we provide High quality CompTIA CAS-002 exam topics which are the best for clearing CAS-002 test, and to get certified by CompTIA CompTIA Advanced Security Practitioner (CASP). The CAS-002 Questions & Answers covers all the knowledge points of the real CAS-002 exam. Crack your CompTIA CAS-002 Exam with latest dumps, guaranteed!

P.S. High quality CAS-002 training materials are available on Google Drive, GET MORE: https://drive.google.com/open?id=1o83EG0ADisGFtGQxvx-BzUZbRUif5wko

New CompTIA CAS-002 Exam Dumps Collection (Question 8 - Question 17)

New Questions 8

The security administrator finds unauthorized tables and records, which were not present before, on a Linux database server. The database server communicates only with one web server, which connects to the database server via an account with SELECT only privileges. Web server logs show the following: u2013 - [08/Mar/2014:10:54:04] u201cGET calendar.php?create%20table%20hidden HTTP/1.1u201d 200 5724 u2013 - [08/Mar/2014:10:54:05] u201cGET ../../../root/.bash_history HTTP/1.1u201d 200

5724 u2013 - [08/Mar/2014:10:54:04] u201cGET index.php?user=<script>Create</script> HTTP/1.1u201d 200 5724

The security administrator also inspects the following file system locations on the database server using the command u2018ls -al /rootu2019

drwxrwxrwx 11 root root 4096 Sep 28 22:45 .

drwxr-xr-x 25 root root 4096 Mar 8 09:30 ..

-rws------ 25 root root 4096 Mar 8 09:30 .bash_history

-rw------- 25 root root 4096 Mar 8 09:30 .bash_history

-rw------- 25 root root 4096 Mar 8 09:30 .profile

-rw------- 25 root root 4096 Mar 8 09:30 .ssh

Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO).

A. Privilege escalation

B. Brute force attack

C. SQL injection

D. Cross-site scripting

E. Using input validation, ensure the following characters are sanitized. <>

F. Update crontab with: find / \\( -perm -4000 \\) u2013type f u2013print0 | xargs -0 ls u2013l | email.sh

G. Implement the following PHP directive: $clean_user_input = addslashes($user_input)

H. Set an account lockout policy

Answer: A,F

New Questions 9

An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the-middle attack. Which of the following controls should be implemented to mitigate the attack in the future?

A. Use PAP for secondary authentication on each RADIUS server

B. Disable unused EAP methods on each RADIUS server

C. Enforce TLS connections between RADIUS servers

D. Use a shared secret for each pair of RADIUS servers

Answer: C

New Questions 10

The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?





Answer: D

New Questions 11

An administrator receives a notification from legal that an investigation is being performed on members of the finance department. As a precaution, legal has advised a legal hold on all documents for an unspecified period of time. Which of the following policies will MOST likely be violated? (Select TWO).

A. Data Storage Policy

B. Data Retention Policy

C. Corporate Confidentiality Policy

D. Data Breach Mitigation Policy

E. Corporate Privacy Policy

Answer: A,B

New Questions 12

A security consultant is investigating acts of corporate espionage within an organization. Each time the organization releases confidential information to high-ranking engineers, the information is soon leaked to competing companies. Which of the following techniques should the consultant use to discover the source of the information leaks?

A. Digital watermarking

B. Steganography

C. Enforce non-disclosure agreements

D. Digital rights management

Answer: A

New Questions 13

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats?

A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates.

B. Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs.

C. Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs.

D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed.

Answer: D

New Questions 14

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

A. Demonstration of IPS system

B. Review vendor selection process

C. Calculate the ALE for the event

D. Discussion of event timeline

E. Assigning of follow up items

Answer: D,E

New Questions 15

Part of the procedure for decommissioning a database server is to wipe all local disks, as well as SAN LUNs allocated to the server, even though the SAN itself is not being decommissioned. Which of the following is the reason for wiping the SAN LUNs?

A. LUN masking will prevent the next server from accessing the LUNs.

B. The data may be replicated to other sites that are not as secure.

C. Data remnants remain on the LUN that could be read by other servers.

D. The data is not encrypted during transport.

Answer: C

New Questions 16

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now?

A. Agile

B. Waterfall

C. Scrum

D. Spiral

Answer: B

New Questions 17

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?

A. The tool could show that input validation was only enabled on the client side

B. The tool could enumerate backend SQL database table and column names

C. The tool could force HTTP methods such as DELETE that the server has denied

D. The tool could fuzz the application to determine where memory leaks occur

Answer: A

Recommend!! Get the High quality CAS-002 dumps in VCE and PDF From Surepassexam, Welcome to download: https://www.surepassexam.com/CAS-002-exam-dumps.html (New 532 Q&As Version)