CompTIA CAS-002 Free Practice Questions

Q1. - (Topic 2) 

The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The following information is compiled: 

Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0 Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0 Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0 

All callers are connected to the same switch and are routed by a router with five built-in interfaces. The upstream router interface’s MAC is 00-01-42-32-ab-1a 

A packet capture shows the following: 

09:05:15.934840 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a) 

09:06:16.124850 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a) 

09:07:25.439811 arp reply 172.16.34.1 is-at 00:01:42:32:ab:1a (00:01:42:32:ab:1a) 

09:08:10.937590 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2305, seq 1, length 65534 

09:08:10.937591 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2306, seq 2, length 65534 

09:08:10.937592 IP 172.16.35.1 > 172.16.35.255: ICMP echo request, id 2307, seq 3, length 65534 

Which of the following is occurring on the network? 

A. A man-in-the-middle attack is underway on the network. 

B. An ARP flood attack is targeting at the router. 

C. The default gateway is being spoofed on the network. 

D. A denial of service attack is targeting at the router. 

View Answer

Q2. - (Topic 1) 

A university requires a significant increase in web and database server resources for one week, twice a year, to handle student registration. The web servers remain idle for the rest of the year. Which of the following is the MOST cost effective way for the university to securely handle student registration? 

A. Virtualize the web servers locally to add capacity during registration. 

B. Move the database servers to an elastic private cloud while keeping the web servers local. 

C. Move the database servers and web servers to an elastic private cloud. 

D. Move the web servers to an elastic public cloud while keeping the database servers local. 

View Answer

Q3. - (Topic 2) 

An investigator wants to collect the most volatile data first in an incident to preserve the data that runs the highest risk of being lost. After memory, which of the following BEST represents the remaining order of volatility that the investigator should follow? 

A. File system information, swap files, network processes, system processes and raw disk blocks. 

B. Raw disk blocks, network processes, system processes, swap files and file system information. 

C. System processes, network processes, file system information, swap files and raw disk blocks. 

D. Raw disk blocks, swap files, network processes, system processes, and file system information. 

View Answer

Q4. - (Topic 2) 

Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request: 

POST /login.aspx HTTP/1.1 

Host: comptia.org 

Content-type: text/html 

txtUsername=ann&txtPassword=ann&alreadyLoggedIn=false&submit=true 

Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass? 

A. Remove all of the post data and change the request to /login.aspx from POST to GET 

B. Attempt to brute force all usernames and passwords using a password cracker 

C. Remove the txtPassword post data and change alreadyLoggedIn from false to true 

D. Remove the txtUsername and txtPassword post data and toggle submit from true to false 

View Answer

Q5. - (Topic 3) 

A security consultant is hired by a company to determine if an internally developed web application is vulnerable to attacks. The consultant spent two weeks testing the application, and determines that no vulnerabilities are present. Based on the results of the tools and tests available, which of the following statements BEST reflects the security status of the application? 

A. The company’s software lifecycle management improved the security of the application. 

B. There are no vulnerabilities in the application. 

C. The company should deploy a web application firewall to ensure extra security. 

D. There are no known vulnerabilities at this time. 

View Answer

Q6. - (Topic 5) 

A security administrator was doing a packet capture and noticed a system communicating with an address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network. Which of the following is the BEST course of action? 

A. Investigate the network traffic and block UDP port 3544 at the firewall 

B. Remove the system from the network and disable IPv6 at the router 

C. Locate and remove the unauthorized 6to4 relay from the network 

D. Disable the switch port and block the 2001::/32 traffic at the firewall 

View Answer

Q7. - (Topic 3) 

An IT administrator wants to restrict DNS zone transfers between two geographically dispersed, external company DNS name servers, and has decided to use TSIG. Which of the following are critical when using TSIG? (Select TWO). 

A. Periodic key changes once the initial keys are established between the DNS name servers. 

B. Secure exchange of the key values between the two DNS name servers. 

C. A secure NTP source used by both DNS name servers to avoid message rejection. 

D. DNS configuration files on both DNS name servers must be identically encrypted. 

E. AES encryption with a SHA1 hash must be used to encrypt the configuration files on both DNS name servers. 

View Answer

Q8. - (Topic 2) 

An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO). 

A. /etc/passwd 

B. /etc/shadow 

C. /etc/security 

D. /etc/password 

E. /sbin/logon 

F. /bin/bash 

View Answer

Q9. - (Topic 1) 

A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital’s guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital’s system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO). 

A. Privacy could be compromised as patient records can be viewed in uncontrolled areas. 

B. Device encryption has not been enabled and will result in a greater likelihood of data loss. 

C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data. 

D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes. 

E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable. 

View Answer

Q10. - (Topic 4) 

An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies. Which of the following can be used to BEST achieve the CISO’s objectives? 

A. CoBIT 

B. UCF 

C. ISO 27002 

D. eGRC 

View Answer

Q11. - (Topic 2) 

A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system? 

A. Isolate the system on a secure network to limit its contact with other systems 

B. Implement an application layer firewall to protect the payroll system interface 

C. Monitor the system’s security log for unauthorized access to the payroll application 

D. Perform reconciliation of all payroll transactions on a daily basis 

View Answer

Q12. - (Topic 1) 

Executive management is asking for a new manufacturing control and workflow automation solution. This application will facilitate management of proprietary information and closely guarded corporate trade secrets. 

The information security team has been a part of the department meetings and come away with the following notes: 

-Human resources would like complete access to employee data stored in the application. They would like automated data interchange with the employee management application, a cloud-based SaaS application. 

-Sales is asking for easy order tracking to facilitate feedback to customers. 

-Legal is asking for adequate safeguards to protect trade secrets. They are also concerned with data ownership questions and legal jurisdiction. 

-Manufacturing is asking for ease of use. Employees working the assembly line cannot be bothered with additional steps or overhead. System interaction needs to be quick and easy. 

-Quality assurance is concerned about managing the end product and tracking overall performance of the product being produced. They would like read-only access to the entire workflow process for monitoring and baselining. 

The favored solution is a user friendly software application that would be hosted onsite. It has extensive ACL functionality, but also has readily available APIs for extensibility. It supports read-only access, kiosk automation, custom fields, and data encryption. 

Which of the following departments’ request is in contrast to the favored solution? 

A. Manufacturing 

B. Legal 

C. Sales 

D. Quality assurance 

E. Human resources 

View Answer

Q13. - (Topic 2) 

An organization has implemented an Agile development process for front end web application development. A new security architect has just joined the company and wants to integrate security activities into the SDLC. 

Which of the following activities MUST be mandated to ensure code quality from a security perspective? (Select TWO). 

A. Static and dynamic analysis is run as part of integration 

B. Security standards and training is performed as part of the project 

C. Daily stand-up meetings are held to ensure security requirements are understood 

D. For each major iteration penetration testing is performed 

E. Security requirements are story boarded and make it into the build 

F. A security design is performed at the end of the requirements phase 

View Answer

Q14. - (Topic 1) 

A large enterprise acquires another company which uses antivirus from a different vendor. The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the following tools can BEST meet the CISO’s requirement? 

A. GRC 

B. IPS 

C. CMDB 

D. Syslog-ng 

E. IDS 

View Answer

Q15. - (Topic 5) 

A security engineer wants to implement forward secrecy but still wants to ensure the number of requests handled by the web server is not drastically reduced due to the larger computational overheads. Browser compatibility is not a concern; however system performance is. Which of the following, when implemented, would BEST meet the engineer’s requirements? 

A. DHE 

B. ECDHE 

C. AES128-SHA 

D. DH 

View Answer