1. Home
  2. CompTIA
  3. CAS-002

CompTIA CAS-002 Online Practice Questions and Exam Preparation

CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 481:

    The security administrator is receiving numerous alerts from the internal IDS of a possible Conficker infection spreading through the network via the Windows file sharing services. Given the size of the company which deploys over 20,000 workstations and 1,000 servers, the security engineer believes that the best course of action is to block the file sharing service across the organization by placing ACLs on the internal routers.

    Which of the following should the security administrator do before applying the ACL?

    A. Quickly research best practices with respect to stopping Conficker infections and implement the solution.
    B. Consult with the rest of the security team and get approval on the solution by all the team members and the team manager.
    C. Apply the ACL immediately since this is an emergency that could lead to a widespread data compromise.
    D. Call an emergency change management meeting to ensure the ACL will not impact core business functions.

  • Question 482:

    An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous monitoring of authorized information systems?

    A. Independent verification and validation
    B. Security test and evaluation
    C. Risk assessment
    D. Ongoing authorization

  • Question 483:

    A company is in the process of implementing a new front end user interface for its customers, the goal is to provide them with more self service functionality. The application has been written by developers over the last six months and the project is currently in the test phase.

    Which of the following security activities should be implemented as part of the SDL in order to provide the MOST security coverage over the solution? (Select TWO).

    A. Perform unit testing of the binary code
    B. Perform code review over a sampling of the front end source code
    C. Perform black box penetration testing over the solution
    D. Perform grey box penetration testing over the solution
    E. Perform static code review over the front end source code

  • Question 484:

    A security administrator is investigating the compromise of a SCADA network that is not physically connected to any other network. Which of the following is the MOST likely cause of the compromise?

    A. Outdated antivirus definitions
    B. Insecure wireless
    C. Infected USB device
    D. SQL injection

  • Question 485:

    A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital's guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital's system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).

    A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.
    B. Device encryption has not been enabled and will result in a greater likelihood of data loss.
    C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.
    D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.
    E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.

  • Question 486:

    Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command string:

    user@hostname:~$ sudo nmap 192.168.1.54

    Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:

    TCP/22

    TCP/111

    TCP/512-514

    TCP/2049

    TCP/32778

    Based on this information, which of the following operating systems is MOST likely running on the unknown node?

    A. Linux
    B. Windows
    C. Solaris
    D. OSX

  • Question 487:

    An internal employee has sold a copy of the production customer database that was being used for upgrade testing to outside parties via HTTP file upload. The Chief Information Officer (CIO) has resigned and the Chief Executive Officer (CEO) has tasked the incoming CIO with putting effective controls in place to help prevent this from occurring again in the future. Which of the following controls is the MOST effective in preventing this threat from re-occurring?

    A. Network-based intrusion prevention system
    B. Data loss prevention
    C. Host-based intrusion detection system
    D. Web application firewall

  • Question 488:

    An extensible commercial software system was upgraded to the next minor release version to patch a security vulnerability. After the upgrade, an unauthorized intrusion into the system was detected. The software vendor is called in to

    troubleshoot the issue and reports that all core components were updated properly.

    Which of the following has been overlooked in securing the system? (Select TWO).

    A. The company's IDS signatures were not updated.
    B. The company's custom code was not patched.
    C. The patch caused the system to revert to http.
    D. The software patch was not cryptographically signed.
    E. The wrong version of the patch was used.
    F. Third-party plug-ins were not patched.

  • Question 489:

    Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology. Which of the following would be the advantage of conducting this kind of penetration test?

    A. The risk of unplanned server outages is reduced.
    B. Using documentation provided to them, the pen-test organization can quickly determine areas to focus on.
    C. The results will show an in-depth view of the network and should help pin-point areas of internal weakness.
    D. The results should reflect what attackers may be able to learn about the company.

  • Question 490:

    Company XYZ is selling its manufacturing business consisting of one plant to a competitor, Company QRS. All of the people will become QRS employees, but will retain permissions to plant-specific information and resources for one month. To ease the transition, Company QRS also connected the plant and employees to the Company QRS network. Which of the following threats is the HIGHEST risk to Company XYZ?

    A. Malware originating from Company XYZ's network
    B. Co-mingling of company networks
    C. Lack of an IPSec connection between the two networks
    D. Loss of proprietary plant information

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.