Latest Certified Success Dumps Download

CAS-002 Latest Exam (Sep 2017)

[Free] 2017(Sep) EnsurePass Dumpsleader CompTIA CAS-002 Dumps with VCE and PDF 101-110

September 15, 2017

2017 Sep CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP)

Question No: 101 – (Topic 1)

Two universities are making their 802.11n wireless networks available to the other university’s students. The infrastructure will pass the student’s credentials back to the home school for authentication via the Internet.

The requirements are:

The following design was implemented:

WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be used to forward authentication requests to the home school The RADIUS servers will have certificates from a common public certificate authority

A strong shared secret will be used for RADIUS server authentication

Which of the following security considerations should be added to the design?

  1. The transport layer between the RADIUS servers should be secured

  2. WPA Enterprise should be used to decrease the network overhead

  3. The RADIUS servers should have local accounts for the visiting students

  4. Students should be given certificates to use for authentication to the network

Answer: A

Question No: 102 – (Topic 1)

A security administrator notices the following line in a server#39;s security log:

lt;input name=#39;credentials#39; type=#39;TEXT#39; value=#39;quot;

request.getParameter(#39;gt;lt;scriptgt;document.location=#39;;document.cooki elt;/scriptgt;#39;) quot;#39;;

The administrator is concerned that it will take the developer a lot of time to fix the application that is running on the server. Which of the following should the security administrator implement to prevent this particular attack?

  1. WAF

  2. Input validation

  3. SIEM

  4. Sandboxing

  5. DAM

Answer: A

Question No: 103 – (Topic 1)

A security administrator was doing a packet capture and noticed a system communicating with an unauthorized address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network. Which of the following is the BEST course of action?

  1. Investigate the network traffic and block UDP port 3544 at the firewall

  2. Remove the system from the network and disable IPv6 at the router

  3. Locate and remove the unauthorized 6to4 relay from the network

  4. Disable the switch port and block the 2001::/32 traffic at the firewall

Answer: A

Question No: 104 – (Topic 1)

A developer has implemented a piece of client-side JavaScript code to sanitize a user’s provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log: – – [02/Mar/2014:06:13:04] “GET

/site/script.php?user=adminamp;pass=pass or 1=1 HTTP/1.1″ 200 5724

Given this log, which of the following is the security administrator concerned with and which

fix should be implemented by the developer?

  1. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.

  2. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.

  3. The security administrator is concerned with SQL injection, and the developer should implement server side input validation.

  4. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.

Answer: C

Question No: 105 – (Topic 1)

A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant effect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings?

  1. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.

  2. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.

  3. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.

  4. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.

Answer: D

Question No: 106 – (Topic 1)

The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage, and realizes this is a risk to the company. In response, the CISO implements a mandatory training course in which all

employees are instructed on the proper use of cloud-based storage. Which of the following risk strategies did the CISO implement?

  1. Avoid

  2. Accept

  3. Mitigate

  4. Transfer

Answer: C

Question No: 107 – (Topic 1)

A security administrator notices a recent increase in workstations becoming compromised by malware. Often, the malware is delivered via drive-by downloads, from malware hosting websites, and is not being detected by the corporate antivirus. Which of the following solutions would provide the BEST protection for the company?

  1. Increase the frequency of antivirus downloads and install updates to all workstations.

  2. Deploy a cloud-based content filter and enable the appropriate category to prevent further infections.

  3. Deploy a WAF to inspect and block all web traffic which may contain malware and exploits.

  4. Deploy a web based gateway antivirus server to intercept viruses before they enter the network.

Answer: B

Question No: 108 – (Topic 1)

An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous monitoring of authorized information systems?

  1. Independent verification and validation

  2. Security test and evaluation

  3. Risk assessment

  4. Ongoing authorization

Answer: D

Question No: 109 – (Topic 1)

An attacker attempts to create a DoS event against the VoIP system of a company. The attacker uses a tool to flood the network with a large number of SIP INVITE traffic. Which of the following would be LEAST likely to thwart such an attack?

  1. Install IDS/IPS systems on the network

  2. Force all SIP communication to be encrypted

  3. Create separate VLANs for voice and data traffic

  4. Implement QoS parameters on the switches

Answer: D

Question No: 110 – (Topic 1)

The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company’s external router’s IP which is

11:16:22.110343 IP gt; UDP, length 1400

11:16:22.110351 IP gt; UDP, length 1400

11:16:22.110358 IP gt; UDP, length 1400

11:16:22.110402 IP gt; UDP, length 1400

11:16:22.110406 IP gt; UDP, length 1400

Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration?

  1. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company’s ISP should be contacted and instructed to block the malicious packets.

  2. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication.

  3. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks.

  4. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company’s external router to block incoming UDP port 19 traffic.

Answer: A

100% Free Download!
Download Free Demo:CAS-002 Demo PDF
100% Pass Guaranteed!
Download 2017 EnsurePass CAS-002 Full Exam PDF and VCE

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No

2017 EnsurePass IT Certification PDF and VCE