1. Home
  2. CompTIA
  3. CAS-002

CompTIA CAS-002 Online Practice Questions and Exam Preparation

CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 101:

    A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization's customer database. The database will be accessed by both the company's users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO).

    A. Physical penetration test of the datacenter to ensure there are appropriate controls.
    B. Penetration testing of the solution to ensure that the customer data is well protected.
    C. Security clauses are implemented into the contract such as the right to audit.
    D. Review of the organizations security policies, procedures and relevant hosting certifications.
    E. Code review of the solution to ensure that there are no back doors located in the software.

  • Question 102:

    The IT manager is evaluating IPS products to determine which would be most effective at stopping network traffic that contains anomalous content on networks that carry very specific types of traffic. Based on the IT manager's requirements, which of the following types of IPS products would be BEST suited for use in this situation?

    A. Signature-based
    B. Rate-based
    C. Anomaly-based
    D. Host-based

  • Question 103:

    When authenticating over HTTP using SAML, which of the following is issued to the authenticating user?

    A. A symmetric key
    B. A PKI ticket
    C. An X.509 certificate
    D. An assertion ticket

  • Question 104:

    An internal committee comprised of the facilities manager, the physical security manager, the network administrator, and a member of the executive team has been formed to address a recent breach at a company's data center. It was discovered that during the breach, an HVAC specialist had gained entry to an area that contained server farms holding sensitive financial data. Although the HVAC specialist was there to fix a legitimate issue, the investigation concluded security be provided for the two entry and exit points for the server farm. Which of the following should be implemented to accomplish the recommendations of the investigation?

    A. Implement a policy that all non-employees should be escorted in the data center.
    B. Place a mantrap at the points with biometric security.
    C. Hire an HVAC person for the company, eliminating the need for external HVAC people.
    D. Implement CCTV cameras at both points.

  • Question 105:

    A company has decided to use the SDLC for the creation and production of a new information system. The security administrator is training all users on how to protect company information while using the new system, along with being able to recognize social engineering attacks. Senior Management must also formally approve of the system prior to it going live. In which of the following phases would these security controls take place?

    A. Operations and Maintenance
    B. Implementation
    C. Acquisition and Development
    D. Initiation

  • Question 106:

    DRAG DROP

    A manufacturer is planning to build a segregated network. There are requirements to segregate development and test infrastructure from production and the need to support multiple entry points into the network depending on the service being accessed. There are also strict rules in place to only permit user access from within the same zone. Currently, the following access requirements have been identified:

    1.

    Developers have the ability to perform technical validation of development applications.

    2.

    End users have the ability to access internal web applications.

    3.

    Third-party vendors have the ability to support applications.

    In order to meet segregation and access requirements, drag and drop the appropriate network zone that the user would be accessing and the access mechanism to meet the above criteria. Options may be used once or not at all. All placeholders must be filled.

    Select and Place:

  • Question 107:

    An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant?

    A. $4,800
    B. $24,000
    C. $96,000
    D. $120,000

  • Question 108:

    An administrator's company has recently had to reduce the number of Tier 3 help desk technicians available to support enterprise service requests. As a result, configuration standards have declined as administrators develop scripts to troubleshoot and fix customer issues. The administrator has observed that several default configurations have not been fixed through applied group policy or configured in the baseline. Which of the following are controls the administrator should recommend to the organization's security manager to prevent an authorized user from conducting internal reconnaissance on the organization's network? (Select THREE).

    A. Network file system
    B. Disable command execution
    C. Port security
    D. TLS
    E. Search engine reconnaissance
    F. NIDS
    G. BIOS security
    H. HIDS
    I. IdM

  • Question 109:

    A company's security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information?

    A. Require all development to follow secure coding practices.
    B. Require client-side input filtering on all modifiable fields.
    C. Escape character sequences at the application tier.
    D. Deploy a WAF with application specific signatures.

  • Question 110:

    The company is about to upgrade a financial system through a third party, but wants to legally ensure that no sensitive information is compromised throughout the project. The project manager must also make sure that internal controls are set to mitigate the potential damage that one individual's actions may cause. Which of the following needs to be put in place to make certain both organizational requirements are met? (Select TWO).

    A. Separation of duties
    B. Forensic tasks
    C. MOU
    D. OLA
    E. NDA
    F. Job rotation

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.