Pass4sure CAS-002 Questions are updated and all CAS-002 answers are verified by experts. Once you have completely prepared with our CAS-002 exam prep kits you will be ready for the real CAS-002 exam without a problem. We have Regenerate CompTIA CAS-002 dumps study guide. PASSED CAS-002 First attempt! Here What I Did.

Q81. - (Topic 2) 

Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of the following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO). 

A. Jailbroken mobile device 

B. Reconnaissance tools 

C. Network enumerator 

D. HTTP interceptor 

E. Vulnerability scanner 

F. Password cracker 

Answer: D,E 

Q82. - (Topic 4) 

Some mobile devices are jail-broken by connecting via USB cable and then exploiting software vulnerabilities to get kernel-level access. Which of the following attack types represents this scenario? (Select TWO). 

A. Session management attack 

B. Protocol fuzzing 

C. Root-kit compromise 

D. Physical attack 

E. Privilege escalation 

F. Man-in-the-middle 

Answer: D,E 

Q83. - (Topic 3) 

A University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing. Which of the following is the BEST course of action? 

A. Notify the transaction system vendor of the security vulnerability that was discovered. 

B. Use a protocol analyzer to reverse engineer the transaction system’s protocol. 

C. Contact the computer science students and threaten disciplinary action if they continue their actions. 

D. Install a NIDS in front of all the transaction system terminals. 


Q84. - (Topic 5) 

The threat abatement program manager tasked the software engineer with identifying the fastest implementation of a hash function to protect passwords with the least number of collisions. Which of the following should the software engineer implement to best meet the requirements? 

A. hash = sha512(password + salt);for (k = 0; k < 4000; k++) {hash = sha512 (hash);} 

B. hash = md5(password + salt);for (k = 0; k < 5000; k++) {hash = md5 (hash);} 

C. hash = sha512(password + salt);for (k = 0; k < 3000; k++) {hash = sha512 (hash + password + salt);} 

D. hash1 = sha1(password + salt);hash = sha1 (hash1); 


Q85. - (Topic 2) 

An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO). 

A. /etc/passwd 

B. /etc/shadow 

C. /etc/security 

D. /etc/password 

E. /sbin/logon 

F. /bin/bash 

Answer: A,B 

Q86. - (Topic 5) 

A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected? 

A. The malware file’s modify, access, change time properties. 

B. The timeline analysis of the file system. 

C. The time stamp of the malware in the swap file. 

D. The date/time stamp of the malware detection in the antivirus logs. 


Q87. - (Topic 2) 

A project manager working for a large city government is required to plan and build a WAN, which will be required to host official business and public access. It is also anticipated that the city’s emergency and first response communication systems will be required to operate across the same network. The project manager has experience with enterprise IT projects, but feels this project has an increased complexity as a result of the mixed business / public use and the critical infrastructure it will provide. Which of the following should the project manager release to the public, academia, and private industry to ensure the city provides due care in considering all project factors prior to building its new WAN? 






Q88. - (Topic 3) 

A process allows a LUN to be available to some hosts and unavailable to others. Which of the following causes such a process to become vulnerable? 

A. LUN masking 

B. Data injection 

C. Data fragmentation 

D. Moving the HBA 


Q89. - (Topic 1) 

A company sales manager received a memo from the company’s financial department which stated that the company would not be putting its software products through the same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that the marketing material and service level agreement for each product would remain unchanged. The sales manager has reviewed the sales goals for the upcoming year and identified an increased target across the software products that will be affected by the financial department’s change. All software products will continue to go through new development in the coming year. Which of the following should the sales manager do to ensure the company stays out of trouble? 

A. Discuss the issue with the software product's user groups 

B. Consult the company’s legal department on practices and law 

C. Contact senior finance management and provide background information 

D. Seek industry outreach for software practices and law 


Q90. - (Topic 3) 

A large organization has gone through several mergers, acquisitions, and de-mergers over the past decade. As a result, the internal networks have been integrated but have complex dependencies and interactions between systems. Better integration is needed in order to simplify the underlying complexity. Which of the following is the MOST suitable integration platform to provide event-driven and standards-based secure software architecture? 

A. Service oriented architecture (SOA) 

B. Federated identities 

C. Object request broker (ORB) 

D. Enterprise service bus (ESB)