CAS-002 CompTIA Advanced Security Practitioner (CASP)

Page 1   
Question 1

A systems administrator establishes a CIFS share on a UNIX device to share data to
Windows systems. The security authentication on the Windows domain is set to the highest
level. Windows users are stating that they cannot authenticate to the UNIX share. Which of
the following settings on the UNIX server would correct this problem?

  • A. Refuse LM and only accept NTLMv2
  • B. Accept only LM
  • C. Refuse NTLMv2 and accept LM
  • D. Accept only NTLM

Answer : A

Question 2

A software project manager has been provided with a requirement from the customer to
place limits on the types of transactions a given user can initiate without external interaction
from another user with elevated privileges. This requirement is BEST described as an
implementation of:

  • A. an administrative control
  • B. dual control
  • C. separation of duties
  • D. least privilege
  • E. collusion

Answer : C

Question 3

Ann, a software developer, wants to publish her newly developed software to an online
store. Ann wants to ensure that the software will not be modified by a third party or end
users before being installed on mobile devices. Which of the following should Ann
implement to stop modified copies of her software from running on mobile devices?

  • A. Single sign-on
  • B. Identity propagation
  • C. Remote attestation
  • D. Secure code review

Answer : C

Question 4

A web services company is planning a one-time high-profile event to be hosted on the
corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe,
the Chief Executive Officer (CEO), has requested that his security engineers put temporary
preventive controls in place. Which of the following would MOST appropriately address
Joe's concerns?

  • A. Ensure web services hosting the event use TCP cookies and deny_hosts.
  • B. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.
  • C. Contract and configure scrubbing services with third-party DDoS mitigation providers.
  • D. Purchase additional bandwidth from the company’s Internet service provider.

Answer : C

Question 5

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day
exploits. The CISO is concerned that an unrecognized threat could compromise corporate
data and result in regulatory fines as well as poor corporate publicity. The network is mostly
flat, with split staff/guest wireless functionality. Which of the following equipment MUST be
deployed to guard against unknown threats?

  • A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates.
  • B. Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs.
  • C. Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs.
  • D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed.

Answer : D

Question 6

A security administrator is shown the following log excerpt from a Unix system:
2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from port
37914 ssh2
2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from port
37915 ssh2
2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from port
37916 ssh2
2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from port
37918 ssh2
2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from port
37920 ssh2
2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from port
37924 ssh2
Which of the following is the MOST likely explanation of what is occurring and the BEST
immediate response? (Select TWO).

  • A. An authorized administrator has logged into the root account remotely.
  • B. The administrator should disable remote root logins.
  • C. Isolate the system immediately and begin forensic analysis on the host.
  • D. A remote attacker has compromised the root account using a buffer overflow in sshd.
  • E. A remote attacker has guessed the root password using a dictionary attack.
  • F. Use iptables to immediately DROP connections from the IP
  • G. A remote attacker has compromised the private key of the root account.
  • H. Change the root password immediately to a password not found in a dictionary.

Answer : C,E

Question 7

A popular commercial virtualization platform allows for the creation of virtual hardware. To
virtual machines, this virtual hardware is indistinguishable from real hardware. By
implementing virtualized TPMs, which of the following trusted system concepts can be

  • A. Software-based root of trust
  • B. Continuous chain of trust
  • C. Chain of trust with a hardware root of trust
  • D. Software-based trust anchor with no root of trust

Answer : C

Question 8

At 9:00 am each morning, all of the virtual desktops in a VDI implementation become
extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which
everything runs properly again. The administrator has traced the problem to a lab of thin
clients that are all booted at 9:00 am each morning. Which of the following is the MOST
likely cause of the problem and the BEST solution? (Select TWO).

  • A. Add guests with more memory to increase capacity of the infrastructure.
  • B. A backup is running on the thin clients at 9am every morning.
  • C. Install more memory in the thin clients to handle the increased load while booting.
  • D. Booting all the lab desktops at the same time is creating excessive I/O.
  • E. Install 10-Gb uplinks between the hosts and the lab to increase network capacity.
  • F. Install faster SSD drives in the storage system used in the infrastructure.
  • G. The lab desktops are saturating the network while booting.
  • H. The lab desktops are using more memory than is available to the host systems.

Answer : D,F

Question 9

Ann, a systems engineer, is working to identify an unknown node on the corporate network.
To begin her investigative work, she runs the following nmap command string:
user@hostname:~$ sudo nmap O
Based on the output, nmap is unable to identify the OS running on the node, but the
following ports are open on the device:
Based on this information, which of the following operating systems is MOST likely running
on the unknown node?

  • A. Linux
  • B. Windows
  • C. Solaris
  • D. OSX

Answer : C

Question 10

A security consultant is conducting a network assessment and wishes to discover any
legacy backup Internet connections the network may have. Where would the consultant
find this information and why would it be valuable?

  • A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.
  • B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network.
  • C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections.
  • D. This information can be found by querying the networks DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts.

Answer : A

Question 11

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices
around the country for the sales staff to generate business. The company needs an
effective communication solution to remain in constant contact with each other, while
maintaining a secure business environment. A junior-level administrator suggests that the
company and the sales staff stay connected via free social media. Which of the following
decisions is BEST for the CEO to make?

  • A. Social media is an effective solution because it is easily adaptable to new situations.
  • B. Social media is an ineffective solution because the policy may not align with the business.
  • C. Social media is an effective solution because it implements SSL encryption.
  • D. Social media is an ineffective solution because it is not primarily intended for business applications.

Answer : B

Question 12

A company sales manager received a memo from the companys financial department
which stated that the company would not be putting its software products through the same
security testing as previous years to reduce the research and development cost by 20
percent for the upcoming year. The memo also stated that the marketing material and
service level agreement for each product would remain unchanged. The sales manager
has reviewed the sales goals for the upcoming year and identified an increased target
across the software products that will be affected by the financial departments change. All
software products will continue to go through new development in the coming year. Which
of the following should the sales manager do to ensure the company stays out of trouble?

  • A. Discuss the issue with the software product's user groups
  • B. Consult the company’s legal department on practices and law
  • C. Contact senior finance management and provide background information
  • D. Seek industry outreach for software practices and law

Answer : B

Question 13

An industry organization has implemented a system to allow trusted authentication
between all of its partners. The system consists of a web of trusted RADIUS servers
communicating over the Internet. An attacker was able to set up a malicious server and
conduct a successful man-in-the-middle attack. Which of the following controls should be
implemented to mitigate the attack in the future?

  • A. Use PAP for secondary authentication on each RADIUS server
  • B. Disable unused EAP methods on each RADIUS server
  • C. Enforce TLS connections between RADIUS servers
  • D. Use a shared secret for each pair of RADIUS servers

Answer : C

Question 14

The risk manager has requested a security solution that is centrally managed, can easily
be updated, and protects end users' workstations from both known and unknown malicious
attacks when connected to either the office or home network. Which of the following would
BEST meet this requirement?

  • A. HIPS
  • B. UTM
  • C. Antivirus
  • D. NIPS
  • E. DLP

Answer : A

Question 15

A user has a laptop configured with multiple operating system installations. The operating
systems are all installed on a single SSD, but each has its own partition and logical volume.
Which of the following is the BEST way to ensure confidentiality of individual operating
system data?

  • A. Encryption of each individual partition
  • B. Encryption of the SSD at the file level
  • C. FDE of each logical volume on the SSD
  • D. FDE of the entire SSD as a single disk

Answer : A

Page 1