It is more faster and easier to pass the CompTIA CAS-002 exam by using Verified CompTIA CompTIA Advanced Security Practitioner (CASP) questuins and answers. Immediate access to the Regenerate CAS-002 Exam and find the same core area CAS-002 questions with professionally verified answers, then PASS your exam with a high score now.

Q181. - (Topic 5) 

An IT administrator has been tasked with implementing an appliance-based web proxy server to control external content accessed by internal staff. Concerned with the threat of corporate data leakage via web-based email, the IT administrator wants to decrypt all outbound HTTPS sessions and pass the decrypted content to an ICAP server for inspection by the corporate DLP software. Which of the following is BEST at protecting the internal certificates used in the decryption process? 

A. NIPS 

B. HSM 

C. UTM 

D. HIDS 

E. WAF 

F. SIEM 

Answer:


Q182. - (Topic 5) 

News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit network mapping and fingerprinting occurs in preparation for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections, reduce detection time, and minimize any damage that might be done? 

A. Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology. 

B. Implement an application whitelist at all levels of the organization. 

C. Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring. 

D. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection. 

Answer:


Q183. - (Topic 5) 

A high-tech company dealing with sensitive data seized the mobile device of an employee suspected of leaking company secrets to a competitive organization. Which of the following is the BEST order for mobile phone evidence extraction? 

A. Device isolation, evidence intake, device identification, data processing, verification of data accuracy, documentation, reporting, presentation and archival. 

B. Evidence intake, device identification, preparation to identify the necessary tools, device isolation, data processing, verification of data accuracy, documentation, reporting, presentation and archival. 

C. Evidence log, device isolation ,device identification, preparation to identify the necessary tools, data processing, verification of data accuracy, presentation and archival. 

D. Device identification, evidence log, preparation to identify the necessary tools, data processing, verification of data accuracy, device isolation, documentation, reporting, presentation and archival. 

Answer:


Q184. - (Topic 4) 

A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant affect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings? 

A. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects. 

B. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution. 

C. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness. 

D. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution. 

Answer:


Q185. - (Topic 3) 

The VoIP administrator starts receiving reports that users are having problems placing phone calls. The VoIP administrator cannot determine the issue, and asks the security administrator for help. The security administrator reviews the switch interfaces and does not see an excessive amount of network traffic on the voice network. Using a protocol analyzer, the security administrator does see an excessive number of SIP INVITE packets destined for the SIP proxy. Based on the information given, which of the following types of attacks is underway and how can it be remediated? 

A. Man in the middle attack; install an IPS in front of SIP proxy. 

B. Man in the middle attack; use 802.1x to secure voice VLAN. 

C. Denial of Service; switch to more secure H.323 protocol. 

D. Denial of Service; use rate limiting to limit traffic. 

Answer:


Q186. - (Topic 3) 

Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network? 

A. Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access. 

B. Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments. 

C. Provide sales staff with a separate laptop with no administrator access just for sales visits. 

D. Update the acceptable use policy and ensure sales staff read and acknowledge the policy. 

Answer:


Q187. - (Topic 4) 

A large international business has completed the acquisition of a small business and it is now in the process of integrating the small business’ IT department. Both parties have agreed that the large business will retain 95% of the smaller business’ IT staff. Additionally, the larger business has a strong interest in specific processes that the smaller business has in place to handle its regional interests. Which of the following IT security related objectives should the small business’ IT staff consider reviewing during the integration process? (Select TWO). 

A. How the large business operational procedures are implemented. 

B. The memorandum of understanding between the two businesses. 

C. New regulatory compliance requirements. 

D. Service level agreements between the small and the large business. 

E. The initial request for proposal drafted during the merger. 

F. The business continuity plan in place at the small business. 

Answer: A,C 


Q188. DRAG DROP - (Topic 2) 

An organization is implementing a project to simplify the management of its firewall network flows and implement security controls. The following requirements exist. Drag and drop the BEST security solution to meet the given requirements. Options may be used once or not at all. All placeholders must be filled. 

Answer: 


Q189. - (Topic 2) 

A large company is preparing to merge with a smaller company. The smaller company has been very profitable, but the smaller company’s main applications were created in-house. Which of the following actions should the large company’s security administrator take in preparation for the merger? 

A. A review of the mitigations implemented from the most recent audit findings of the smaller company should be performed. 

B. An ROI calculation should be performed to determine which company's application should be used. 

C. A security assessment should be performed to establish the risks of integration or co-existence. 

D. A regression test should be performed on the in-house software to determine security risks associated with the software. 

Answer:


Q190. - (Topic 1) 

A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected? 

A. The malware file’s modify, access, change time properties. 

B. The timeline analysis of the file system. 

C. The time stamp of the malware in the swap file. 

D. The date/time stamp of the malware detection in the antivirus logs. 

Answer: