Our pass rate is high to 98.9% and the similarity percentage between our CAS-002 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the CompTIA CAS-002 exam in just one try? I am currently studying for the CompTIA CAS-002 exam. Latest CompTIA CAS-002 Test exam practice questions and answers, Try CompTIA CAS-002 Brain Dumps First.

Q31. - (Topic 3) 

A security administrator is conducting network forensic analysis of a recent defacement of the company’s secure web payment server (HTTPS). The server was compromised around the New Year’s holiday when all the company employees were off. The company’s network diagram is summarized below: 

The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm during the holiday. 

Which of the following is true? 

A. The security administrator should review the IDS logs to determine the source of the attack and the attack vector used to compromise the web server. 

B. The security administrator must correlate the external firewall logs with the intrusion detection system logs to determine what specific attack led to the web server compromise. 

C. The security administrator must reconfigure the network and place the IDS between the SSL accelerator and the server farm to be able to determine the cause of future attacks. 

D. The security administrator must correlate logs from all the devices in the network diagram to determine what specific attack led to the web server compromise. 


Q32. - (Topic 1) 

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command string: 

user@hostname:~$ sudo nmap –O 

Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device: 

TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778 

Based on this information, which of the following operating systems is MOST likely running on the unknown node? 

A. Linux 

B. Windows 

C. Solaris 



Q33. - (Topic 4) 

The security administrator has just installed an active\passive cluster of two firewalls for enterprise perimeter defense of the corporate network. Stateful firewall inspection is being used in the firewall implementation. There have been numerous reports of dropped connections with external clients. 

Which of the following is MOST likely the cause of this problem? 

A. TCP sessions are traversing one firewall and return traffic is being sent through the secondary firewall and sessions are being dropped. 

B. TCP and UDP sessions are being balanced across both firewalls and connections are being dropped because the session IDs are not recognized by the secondary firewall. 

C. Prioritize UDP traffic and associated stateful UDP session information is traversing the passive firewall causing the connections to be dropped. 

D. The firewall administrator connected a dedicated communication cable between the firewalls in order to share a single state table across the cluster causing the sessions to be dropped. 


Q34. - (Topic 3) 

About twice a year a switch fails in a company's network center. Under the maintenance contract, the switch would be replaced in two hours losing the business $1,000 per hour. The cost of a spare switch is $3,000 with a 12-hour delivery time and would eliminate downtime costs if purchased ahead of time. The maintenance contract is $1,500 per year. 

Which of the following is true in this scenario? 

A. It is more cost-effective to eliminate the maintenance contract and purchase a replacement upon failure. 

B. It is more cost-effective to purchase a spare switch prior to an outage and eliminate the maintenance contract. 

C. It is more cost-effective to keep the maintenance contract instead of purchasing a spare switch prior to an outage. 

D. It is more cost-effective to purchase a spare switch prior to an outage and keep the maintenance contract. 


Q35. - (Topic 2) 

The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. A vulnerability scan found a collection of Linux servers that are missing OS level patches. Upon further investigation, a technician notices that there are a few unidentified processes running on a number of the servers. What would be a key FIRST step for the data security team to undertake at this point? 

A. Capture process ID data and submit to anti-virus vendor for review. 

B. Reboot the Linux servers, check running processes, and install needed patches. 

C. Remove a single Linux server from production and place in quarantine. 

D. Notify upper management of a security breach. 

E. Conduct a bit level image, including RAM, of one or more of the Linux servers. 


Q36. - (Topic 5) 

A security administrator needs to deploy a remote access solution for both staff and contractors. Management favors remote desktop due to ease of use. The current risk assessment suggests protecting Windows as much as possible from direct ingress traffic exposure. Which of the following solutions should be selected? 

A. Deploy a remote desktop server on your internal LAN, and require an active directory integrated SSL connection for access. 

B. Change remote desktop to a non-standard port, and implement password complexity for the entire active directory domain. 

C. Distribute new IPSec VPN client software to applicable parties. Virtualize remote desktop services functionality. 

D. Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication. 


Q37. - (Topic 1) 

Company ABC’s SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN? 

A. Enable multipath to increase availability 

B. Enable deduplication on the storage pools 

C. Implement snapshots to reduce virtual disk size 

D. Implement replication to offsite datacenter 


Q38. - (Topic 4) 

A system administrator is troubleshooting a possible denial of service on a sensitive system. The system seems to run properly for a few hours after it is restarted, but then it suddenly stops processing transactions. The system administrator suspects an internal DoS caused by a disgruntled developer who is currently seeking a new job while still working for the company. After looking into various system logs, the system administrator looks at the following output from the main system service responsible for processing incoming transactions. 



031020141100002055com.proc12.35.2M 031020141230002055com.proc22.022M 031020141300002055com.proc33.01.6G 031020141330002055com.proc30.28.0G 

Which of the following is the MOST likely cause for the DoS? 

A. The system does not implement proper garbage collection. 

B. The system is susceptible to integer overflow. 

C. The system does not implement input validation. 

D. The system does not protect against buffer overflows properly. 


Q39. - (Topic 1) 

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO). 

A. Physical penetration test of the datacenter to ensure there are appropriate controls. 

B. Penetration testing of the solution to ensure that the customer data is well protected. 

C. Security clauses are implemented into the contract such as the right to audit. 

D. Review of the organizations security policies, procedures and relevant hosting certifications. 

E. Code review of the solution to ensure that there are no back doors located in the software. 

Answer: C,D 

Q40. - (Topic 3) 

The Chief Technology Officer (CTO) has decided that servers in the company datacenter should be virtualized to conserve physical space. The risk assurance officer is concerned that the project team in charge of virtualizing servers plans to co-mingle many guest operating systems with different security requirements to speed up the rollout and reduce the number of host operating systems or hypervisors required. 

Which of the following BEST describes the risk assurance officer’s concerns? 

A. Co-mingling guest operating system with different security requirements allows guest OS privilege elevation to occur within the guest OS via shared memory allocation with the host OS. 

B. Co-mingling of guest operating systems with different security requirements increases the risk of data loss if the hypervisor fails. 

C. A weakly protected guest OS combined with a host OS exploit increases the chance of a successful VMEscape attack being executed, compromising the hypervisor and other guest OS. 

D. A weakly protected host OS will allow the hypervisor to become corrupted resulting in data throughput performance issues.