Many IT aspirants are eager to get the CompTIA CompTIA certification. It can be a threshold in direction of a well-paid career. If you carry a CompTIA certification, you may hold your advantage over some other candidates in the career market. Nonetheless, passing the CompTIA CAS-002 exam is actually never a great easy career without any kind of help. Having advantage of your CompTIA CompTIA exam questions and answers that reflect the genuine exam at Pass4sure, you may be all set for the CompTIA genuine test. It can be a more quickly and simpler approach for you to prepare for your CompTIA CAS-002 exam by using the Pass4sures coaching course. Many of us guarantee your own success at first attempt.

2021 Dec CAS-002 test questions

Q251. - (Topic 4) 

Some mobile devices are jail-broken by connecting via USB cable and then exploiting software vulnerabilities to get kernel-level access. Which of the following attack types represents this scenario? (Select TWO). 

A. Session management attack 

B. Protocol fuzzing 

C. Root-kit compromise 

D. Physical attack 

E. Privilege escalation 

F. Man-in-the-middle 

Answer: D,E 


Q252. - (Topic 1) 

A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant effect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings? 

A. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects. 

B. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution. 

C. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness. 

D. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution. 

Answer:


Q253. - (Topic 4) 

A developer has implemented a piece of client-side JavaScript code to sanitize a user’s 

provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log: 

10.235.62.11 – - [02/Mar/2014:06:13:04] “GET /site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1” 200 5724 

Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer? 

A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters. 

B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side. 

C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation. 

D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced. 

Answer:


Q254. - (Topic 1) 

select id, firstname, lastname from authors User input= firstname= Hack;man lastname=Johnson 

Which of the following types of attacks is the user attempting? 

A. XML injection 

B. Command injection 

C. Cross-site scripting 

D. SQL injection 

Answer:


Q255. - (Topic 1) 

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool? 

A. The tool could show that input validation was only enabled on the client side 

B. The tool could enumerate backend SQL database table and column names 

C. The tool could force HTTP methods such as DELETE that the server has denied 

D. The tool could fuzz the application to determine where memory leaks occur 

Answer:


Renovate CAS-002 practice exam:

Q256. - (Topic 4) 

The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees: 

Employee A. Works in the accounts receivable office and is in charge of entering data into the finance system. 

Employee B. Works in the accounts payable office and is in charge of approving purchase orders. 

Employee C. Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B. 

Which of the following should the auditor suggest be done to avoid future security breaches? 

A. All employees should have the same access level to be able to check on each others. 

B. The manager should only be able to review the data and approve purchase orders. 

C. Employee A and Employee B should rotate jobs at a set interval and cross-train. 

D. The manager should be able to both enter and approve information. 

Answer:


Q257. - (Topic 5) 

An internal committee comprised of the facilities manager, the physical security manager, the network administrator, and a member of the executive team has been formed to address a recent breach at a company’s data center. It was discovered that during the breach, an HVAC specialist had gained entry to an area that contained server farms holding sensitive financial data. Although the HVAC specialist was there to fix a legitimate issue, the investigation concluded security be provided for the two entry and exit points for the server farm. Which of the following should be implemented to accomplish the recommendations of the investigation? 

A. Implement a policy that all non-employees should be escorted in the data center. 

B. Place a mantrap at the points with biometric security. 

C. Hire an HVAC person for the company, eliminating the need for external HVAC people. 

D. Implement CCTV cameras at both points. 

Answer:


Q258. - (Topic 2) 

A network engineer wants to deploy user-based authentication across the company’s wired and wireless infrastructure at layer 2 of the OSI model. Company policies require that users be centrally managed and authenticated and that each user’s network access be controlled based on the user’s role within the company. Additionally, the central authentication system must support hierarchical trust and the ability to natively authenticate mobile devices and workstations. Which of the following are needed to implement these requirements? (Select TWO). 

A. SAML 

B. WAYF 

C. LDAP 

D. RADIUS 

E. Shibboleth 

F. PKI 

Answer: C,D 


Q259. - (Topic 1) 

An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence? 

A. Review switch and router configurations 

B. Review the security policies and standards 

C. Perform a network penetration test 

D. Review the firewall rule set and IPS logs 

Answer:


Q260. - (Topic 2) 

An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO). 

A. /etc/passwd 

B. /etc/shadow 

C. /etc/security 

D. /etc/password 

E. /sbin/logon 

F. /bin/bash 

Answer: A,B