Cause all that matters here is passing the CompTIA CAS-002 exam. Cause all that you need is a high score of CAS-002 CompTIA Advanced Security Practitioner (CASP) exam. The only one thing you need to do is downloading Pass4sure CAS-002 exam study guides now. We will not let you down with our money-back guarantee.

2021 Jan CAS-002 dumps

Q71. - (Topic 4) 

A bank now has a major initiative to virtualize as many servers as possible, due to power and rack space capacity at both data centers. The bank has prioritized by virtualizing older servers first as the hardware is nearing end-of-life. 

The two initial migrations include: 

Which of the following should the security consultant recommend based on best practices? 

A. One data center should host virtualized web servers and the second data center should host the virtualized domain controllers. 

B. One virtual environment should be present at each data center, each housing a combination of the converted Windows 2000 and RHEL3 virtual machines. 

C. Each data center should contain one virtual environment for the web servers and another virtual environment for the domain controllers. 

D. Each data center should contain one virtual environment housing converted Windows 2000 virtual machines and converted RHEL3 virtual machines. 

Answer:


Q72. - (Topic 3) 

In single sign-on, the secondary domain needs to trust the primary domain to do which of the following? (Select TWO). 

A. Correctly assert the identity and authorization credentials of the end user. 

B. Correctly assert the authentication and authorization credentials of the end user. 

C. Protect the authentication credentials used to verify the end user identity to the secondary domain for unauthorized use. 

D. Protect the authentication credentials used to verify the end user identity to the secondary domain for authorized use. 

E. Protect the accounting credentials used to verify the end user identity to the secondary domain for unauthorized use. 

F. Correctly assert the identity and authentication credentials of the end user. 

Answer: D,F 

Topic 4, Volume D 


Q73. - (Topic 1) 

A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO). 

A. The user’s certificate private key must be installed on the VPN concentrator. 

B. The CA’s certificate private key must be installed on the VPN concentrator. 

C. The user certificate private key must be signed by the CA. 

D. The VPN concentrator’s certificate private key must be signed by the CA and installed on the VPN concentrator. 

E. The VPN concentrator’s certificate private key must be installed on the VPN concentrator. 

F. The CA’s certificate public key must be installed on the VPN concentrator. 

Answer: E,F 


Q74. - (Topic 4) 

When generating a new key pair, a security application asks the user to move the mouse and type random characters on the keyboard. Which of the following BEST describes why this is necessary? 

A. The user needs a non-repudiation data source in order for the application to generate the key pair. 

B. The user is providing entropy so the application can use random data to create the key pair. 

C. The user is providing a diffusion point to the application to aid in creating the key pair. 

D. The application is requesting perfect forward secrecy from the user in order to create the key pair. 

Answer:


Q75. - (Topic 5) 

An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the-middle attack. Which of the following controls should be implemented to mitigate the attack in the future? 

A. Use PAP for secondary authentication on each RADIUS server 

B. Disable unused EAP methods on each RADIUS server 

C. Enforce TLS connections between RADIUS servers 

D. Use a shared secret for each pair of RADIUS servers 

Answer:


Refresh CAS-002 simulations:

Q76. - (Topic 3) 

Which of the following should be used to identify overflow vulnerabilities? 

A. Fuzzing 

B. Input validation 

C. Privilege escalation 

D. Secure coding standards 

Answer:


Q77. - (Topic 1) 

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats? 

A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates. 

B. Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs. 

C. Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs. 

D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed. 

Answer:


Q78. - (Topic 2) 

Customers have recently reported incomplete purchase history and other anomalies while accessing their account history on the web server farm. Upon investigation, it has been determined that there are version mismatches of key e-commerce applications on the production web servers. The development team has direct access to the production servers and is most likely the cause of the different release versions. Which of the following process level solutions would address this problem? 

A. Implement change control practices at the organization level. 

B. Adjust the firewall ACL to prohibit development from directly accessing the production server farm. 

C. Update the vulnerability management plan to address data discrepancy issues. 

D. Change development methodology from strict waterfall to agile. 

Answer:


Q79. - (Topic 2) 

An administrator is implementing a new network-based storage device. In selecting a storage protocol, the administrator would like the data in transit's integrity to be the most important concern. Which of the following protocols meets these needs by implementing either AES-CMAC or HMAC-SHA256 to sign data? 

A. SMB 

B. NFS 

C. FCoE 

D. iSCSI 

Answer:


Q80. - (Topic 5) 

A security engineer at a software development company has identified several vulnerabilities in a product late in the development cycle. This causes a huge delay for the release of the product. Which of the following should the administrator do to prevent these issues from occurring in the future? 

A. Recommend switching to an SDLC methodology and perform security testing during each maintenance iteration 

B. Recommend switching to a spiral software development model and perform security testing during the requirements gathering 

C. Recommend switching to a waterfall development methodology and perform security testing during the testing phase 

D. Recommend switching to an agile development methodology and perform security testing during iterations 

Answer: