Want to know Testking CAS-002 Exam practice test features? Want to lear more about CompTIA CompTIA Advanced Security Practitioner (CASP) certification experience? Study Verified CompTIA CAS-002 answers to Most recent CAS-002 questions at Testking. Gat a success with an absolute guarantee to pass CompTIA CAS-002 (CompTIA Advanced Security Practitioner (CASP)) test on your first attempt.

2021 Dec CAS-002 exam topics

Q161. - (Topic 1) 

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool? 

A. The tool could show that input validation was only enabled on the client side 

B. The tool could enumerate backend SQL database table and column names 

C. The tool could force HTTP methods such as DELETE that the server has denied 

D. The tool could fuzz the application to determine where memory leaks occur 

Answer:


Q162. - (Topic 2) 

The IT director has charged the company helpdesk with sanitizing fixed and removable media. The helpdesk manager has written a new procedure to be followed by the helpdesk staff. This procedure includes the current standard to be used for data sanitization, as well as the location of physical degaussing tools. In which of the following cases should the helpdesk staff use the new procedure? (Select THREE). 

A. During asset disposal 

B. While reviewing the risk assessment 

C. While deploying new assets 

D. Before asset repurposing 

E. After the media has been disposed of 

F. During the data classification process 

G. When installing new printers 

H. When media fails or is unusable 

Answer: A,D,H 


Q163. - (Topic 1) 

Which of the following provides the BEST risk calculation methodology? 

A. Annual Loss Expectancy (ALE) x Value of Asset 

B. Potential Loss x Event Probability x Control Failure Probability 

C. Impact x Threat x Vulnerability 

D. Risk Likelihood x Annual Loss Expectancy (ALE) 

Answer:


Q164. - (Topic 2) 

During a new desktop refresh, all hosts are hardened at the OS level before deployment to comply with policy. Six months later, the company is audited for compliance to regulations. The audit discovers that 40 percent of the desktops do not meet requirements. Which of the following is the MOST likely cause of the noncompliance? 

A. The devices are being modified and settings are being overridden in production. 

B. The patch management system is causing the devices to be noncompliant after issuing the latest patches. 

C. The desktop applications were configured with the default username and password. 

D. 40 percent of the devices use full disk encryption. 

Answer:


Q165. - (Topic 5) 

Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international standards. He has recommended that the company use his cryptographic method. Which of the following methodologies should be adopted? 

A. The company should develop an in-house solution and keep the algorithm a secret. 

B. The company should use the CEO’s encryption scheme. 

C. The company should use a mixture of both systems to meet minimum standards. 

D. The company should use the method recommended by other respected information security organizations. 

Answer:


Replace CAS-002 sample question:

Q166. - (Topic 5) 

After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position? 

A. Least privilege 

B. Job rotation 

C. Mandatory vacation 

D. Separation of duties 

Answer:


Q167. - (Topic 1) 

The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company’s external router’s IP which is 128.20.176.19: 

11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400 

11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400 

Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration? 

A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company’s ISP should be contacted and instructed to block the malicious packets. 

B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication. 

C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks. 

D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company’s external router to block incoming UDP port 19 traffic. 

Answer:


Q168. CORRECT TEXT - (Topic 3) 

An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. Instructions The last install that is completed will be the final submission 

Answer: You need to check the hash value of download software with md5 utility. 


Q169. - (Topic 3) 

An IT administrator wants to restrict DNS zone transfers between two geographically dispersed, external company DNS name servers, and has decided to use TSIG. Which of the following are critical when using TSIG? (Select TWO). 

A. Periodic key changes once the initial keys are established between the DNS name servers. 

B. Secure exchange of the key values between the two DNS name servers. 

C. A secure NTP source used by both DNS name servers to avoid message rejection. 

D. DNS configuration files on both DNS name servers must be identically encrypted. 

E. AES encryption with a SHA1 hash must be used to encrypt the configuration files on both DNS name servers. 

Answer: B,C 


Q170. - (Topic 5) 

An administrator’s company has recently had to reduce the number of Tier 3 help desk technicians available to support enterprise service requests. As a result, configuration standards have declined as administrators develop scripts to troubleshoot and fix customer issues. The administrator has observed that several default configurations have not been fixed through applied group policy or configured in the baseline. Which of the following are controls the administrator should recommend to the organization’s security manager to prevent an authorized user from conducting internal reconnaissance on the organization’s network? (Select THREE). 

A. Network file system 

B. Disable command execution 

C. Port security 

D. TLS 

E. Search engine reconnaissance 

F. NIDS 

G. BIOS security 

H. HIDS 

I. IdM 

Answer: B,G,I