CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 31:

    A security administrator was doing a packet capture and noticed a system communicating with an unauthorized address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network. Which of the following is the BEST course of action?

    A. Investigate the network traffic and block UDP port 3544 at the firewall
    B. Remove the system from the network and disable IPv6 at the router
    C. Locate and remove the unauthorized 6to4 relay from the network
    D. Disable the switch port and block the 2001::/32 traffic at the firewall

  • Question 32:

    The network administrator has been tracking the cause of network performance problems and decides to take a look at the internal and external router stats.

    Which of the following should the network administrator do to resolve the performance issue after analyzing the above information?

    A. The IP TOS field of business related network traffic should be modified accordingly.
    B. The TCP flags of business related traffic should be modified accordingly.
    C. An ACL should be placed on the external router to drop incoming ICMP packets.
    D. An ACL should be placed on the internal router to drop layer 4 packets to and from port 0.

  • Question 33:

    The security manager is in the process of writing a business case to replace a legacy secure web gateway so as to meet an availability requirement of 99.9% service availability. According to the vendor, the newly acquired firewall has been rated with an MTBF of 10,000 hours and has an MTTR of 2 hours. This equates to 1.75 hours per year of downtime. Based on this, which of the following is the MOST accurate statement?

    A. The firewall will meet the availability requirement because availability will be 99.98%.
    B. The firewall will not meet the availability requirement because availability will be 85%.
    C. The firewall will meet the availability requirement because availability will be 99.993%.
    D. The firewall will not meet the availability requirement because availability will be 99.2%.

  • Question 34:

    If a technician must take an employee's workstation into custody in response to an investigation, which of the following can BEST reduce the likelihood of related legal issues?

    A. A formal letter from the company's president approving the seizure of the workstation.
    B. A formal training and awareness program on information security for all company managers.
    C. A screen displayed at log in that informs users of the employer's rights to seize, search, and monitor company devices.
    D. A printout of an activity log, showing that the employee has been spending substantial time on non- work related websites.

  • Question 35:

    A network administrator with a company's NSP has received a CERT alert for targeted adversarial behavior at the company. In addition to the company's physical security, which of the following can the network administrator use to scan and detect the presence of a malicious actor physically accessing the company's network or information systems from within? (Select TWO).

    A. RAS
    B. Vulnerability scanner
    C. HTTP intercept
    D. HIDS
    E. Port scanner
    F. Protocol analyzer

  • Question 36:

    Which of the following provides the BEST risk calculation methodology?

    A. Annual Loss Expectancy (ALE) x Value of Asset
    B. Potential Loss x Event Probability x Control Failure Probability
    C. Impact x Threat x Vulnerability
    D. Risk Likelihood x Annual Loss Expectancy (ALE)

  • Question 37:

    A Linux security administrator is attempting to resolve performance issues with new software installed on several baselined user systems. After investigating, the security administrator determines that the software is not initializing or executing correctly. For security reasons, the company has implemented trusted operating systems with the goal of preventing unauthorized changes to the configuration baseline. The MOST likely cause of this problem is that SE Linux is set to:

    A. Enforcing mode with an incorrectly configured policy.
    B. Enforcing mode with no policy configured.
    C. Disabled with a correctly configured policy.
    D. Permissive mode with an incorrectly configured policy.

  • Question 38:

    A Chief Information Security Officer (CISO) of a major consulting firm has significantly increased the company's security posture; however, the company is still plagued by data breaches of misplaced assets. These data breaches as a result have led to the compromise of sensitive corporate and client data on at least 25 occasions. Each employee in the company is provided a laptop to perform company business. Which of the following actions can the CISO take to mitigate the breaches?

    A. Reload all user laptops with full disk encryption software immediately.
    B. Implement full disk encryption on all storage devices the firm owns.
    C. Implement new continuous monitoring procedures.
    D. Implement an open source system which allows data to be encrypted while processed.

  • Question 39:

    A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time. A total outage period of four hours is permitted for servers. Workstations can undergo maintenance from 8:00 pm to 6:00 am daily. Which of the following can specify parameters for the maintenance work? (Select TWO).

    A. Managed security service
    B. Memorandum of understanding
    C. Quality of service
    D. Network service provider
    E. Operating level agreement

  • Question 40:

    Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network?

    A. Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access.
    B. Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments.
    C. Provide sales staff with a separate laptop with no administrator access just for sales visits.
    D. Update the acceptable use policy and ensure sales staff read and acknowledge the policy.

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.