1. Home
  2. CompTIA
  3. CAS-002

CompTIA CAS-002 Online Practice Questions and Exam Preparation

CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 281:

    As part of a new wireless implementation, the Chief Information Officer's (CIO's) main objective is to immediately deploy a system that supports the 802.11r standard, which will help wireless VoIP devices in moving vehicles. However, the 802.11r standard was not ratified by the IETF. The wireless vendor's products do support the pre-ratification version of 802.11r. The security and network administrators have tested the product and do not see any security or compatibility issues; however, they are concerned that the standard is not yet final. Which of the following is the BEST way to proceed?

    A. Purchase the equipment now, but do not use 802.11r until the standard is ratified.
    B. Do not purchase the equipment now as the client devices do not yet support 802.11r.
    C. Purchase the equipment now, as long as it will be firmware upgradeable to the final 802.11r standard.
    D. Do not purchase the equipment now; delay the implementation until the IETF has ratified the final 802.11r standard.

  • Question 282:

    The Chief Executive Officer (CEO) of a corporation purchased the latest mobile device and connected it to the internal network. The CEO proceeded to download sensitive financial documents through their email. The device was then lost in transit to a conference. The CEO notified the company helpdesk about the lost device and another one was shipped out, after which the helpdesk ticket was closed stating the issue was resolved.

    This data breach was not properly reported due to insufficient training surrounding which of the following processes?

    A. E-Discovery
    B. Data handling
    C. Incident response
    D. Data recovery and storage

  • Question 283:

    A corporate executive lost their smartphone while on an overseas business trip. The phone was equipped with file encryption and secured with a strong passphrase. The phone contained over 60GB of proprietary data. Given this scenario, which of the following is the BEST course of action?

    A. File an insurance claim and assure the executive the data is secure because it is encrypted.
    B. Immediately implement a plan to remotely wipe all data from the device.
    C. Have the executive change all passwords and issue the executive a new phone.
    D. Execute a plan to remotely disable the device and report the loss to the police.

  • Question 284:

    A large enterprise introduced a next generation firewall appliance into the Internet facing DMZ. All Internet traffic passes through this appliance. Four hours after implementation the network engineering team discovered that traffic through the DMZ now has un-acceptable latency, and is recommending that the new firewall be taken offline. At what point in the implementation process should this problem have been discovered?

    A. During the product selection phase
    B. When testing the appliance
    C. When writing the RFP for the purchase process
    D. During the network traffic analysis phase

  • Question 285:

    A security administrator at a Lab Company is required to implement a solution which will provide the highest level of confidentiality possible to all data on the lab network.

    The current infrastructure design includes:

    Two-factor token and biometric based authentication for all users Attributable administrator accounts Logging of all transactions Full disk encryption of all HDDs Finely granular access controls to all resources Full virtualization of all servers The use of LUN masking to segregate SAN data Port security on all switches

    The network is protected with a firewall implementing ACLs, a NIPS device, and secured wireless access points. Which of the following cryptographic improvements should be made to the current architecture to achieve the stated goals?

    A. PKI based authorization
    B. Transport encryption
    C. Data at rest encryption
    D. Code signing

  • Question 286:

    Which of the following is the MOST secure way to ensure third party applications and introduce only acceptable risk?

    A. Line by line code review and simu-lation; uncovers hidden vulnerabilities and allows for behavior to be observed with minimal risk.
    B. Technical exchange meetings with the application's vendor; vendors have more in depth knowledge of the product.
    C. Pilot trial; minimizes the impact to the enterprise while still providing services to enterprise users.
    D. Full deployment with crippled features; allows for large scale testing and observation of the applications security profile.

  • Question 287:

    A UNIX administrator notifies the storage administrator that extra LUNs can be seen on a UNIX server. The LUNs appear to be NTFS file systems. Which of the following MOST likely happened?

    A. The iSCSI initiator was not restarted.
    B. The NTFS LUNs are snapshots.
    C. The HBA allocation is wrong.
    D. The UNIX server is multipathed.

  • Question 288:

    A bank has just outsourced the security department to a consulting firm, but retained the security architecture group. A few months into the contract the bank discovers that the consulting firm has sub- contracted some of the security functions to another provider. Management is pressuring the sourcing manager to ensure adequate protections are in place to insulate the bank from legal and service exposures. Which of the following is the MOST appropriate action to take?

    A. Directly establish another separate service contract with the sub-contractor to limit the risk exposure and legal implications.
    B. Ensure the consulting firm has service agreements with the sub-contractor; if the agreement does not exist, exit the contract when possible.
    C. Log it as a risk in the business risk register and pass the risk to the consulting firm for acceptance and responsibility.
    D. Terminate the contract immediately and bring the security department in-house again to reduce legal and regulatory exposure.

  • Question 289:

    A general insurance company wants to set up a new online business. The requirements are that the solution needs to be:

    Extendable for new products to be developed and added Externally facing for customers and business partners to login Usable and manageable Be able to integrate seamlessly with third parties for non core functions such as document

    printing Secure to protect customer's personal information and credit card information during transport and at rest

    The conceptual solution architecture has specified that the application will consist of a traditional three tiered architecture for the front end components, an ESB to provide services, data transformation capability and legacy system integration

    and a web services gateway.

    Which of the following security components will BEST meet the above requirements and fit into the solution architecture? (Select TWO).

    A. Implement WS-Security for services authentication and XACML for service authorization.
    B. Use end-to-end application level encryption to encrypt all fields and store them encrypted in the database.
    C. Implement a certificate based solution on a smart card in combination with a PIN to provide authentication and authorization of users.
    D. Implement WS-Security as a federated single sign-on solution for authentication authorization of users.
    E. Implement SSL encryption for all sensitive data flows and encryption of passwords of the data at rest.
    F. Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage.

  • Question 290:

    A hosting company provides inexpensive guest virtual machines to low-margin customers. Customers manage their own guest virtual machines. Some customers want basic guarantees of logical separation from other customers and it has been indicated that some customers would like to have configuration control of this separation; whereas others want this provided as a value-added service by the hosting company. Which of the following BEST meets these requirements?

    A. The hosting company should install a hypervisor-based firewall and allow customers to manage this on an as-needed basis.
    B. The hosting company should manage the hypervisor-based firewall; while allowing customers to configure their own host-based firewall.
    C. Customers should purchase physical firewalls to protect their guest hosts and have the hosting company manage these if requested.
    D. The hosting company should install a host-based firewall on customer guest hosts and offer to administer host firewalls for customers if requested.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.