Proper study guides for Up to the immediate present CompTIA CompTIA Advanced Security Practitioner (CASP) certified begins with CompTIA CAS-002 preparation products which designed to deliver the Highest Quality CAS-002 questions by making you pass the CAS-002 test at your first time. Try the free CAS-002 demo right now.

P.S. Highest Quality CAS-002 keys are available on Google Drive, GET MORE:

New CompTIA CAS-002 Exam Dumps Collection (Question 4 - Question 13)

Q1. An administratoru2019s company has recently had to reduce the number of Tier 3 help desk technicians available to support enterprise service requests. As a result, configuration standards have declined as administrators develop scripts to troubleshoot and fix customer issues. The administrator has observed that several default configurations have not been

fixed through applied group policy or configured in the baseline. Which of the following are controls the administrator should recommend to the organizationu2019s security manager to prevent an authorized user from conducting internal reconnaissance on the organizationu2019s network? (Select THREE).

A. Network file system

B. Disable command execution

C. Port security


E. Search engine reconnaissance


G. BIOS security


I. IdM

Answer: B,G,I

Q2. Company ABC will test connecting networks with Company XYZ as part of their upcoming merger and are both concerned with minimizing security exposures to each others network throughout the test. Which of the following is the FIRST thing both sides should do prior to connecting the networks?

A. Create a DMZ to isolate the two companies and provide a security inspection point for all inter-company network traffic.

B. Determine the necessary data flows between the two companies.

C. Implement a firewall that restricts everything except the IPSec VPN traffic connecting the two companies.

D. Implement inline NIPS on the connection points between the two companies.

Answer: B

Q3. Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victimu2019s privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue?

A. Integer overflow

B. Click-jacking

C. Race condition

D. SQL injection

E. Use after free

F. Input validation

Answer: E

Q4. A security administrator is investigating the compromise of a software distribution website. Forensic analysis shows that several popular files are infected with malicious code. However, comparing a hash of the infected files with the original, non-infected files which were restored from backup, shows that the hash is the same. Which of the following explains this?

A. The infected files were using obfuscation techniques to evade detection by antivirus software.

B. The infected files were specially crafted to exploit a collision in the hash function.

C. The infected files were using heuristic techniques to evade detection by antivirus software.

D. The infected files were specially crafted to exploit diffusion in the hash function.

Answer: B

Q5. The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats?

A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates.

B. Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs.

C. Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs.

D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed.

Answer: D

Q6. An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the-middle attack. Which of the following controls should be implemented to mitigate the attack in the future?

A. Use PAP for secondary authentication on each RADIUS server

B. Disable unused EAP methods on each RADIUS server

C. Enforce TLS connections between RADIUS servers

D. Use a shared secret for each pair of RADIUS servers

Answer: C

Q7. A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. The original collaboration solution has been in place for nine years, contains over a million lines of code, and took over two years to develop originally. The SDLC has broken the primary delivery stages into eight different deliverables, with each section requiring an in-depth risk analysis before moving on to the next phase. Which of the following software development methods is MOST applicable?

A. Spiral model

B. Incremental model

C. Waterfall model

D. Agile model

Answer: D

Q8. Which of the following is an example of single sign-on?

A. An administrator manages multiple platforms with the same username and hardware token. The same username and token is used across all the platforms.

B. Multiple applications have been integrated with a centralized LDAP directory for authentication and authorization. A user has to authenticate each time the user accesses an application.

C. A password is synchronized between multiple platforms and the user is required to authenticate with the same password across each platform.

D. A web access control infrastructure performs authentication and passes attributes in a HTTP header to multiple applications.

Answer: D

Q9. Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command string:

user@hostname:~$ sudo nmap u2013O

Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device:

TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778

Based on this information, which of the following operating systems is MOST likely running on the unknown node?

A. Linux

A. B. Windows

C. Solaris


Answer: C

Q10. Company XYZ is building a new customer facing website which must access some corporate resources. The company already has an internal facing web server and a separate server supporting an extranet to which suppliers have access. The extranet web server is located in a network DMZ. The internal website is hosted on a laptop on the internal corporate network. The internal network does not restrict traffic between any internal hosts. Which of the following locations will BEST secure both the intranet and the customer facing website?

A. The existing internal network segment

B. Dedicated DMZ network segments

C. The existing extranet network segment

D. A third-party web hosting company

Answer: B

P.S. Easily pass CAS-002 Exam with Examcollection Highest Quality Dumps & pdf vce, Try Free: (532 New Questions)