It is more faster and easier to pass the CompTIA CAS-002 exam by using Download CompTIA CompTIA Advanced Security Practitioner (CASP) questuins and answers. Immediate access to the Leading CAS-002 Exam and find the same core area CAS-002 questions with professionally verified answers, then PASS your exam with a high score now.
2021 Apr CAS-002 free practice questions
Q281. - (Topic 3)
A security administrator is redesigning, and implementing a service-oriented architecture to replace an old, in-house software processing system, tied to a corporate sales website. After performing the business process analysis, the administrator decides the services need to operate in a dynamic fashion. The company has also been the victim of data injection attacks in the past and needs to build in mitigation features. Based on these requirements and past vulnerabilities, which of the following needs to be incorporated into the SOA?
A. Point to point VPNs for all corporate intranet users.
B. Cryptographic hashes of all data transferred between services.
C. Service to service authentication for all workflows.
D. Two-factor authentication and signed code
Answer: C
Q282. - (Topic 1)
A user has a laptop configured with multiple operating system installations. The operating systems are all installed on a single SSD, but each has its own partition and logical volume. Which of the following is the BEST way to ensure confidentiality of individual operating system data?
A. Encryption of each individual partition
B. Encryption of the SSD at the file level
C. FDE of each logical volume on the SSD
D. FDE of the entire SSD as a single disk
Answer: A
Q283. - (Topic 5)
A company has migrated its data and application hosting to a cloud service provider (CSP).
To meet its future needs, the company considers an IdP. Why might the company want to select an IdP that is separate from its CSP? (Select TWO).
A. A circle of trust can be formed with all domains authorized to delegate trust to an IdP
B. Identity verification can occur outside the circle of trust if specified or delegated
C. Replication of data occurs between the CSP and IdP before a verification occurs
D. Greater security can be provided if the circle of trust is formed within multiple CSP domains
E. Faster connections can occur between the CSP and IdP without the use of SAML
Answer: A,D
Q284. - (Topic 4)
The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees:
Employee A. Works in the accounts receivable office and is in charge of entering data into the finance system.
Employee B. Works in the accounts payable office and is in charge of approving purchase orders.
Employee C. Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B.
Which of the following should the auditor suggest be done to avoid future security breaches?
A. All employees should have the same access level to be able to check on each others.
B. The manager should only be able to review the data and approve purchase orders.
C. Employee A and Employee B should rotate jobs at a set interval and cross-train.
D. The manager should be able to both enter and approve information.
Answer: B
Q285. - (Topic 3)
A new web application system was purchased from a vendor and configured by the internal development team. Before the web application system was moved into production, a vulnerability assessment was conducted. A review of the vulnerability assessment report indicated that the testing team discovered a minor security issue with the configuration of the web application. The security issue should be reported to:
A. CISO immediately in an exception report.
B. Users of the new web application system.
C. The vendor who supplied the web application system.
D. Team lead in a weekly report.
Answer: D
Improve CAS-002 exam engine:
Q286. - (Topic 2)
A security administrator has noticed that an increased number of employees’ workstations are becoming infected with malware. The company deploys an enterprise antivirus system as well as a web content filter, which blocks access to malicious web sites where malware files can be downloaded. Additionally, the company implements technical measures to disable external storage. Which of the following is a technical control that the security administrator should implement next to reduce malware infection?
A. Implement an Acceptable Use Policy which addresses malware downloads.
B. Deploy a network access control system with a persistent agent.
C. Enforce mandatory security awareness training for all employees and contractors.
D. Block cloud-based storage software on the company network.
Answer: D
Q287. - (Topic 5)
A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized. The Chief Information Office has become increasingly frustrated with frequent releases, stating that the organization needs everything to work completely, and the vendor should already have those desires built into the software product. The vendor has been in constant communication with personnel and groups within the organization to understand its business process and capture new software requirements from users. Which of the following methods of software development is this organization’s configuration management process using?
A. Agile
B. SDL
C. Waterfall
D. Joint application development
Answer: A
Q288. - (Topic 4)
Ann, a Physical Security Manager, is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. Ann has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should Ann suggest to BEST secure this environment?
A. Create an IP camera network and deploy NIPS to prevent unauthorized access.
B. Create an IP camera network and only allow SSL access to the cameras.
C. Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.
D. Create an IP camera network and restrict access to cameras from a single management host.
Answer: C
Q289. - (Topic 1)
An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?
A. Review switch and router configurations
B. Review the security policies and standards
C. Perform a network penetration test
D. Review the firewall rule set and IPS logs
Answer: B
Q290. - (Topic 2)
A business unit of a large enterprise has outsourced the hosting and development of a new external website which will be accessed by premium customers, in order to speed up the time to market timeline. Which of the following is the MOST appropriate?
A. The external party providing the hosting and website development should be obligated under contract to provide a secure service which is regularly tested (vulnerability and penetration). SLAs should be in place for the resolution of newly identified vulnerabilities and a guaranteed uptime.
B. The use of external organizations to provide hosting and web development services is not recommended as the costs are typically higher than what can be achieved internally. In addition, compliance with privacy regulations becomes more complex and guaranteed uptimes are difficult to track and measure.
C. Outsourcing transfers all the risk to the third party. An SLA should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly.
D. Outsourcing transfers the risk to the third party, thereby minimizing the cost and any legal obligations. An MOU should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly.
Answer: A