1. Home
  2. CompTIA
  3. CAS-002

CompTIA CAS-002 Online Practice Questions and Exam Preparation

CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 411:

    The IT Manager has mandated that an extensible markup language be implemented which can be used to exchange provisioning requests and responses for account creation. Which of the following is BEST able to achieve this?

    A. XACML
    B. SAML
    C. SOAP
    D. SPML

  • Question 412:

    An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO).

    A. LDAP/S
    B. SAML
    C. NTLM
    D. OAUTH
    E. Kerberos

  • Question 413:

    The Universal Research Association has just been acquired by the Association of Medical Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part of the acquisition, but cannot fund labor for major software projects. Which of the following will MOST likely result in some IT resources not being integrated?

    A. One of the companies may use an outdated VDI.
    B. Corporate websites may be optimized for different web browsers.
    C. Industry security standards and regulations may be in conflict.
    D. Data loss prevention standards in one company may be less stringent.

  • Question 414:

    A senior network security engineer has been tasked to decrease the attack surface of the corporate network. Which of the following actions would protect the external network interfaces from external attackers performing network scanning?

    A. Remove contact details from the domain name registrar to prevent social engineering attacks.
    B. Test external interfaces to see how they function when they process fragmented IP packets.
    C. Enable a honeynet to capture and facilitate future analysis of malicious attack vectors.
    D. Filter all internal ICMP message traffic, forcing attackers to use full-blown TCP port scans against external network interfaces.

  • Question 415:

    A helpdesk manager at a financial company has received multiple reports from employees and customers that their phone calls sound metallic on the voice system. The helpdesk has been using VoIP lines encrypted from the handset to the PBX for several years. Which of the following should be done to address this issue for the future?

    A. SIP session tagging and QoS
    B. A dedicated VLAN
    C. Lower encryption setting
    D. Traffic shaping

  • Question 416:

    A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations?

    A. vTPM
    B. HSM
    C. TPM
    D. INE

  • Question 417:

    A security architect is seeking to outsource company server resources to a commercial cloud service provider. The provider under consideration has a reputation for poorly controlling physical access to datacenters and has been the victim of multiple social engineering attacks. The service provider regularly assigns VMs from multiple clients to the same physical resources. When conducting the final risk assessment which of the following should the security architect take into consideration?

    A. The ability to implement user training programs for the purpose of educating internal staff about the dangers of social engineering.
    B. The cost of resources required to relocate services in the event of resource exhaustion on a particular VM.
    C. The likelihood a malicious user will obtain proprietary information by gaining local access to the hypervisor platform.
    D. Annual loss expectancy resulting from social engineering attacks against the cloud service provider affecting corporate network infrastructure.

  • Question 418:

    A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on their network. Vendors were authenticating directly to the retailer's AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit card servers were kept. The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that because the vendors were required to have site to site VPN's no other security action was taken.

    To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed?

    A. Residual Risk calculation
    B. A cost/benefit analysis
    C. Quantitative Risk Analysis
    D. Qualitative Risk Analysis

  • Question 419:

    A security incident happens three times a year on a company's web server costing the company $1,500 in downtime, per occurrence. The web server is only for archival access and is scheduled to be decommissioned in five years. The cost of implementing software to prevent this incident would be $15,000 initially, plus $1,000 a year for maintenance. Which of the following is the MOST cost-effective manner to deal with this risk?

    A. Avoid the risk
    B. Transfer the risk
    C. Accept the risk
    D. Mitigate the risk

  • Question 420:

    For companies seeking to move to cloud services, variances in regulation between jurisdictions can be addressed in which of the following ways?

    A. Ensuring the cloud service provides high availability spanning multiple regions.
    B. Using an international private cloud model as opposed to public IaaS.
    C. Encrypting all data moved to or processed in a cloud-based service.
    D. Tagging VMs to ensure they are only run in certain geographic regions.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.