CompTIA CAS-002 Free Practice Questions

Q15. A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame for whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner?

A. During the Identification Phase

B. During the Lessons Learned phase

C. During the Containment Phase

D. During the Preparation Phase

View Answer

Q16. A network engineer wants to deploy user-based authentication across the companyu2021s wired and wireless infrastructure at layer 2 of the OSI model. Company policies require that users be centrally managed and authenticated and that each useru2021s network access be controlled based on the useru2021s role within the company. Additionally, the central authentication system must support hierarchical trust and the ability to natively authenticate mobile devices and workstations. Which of the following are needed to implement these requirements? (Select TWO).

A. SAML

B. WAYF

C. LDAP

D. RADIUS

E. Shibboleth

F. PKI

View Answer

Q17. The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. The CIOu2021s budget does not allow for full system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance director to minimize financial loss?

A. The company should mitigate the risk.

B. The company should transfer the risk.

C. The company should avoid the risk.

D. The company should accept the risk.

View Answer

Q18. An organization has decided to reduce labor costs by outsourcing back office processing of credit applications to a provider located in another country. Data sovereignty and privacy concerns raised by the security team resulted in the third-party provider only accessing and processing the data via remote desktop sessions. To facilitate communications and improve productivity, staff at the third party has been provided with corporate email accounts that are only accessible via the remote desktop sessions. Email forwarding is blocked and staff at the third party can only communicate with staff within the organization. Which of the following additional controls should be implemented to prevent data loss? (Select THREE).

A. Implement hashing of data in transit

B. Session recording and capture

C. Disable cross session cut and paste

D. Monitor approved credit accounts

E. User access audit reviews

F. Source IP whitelisting

View Answer

Q19. After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart.

SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);

The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping cartu2021s items?

A. Input validation

B. SQL injection

C. TOCTOU

D. Session hijacking

View Answer

Q20. A security manager for a service provider has approved two vendors for connections to the

service provider backbone. One vendor will be providing authentication services for its payment card service, and the other vendor will be providing maintenance to the service provider infrastructure sites. Which of the following business agreements is MOST relevant to the vendors and service provideru2021s relationship?

A. Memorandum of Agreement

B. Interconnection Security Agreement

C. Non-Disclosure Agreement

D. Operating Level Agreement

View Answer

Q21. A forensic analyst works for an e-discovery firm where several gigabytes of data are processed daily. While the business is lucrative, they do not have the resources or the scalability to adequately serve their clients. Since it is an e-discovery firm where chain of custody is important, which of the following scenarios should they consider?

A. Offload some data processing to a public cloud

B. Aligning their client intake with the resources available

C. Using a community cloud with adequate controls

D. Outsourcing the service to a third party cloud provider

View Answer

Q22. An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous monitoring of authorized information systems?

A. Independent verification and validation

B. Security test and evaluation

C. Risk assessment

D. Ongoing authorization

View Answer

Q23. It has come to the IT administratoru2021s attention that the u201cpost your commentu201d field on the company blog page has been exploited, resulting in cross-site scripting attacks against customers reading the blog. Which of the following would be the MOST effective at preventing the u201cpost your commentu201d field from being exploited?

A. Update the blog page to HTTPS

B. Filter metacharacters

C. Install HIDS on the server

D. Patch the web application

E. Perform client side input validation

View Answer

Q24. An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was detected. The software vendor is called in to troubleshoot the issue and reports that all core components were updated properly. Which of the following has been overlooked in securing the system? (Select TWO).

A. The companyu2021s IDS signatures were not updated.

B. The companyu2021s custom code was not patched.

C. The patch caused the system to revert to http.

D. The software patch was not cryptographically signed.

E. The wrong version of the patch was used.

F. Third-party plug-ins were not patched.

View Answer