1. Home
  2. CompTIA
  3. CAS-002

CompTIA CAS-002 Online Practice Questions and Exam Preparation

CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 541:

    Which of the following BEST explains SAML?

    A. A security attestation model built on XML and SOAP-based services, which allows for the exchange of AandA data between systems and supports Federated Identity Management.
    B. An XML and SOAP-based protocol, which enables the use of PKI for code signing and SSO by using SSL and SSH to establish a trust model.
    C. A security model built on the transfer of assertions over XML and SOAP-based protocols, which allows for seamless SSO and the open exchange of data.
    D. A security verification model built on SSO and SSL-based services, which allows for the exchange of PKI data between users and supports XACML.

  • Question 542:

    A storage as a service company implements both encryption at rest as well as encryption in transit of customers' data. The security administrator is concerned with the overall security of the encrypted customer data stored by the company servers and wants the development team to implement a solution that will strengthen the customer's encryption key. Which of the following, if implemented, will MOST increase the time an offline password attack against the customers' data would take?

    A. key = NULL ; for (int i=0; i
    B. password = NULL ; for (int i=0; i
    C. password = password + sha(password+salt) + aes256(password+salt)
    D. key = aes128(sha256(password), password))

  • Question 543:

    After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position?

    A. Least privilege
    B. Job rotation
    C. Mandatory vacation
    D. Separation of duties

  • Question 544:

    An administrator is reviewing logs and sees the following entry:

    Message: Access denied with code 403 (phase 2). Pattern match "\bunion\b.{1,100}?\bselect\b" at ARGS:$id. [data "union all select"] [severity "CRITICAL"] [tag "WEB_ATTACK"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] Action: Intercepted (phase 2) Apache- Handler: php5-script Which of the following attacks was being attempted?

    A. Session hijacking
    B. Cross-site script
    C. SQL injection
    D. Buffer overflow

  • Question 545:

    A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system?

    A. Isolate the system on a secure network to limit its contact with other systems
    B. Implement an application layer firewall to protect the payroll system interface
    C. Monitor the system's security log for unauthorized access to the payroll application
    D. Perform reconciliation of all payroll transactions on a daily basis

  • Question 546:

    A security administrator is tasked with increasing the availability of the storage networks while enhancing the performance of existing applications. Which of the following technologies should the administrator implement to meet these goals? (Select TWO).

    A. LUN masking
    B. Snapshots
    C. vSAN
    D. Dynamic disk pools
    E. Multipath
    F. Deduplication

  • Question 547:

    An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure?

    A. Replicate NAS changes to the tape backups at the other datacenter.
    B. Ensure each server has two HBAs connected through two routes to the NAS.
    C. Establish deduplication across diverse storage paths.
    D. Establish a SAN that replicates between datacenters.

  • Question 548:

    A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re-usable patterns into account. Which of the following would BEST help to achieve these objectives?

    A. Construct a library of re-usable security patterns
    B. Construct a security control library
    C. Introduce an ESA framework
    D. Include SRTM in the SDLC

  • Question 549:

    An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the-middle attack. Which of the following controls should be implemented to mitigate the attack in the future?

    A. Use PAP for secondary authentication on each RADIUS server
    B. Disable unused EAP methods on each RADIUS server
    C. Enforce TLS connections between RADIUS servers
    D. Use a shared secret for each pair of RADIUS servers

  • Question 550:

    DRAG DROP

    Company A has experienced external attacks on their network and wants to minimize the attacks from reoccurring. Modify the network diagram to prevent SQL injections, XSS attacks, smurf attacks, e-mail spam, downloaded malware, viruses and ping attacks. The company can spend a MAXIMUM of $50,000 USD. A cost list for each item is listed below:

    1.

    Anti-Virus Server - $10,000

    2.

    Firewall-$15,000

    3.

    Load Balanced Server - $10,000

    4.

    NIDS/NIPS-$10,000

    5.

    Packet Analyzer - $5,000

    6.

    Patch Server-$15,000

    7.

    Proxy Server-$20,000

    8.

    Router-$10,000

    9.

    Spam Filter-$5,000

    10.

    Traffic Shaper - $20,000

    11.

    Web Application Firewall - $10,000

    Instructions: Not all placeholders in the diagram need to be filled and items can only be used once. If you place an object on the network diagram, you can remove it by clicking the (x) in the upper right-hand of the object.

    Select and Place:

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.