which of the following would be LEAST likely to thwart such an attack?

 

A.

Install IDS/IPS systems on the network

B.

Force all SIP communication to be encrypted

C.

Create separate VLANs for voice and data traffic

D.

Implement QoS parameters on the switches

 

Correct Answer: D

 

 

QUESTION 67

A member of the software development team has requested advice from the security team to implement a new secure lab for testing malware. Which of the following is the NEXT step that the security team should take?

 

A.

Purchase new hardware to keep the malware isolated.

B.

Develop a policy to outline what will be required in the secure lab.

C.

Construct a series of VMs to host the malware environment.

D.

Create a proposal and present it to management for approval.

 

Correct Answer: D

 

 

QUESTION 68

The security administrator finds unauthorized tables and records, which were not present before, on a Linux database server. The database server communicates only with one web server, which connects to the database server via an account with SELECT only privileges.

Web server logs show the following:

 

90.76.165.40 — [08/Mar/2014:10:54:04] “GET calendar.php?create%20table%20hidden HTTP/1.1” 200 5724

 

90.76.165.40 — [08/Mar/2014:10:54:05] “GET ../../../root/.bash_history HTTP/1.1” 200 5724

 

90.76.165.40 — [08/Mar/2014:10:54:04] “GET index.php?user<;scrip>;Creat<;/scrip>; HTTP/1.1” 200 5724

 

The security administrator also inspects the following file system locations on the database server using the command `ls -al /root’

 

drwxrwxrwx 11 root root 4096 Sep 28 22:45 .

 

drwxr-xr-x 25 root root 4096 Mar 8 09:30 ..

 

-rws—— 25 root root 4096 Mar 8 09:30 .bash_history

-rw——- 25 root root 4096 Mar 8 09:30 .bash_history

-rw——- 25 root root 4096 Mar 8 09:30 .profile

-rw——- 25 root root 4096 Mar 8 09:30 .ssh

 

Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO).

 

A.

Privilege escalation

B.

Brute force attack

C.

SQL injection

D.

Cross-site scripting

E.

Using input validation, ensure the following characters are sanitized: <>

F.

Update crontab with: find / ( -perm -4000 ) -type f -print0 | xargs -0 ls -I | email.sh

G.

Implement the following PHP directive: $clean_user_input = addslashes($user_input)

H.

Set an account lockout policy

 

Correct Answer: AF

 

 

QUESTION 69

A company has issued a new mobile device policy permitting BYOD and company-issued devices. The company-issued device has a managed middleware client that restricts the applications allowed on company devices and provides those that are approved. The middleware client provides configuration standardization for both company owned and BYOD to secure data and communication to the device according to industry best practices. The policy states that, “BYOD clients must meet the company’s infrastructure requirements to permit a connection.” The company also issues a memorandum separate from the policy, which provides instructions for the purchase, installation, and use of the middleware client on BYOD. Which of the following is being described?

 

A.

Asset management

B.

IT governance

C.

Change management

D.

Transference of risk

 

Correct Answer: B

 

 

QUESTION 70

The administrator is troubleshooting availability issues on an FCoE-based storage array that uses deduplication. The single controller in the storage array has failed, so the administrator wants to move the drives to a storage array from a different manufacturer in order to access the data. Which of the following issues may potentially occur?

 

A.

The data may not be in a usable format.

B.

The new storage array is not FCoE based.

C.

The data may need a file system check.

D.

The new storage array also only has a single controller.

 

Correct Answer: A

 

Free VCE & PDF File for CompTIA CAS-002 Real Exam

Instant Access to Free VCE Files: CompTIA | VMware | SAP …
Instant Access to Free PDF Files: CompTIA | VMware | SAP …

This entry was posted in Uncategorized. Bookmark the permalink.