It is impossible to pass CompTIA CAS-002 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed CompTIA CAS-002 practice questions. You will get a surprising result by our Up to the minute CompTIA Advanced Security Practitioner (CASP) practice guides.

2021 Apr CAS-002 test question

Q261. - (Topic 3) 

A developer is coding the crypto routine of an application that will be installed on a standard headless and diskless server connected to a NAS housed in the datacenter. The developer has written the following six lines of code to add entropy to the routine: 

1 - If VIDEO input exists, use video data for entropy 2 - If AUDIO input exists, use audio data for entropy 3 - If MOUSE input exists, use mouse data for entropy 4 - IF KEYBOARD input exists, use keyboard data for entropy 5 - IF IDE input exists, use IDE data for entropy 6 - IF NETWORK input exists, use network data for entropy 

Which of the following lines of code will result in the STRONGEST seed when combined? 

A. 2 and 1 

B. 3 and 5 

C. 5 and 2 

D. 6 and 4 

Answer:


Q262. - (Topic 4) 

The organization has an IT driver on cloud computing to improve delivery times for IT solution provisioning. Separate to this initiative, a business case has been approved for replacing the existing banking platform for credit card processing with a newer offering. It is the security practitioner’s responsibility to evaluate whether the new credit card processing platform can be hosted within a cloud environment. Which of the following BEST balances the security risk and IT drivers for cloud computing? 

A. A third-party cloud computing platform makes sense for new IT solutions. This should be endorsed going forward so as to align with the IT strategy. However, the security practitioner will need to ensure that the third-party cloud provider does regular penetration tests to ensure that all data is secure. 

B. Using a third-party cloud computing environment should be endorsed going forward. This aligns with the organization’s strategic direction. It also helps to shift any risk and regulatory compliance concerns away from the company’s internal IT department. The next step will be to evaluate each of the cloud computing vendors, so that a vendor can then be selected for hosting the new credit card processing platform. 

C. There may be regulatory restrictions with credit cards being processed out of country or processed by shared hosting providers. A private cloud within the company should be considered. An options paper should be created which outlines the risks, advantages, disadvantages of relevant choices and it should recommended a way forward. 

D. Cloud computing should rarely be considered an option for any processes that need to be significantly secured. The security practitioner needs to convince the stakeholders that the new platform can only be delivered internally on physical infrastructure. 

Answer:


Q263. - (Topic 3) 

A security consultant is hired by a company to determine if an internally developed web application is vulnerable to attacks. The consultant spent two weeks testing the application, and determines that no vulnerabilities are present. Based on the results of the tools and tests available, which of the following statements BEST reflects the security status of the application? 

A. The company’s software lifecycle management improved the security of the application. 

B. There are no vulnerabilities in the application. 

C. The company should deploy a web application firewall to ensure extra security. 

D. There are no known vulnerabilities at this time. 

Answer:


Q264. DRAG DROP - (Topic 2) 

A manufacturer is planning to build a segregated network. There are requirements to segregate development and test infrastructure from production and the need to support multiple entry points into the network depending on the service being accessed. There are also strict rules in place to only permit user access from within the same zone. Currently, the following access requirements have been identified: 

1. Developers have the ability to perform technical validation of development applications. 

2. End users have the ability to access internal web applications. 

3. Third-party vendors have the ability to support applications. 

In order to meet segregation and access requirements, drag and drop the appropriate network zone that the user would be accessing and the access mechanism to meet the above criteria. Options may be used once or not at all. All placeholders must be filled. 

Answer: 


Q265. - (Topic 2) 

An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization $10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution? 

A. $0 

B. $7,500 

C. $10,000 

D. $12,500 

E. $15,000 

Answer:


Avant-garde CAS-002 free question:

Q266. - (Topic 1) 

An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure? 

A. Replicate NAS changes to the tape backups at the other datacenter. 

B. Ensure each server has two HBAs connected through two routes to the NAS. 

C. Establish deduplication across diverse storage paths. 

D. Establish a SAN that replicates between datacenters. 

Answer:


Q267. - (Topic 5) 

An administrator is trying to categorize the security impact of a database server in the case of a security event. There are three databases on the server. 

Current Financial Data = High level of damage if data is disclosed. Moderate damage if the system goes offline 

Archived Financial Data = No need for the database to be online. Low damage for integrity loss 

Public Website Data = Low damage if the site goes down. Moderate damage if the data is corrupted 

Given these security categorizations of each database, which of the following is the aggregate security categorization of the database server? 

A. Database server = {(Confidentiality HIGH),(Integrity High),(Availability High)} 

B. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Moderate)} 

C. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Low)} 

D. Database server = {(Confidentiality Moderate),(Integrity Moderate),(Availability Moderate)} 

Answer:


Q268. - (Topic 1) 

An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials? 

A. Ensure the SaaS provider supports dual factor authentication. 

B. Ensure the SaaS provider supports encrypted password transmission and storage. 

C. Ensure the SaaS provider supports secure hash file exchange. 

D. Ensure the SaaS provider supports role-based access control. 

E. Ensure the SaaS provider supports directory services federation. 

Answer:


Q269. - (Topic 3) 

A data breach has occurred at Company A and as a result, the Chief Information Officer (CIO) has resigned. The CIO's laptop, cell phone and PC were all wiped of data per company policy. A month later, prosecutors in litigation with Company A suspect the CIO knew about the data breach long before it was discovered and have issued a subpoena requesting all the CIO's email from the last 12 months. The corporate retention policy recommends keeping data for no longer than 90 days. Which of the following should occur? 

A. Restore the CIO's email from an email server backup and provide the last 90 days from the date of the subpoena request. 

B. Inform the litigators that the CIOs information has been deleted as per corporate policy. 

C. Restore the CIO's email from an email server backup and provide the last 90 days from the date of the CIO resignation. 

D. Restore the CIO's email from an email server backup and provide whatever is available up to the last 12 months from the subpoena date. 

Answer:


Q270. - (Topic 3) 

A small customer focused bank with implemented least privilege principles, is concerned about the possibility of branch staff unintentionally aiding fraud in their day to day interactions with customers. Bank staff has been encouraged to build friendships with customers to make the banking experience feel more personal. The security and risk team have decided that a policy needs to be implemented across all branches to address the risk. Which of the following BEST addresses the security and risk team’s concerns? 

A. Information disclosure policy 

B. Awareness training 

C. Job rotation 

D. Separation of duties 

Answer: