CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 11:

    A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task?

    A. Interview candidates, attend training, and hire a staffing company that specializes in technology jobs
    B. Interview employees and managers to discover the industry hot topics and trends
    C. Attend meetings with staff, internal training, and become certified in software management
    D. Attend conferences, webinars, and training to remain current with the industry and job requirements

  • Question 12:

    A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Which of the following controls has likely been implemented by the developers?

    A. SSL certificate revocation
    B. SSL certificate pinning
    C. Mobile device root-kit detection
    D. Extended Validation certificates

  • Question 13:

    The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router's external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company's external router's IP which is 128.20.176.19: 11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400

    11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400 11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400 Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration?

    A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company's ISP should be contacted and instructed to block the malicious packets.
    B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication.
    C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks.
    D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company's external router to block incoming UDP port 19 traffic.

  • Question 14:

    A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?

    A. The malware file's modify, access, change time properties.
    B. The timeline analysis of the file system.
    C. The time stamp of the malware in the swap file.
    D. The date/time stamp of the malware detection in the antivirus logs.

  • Question 15:

    A Chief Information Security Officer (CISO) is approached by a business unit manager who heard a report on the radio this morning about an employee at a competing firm who shipped a VPN token overseas so a fake employee could log into the corporate VPN. The CISO asks what can be done to mitigate the risk of such an incident occurring within the organization. Which of the following is the MOST cost effective way to mitigate such a risk?

    A. Require hardware tokens to be replaced on a yearly basis.
    B. Implement a biometric factor into the token response process.
    C. Force passwords to be changed every 90 days.
    D. Use PKI certificates as part of the VPN authentication process.

  • Question 16:

    The helpdesk is receiving multiple calls about slow and intermittent Internet access from the finance department. The network administrator reviews the tickets and compiles the following information for the security administrator:

    Caller 1, IP 172.16.35.217, NETMASK 255.255.254.0

    Caller 2, IP 172.16.35.53, NETMASK 255.255.254.0

    Caller 3, IP 172.16.35.173, NETMASK 255.255.254.0

    All callers are connected to the same switch and are routed by a router with five built-in interfaces. The upstream router interface's MAC is 00-01-42-32-ab-1a ------ The security administrator brings a laptop to the finance office, connects it to

    one of the wall jacks, starts up a network analyzer, and notices the following:

    09:05:10.937590 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)

    09:05:15.934840 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52)

    09:05:19.931482 arp reply 172.16.34.1 is-at 0:12:3f:f1:da:52 (0:12:3f:f1:da:52) Which of the following can the security administrator determine from the above information?

    A. A man in the middle attack is underway - implementing static ARP entries is a possible solution.
    B. An ARP flood attack targeted at the router is causing intermittent communication implementing IPS is a possible solution.
    C. The default gateway is being spoofed - implementing static routing with MD5 is a possible solution.
    D. The router is being advertised on a separate network - router reconfiguration is a possible solution.

  • Question 17:

    A security engineer is troubleshooting a possible virus infection, which may have spread to multiple desktop computers within the organization. The company implements enterprise antivirus software on all desktops, but the enterprise antivirus server's logs show no sign of a virus infection. The border firewall logs show suspicious activity from multiple internal hosts trying to connect to the same external IP address. The security administrator decides to post the firewall logs to a security mailing list and receives confirmation from other security administrators that the firewall logs indicate internal hosts are compromised with a new variant of the Trojan.Ransomcrypt.G malware not yet detected by most antivirus software. Which of the following would have detected the malware infection sooner?

    A. The security administrator should consider deploying a signature-based intrusion detection system.
    B. The security administrator should consider deploying enterprise forensic analysis tools.
    C. The security administrator should consider installing a cloud augmented security service.
    D. The security administrator should consider establishing an incident response team.

  • Question 18:

    An administrator has enabled salting for users' passwords on a UNIX box. A penetration tester must attempt to retrieve password hashes. Which of the following files must the penetration tester use to eventually obtain passwords on the system? (Select TWO).

    A. /etc/passwd
    B. /etc/shadow
    C. /etc/security
    D. /etc/password
    E. /sbin/logon
    F. /bin/bash

  • Question 19:

    An IT administrator has installed new DNS name servers (Primary and Secondary), which are used to host the company MX records and resolve the web server's public address. In order to secure the zone transfer between the primary and secondary server, the administrator uses only server ACLs. Which of the following attacks could the secondary DNS server still be susceptible to?

    A. Email spamming
    B. IP spoofing
    C. Clickjacking
    D. DNS replication

  • Question 20:

    Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request: POST /login.aspx HTTP/1.1 Host: comptia.org Content-type: text/html txtUsername=annandtxtPassword=annandalreadyLoggedIn=falseandsubmit=true Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?

    A. Remove all of the post data and change the request to /login.aspx from POST to GET
    B. Attempt to brute force all usernames and passwords using a password cracker
    C. Remove the txtPassword post data and change alreadyLoggedIn from false to true
    D. Remove the txtUsername and txtPassword post data and toggle submit from true to false

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.