CompTIA CAS-002 Free Practice Questions

Q1. - (Topic 1) 

A security analyst has been asked to develop a quantitative risk analysis and risk assessment for the company’s online shopping application. Based on heuristic information from the Security Operations Center (SOC), a Denial of Service Attack (DoS) has been successfully executed 5 times a year. The Business Operations department has determined the loss associated to each attack is $40,000. After implementing application caching, the number of DoS attacks was reduced to one time a year. The cost of the countermeasures was $100,000. Which of the following is the monetary value earned during the first year of operation? 

A. $60,000 

B. $100,000 

C. $140,000 

D. $200,000 

View Answer

Q2. - (Topic 2) 

An internal development team has migrated away from Waterfall development to use Agile development. Overall, this has been viewed as a successful initiative by the stakeholders as it has improved time-to-market. However, some staff within the security team have contended that Agile development is not secure. Which of the following is the MOST accurate statement? 

A. Agile and Waterfall approaches have the same effective level of security posture. They both need similar amounts of security effort at the same phases of development. 

B. Agile development is fundamentally less secure than Waterfall due to the lack of formal up-front design and inability to perform security reviews. 

C. Agile development is more secure than Waterfall as it is a more modern methodology which has the advantage of having been able to incorporate security best practices of recent years. 

D. Agile development has different phases and timings compared to Waterfall. Security activities need to be adapted and performed within relevant Agile phases. 

View Answer

Q3. CORRECT TEXT - (Topic 2) 

Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to conduct this review on the internal firewall sitting between several Internal networks. The intent of this firewall is to make traffic more restrictive. Given the following information answer the questions below: 

User Subnet: 192.168.1.0/24 Server Subnet: 192.168.2.0/24 Finance Subnet:192.168.3.0/24 

Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order columns. Firewall ACLs are read from the top down 

Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue. 

Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications. 

Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue. 

Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed. 

View Answer

Q4. - (Topic 3) 

A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number of hosts located in the application zone, the production zone, and the core network. The 50 hosts in the core network are a mixture of Windows and Linux based systems, used by development staff to develop new applications. The single Windows host in the application zone is used exclusively by the production team to control software deployments into the production zone. There are 10 UNIX web application hosts in the production zone which are publically accessible. 

Development staff is required to install and remove various types of software from their hosts on a regular basis while the hosts in the zone rarely require any type of configuration changes. 

Which of the following when implemented would provide the BEST level of protection with the LEAST amount of disruption to staff? 

A. NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware across all Windows hosts. 

B. NIPS in the production zone, NIDS in the application zone, HIPS in the core network, and anti-virus / anti-malware across all hosts. 

C. HIPS in the production zone, NIPS in the application zone, and HIPS in the core network. 

D. NIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware across all hosts. 

View Answer

Q5. - (Topic 5) 

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool? 

A. The tool could show that input validation was only enabled on the client side 

B. The tool could enumerate backend SQL database table and column names 

C. The tool could force HTTP methods such as DELETE that the server has denied 

D. The tool could fuzz the application to determine where memory leaks occur 

View Answer

Q6. - (Topic 4) 

Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZ’s hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning PII, and administrative complexity on the proposal. Which of the following BEST describes the core concerns of the security architect? 

A. Most of company XYZ’s customers are willing to accept the risks of unauthorized disclosure and access to information by outside users. 

B. The availability requirements in SLAs with each hosted customer would have to be re-written to account for the transfer of virtual machines between physical platforms for regular maintenance. 

C. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer. 

D. Not all of company XYZ’s customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings. 

View Answer

Q7. - (Topic 2) 

An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO). 

A. /etc/passwd 

B. /etc/shadow 

C. /etc/security 

D. /etc/password 

E. /sbin/logon 

F. /bin/bash 

View Answer

Q8. - (Topic 2) 

ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security? (Select THREE). 

A. Establish a list of users that must work with each regulation 

B. Establish a list of devices that must meet each regulation 

C. Centralize management of all devices on the network 

D. Compartmentalize the network 

E. Establish a company framework 

F. Apply technical controls to meet compliance with the regulation 

View Answer

Q9. - (Topic 4) 

A system administrator is troubleshooting a possible denial of service on a sensitive system. The system seems to run properly for a few hours after it is restarted, but then it suddenly stops processing transactions. The system administrator suspects an internal DoS caused by a disgruntled developer who is currently seeking a new job while still working for the company. After looking into various system logs, the system administrator looks at the following output from the main system service responsible for processing incoming transactions. 

DATE/TIMEPIDCOMMAND%CPUMEM 

031020141030002055com.proc10.2920K 

031020141100002055com.proc12.35.2M 031020141230002055com.proc22.022M 031020141300002055com.proc33.01.6G 031020141330002055com.proc30.28.0G 

Which of the following is the MOST likely cause for the DoS? 

A. The system does not implement proper garbage collection. 

B. The system is susceptible to integer overflow. 

C. The system does not implement input validation. 

D. The system does not protect against buffer overflows properly. 

View Answer

Q10. - (Topic 2) 

An IT Manager is concerned about errors made during the deployment process for a new model of tablet. Which of the following would suggest best practices and configuration parameters that technicians could follow during the deployment process? 

A. Automated workflow 

B. Procedure 

C. Corporate standard 

D. Guideline 

E. Policy 

View Answer

Q11. - (Topic 1) 

A small company’s Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company’s security posture quickly with regard to targeted attacks. Which of the following should the CSO conduct FIRST? 

A. Survey threat feeds from services inside the same industry. 

B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic. 

C. Conduct an internal audit against industry best practices to perform a qualitative analysis. 

D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor. 

View Answer

Q12. - (Topic 4) 

Company XYZ is in negotiations to acquire Company ABC for $1.2millon. Due diligence activities have uncovered systemic security issues in the flagship product of Company ABC. It has been established that a complete product rewrite would be needed with average estimates indicating a cost of $1.6millon. Which of the following approaches should the risk manager of Company XYZ recommend? 

A. Transfer the risk 

B. Accept the risk 

C. Mitigate the risk 

D. Avoid the risk 

View Answer

Q13. - (Topic 3) 

An administrator is notified that contract workers will be onsite assisting with a new project. The administrator wants each worker to be aware of the corporate policy pertaining to USB storage devices. Which of the following should each worker review and understand before beginning work? 

A. Interconnection Security Agreement 

B. Memorandum of Understanding 

C. Business Partnership Agreement 

D. Non-Disclosure Agreement 

View Answer

Q14. - (Topic 5) 

A security administrator is investigating the compromise of a software distribution website. Forensic analysis shows that several popular files are infected with malicious code. However, comparing a hash of the infected files with the original, non-infected files which were restored from backup, shows that the hash is the same. Which of the following explains this? 

A. The infected files were using obfuscation techniques to evade detection by antivirus software. 

B. The infected files were specially crafted to exploit a collision in the hash function. 

C. The infected files were using heuristic techniques to evade detection by antivirus software. 

D. The infected files were specially crafted to exploit diffusion in the hash function. 

View Answer

Q15. - (Topic 2) 

Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based tools to identify such systems for the purpose of disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be used to help the security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE). 

A. Passive banner grabbing 

B. Password cracker 

C. 

http://www.company.org/documents_private/index.php?search=string#&topic=windows&tcp =packet%20capture&cookie=wokdjwalkjcnie61lkasdf2aliser4 

D. 443/tcp open http 

E. dig host.company.com 

F. 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40)192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 (correct), win 512, length 

G. Nmap 

View Answer