Monday, 12 June 2017

CompTIA CAS-002 Question Answer

A security administrator is shown the following log excerpt from a Unix system:

2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2
2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2
2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2
2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2
2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2
2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2
Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).

A. An authorized administrator has logged into the root account remotely.
B. The administrator should disable remote root logins.
C. Isolate the system immediately and begin forensic analysis on the host.
D. A remote attacker has compromised the root account using a buffer overflow in sshd.
E. A remote attacker has guessed the root password using a dictionary attack.
F. Use iptables to immediately DROP connections from the IP 198.51.100.23.
G. A remote attacker has compromised the private key of the root account.
H. Change the root password immediately to a password not found in a dictionary.

Answer: CE


A security administrator wants to prevent sensitive data residing on corporate laptops and desktops from leaking outside of the corporate network. The company has already implemented full-disk encryption and has disabled all peripheral devices on its desktops and laptops. Which of the following additional controls MUST be implemented to minimize the risk of data leakage? (Select TWO).

A. A full-system backup should be implemented to a third-party provider with strong encryption for data in transit.
B. A DLP gateway should be installed at the company border.
C. Strong authentication should be implemented via external biometric devices.
D. Full-tunnel VPN should be required for all network communication.
E. Full-drive file hashing should be implemented with hashes stored on separate storage.
F. Split-tunnel VPN should be enforced when transferring sensitive data.

Answer: BD

Monday, 8 May 2017

U.S. IT Sector Employment Reverses Course, Sheds 3,000 Jobs In April, CompTIA Analysis Finds


Employment growth in the US information technology (IT) sector stagnated in April, as employment fell by an estimated 3,000 positions, according to CompTIA IT Employment Tracker released today by the association World leader in technology.

April job losses in telecoms (up to 5,300 jobs) and manufacturing of computers and electronic products (minus 1,700 jobs) offset gains in other employment categories, CompTIA's analysis of the current Bureau of Labor Statistics revealed.

IT services and customer software design marked the categories with job growth in April with the addition of 2,600 positions. Other information services, including service portals (+800) and data processing, hosting and related services (+600) also posted employment gains last month.

During the year, employment growth in the IT sector remained in a positive territory, an estimated 49,000 jobs to approximately 4.4 million workers. The category of software and IT services has been the strongest in 2017, totaling 84,200 jobs. The biggest decrease has occurred in telecommunications, which has lost 28,200 jobs so far this year.

"Despite slow IT job growth over the past three months, conditions remain favorable for long-term employment gains," said Tim Herbert, senior vice president of research and market intelligence at CompTIA. "The industries of the United States economy continue to increase their dependence on digital technology and services, which augurs well for employment gains among these segments of workers."

The second component of the nation's workforce - IT occupations in all other industries - grew by an estimated 90,000 jobs in April, spending three months of declines.

Jobs for the central IT positions were basically flat in April. Software developers are still the most active occupation.

Thursday, 1 September 2016

Pass4sure CAS-002 Question Answer

A security administrator wants to deploy a dedicated storage solution which is inexpensive, can natively integrate with AD, allows files to be selectively encrypted and is suitable for a small number of users at a satellite office. Which of the following would BEST meet the requirement?

A. SAN
B. NAS
C. Virtual SAN
D. Virtual storage

Answer: B


At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which everything runs properly again. The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO).


A. Add guests with more memory to increase capacity of the infrastructure.
B. A backup is running on the thin clients at 9am every morning.
C. Install more memory in the thin clients to handle the increased load while booting.
D. Booting all the lab desktops at the same time is creating excessive I/O.
E. Install 10-Gb uplinks between the hosts and the lab to increase network capacity.
F. Install faster SSD drives in the storage system used in the infrastructure.
G. The lab desktops are saturating the network while booting.
H. The lab desktops are using more memory than is available to the host systems.

Answer: DF

                    CAS-002 VCE    Exam JK0-018 VCE      CompTIA Certification Exams VCE

Wednesday, 13 July 2016

Pass4sure CAS-002 Question Answer

A government agency considers confidentiality to be of utmost importance and availability issues to be of least importance. Knowing this, which of the following correctly orders various vulnerabilities in the order of MOST important to LEAST important?

A. Insecure direct object references, CSRF, Smurf
B. Privilege escalation, Application DoS, Buffer overflow
C. SQL injection, Resource exhaustion, Privilege escalation
D. CSRF, Fault injection, Memory leaks

Answer: A

Thursday, 9 June 2016

Pass4sure CAS-002 Question Answer

select id, firstname, lastname from authors
User input= firstname= Hack;man
lastname=Johnson
Which of the following types of attacks is the user attempting? 


A. XML injection
B. Command injection
C. Cross-site scripting
D. SQL injection

Answer: D