It is more faster and easier to pass the CompTIA CAS-002 exam by using Real CompTIA CompTIA Advanced Security Practitioner (CASP) questuins and answers. Immediate access to the Most recent CAS-002 Exam and find the same core area CAS-002 questions with professionally verified answers, then PASS your exam with a high score now.

Q61. - (Topic 1) 

A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable? 

A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection. 

B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network. 

C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections. 

D. This information can be found by querying the network’s DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts. 


Q62. - (Topic 5) 

During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution? 

A. Implement an IPS to block the application on the network 

B. Implement the remote application out to the rest of the servers 

C. Implement SSL VPN with SAML standards for federation 

D. Implement an ACL on the firewall with NAT for remote access 


Q63. - (Topic 4) 

A sensitive database needs its cryptographic integrity upheld. Which of the following controls meets this goal? (Select TWO). 

A. Data signing 

B. Encryption 

C. Perfect forward secrecy 

D. Steganography 

E. Data vaulting 


G. Lock and key 

Answer: A,F 

Q64. - (Topic 2) 

An educational institution would like to make computer labs available to remote students. The labs are used for various IT networking, security, and programming courses. The requirements are: 

1. Each lab must be on a separate network segment. 

2. Labs must have access to the Internet, but not other lab networks. 

3. Student devices must have network access, not simple access to hosts on the lab networks. 

4. Students must have a private certificate installed before gaining access. 

5. Servers must have a private certificate installed locally to provide assurance to the students. 

6. All students must use the same VPN connection profile. 

Which of the following components should be used to achieve the design in conjunction with directory services? 

A. L2TP VPN over TLS for remote connectivity, SAML for federated authentication, firewalls between each lab segment 

B. SSL VPN for remote connectivity, directory services groups for each lab group, ACLs on routing equipment 

C. IPSec VPN with mutual authentication for remote connectivity, RADIUS for authentication, ACLs on network equipment 

D. Cloud service remote access tool for remote connectivity, OAuth for authentication, ACL on routing equipment 


Q65. - (Topic 5) 

A security engineer at a bank has detected a Zeus variant, which relies on covert communication channels to receive new instructions and updates from the malware developers. As a result, NIPS and AV systems did not detect the configuration files received by staff in emails that appeared as normal files. Which of the following BEST describes the technique used by the malware developers? 

A. Perfect forward secrecy 

B. Stenography 

C. Diffusion 

D. Confusion 

E. Transport encryption 


Q66. - (Topic 3) 

After three vendors submit their requested documentation, the CPO and the SPM can better understand what each vendor does and what solutions that they can provide. But now they want to see the intricacies of how these solutions can adequately match the requirements needed by the firm. Upon the directive of the CPO, the CISO should submit which of the following to the three submitting firms? 

A. A T&M contract 

B. An RFP 

C. A FFP agreement 

D. A new RFQ 


Q67. - (Topic 4) 

A new internal network segmentation solution will be implemented into the enterprise that consists of 200 internal firewalls. As part of running a pilot exercise, it was determined that it takes three changes to deploy a new application onto the network before it is operational. Security now has a significant affect on overall availability. Which of the following would be the FIRST process to perform as a result of these findings? 

A. Lower the SLA to a more tolerable level and perform a risk assessment to see if the solution could be met by another solution. Reuse the firewall infrastructure on other projects. 

B. Perform a cost benefit analysis and implement the solution as it stands as long as the risks are understood by the business owners around the availability issues. Decrease the current SLA expectations to match the new solution. 

C. Engage internal auditors to perform a review of the project to determine why and how the project did not meet the security requirements. As part of the review ask them to review the control effectiveness. 

D. Review to determine if control effectiveness is in line with the complexity of the solution. Determine if the requirements can be met with a simpler solution. 


Q68. - (Topic 2) 

Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based tools to identify such systems for the purpose of disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be used to help the security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE). 

A. Passive banner grabbing 

B. Password cracker 

C. =packet%20capture&cookie=wokdjwalkjcnie61lkasdf2aliser4 

D. 443/tcp open http 

E. dig 

F. 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40) > Flags [none], cksum 0x1800 (correct), win 512, length 

G. Nmap 

Answer: A,F,G 

Q69. - (Topic 5) 

The Chief Information Officer (CIO) is focused on improving IT governance within the organization to reduce system downtime. The CIO has mandated that the following improvements be implemented: 

-All business units must now identify IT risks and include them in their business risk profiles. 

-Key controls must be identified and monitored. 

-Incidents and events must be recorded and reported with management oversight. 

-Exemptions to the information security policy must be formally recorded, approved, and managed. 

-IT strategy will be reviewed to ensure it is aligned with the businesses strategy and objectives. 

In addition to the above, which of the following would BEST help the CIO meet the requirements? 

A. Establish a register of core systems and identify technical service owners 

B. Establish a formal change management process 

C. Develop a security requirement traceability matrix 

D. Document legacy systems to be decommissioned and the disposal process 


Q70. - (Topic 3) 

The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing regiment into the security management plan specifically for the development area. The CISO’s requirements are that testing must have a low risk of impacting system stability, can be scripted, and is very thorough. The development team claims that this will lead to a higher degree of test script maintenance and that it would be preferable if the testing was outsourced to a third party. The CISO still maintains that third-party testing would not be as thorough as the third party lacks the introspection of the development team. Which of the following will satisfy the CISO requirements? 

A. Grey box testing performed by a major external consulting firm who have signed a NDA. 

B. Black box testing performed by a major external consulting firm who have signed a NDA. 

C. White box testing performed by the development and security assurance teams. 

D. Grey box testing performed by the development and security assurance teams.