Exam Code: CAS-002 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Advanced Security Practitioner (CASP)
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass CAS-002 Exam.

2021 Dec CAS-002 practice

Q211. - (Topic 5) 

An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments are the MOST heavily invested in rectifying the problem? (Select THREE). 

A. Facilities management 

B. Human resources 

C. Research and development 

D. Programming 

E. Data center operations 

F. Marketing 

G. Information technology 

Answer: A,E,G 


Q212. - (Topic 4) 

A system administrator is troubleshooting a possible denial of service on a sensitive system. The system seems to run properly for a few hours after it is restarted, but then it suddenly stops processing transactions. The system administrator suspects an internal DoS caused by a disgruntled developer who is currently seeking a new job while still working for the company. After looking into various system logs, the system administrator looks at the following output from the main system service responsible for processing incoming transactions. 

DATE/TIMEPIDCOMMAND%CPUMEM 

031020141030002055com.proc10.2920K 

031020141100002055com.proc12.35.2M 031020141230002055com.proc22.022M 031020141300002055com.proc33.01.6G 031020141330002055com.proc30.28.0G 

Which of the following is the MOST likely cause for the DoS? 

A. The system does not implement proper garbage collection. 

B. The system is susceptible to integer overflow. 

C. The system does not implement input validation. 

D. The system does not protect against buffer overflows properly. 

Answer:


Q213. - (Topic 4) 

Continuous monitoring is a popular risk reduction technique in many large organizations with formal certification processes for IT projects. In order to implement continuous monitoring in an effective manner which of the following is correct? 

A. Only security related alerts should be forwarded to the network team for resolution. 

B. All logs must be centrally managed and access to the logs restricted only to data storage staff. 

C. Logging must be set appropriately and alerts delivered to security staff in a timely manner. 

D. Critical logs must be monitored hourly and adequate staff must be assigned to the network team. 

Answer:


Q214. - (Topic 5) 

A security administrator is investigating the compromise of a software distribution website. Forensic analysis shows that several popular files are infected with malicious code. However, comparing a hash of the infected files with the original, non-infected files which were restored from backup, shows that the hash is the same. Which of the following explains this? 

A. The infected files were using obfuscation techniques to evade detection by antivirus software. 

B. The infected files were specially crafted to exploit a collision in the hash function. 

C. The infected files were using heuristic techniques to evade detection by antivirus software. 

D. The infected files were specially crafted to exploit diffusion in the hash function. 

Answer:

491. - (Topic 5) 

The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary? 

A. The corporate network is the only network that is audited by regulators and customers. 

B. The aggregation of employees on a corporate network makes it a more valuable target for attackers. 

C. Home networks are unknown to attackers and less likely to be targeted directly. 

D. Employees are more likely to be using personal computers for general web browsing when they are at home. 

Answer:


Q215. - (Topic 1) 

A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns? 

A. Ensure web services hosting the event use TCP cookies and deny_hosts. 

B. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions. 

C. Contract and configure scrubbing services with third-party DDoS mitigation providers. 

D. Purchase additional bandwidth from the company’s Internet service provider. 

Answer:


Update CAS-002 exam answers:

Q216. - (Topic 1) 

Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an AD backend and two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete? 

A. They should logon to the system using the username concatenated with the 6-digit code and their original password. 

B. They should logon to the system using the newly assigned global username: first.lastname#### where #### is the second factor code. 

C. They should use the username format: LAN\first.lastname together with their original password and the next 6-digit code displayed when the token button is depressed. 

D. They should use the username format: first.lastname@company.com, together with a password and their 6-digit code. 

Answer:


Q217. - (Topic 3) 

The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing regiment into the security management plan specifically for the development area. The CISO’s requirements are that testing must have a low risk of impacting system stability, can be scripted, and is very thorough. The development team claims that this will lead to a higher degree of test script maintenance and that it would be preferable if the testing was outsourced to a third party. The CISO still maintains that third-party testing would not be as thorough as the third party lacks the introspection of the development team. Which of the following will satisfy the CISO requirements? 

A. Grey box testing performed by a major external consulting firm who have signed a NDA. 

B. Black box testing performed by a major external consulting firm who have signed a NDA. 

C. White box testing performed by the development and security assurance teams. 

D. Grey box testing performed by the development and security assurance teams. 

Answer:


Q218. - (Topic 1) 

A company is deploying a new iSCSI-based SAN. The requirements are as follows: 

Which of the following design specifications meet all the requirements? (Select TWO). 

A. Targets use CHAP authentication 

B. IPSec using AH with PKI certificates for authentication 

C. Fiber channel should be used with AES 

D. Initiators and targets use CHAP authentication 

E. Fiber channel over Ethernet should be used 

F. IPSec using AH with PSK authentication and 3DES 

G. Targets have SCSI IDs for authentication 

Answer: B,D 


Q219. - (Topic 1) 

A security administrator wants to calculate the ROI of a security design which includes the purchase of new equipment. The equipment costs $50,000 and it will take 50 hours to install and configure the equipment. The administrator plans to hire a contractor at a rate of $100/hour to do the installation. Given that the new design and equipment will allow the company to increase revenue and make an additional $100,000 on the first year, which of the following is the ROI expressed as a percentage for the first year? 

A. -45 percent 

B. 5.5 percent 

C. 45 percent 

D. 82 percent 

Answer:


Q220. - (Topic 4) 

Which of the following are components defined within an Enterprise Security Architecture Framework? (Select THREE). 

A. Implementation run-sheets 

B. Solution designs 

C. Business capabilities 

D. Solution architectures 

E. Business requirements documents 

F. Reference models 

G. Business cases 

H. Business vision and drivers 

Answer: C,F,H