CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 1:

    A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?

    A. The tool could show that input validation was only enabled on the client side
    B. The tool could enumerate backend SQL database table and column names
    C. The tool could force HTTP methods such as DELETE that the server has denied
    D. The tool could fuzz the application to determine where memory leaks occur

  • Question 2:

    A certain script was recently altered by the author to meet certain security requirements, and needs to be executed on several critical servers. Which of the following describes the process of ensuring that the script being used was not altered by anyone other than the author?

    A. Digital encryption
    B. Digital signing
    C. Password entropy
    D. Code signing

  • Question 3:

    A user is suspected of engaging in potentially illegal activities. Law enforcement has requested that the user continue to operate on the network as normal. However, they would like to have a copy of any communications from the user involving certain key terms. Additionally, the law enforcement agency has requested that the user's ongoing communication be retained in the user's account for future investigations. Which of the following will BEST meet the goals of law enforcement?

    A. Begin a chain-of-custody on for the user's communication. Next, place a legal hold on the user's email account.
    B. Perform an e-discover using the applicable search terms. Next, back up the user's email for a future investigation.
    C. Place a legal hold on the user's email account. Next, perform e-discovery searches to collect applicable emails.
    D. Perform a back up of the user's email account. Next, export the applicable emails that match the search terms.

  • Question 4:

    A company contracts with a third party to develop a new web application to process credit cards. Which of the following assessments will give the company the GREATEST level of assurance for the web application?

    A. Social Engineering
    B. Penetration Test
    C. Vulnerability Assessment
    D. Code Review

  • Question 5:

    A company is evaluating a new marketing strategy involving the use of social networking sites to reach its customers. The marketing director wants to be able to report important company news, product updates, and special promotions on the

    social websites.

    After an initial and successful pilot period, other departments want to use the social websites to post their updates as well.

    The Chief Information Officer (CIO) has asked the company security administrator to document three negative security impacts of allowing IT staff to post work related information on such websites.

    Which of the following are the major risks the security administrator should report back to the CIO? (Select THREE).

    A. Brute force attacks
    B. Malware infection
    C. DDOS attacks
    D. Phishing attacks
    E. SQL injection attacks
    F. Social engineering attacks

  • Question 6:

    An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments are the MOST heavily invested in rectifying the problem? (Select THREE).

    A. Facilities management
    B. Human resources
    C. Research and development
    D. Programming
    E. Data center operations
    F. Marketing
    G. Information technology

  • Question 7:

    Which of the following is the BEST place to contractually document security priorities, responsibilities, guarantees, and warranties when dealing with outsourcing providers?

    A. NDA
    B. OLA
    C. MOU
    D. SLA

  • Question 8:

    Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the following correctly states the risk management options that the consultant should use during the assessment?

    A. Risk reduction, risk sharing, risk retention, and risk acceptance.
    B. Avoid, transfer, mitigate, and accept.
    C. Risk likelihood, asset value, and threat level.
    D. Calculate risk by determining technical likelihood and potential business impact.

  • Question 9:

    Some mobile devices are jail-broken by connecting via USB cable and then exploiting software vulnerabilities to get kernel-level access. Which of the following attack types represents this scenario? (Select TWO).

    A. Session management attack
    B. Protocol fuzzing
    C. Root-kit compromise
    D. Physical attack
    E. Privilege escalation
    F. Man-in-the-middle

  • Question 10:

    The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?

    A. PING
    B. NESSUS
    C. NSLOOKUP
    D. NMAP

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.