CAS-002 by CompTIA Valid Free Exam Practice Test

Question 1

A security engineer at a bank has detected a Zeus variant, which relies on covert communication channels to receive new instructions and updates from the malware developers. As a result, NIPS and AV systems did not detect the configuration files received by staff in emails that appeared as normal files. Which of the following BEST describes the technique used by the malware developers?

A. Stenography B. Confusion C. Diffusion D. Transport encryption E. Perfect forward secrecy

Correct Answer: A

Question 2

A new IT company has hired a security consultant to implement a remote access system, which will enable employees to telecommute from home using both company issued as well as personal computing devices, including mobile devices. The company wants a flexible system to provide confidentiality and integrity for data in transit to the company's internally developed application GUI. Company policy prohibits employees from having administrative rights to company issued devices. Which of the following remote access solutions has the lowest technical complexity?

A. Client-based VPN B. SSL VPN C. IPSec D. RDP server E. Jump box

Correct Answer: D

Question 3

An IT manager is working with a project manager from another subsidiary of the same multinational organization. The project manager is responsible for a new software development effort that is being outsourced overseas, while customer acceptance testing will be performed in house. Which of the following capabilities is MOST likely to cause issues with network availability?

A. Time-based access control lists B. ISP to ISP network jitter C. Source code vulnerability scanning D. File-size validation E. End to end network encryption

Correct Answer: A

Question 4

New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should a security manager do to manage the risks of these attack vectors? (Select TWO).

A. Backup the router and firewall configurations. B. Maintain a list of critical systems. C. Establish an emergency response call tree. D. Create an inventory of applications. E. Update all network diagrams.

Correct Answer: B,D

Question 5

An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments are the MOST heavily invested in rectifying the problem? (Select THREE).

A. Marketing B. Programming C. Information technology D. Facilities management E. Human resources F. Data center operations G. Research and development

Correct Answer: C,D,F

Question 6

A corporation has expanded for the first time by integrating several newly acquired businesses.
Which of the following are the FIRST tasks that the security team should undertake? (Select TWO).

A. Re-image all end user computers to a standard image. B. Remove acquired companies Internet access. C. Federate identity management systems. D. Develop interconnection policy. E. Install firewalls between the businesses. F. Conduct a risk analysis of each acquired company's networks.

Correct Answer: D,F

Question 7

An architect has been engaged to write the security viewpoint of a new initiative. Which of the following BEST describes a repeatable process that can be used for establishing the security architecture?

A. Perform a risk analysis of the system. Avoid extreme risks. Mitigate high risks. Transfer medium risks and accept low risks. Perform continuous monitoring to ensure that the system remains at an adequate security posture. B. Classify information types used within the system into levels of confidentiality, integrity, and availability. Determine minimum required security controls. Conduct a risk analysis.Decide on which security controls to implement. C. Implement controls based on the system needs. Perform a risk analysis of the system.For any remaining risks, perform continuous monitoring. D. Inspect a previous architectural document. Based on the historical decisions made, consult the architectural control and pattern library within the organization and select the controls that appear to best fit this new architectural need.

Correct Answer: B

Question 8

DRAG DROP
A manufacturer is planning to build a segregated network. There are requirements to segregate development and test infrastructure from production and the need to support multiple entry points into the network depending on the service being accessed. There are also strict rules in place to only permit user access from within the same zone. Currently, the following access requirements have been identified:
1 . Developers have the ability to perform technical validation of development applications.
2 . End users have the ability to access internal web applications.
3 . Third-party vendors have the ability to support applications.
In order to meet segregation and access requirements, drag and drop the appropriate network zone that the user would be accessing and the access mechanism to meet the above criteria. Options may be used once or not at all. All placeholders must be filled.

Correct Answer:

Question 9

At 10:35 a.m. a malicious user was able to obtain a valid authentication token which allowed read/write access to the backend database of a financial company. At 10:45 a.m.
the security administrator received multiple alerts from the company's statistical anomaly- based IDS about a company database administrator performing unusual transactions. At
10:55 a.m. the security administrator resets the database administrator's password.
At 11:00 a.m. the security administrator is still receiving alerts from the IDS about unusual transactions from the same user. Which of the following is MOST likely the cause of the alerts?

A. A race condition has occurred. B. The new password was compromised. C. The IDS logs are compromised. D. An input validation error has occurred.

Correct Answer: A

Question 10

Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software from running on mobile devices?

A. Identity propagation B. Single sign-on C. Remote attestation D. Secure code review

Correct Answer: C

Question 11

The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important?

A. What encryption standards are used in tracking database? B. What accountability is built into the remote support application? C. What encryption standards are used in remote desktop and file transfer functionality? D. What snapshot or "undo" features are present in the application? E. What are the protections against MITM?

Correct Answer: B

Question 12

The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any payments. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. A specially crafted value could be entered and cause a roll over, resulting in the shipping cost being subtracted from the balance and in some instances resulted in a negative balance. As a result, the system processed the negative balance as zero dollars. Which of the following BEST describes the application issue?

A. Race condition B. Click-jacking C. SQL injection D. Use after free E. Integer overflow

Correct Answer: E

Question 13

A security manager is developing new policies and procedures. Which of the following is a best practice in end user security?

A. Access controls to prevent end users from gaining access to confidential data. B. A training program that is consistent, ongoing, and relevant. C. Employee identity badges and physical access controls to ensure only staff are allowed onsite. D. Access controls for computer systems and networks with two-factor authentication.

Correct Answer: B

Question 14

A system administrator is troubleshooting a possible denial of service on a sensitive system. The system seems to run properly for a few hours after it is restarted, but then it suddenly stops processing transactions. The system administrator suspects an internal DoS caused by a disgruntled developer who is currently seeking a new job while still working for the company. After looking into various system logs, the system administrator looks at the following output from the main system service responsible for processing incoming transactions.
DATE/TIMEPIDCOMMAND%CPUMEM
031020141030002055com.proc10.2920K
031020141100002055com.proc12.35.2M
031020141230002055com.proc22.022M
031020141300002055com.proc33.01.6G
031020141330002055com.proc30.28.0G
Which of the following is the MOST likely cause for the DoS?

A. The system does not implement input validation. B. The system does not protect against buffer overflows properly. C. The system does not implement proper garbage collection. D. The system is susceptible to integer overflow.

Correct Answer: C

CompTIA Advanced Security Practitioner (CASP) - CAS-002 Exam Practice Test