CompTIA CAS-002 Dumps
Exam: CompTIA Advanced Security Practitioner (CASP)
|CAS-002 Premium VCE File|
|CAS-002.vce - Exam-Labs Verified - Instant Download
Get Latest & Verified CAS-002 Exam Questions with 30-Days Free Updates
450 Questions & Answers
Free CAS-002 Exam Questions in VCE Format
CompTIA CAS-002 Exam Tutorial
Question No : 1 - Topic 1
Company ABCs SAN is nearing capacity, and will cause costly downtimes if servers run
out disk space. Which of the following is a more cost effective alternative to buying a new
A. Enable multipath to increase availability
B. Enable deduplication on the storage pools
C. Implement snapshots to reduce virtual disk size
D. Implement replication to offsite datacenter
Question No : 2 - Topic 1
A systems administrator establishes a CIFS share on a UNIX device to share data to
Windows systems. The security authentication on the Windows domain is set to the highest
level. Windows users are stating that they cannot authenticate to the UNIX share. Which of
the following settings on the UNIX server would correct this problem?
A. Refuse LM and only accept NTLMv2
B. Accept only LM
C. Refuse NTLMv2 and accept LM
D. Accept only NTLM
Question No : 3 - Topic 1
Two universities are making their 802.11n wireless networks available to the other
universitys students. The infrastructure will pass the students credentials back to the
home school for authentication via the Internet.
The requirements are:
? Mutual authentication of clients and authentication server
? The design should not limit connection speeds
? Authentication must be delegated to the home school
? No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security
RADIUS proxy servers will be used to forward authentication requests to the home school
The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?
A. The transport layer between the RADIUS servers should be secured
B. WPA Enterprise should be used to decrease the network overhead
C. The RADIUS servers should have local accounts for the visiting students
D. Students should be given certificates to use for authentication to the network
Question No : 4 - Topic 1
A large organization has recently suffered a massive credit card breach. During the months
of Incident Response, there were multiple attempts to assign blame for whose fault it was
that the incident occurred. In which part of the incident response phase would this be
addressed in a controlled and productive manner?
A. During the Identification Phase
B. During the Lessons Learned phase
C. During the Containment Phase
D. During the Preparation Phase
Question No : 5 - Topic 1
Three companies want to allow their employees to seamlessly connect to each others
wireless corporate networks while keeping one consistent wireless client configuration.
Each company wants to maintain its own authentication infrastructure and wants to ensure
that an employee who is visiting the other two companies is authenticated by the home
office when connecting to the other companies wireless network. All three companies have
agreed to standardize on 802.1x EAP-PEAP-MSCHAPv2 for client configuration. Which of
the following should the three companies implement?
A. The three companies should agree on a single SSID and configure a hierarchical RADIUS system which implements trust delegation.
B. The three companies should implement federated authentication through Shibboleth connected to an LDAP backend and agree on a single SSID.
C. The three companies should implement a central portal-based single sign-on and agree to use the same CA when issuing client certificates.
D. All three companies should use the same wireless vendor to facilitate the use of a shared cloud based wireless controller.
Question No : 6 - Topic 1
A university requires a significant increase in web and database server resources for one
week, twice a year, to handle student registration. The web servers remain idle for the rest
of the year. Which of the following is the MOST cost effective way for the university to
securely handle student registration?
A. Virtualize the web servers locally to add capacity during registration.
B. Move the database servers to an elastic private cloud while keeping the web servers local.
C. Move the database servers and web servers to an elastic private cloud.
D. Move the web servers to an elastic public cloud while keeping the database servers local.
Question No : 7 - Topic 1
A security administrator wants to prevent sensitive data residing on corporate laptops and
desktops from leaking outside of the corporate network. The company has already
implemented full-disk encryption and has disabled all peripheral devices on its desktops
and laptops. Which of the following additional controls MUST be implemented to minimize
the risk of data leakage? (Select TWO).
A. A full-system backup should be implemented to a third-party provider with strong encryption for data in transit.
B. A DLP gateway should be installed at the company border.
C. Strong authentication should be implemented via external biometric devices.
D. Full-tunnel VPN should be required for all network communication.
E. Full-drive file hashing should be implemented with hashes stored on separate storage.
F. Split-tunnel VPN should be enforced when transferring sensitive data.
Question No : 8 - Topic 1
The risk manager has requested a security solution that is centrally managed, can easily
be updated, and protects end users' workstations from both known and unknown malicious
attacks when connected to either the office or home network. Which of the following would
BEST meet this requirement?
Question No : 9 - Topic 1
The source workstation image for new accounting PCs has begun blue-screening. A
technician notices that the date/time stamp of the image source appears to have changed.
The desktop support director has asked the Information Security department to determine if
any changes were made to the source image. Which of the following methods would BEST
help with this process? (Select TWO).
A. Retrieve source system image from backup and run file comparison analysis on the two images.
B. Parse all images to determine if extra data is hidden using steganography.
C. Calculate a new hash and compare it with the previously captured image hash.
D. Ask desktop support if any changes to the images were made.
E. Check key system files to see if date/time stamp is in the past six months.
Question No : 10 - Topic 1
A security administrator notices a recent increase in workstations becoming compromised
by malware. Often, the malware is delivered via drive-by downloads, from malware hosting
websites, and is not being detected by the corporate antivirus. Which of the following
solutions would provide the BEST protection for the company?
A. Increase the frequency of antivirus downloads and install updates to all workstations.
B. Deploy a cloud-based content filter and enable the appropriate category to prevent further infections.
C. Deploy a WAF to inspect and block all web traffic which may contain malware and exploits.
D. Deploy a web based gateway antivirus server to intercept viruses before they enter the network.
Question No : 11 - Topic 1
A security consultant is conducting a network assessment and wishes to discover any
legacy backup Internet connections the network may have. Where would the consultant
find this information and why would it be valuable?
A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.
B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network.
C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections.
D. This information can be found by querying the networks DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts.
Question No : 12 - Topic 1
The helpdesk department desires to roll out a remote support application for internal use on
all company computers. This tool should allow remote desktop sharing, system log
gathering, chat, hardware logging, inventory management, and remote registry access. The
risk management team has been asked to review vendor responses to the RFQ. Which of
the following questions is the MOST important?
A. What are the protections against MITM?
B. What accountability is built into the remote support application?
C. What encryption standards are used in tracking database?
E. What encryption standards are used in remote desktop and file transfer functionality?
Question No : 13 - Topic 1
The helpdesk manager wants to find a solution that will enable the helpdesk staff to better
serve company employees who call with computer-related problems. The helpdesk staff is
currently unable to perform effective troubleshooting and relies on callers to describe their
technology problems. Given that the helpdesk staff is located within the company
headquarters and 90% of the callers are telecommuters, which of the following tools should
the helpdesk manager use to make the staff more effective at troubleshooting while at the
same time reducing company costs? (Select TWO).
A. Web cameras
C. Instant messaging
E. Desktop sharing
Question No : 14 - Topic 1
A new internal network segmentation solution will be implemented into the enterprise that
consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that
it takes three changes to deploy a new application onto the network before it is operational.
Security now has a significant effect on overall availability. Which of the following would be
the FIRST process to perform as a result of these findings?
A. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.
B. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.
C. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.
D. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.
Question No : 15 - Topic 1
A security administrator notices the following line in a server's security log:
<input name='credentials' type='TEXT' value='" +
e</script>') + "';
The administrator is concerned that it will take the developer a lot of time to fix the
application that is running on the server. Which of the following should the security
administrator implement to prevent this particular attack?
B. Input validation
Question No : 16 - Topic 1
A company is in the process of implementing a new front end user interface for its
customers, the goal is to provide them with more self service functionality. The application
has been written by developers over the last six months and the project is currently in the
Which of the following security activities should be implemented as part of the SDL in order
to provide the MOST security coverage over the solution? (Select TWO).
A. Perform unit testing of the binary code
B. Perform code review over a sampling of the front end source code
C. Perform black box penetration testing over the solution
D. Perform grey box penetration testing over the solution
E. Perform static code review over the front end source code
Question No : 17 - Topic 1
A security analyst has been asked to develop a quantitative risk analysis and risk
assessment for the companys online shopping application. Based on heuristic information
from the Security Operations Center (SOC), a Denial of Service Attack (DoS) has been
successfully executed 5 times a year. The Business Operations department has
determined the loss associated to each attack is $40,000. After implementing application
caching, the number of DoS attacks was reduced to one time a year. The cost of the
countermeasures was $100,000. Which of the following is the monetary value earned
during the first year of operation?
Question No : 18 - Topic 1
At 9:00 am each morning, all of the virtual desktops in a VDI implementation become
extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which
everything runs properly again. The administrator has traced the problem to a lab of thin
clients that are all booted at 9:00 am each morning. Which of the following is the MOST
likely cause of the problem and the BEST solution? (Select TWO).
A. Add guests with more memory to increase capacity of the infrastructure.
B. A backup is running on the thin clients at 9am every morning.
C. Install more memory in the thin clients to handle the increased load while booting.
D. Booting all the lab desktops at the same time is creating excessive I/O.
E. Install 10-Gb uplinks between the hosts and the lab to increase network capacity.
F. Install faster SSD drives in the storage system used in the infrastructure.
G. The lab desktops are saturating the network while booting.
H. The lab desktops are using more memory than is available to the host systems.
Question No : 19 - Topic 1
In order to reduce costs and improve employee satisfaction, a large corporation is creating
a BYOD policy. It will allow access to email and remote connections to the corporate
enterprise from personal devices; provided they are on an approved device list. Which of
the following security measures would be MOST effective in securing the enterprise under
the new policy? (Select TWO).
A. Provide free email software for personal devices.
B. Encrypt data in transit for remote access.
C. Require smart card authentication for all devices.
D. Implement NAC to limit insecure devices access.
E. Enable time of day restrictions for personal devices.
Question No : 20 - Topic 1
There have been some failures of the companys internal facing website. A security
engineer has found the WAF to be the root cause of the failures. System logs show that the
WAF has been unavailable for 14 hours over the past month, in four separate situations.
One of these situations was a two hour scheduled maintenance time, aimed at improving
the stability of the WAF. Using the MTTR based on the last months performance figures,
which of the following calculations is the percentage of uptime assuming there were 722
hours in the month?
A. 92.24 percent
B. 98.06 percent
C. 98.34 percent
D. 99.72 percent
CAS-002 Training Products
CAS-002 Premium File
- 450 Questions & Answers
- Instant Download
CAS-002 Training Course
- 191 Video Lectures
- Watch Online
- Instant Download