It is impossible to pass CompTIA CAS-002 exam without any help in the short term. Come to Examcollection soon and find the most advanced, correct and guaranteed CompTIA CAS-002 practice questions. You will get a surprising result by our Renewal CompTIA Advanced Security Practitioner (CASP) practice guides.

Q101. - (Topic 4) 

An external auditor has found that IT security policies in the organization are not maintained and in some cases are nonexistent. As a result of the audit findings, the CISO has been tasked with the objective of establishing a mechanism to manage the lifecycle of IT security policies. Which of the following can be used to BEST achieve the CISO’s objectives? 



C. ISO 27002 

D. eGRC 


Q102. - (Topic 1) 

An analyst connects to a company web conference hosted on and observes that numerous guests have been allowed to join, without providing identifying information. The topics covered during the web conference are considered proprietary to the company. Which of the following security concerns does the analyst present to management? 

A. Guest users could present a risk to the integrity of the company’s information 

B. Authenticated users could sponsor guest access that was previously approved by management 

C. Unauthenticated users could present a risk to the confidentiality of the company’s information 

D. Meeting owners could sponsor guest access if they have passed a background check 


Q103. - (Topic 1) 

A security firm is writing a response to an RFP from a customer that is building a new network based software product. The firm’s expertise is in penetration testing corporate networks. The RFP explicitly calls for all possible behaviors of the product to be tested, however, it does not specify any particular method to achieve this goal. Which of the following should be used to ensure the security and functionality of the product? (Select TWO). 

A. Code review 

B. Penetration testing 

C. Grey box testing 

D. Code signing 

E. White box testing 

Answer: A,E 

Q104. - (Topic 5) 

An administrator’s company has recently had to reduce the number of Tier 3 help desk technicians available to support enterprise service requests. As a result, configuration standards have declined as administrators develop scripts to troubleshoot and fix customer issues. The administrator has observed that several default configurations have not been fixed through applied group policy or configured in the baseline. Which of the following are controls the administrator should recommend to the organization’s security manager to prevent an authorized user from conducting internal reconnaissance on the organization’s network? (Select THREE). 

A. Network file system 

B. Disable command execution 

C. Port security 


E. Search engine reconnaissance 


G. BIOS security 


I. IdM 

Answer: B,G,I 

Q105. CORRECT TEXT - (Topic 2) 

Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address. The company uses the following internal IP address ranges: for the corporate site and for the remote site. The Telco router interface uses the IP range. 

Instructions: Click on the simulation button to refer to the Network Diagram for Company A. 

Click on Router 1, Router 2, and the Firewall to evaluate and configure each device. 

Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces. 

Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other servers on the corporate network. 

Answer: Please check the explanation part for the solution. 

Q106. - (Topic 1) 

Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an AD backend and two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete? 

A. They should logon to the system using the username concatenated with the 6-digit code and their original password. 

B. They should logon to the system using the newly assigned global username: first.lastname#### where #### is the second factor code. 

C. They should use the username format: LAN\\first.lastname together with their original password and the next 6-digit code displayed when the token button is depressed. 

D. They should use the username format:, together with a password and their 6-digit code. 


Q107. - (Topic 1) 

A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now? 

A. Agile 

B. Waterfall 

C. Scrum 

D. Spiral 


Q108. - (Topic 3) 

A process allows a LUN to be available to some hosts and unavailable to others. Which of the following causes such a process to become vulnerable? 

A. LUN masking 

B. Data injection 

C. Data fragmentation 

D. Moving the HBA 


Q109. - (Topic 3) 

Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation? 

A. Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation. 

B. Hire an outside consultant firm to perform both a quantitative and a qualitative risk-based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur. 

C. Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked. 

D. Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited. 


Q110. - (Topic 4) 

A vulnerability research team has detected a new variant of a stealth Trojan that disables itself when it detects that it is running on a virtualized environment. The team decides to use dedicated hardware and local network to identify the Trojan’s behavior and the remote DNS and IP addresses it connects to. Which of the following tools is BEST suited to identify the DNS and IP addresses the stealth Trojan communicates with after its payload is decrypted? 


B. Vulnerability scanner 

C. Packet analyzer 

D. Firewall logs 

E. Disassembler