1. Home
  2. CompTIA
  3. CAS-002

CompTIA CAS-002 Online Practice Questions and Exam Preparation

CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 521:

    A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?

    A. The tool could show that input validation was only enabled on the client side
    B. The tool could enumerate backend SQL database table and column names
    C. The tool could force HTTP methods such as DELETE that the server has denied
    D. The tool could fuzz the application to determine where memory leaks occur

  • Question 522:

    A security consultant is hired by a company to determine if an internally developed web application is vulnerable to attacks. The consultant spent two weeks testing the application, and determines that no vulnerabilities are present. Based on the results of the tools and tests available, which of the following statements BEST reflects the security status of the application?

    A. The company's software lifecycle management improved the security of the application.
    B. There are no vulnerabilities in the application.
    C. The company should deploy a web application firewall to ensure extra security.
    D. There are no known vulnerabilities at this time.

  • Question 523:

    A government agency considers confidentiality to be of utmost importance and availability issues to be of least importance. Knowing this, which of the following correctly orders various vulnerabilities in the order of MOST important to LEAST important?

    A. Insecure direct object references, CSRF, Smurf
    B. Privilege escalation, Application DoS, Buffer overflow
    C. SQL injection, Resource exhaustion, Privilege escalation
    D. CSRF, Fault injection, Memory leaks

  • Question 524:

    The database team has suggested deploying a SOA based system across the enterprise. The Chief Information Officer (CIO) has decided to consult the security manager about the risk implications for adopting this architecture. Which of the following are concerns that the security manager should present to the CIO concerning the SOA system? (Select TWO).

    A. Users and services are centralized and only available within the enterprise.
    B. Users and services are distributed, often times over the Internet
    C. SOA centrally manages legacy systems, and opens the internal network to vulnerabilities.
    D. SOA abstracts legacy systems as a virtual device and is susceptible to VMEscape.
    E. SOA abstracts legacy systems as web services, which are often exposed to outside threats.

  • Question 525:

    Every year, the accounts payable employee, Ann, takes a week off work for a vacation. She typically completes her responsibilities remotely during this week. Which of the following policies, when implemented, would allow the company to audit this employee's work and potentially discover improprieties?

    A. Job rotation
    B. Mandatory vacations
    C. Least privilege
    D. Separation of duties

  • Question 526:

    A company has issued a new mobile device policy permitting BYOD and company-issued devices. The company-issued device has a managed middleware client that restricts the applications allowed on company devices and provides those that are approved. The middleware client provides configuration standardization for both company owned and BYOD to secure data and communication to the device according to industry best practices. The policy states that, "BYOD clients must meet the company's infrastructure requirements to permit a connection." The company also issues a memorandum separate from the policy, which provides instructions for the purchase, installation, and use of the middleware client on BYOD. Which of the following is being described?

    A. Asset management
    B. IT governance
    C. Change management
    D. Transference of risk

  • Question 527:

    An IT manager is working with a project manager to implement a new ERP system capable of transacting data between the new ERP system and the legacy system. As part of this process, both parties must agree to the controls utilized to secure data connections between the two enterprise systems. This is commonly documented in which of the following formal documents?

    A. Memorandum of Understanding
    B. Information System Security Agreement
    C. Interconnection Security Agreement
    D. Interoperability Agreement
    E. Operating Level Agreement

  • Question 528:

    Company ABC's SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN?

    A. Enable multipath to increase availability
    B. Enable deduplication on the storage pools
    C. Implement snapshots to reduce virtual disk size
    D. Implement replication to offsite datacenter

  • Question 529:

    A Chief Information Security Officer (CISO) has requested that a SIEM solution be implemented. The CISO wants to know upfront what the projected TCO would be before looking further into this concern. Two vendor proposals have been

    received:

    Vendor A: product-based solution which can be purchased by the pharmaceutical company. Capital expenses to cover central log collectors, correlators, storage and management consoles expected to be $150,000. Operational expenses are

    expected to be a 0.5 full time employee (FTE) to manage the solution, and 1 full time employee to respond to incidents per year. Vendor B: managed service-based solution which can be the outsourcer for the pharmaceutical company's

    needs.

    Bundled offering expected to be $100,000 per year.

    Operational expenses for the pharmaceutical company to partner with the vendor are expected to be a 0.5 FTE per year.

    Internal employee costs are averaged to be $80,000 per year per FTE. Based on calculating TCO of the two vendor proposals over a 5 year period, which of the following options is MOST accurate?

    A. Based on cost alone, having an outsourced solution appears cheaper.
    B. Based on cost alone, having an outsourced solution appears to be more expensive.
    C. Based on cost alone, both outsourced an in-sourced solutions appear to be the same.
    D. Based on cost alone, having a purchased product solution appears cheaper.

  • Question 530:

    The administrator is troubleshooting availability issues on an FCoE-based storage array that uses deduplication. The single controller in the storage array has failed, so the administrator wants to move the drives to a storage array from a different manufacturer in order to access the data. Which of the following issues may potentially occur?

    A. The data may not be in a usable format.
    B. The new storage array is not FCoE based.
    C. The data may need a file system check.
    D. The new storage array also only has a single controller.

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.