Vivid of CAS-002 test engine materials and training materials for CompTIA certification for IT learners, Real Success Guaranteed with Updated CAS-002 pdf dumps vce Materials. 100% PASS CompTIA Advanced Security Practitioner (CASP) exam Today!

2021 Jan CAS-002 brain dumps

Q171. - (Topic 4) 

After being informed that the company DNS is unresponsive, the system administrator issues the following command from a Linux workstation: 

Once at the command prompt, the administrator issues the below commanD. 

Which of the following is true about the above situation? 

A. The administrator must use the sudo command in order to restart the service. 

B. The administrator used the wrong SSH port to restart the DNS server. 

C. The service was restarted correctly, but it failed to bind to the network interface. 

D. The service did not restart because the bind command is privileged. 

Answer:


Q172. - (Topic 4) 

Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process? 

A. Collection, Identification, Preservation, Examination, Analysis, Presentation. 

B. Identification, Preservation, Collection, Examination, Analysis, Presentation. 

C. Collection, Preservation, Examination, Identification, Analysis, Presentation. 

D. Identification, Examination, Preservation, Collection, Analysis, Presentation. 

Answer:


Q173. - (Topic 1) 

A member of the software development team has requested advice from the security team to implement a new secure lab for testing malware. Which of the following is the NEXT step that the security team should take? 

A. Purchase new hardware to keep the malware isolated. 

B. Develop a policy to outline what will be required in the secure lab. 

C. Construct a series of VMs to host the malware environment. 

D. Create a proposal and present it to management for approval. 

Answer:


Q174. - (Topic 5) 

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology. Which of the following would be the advantage of conducting this kind of penetration test? 

A. The risk of unplanned server outages is reduced. 

B. Using documentation provided to them, the pen-test organization can quickly determine areas to focus on. 

C. The results will show an in-depth view of the network and should help pin-point areas of internal weakness. 

D. The results should reflect what attackers may be able to learn about the company. 

Answer:


Q175. - (Topic 5) 

A security manager has received the following email from the Chief Financial Officer (CFO): 

“While I am concerned about the security of the proprietary financial data in our ERP application, we have had a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance targets. As things currently stand, we do not allow employees to work from home but this is something I am willing to allow so we can get back on track. What should we do first to securely enable this capability for my group?” 

Based on the information provided, which of the following would be the MOST appropriate response to the CFO? 

A. Remote access to the ERP tool introduces additional security vulnerabilities and should not be allowed. 

B. Allow VNC access to corporate desktops from personal computers for the users working from home. 

C. Allow terminal services access from personal computers after the CFO provides a list of the users working from home. 

D. Work with the executive management team to revise policies before allowing any remote access. 

Answer:


Avant-garde CAS-002 test preparation:

Q176. - (Topic 4) 

Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the following correctly states the risk management options that the consultant should use during the assessment? 

A. Risk reduction, risk sharing, risk retention, and risk acceptance. 

B. Avoid, transfer, mitigate, and accept. 

C. Risk likelihood, asset value, and threat level. 

D. Calculate risk by determining technical likelihood and potential business impact. 

Answer:


Q177. - (Topic 5) 

A Chief Information Security Officer (CISO) is approached by a business unit manager who heard a report on the radio this morning about an employee at a competing firm who shipped a VPN token overseas so a fake employee could log into the corporate VPN. The CISO asks what can be done to mitigate the risk of such an incident occurring within the organization. Which of the following is the MOST cost effective way to mitigate such a risk? 

A. Require hardware tokens to be replaced on a yearly basis. 

B. Implement a biometric factor into the token response process. 

C. Force passwords to be changed every 90 days. 

D. Use PKI certificates as part of the VPN authentication process. 

Answer:


Q178. - (Topic 1) 

An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the-middle attack. Which of the following controls should be implemented to mitigate the attack in the future? 

A. Use PAP for secondary authentication on each RADIUS server 

B. Disable unused EAP methods on each RADIUS server 

C. Enforce TLS connections between RADIUS servers 

D. Use a shared secret for each pair of RADIUS servers 

Answer:


Q179. - (Topic 4) 

The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company’s external router’s IP which is 128.20.176.19: 

11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400 

Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration? 

A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company’s ISP should be contacted and instructed to block the malicious packets. 

B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication. 

C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks. 

D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company’s external router to block incoming UDP port 19 traffic. 

Answer:


Q180. - (Topic 4) 

A security engineer is troubleshooting a possible virus infection, which may have spread to multiple desktop computers within the organization. The company implements enterprise antivirus software on all desktops, but the enterprise antivirus server’s logs show no sign of a virus infection. The border firewall logs show suspicious activity from multiple internal hosts trying to connect to the same external IP address. The security administrator decides to post the firewall logs to a security mailing list and receives confirmation from other security administrators that the firewall logs indicate internal hosts are compromised with a new variant of the Trojan.Ransomcrypt.G malware not yet detected by most antivirus software. Which of the following would have detected the malware infection sooner? 

A. The security administrator should consider deploying a signature-based intrusion detection system. 

B. The security administrator should consider deploying enterprise forensic analysis tools. 

C. The security administrator should consider installing a cloud augmented security service. 

D. The security administrator should consider establishing an incident response team. 

Answer: