1. Home
  2. CompTIA
  3. CAS-002

CompTIA CAS-002 Online Practice Questions and Exam Preparation

CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 131:

    The Chief Information Security Officer (CISO) at a large organization has been reviewing some security- related incidents at the organization and comparing them to current industry trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur. Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices?

    A. Revise the corporate policy to include possible termination as a result of violations
    B. Increase the frequency and distribution of the USB violations report
    C. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense
    D. Implement group policy objects

  • Question 132:

    Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based tools to identify such systems for the purpose of disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be used to help the security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE).

    A. Passive banner grabbing
    B. Password cracker
    C. http://www.company.org/documents_private/index.php?search=string#andtopic=windowsandtcp =packet% 20captureandcookie=wokdjwalkjcnie61lkasdf2aliser4
    D. 443/tcp open http
    E. dig host.company.com
    F. 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40) 192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 (correct), win 512, length 0
    G. Nmap

  • Question 133:

    A company currently does not use any type of authentication or authorization service for remote access. The new security policy states that all remote access must be locked down to only authorized personnel. The policy also dictates that only authorized external networks will be allowed to access certain internal resources.

    Which of the following would MOST likely need to be implemented and configured on the company's perimeter network to comply with the new security policy? (Select TWO).

    A. VPN concentrator
    B. Firewall
    C. Proxy server
    D. WAP
    E. Layer 2 switch

  • Question 134:

    A security administrator is shown the following log excerpt from a Unix system: 2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2 2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2 2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2 2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2 2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2 2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2 Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO).

    A. An authorized administrator has logged into the root account remotely.
    B. The administrator should disable remote root logins.
    C. Isolate the system immediately and begin forensic analysis on the host.
    D. A remote attacker has compromised the root account using a buffer overflow in sshd.
    E. A remote attacker has guessed the root password using a dictionary attack.
    F. Use iptables to immediately DROP connections from the IP 198.51.100.23.
    G. A remote attacker has compromised the private key of the root account.
    H. Change the root password immediately to a password not found in a dictionary.

  • Question 135:

    An administrator of a secure web server has several clients with top security clearance and prefers security over performance. By default, which of the following cipher suites would provide strong security, but at the same time the worst performance?

    A. 3DES - SHA
    B. DES - MD5
    C. Camellia - SHA
    D. RC4 - MD5

  • Question 136:

    Company XYZ provides residential television cable service across a large region. The company's board of directors is in the process of approving a deal with the following three companies: A National landline telephone provider

    A Regional wireless telephone provider

    An international Internet service provider

    The board of directors at Company XYZ wants to keep the companies and billing separated.

    While the Chief Information Officer (CIO) at Company XYZ is concerned about the confidentiality of Company XYZ's customer data and wants to share only minimal information about its customers for the purpose of accounting, billing, and

    customer authentication.

    The proposed solution must use open standards and must make it simple and seamless for Company XYZ's customers to receive all four services.

    Which of the following solutions is BEST suited for this scenario?

    A. All four companies must implement a TACACS+ web based single sign-on solution with associated captive portal technology.
    B. Company XYZ must implement VPN and strict access control to allow the other three companies to access the internal LDAP.
    C. Company XYZ needs to install the SP, while the partner companies need to install the WAYF portion of a Federated identity solution.
    D. Company XYZ needs to install the IdP, while the partner companies need to install the SP portion of a Federated identity solution.

  • Question 137:

    New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should a security manager do to manage the risks of these attack vectors? (Select TWO).

    A. Establish an emergency response call tree.
    B. Create an inventory of applications.
    C. Backup the router and firewall configurations.
    D. Maintain a list of critical systems.
    E. Update all network diagrams.

  • Question 138:

    A security analyst is tasked to create an executive briefing, which explains the activity and motivation of a cyber adversary. Which of the following is the MOST important content for the brief for management personnel to understand?

    A. Threat actor types, threat actor motivation, and attack tools
    B. Unsophisticated agents, organized groups, and nation states
    C. Threat actor types, attack sophistication, and the anatomy of an attack
    D. Threat actor types, threat actor motivation, and the attack impact

  • Question 139:

    A small bank is introducing online banking to its customers through its new secured website. The firewall has three interfaces: one for the Internet connection, another for the DMZ, and the other for the internal network. Which of the following will provide the MOST protection from all likely attacks on the bank?

    A. Implement NIPS inline between the web server and the firewall.
    B. Implement a web application firewall inline between the web server and the firewall.
    C. Implement host intrusion prevention on all machines at the bank.
    D. Configure the firewall policy to only allow communication with the web server using SSL.

  • Question 140:

    The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the following BEST describes the scenario presented and the document the ISO is reviewing?

    A. The ISO is evaluating the business implications of a recent telephone system failure within the BIA.
    B. The ISO is investigating the impact of a possible downtime of the messaging system within the RA.
    C. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ.
    D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.