1. Home
  2. CompTIA
  3. CAS-002

CompTIA CAS-002 Online Practice Questions and Exam Preparation

CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 421:

    After implementing port security, restricting all network traffic into and out of a network, migrating to IPv6, installing NIDS, firewalls, spam and application filters, a security administer is convinced that the network is secure. The administrator now focuses on securing the hosts on the network, starting with the servers.

    Which of the following is the MOST complete list of end-point security software the administrator could plan to implement?

    A. Anti-malware/virus/spyware/spam software, as well as a host based firewall and strong, two- factor authentication.
    B. Anti-virus/spyware/spam software, as well as a host based IDS, firewall, and strong three- factor authentication.
    C. Anti-malware/virus/spyware/spam software, as well as a host based firewall and biometric authentication.
    D. Anti-malware/spam software, as well as a host based firewall and strong, three-factor authentication.

  • Question 422:

    A system administrator is troubleshooting a possible denial of service on a sensitive system. The system seems to run properly for a few hours after it is restarted, but then it suddenly stops processing transactions. The system administrator suspects an internal DoS caused by a disgruntled developer who is currently seeking a new job while still working for the company. After looking into various system logs, the system administrator looks at the following output from the main system service responsible for processing incoming transactions. DATE/TIMEPIDCOMMAND%CPUMEM

    031020141030002055com.proc10.2920K 031020141100002055com.proc12.35.2M 031020141230002055com.proc22.022M 031020141300002055com.proc33.01.6G 031020141330002055com.proc30.28.0G Which of the following is the MOST likely cause for the DoS?

    A. The system does not implement proper garbage collection.
    B. The system is susceptible to integer overflow.
    C. The system does not implement input validation.
    D. The system does not protect against buffer overflows properly.

  • Question 423:

    The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company's contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO).

    A. Block traffic from the ISP's networks destined for blacklisted IPs.
    B. Prevent the ISP's customers from querying DNS servers other than those hosted by the ISP.
    C. Block traffic with a source IP not allocated to the ISP from exiting the ISP's network.
    D. Scan the ISP's customer networks using an up-to-date vulnerability scanner.
    E. Notify customers when services they run are involved in an attack.

  • Question 424:

    An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?

    A. Review switch and router configurations
    B. Review the security policies and standards
    C. Perform a network penetration test
    D. Review the firewall rule set and IPS logs

  • Question 425:

    The IT department of a pharmaceutical research company is considering whether the company should allow or block access to social media websites during lunch time. The company is considering the possibility of allowing access only through the company's guest wireless network, which is logically separated from the internal research network. The company prohibits the use of personal devices; therefore, such access will take place from company owned laptops.

    Which of the following is the HIGHEST risk to the organization?

    A. Employee's professional reputation
    B. Intellectual property confidentiality loss
    C. Downloaded viruses on the company laptops
    D. Workstation compromise affecting availability

  • Question 426:

    A data processing server uses a Linux based file system to remotely mount physical disks on a shared SAN. The server administrator reports problems related to processing of files where the file appears to be incompletely written to the disk. The network administration team has conducted a thorough review of all network infrastructure and devices and found everything running at optimal performance. Other SAN customers are unaffected. The data being processed consists of millions of small files being written to disk from a network source one file at a time. These files are then accessed by a local Java program for processing before being transferred over the network to a SE Linux host for processing. Which of the following is the MOST likely cause of the processing problem?

    A. The administrator has a PERL script running which disrupts the NIC by restarting the CRON process every 65 seconds.
    B. The Java developers accounted for network latency only for the read portion of the processing and not the write process.
    C. The virtual file system on the SAN is experiencing a race condition between the reads and writes of network files.
    D. The Linux file system in use cannot write files as fast as they can be read by the Java program resulting in the errors.

  • Question 427:

    The Chief Information Security Officer (CISO) at a software development company is concerned about the lack of introspection during a testing cycle of the company's flagship product. Testing was conducted by a small offshore consulting

    firm and the report by the consulting firm clearly indicates that limited test cases were used and many of the code paths remained untested.

    The CISO raised concerns about the testing results at the monthly risk committee meeting, highlighting the need to get to the bottom of the product behaving unexpectedly in only some large enterprise deployments.

    The Security Assurance and Development teams highlighted their availability to redo the testing if required.

    Which of the following will provide the MOST thorough testing?

    A. Have the small consulting firm redo the Black box testing.
    B. Use the internal teams to perform Grey box testing.
    C. Use the internal team to perform Black box testing.
    D. Use the internal teams to perform White box testing.
    E. Use a larger consulting firm to perform Black box testing.

  • Question 428:

    A company is planning to deploy an in-house Security Operations Center (SOC). One of the new requirements is to deploy a NIPS solution into the Internet facing environment.

    The SOC highlighted the following requirements:

    Perform fingerprinting on unfiltered inbound traffic to the company

    Monitor all inbound and outbound traffic to the DMZ's

    In which of the following places should the NIPS be placed in the network?

    A. In front of the Internet firewall and in front of the DMZs
    B. In front of the Internet firewall and in front of the internal firewall
    C. In front of the Internet firewall and behind the internal firewall
    D. Behind the Internet firewall and in front of the DMZs

  • Question 429:

    An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network administrator sets up rules to deny packets with a source address in this subnet from entering the network, and to deny packets with a destination address in this subnet from leaving the network. Which of the following is the administrator attempting to prevent?

    A. BGP route hijacking attacks
    B. Bogon IP network traffic
    C. IP spoofing attacks
    D. Man-in-the-middle attacks
    E. Amplified DDoS attacks

  • Question 430:

    An organization has had component integration related vulnerabilities exploited in consecutive releases of the software it hosts. The only reason the company was able to identify the compromises was because of a correlation of slow server performance and an attentive security analyst noticing unusual outbound network activity from the application servers. End-to-end management of the development process is the responsibility of the applications development manager and testing is done by various teams of programmers. Which of the following will MOST likely reduce the likelihood of similar incidents?

    A. Conduct monthly audits to verify that application modifications do not introduce new vulnerabilities.
    B. Implement a peer code review requirement prior to releasing code into production.
    C. Follow secure coding practices to minimize the likelihood of creating vulnerable applications.
    D. Establish cross-functional planning and testing requirements for software development activities.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.