Act now and download your CompTIA CAS-002 test today! Do not waste time for the worthless CompTIA CAS-002 tutorials. Download Most recent CompTIA CompTIA Advanced Security Practitioner (CASP) exam with real questions and answers and begin to learn CompTIA CAS-002 with a classic professional.

Q141. - (Topic 1) 

Company XYZ provides cable television service to several regional areas. They are currently installing fiber-to-the-home in many areas with hopes of also providing telephone and Internet services. The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. The board of directors wishes to keep the subsidiaries separate from the parent company. However all three companies must share customer data for the purposes of accounting, billing, and customer authentication. The solution must use open standards, and be simple and seamless for customers, while only sharing minimal data between the companies. Which of the following solutions is BEST suited for this scenario? 

A. The companies should federate, with the parent becoming the SP, and the subsidiaries becoming an IdP. 

B. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SSP. 

C. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SP. 

D. The companies should federate, with the parent becoming the ASP, and the subsidiaries becoming an IdP. 

Answer:


Q142. - (Topic 3) 

A financial institution wants to reduce the costs associated with managing and troubleshooting employees’ desktops and applications, while keeping employees from copying data onto external storage. The Chief Information Officer (CIO) has asked the security team to evaluate four solutions submitted by the change management group. Which of the following BEST accomplishes this task? 

A. Implement desktop virtualization and encrypt all sensitive data at rest and in transit. 

B. Implement server virtualization and move the application from the desktop to the server. 

C. Implement VDI and disable hardware and storage mapping from the thin client. 

D. Move the critical applications to a private cloud and disable VPN and tunneling. 

Answer:


Q143. - (Topic 1) 

A security engineer is responsible for monitoring company applications for known vulnerabilities. Which of the following is a way to stay current on exploits and information security news? 

A. Update company policies and procedures 

B. Subscribe to security mailing lists 

C. Implement security awareness training 

D. Ensure that the organization vulnerability management plan is up-to-date 

Answer:


Q144. - (Topic 5) 

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO). 

A. Block traffic from the ISP’s networks destined for blacklisted IPs. 

B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP. 

C. Block traffic with a source IP not allocated to the ISP from exiting the ISP’s network. 

D. Scan the ISP’s customer networks using an up-to-date vulnerability scanner. 

E. Notify customers when services they run are involved in an attack. 

Answer: C,E 


Q145. - (Topic 5) 

The Chief Risk Officer (CRO) has requested that the MTD, RTO and RPO for key business applications be identified and documented. Which of the following business documents would MOST likely contain the required values? 

A. MOU 

B. BPA 

C. RA 

D. SLA 

E. BIA 

Answer:


Q146. - (Topic 5) 

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool? 

A. The tool could show that input validation was only enabled on the client side 

B. The tool could enumerate backend SQL database table and column names 

C. The tool could force HTTP methods such as DELETE that the server has denied 

D. The tool could fuzz the application to determine where memory leaks occur 

Answer:


Q147. - (Topic 1) 

A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame for whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner? 

A. During the Identification Phase 

B. During the Lessons Learned phase 

C. During the Containment Phase 

D. During the Preparation Phase 

Answer:


Q148. - (Topic 5) 

A security administrator needs to deploy a remote access solution for both staff and contractors. Management favors remote desktop due to ease of use. The current risk assessment suggests protecting Windows as much as possible from direct ingress traffic exposure. Which of the following solutions should be selected? 

A. Deploy a remote desktop server on your internal LAN, and require an active directory integrated SSL connection for access. 

B. Change remote desktop to a non-standard port, and implement password complexity for the entire active directory domain. 

C. Distribute new IPSec VPN client software to applicable parties. Virtualize remote desktop services functionality. 

D. Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication. 

Answer:


Q149. - (Topic 5) 

During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution? 

A. Implement an IPS to block the application on the network 

B. Implement the remote application out to the rest of the servers 

C. Implement SSL VPN with SAML standards for federation 

D. Implement an ACL on the firewall with NAT for remote access 

Answer:


Q150. - (Topic 5) 

An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials? 

A. Ensure the SaaS provider supports dual factor authentication. 

B. Ensure the SaaS provider supports encrypted password transmission and storage. 

C. Ensure the SaaS provider supports secure hash file exchange. 

D. Ensure the SaaS provider supports role-based access control. 

E. Ensure the SaaS provider supports directory services federation. 

Answer: