CAS-002 Exam Details

  • Exam Code
    :CAS-002
  • Exam Name
    :CompTIA Advanced Security Practitioner (CASP+)
  • Certification
    :CompTIA Certifications
  • Vendor
    :CompTIA
  • Total Questions
    :733 Q&As
  • Last Updated
    :Jan 22, 2024

CompTIA CAS-002 Online Questions & Answers

  • Question 681:

    Within a large organization, the corporate security policy states that personal electronic devices are not allowed to be placed on the company network. There is considerable pressure from the company board to allow smartphones to connect and synchronize email and calendar items of board members and company executives. Which of the following options BEST balances the security and usability requirements of the executive management team?

    A. Allow only the executive management team the ability to use personal devices on the company network, as they have important responsibilities and need convenient access.
    B. Review the security policy. Perform a risk evaluation of allowing devices that can be centrally managed, remotely disabled, and have device-level encryption of sensitive data.
    C. Stand firm on disallowing non-company assets from connecting to the network as the assets may lead to undesirable security consequences, such as sensitive emails being leaked outside the company.
    D. Allow only certain devices that are known to have the ability of being centrally managed. Do not allow any other smartphones until the device is proven to be centrally managed.

  • Question 682:

    An internal development team has migrated away from Waterfall development to use Agile development. Overall, this has been viewed as a successful initiative by the stakeholders as it has improved time-to- market. However, some staff within the security team have contended that Agile development is not secure. Which of the following is the MOST accurate statement?

    A. Agile and Waterfall approaches have the same effective level of security posture. They both need similar amounts of security effort at the same phases of development.
    B. Agile development is fundamentally less secure than Waterfall due to the lack of formal up-front design and inability to perform security reviews.
    C. Agile development is more secure than Waterfall as it is a more modern methodology which has the advantage of having been able to incorporate security best practices of recent years.
    D. Agile development has different phases and timings compared to Waterfall. Security activities need to be adapted and performed within relevant Agile phases.

  • Question 683:

    Three companies want to allow their employees to seamlessly connect to each other's wireless corporate networks while keeping one consistent wireless client configuration. Each company wants to maintain its own authentication infrastructure and wants to ensure that an employee who is visiting the other two companies is authenticated by the home office when connecting to the other companies' wireless network. All three companies have agreed to standardize on 802.1x EAP- PEAP-MSCHAPv2 for client configuration. Which of the following should the three companies implement?

    A. The three companies should agree on a single SSID and configure a hierarchical RADIUS system which implements trust delegation.
    B. The three companies should implement federated authentication through Shibboleth connected to an LDAP backend and agree on a single SSID.
    C. The three companies should implement a central portal-based single sign-on and agree to use the same CA when issuing client certificates.
    D. All three companies should use the same wireless vendor to facilitate the use of a shared cloud based wireless controller.

  • Question 684:

    A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two

    are not expected to be upgraded or removed from the network.

    Which of the following processes should be followed?

    A. Establish a risk matrix
    B. Inherit the risk for six months
    C. Provide a business justification to avoid the risk
    D. Provide a business justification for a risk exception

  • Question 685:

    The risk manager has requested a security solution that is centrally managed, can easily be updated, and protects end users' workstations from both known and unknown malicious attacks when connected to either the office or home network. Which of the following would BEST meet this requirement?

    A. HIPS
    B. UTM
    C. Antivirus
    D. NIPS
    E. DLP

  • Question 686:

    A security manager has provided a Statement of Work (SOW) to an external penetration testing firm for a web application security test. The web application starts with a very simple HTML survey form with two components: a country selection dropdown list and a submit button. The penetration testers are required to provide their test cases for this survey form in advance. In order to adequately test the input validation of the survey form, which of the following tools would be the BEST tool for the technician to use?

    A. HTTP interceptor
    B. Vulnerability scanner
    C. Port scanner
    D. Fuzzer

  • Question 687:

    The manager of the firewall team is getting complaints from various IT teams that firewall changes are causing issues. Which of the following should the manager recommend to BEST address these issues?

    A. Set up a weekly review for relevant teams to discuss upcoming changes likely to have a broad impact.
    B. Update the change request form so that requesting teams can provide additional details about the requested changes.
    C. Require every new firewall rule go through a secondary firewall administrator for review before pushing the firewall policy.
    D. Require the firewall team to verify the change with the requesting team before pushing the updated firewall policy.

  • Question 688:

    The marketing department at Company A regularly sends out emails signed by the company's Chief Executive Officer (CEO) with announcements about the company. The CEO sends company and personal emails from a different email account. During legal proceedings against the company, the Chief Information Officer (CIO) must prove which emails came from the CEO and which came from the marketing department. The email server allows emails to be digitally signed and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their password with anyone. Which of the following will allow the CIO to state which emails the CEO sent and which the marketing department sent?

    A. Identity proofing
    B. Non-repudiation
    C. Key escrow
    D. Digital rights management

  • Question 689:

    Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. Ann has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should Ann suggest to BEST secure this environment?

    A. Create an IP camera network and deploy NIPS to prevent unauthorized access.
    B. Create an IP camera network and only allow SSL access to the cameras.
    C. Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.
    D. Create an IP camera network and restrict access to cameras from a single management host.

  • Question 690:

    Which of the following does SAML uses to prevent government auditors or law enforcement from identifying specific entities as having already connected to a service provider through an SSO operation?

    A. Transient identifiers
    B. Directory services
    C. Restful interfaces
    D. Security bindings

Tips on How to Prepare for the Exams

Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your CAS-002 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.