Proper study guides for Refresh CompTIA CompTIA Advanced Security Practitioner (CASP) certified begins with CompTIA CAS-002 preparation products which designed to deliver the Simulation CAS-002 questions by making you pass the CAS-002 test at your first time. Try the free CAS-002 demo right now.

2021 Feb CAS-002 braindumps

Q151. - (Topic 5) 

A small company’s Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company’s security posture with regard to targeted attacks. Which of the following should the CSO conduct FIRST? 

A. Survey threat feeds from analysts inside the same industry. 

B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic. 

C. Conduct an internal audit against industry best practices to perform a gap analysis. 

D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor. 

Answer:


Q152. - (Topic 4) 

The security administrator finds unauthorized tables and records, which were not present before, on a Linux database server. The database server communicates only with one web server, which connects to the database server via an account with SELECT only privileges. Web server logs show the following: 

90.76.165.40 – - [08/Mar/2014:10:54:04] “GET calendar.php?create%20table%20hidden HTTP/1.1” 200 5724 

90.76.165.40 – - [08/Mar/2014:10:54:05] “GET ../../../root/.bash_history HTTP/1.1” 200 90.76.165.40 – - [08/Mar/2014:10:54:04] “GET index.php?user=<script>Create</script> HTTP/1.1” 200 5724 

The security administrator also inspects the following file system locations on the database server using the command ‘ls -al /root’ 

drwxrwxrwx 11 root root 4096 Sep 28 22:45 . 

drwxr-xr-x 25 root root 4096 Mar 8 09:30 .. 

-rws------ 25 root root 4096 Mar 8 09:30 .bash_history 

-rw------- 25 root root 4096 Mar 8 09:30 .bash_history 

-rw------- 25 root root 4096 Mar 8 09:30 .profile 

-rw------- 25 root root 4096 Mar 8 09:30 .ssh 

Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO). 

A. Privilege escalation 

B. Brute force attack 

C. SQL injection 

D. Cross-site scripting 

E. Using input validation, ensure the following characters are sanitized. <> 

F. Update crontab with: find / \( -perm -4000 \) –type f –print0 | xargs -0 ls –l | email.sh 

G. Implement the following PHP directive: $clean_user_input = addslashes($user_input) 

H. Set an account lockout policy 

Answer: A,F 


Q153. - (Topic 5) 

Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an AD backend and two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete? 

A. They should logon to the system using the username concatenated with the 6-digit code and their original password. 

B. They should logon to the system using the newly assigned global username: first.lastname#### where #### is the second factor code. 

C. They should use the username format: LAN\first.lastname together with their original password and the next 6-digit code displayed when the token button is depressed. 

D. They should use the username format: first.lastname@company.com, together with a password and their 6-digit code. 

Answer:


Q154. - (Topic 3) 

A network administrator notices a security intrusion on the web server. Which of the following is noticed by http://test.com/modules.php?op=modload&name=XForum&file=[hostilejavascript]&fid=2 in the log file? 

A. Buffer overflow 

B. Click jacking 

C. SQL injection 

D. XSS attack 

Answer:


Q155. - (Topic 5) 

A security engineer has inherited an authentication project which integrates 1024-bit PKI certificates into the company infrastructure and now has a new requirement to integrate 2048-bit PKI certificates so that the entire company will be interoperable with its vendors when the project is completed. The project is now 25% complete, with 15% of the company staff being issued 1024-bit certificates. The provisioning of network based accounts has not occurred yet due to other project delays. The project is now expected to be over budget and behind its original schedule. Termination of the existing project and beginning a new project is a consideration because of the change in scope. Which of the following is the security engineer’s MOST serious concern with implementing this solution? 

A. Succession planning 

B. Performance 

C. Maintainability 

D. Availability 

Answer:


Most recent CAS-002 test questions:

Q156. - (Topic 2) 

The latest independent research shows that cyber attacks involving SCADA systems grew an average of 15% per year in each of the last four years, but that this year’s growth has slowed to around 7%. Over the same time period, the number of attacks against applications has decreased or stayed flat each year. At the start of the measure period, the incidence of PC boot loader or BIOS based attacks was negligible. Starting two years ago, the growth in the number of PC boot loader attacks has grown exponentially. Analysis of these trends would seem to suggest which of the following strategies should be employed? 

A. Spending on SCADA protections should stay steady; application control spending should increase substantially and spending on PC boot loader controls should increase substantially. 

B. Spending on SCADA security controls should stay steady; application control spending should decrease slightly and spending on PC boot loader protections should increase substantially. 

C. Spending all controls should increase by 15% to start; spending on application controls should be suspended, and PC boot loader protection research should increase by 100%. 

D. Spending on SCADA security controls should increase by 15%; application control spending should increase slightly, and spending on PC boot loader protections should remain steady. 

Answer:


Q157. - (Topic 2) 

An employee is performing a review of the organization’s security functions and noticed that there is some cross over responsibility between the IT security team and the financial fraud team. Which of the following security documents should be used to clarify the roles and responsibilities between the teams? 

A. BPA 

B. BIA 

C. MOU 

D. OLA 

Answer:


Q158. - (Topic 1) 

A network administrator with a company’s NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company’s physical security, which of the following can the network administrator use to detect the presence of a malicious actor physically accessing the company’s network or information systems from within? (Select TWO). 

A. RAS 

B. Vulnerability scanner 

C. HTTP intercept 

D. HIDS 

E. Port scanner 

F. Protocol analyzer 

Answer: D,F 


Q159. - (Topic 1) 

A security administrator wants to deploy a dedicated storage solution which is inexpensive, can natively integrate with AD, allows files to be selectively encrypted and is suitable for a small number of users at a satellite office. Which of the following would BEST meet the requirement? 

A. SAN 

B. NAS 

C. Virtual SAN 

D. Virtual storage 

Answer:


Q160. - (Topic 4) 

A sensitive database needs its cryptographic integrity upheld. Which of the following controls meets this goal? (Select TWO). 

A. Data signing 

B. Encryption 

C. Perfect forward secrecy 

D. Steganography 

E. Data vaulting 

F. RBAC 

G. Lock and key 

Answer: A,F