It is impossible to pass CompTIA CAS-002 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed CompTIA CAS-002 practice questions. You will get a surprising result by our Renewal CompTIA Advanced Security Practitioner (CASP) practice guides.

Q111. - (Topic 2) 

A vulnerability scanner report shows that a client-server host monitoring solution operating in the credit card corporate environment is managing SSL sessions with a weak algorithm which does not meet corporate policy. Which of the following are true statements? (Select TWO). 

A. The X509 V3 certificate was issued by a non trusted public CA. 

B. The client-server handshake could not negotiate strong ciphers. 

C. The client-server handshake is configured with a wrong priority. 

D. The client-server handshake is based on TLS authentication. 

E. The X509 V3 certificate is expired. 

F. The client-server implements client-server mutual authentication with different certificates. 

Answer: B,C 

Q112. - (Topic 2) 

A security administrator is assessing a new application. The application uses an API that is supposed to encrypt text strings that are stored in memory. How might the administrator test that the strings are indeed encrypted in memory? 

A. Use fuzzing techniques to examine application inputs 

B. Run nmap to attach to application memory 

C. Use a packet analyzer to inspect the strings 

D. Initiate a core dump of the application 

E. Use an HTTP interceptor to capture the text strings 


Q113. - (Topic 1) 

At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which everything runs properly again. The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO). 

A. Add guests with more memory to increase capacity of the infrastructure. 

B. A backup is running on the thin clients at 9am every morning. 

C. Install more memory in the thin clients to handle the increased load while booting. 

D. Booting all the lab desktops at the same time is creating excessive I/O. 

E. Install 10-Gb uplinks between the hosts and the lab to increase network capacity. 

F. Install faster SSD drives in the storage system used in the infrastructure. 

G. The lab desktops are saturating the network while booting. 

H. The lab desktops are using more memory than is available to the host systems. 

Answer: D,F 

Q114. - (Topic 4) 

Which of the following are components defined within an Enterprise Security Architecture Framework? (Select THREE). 

A. Implementation run-sheets 

B. Solution designs 

C. Business capabilities 

D. Solution architectures 

E. Business requirements documents 

F. Reference models 

G. Business cases 

H. Business vision and drivers 

Answer: C,F,H 

Q115. - (Topic 2) 

An enterprise must ensure that all devices that connect to its networks have been previously approved. The solution must support dual factor mutual authentication with strong identity assurance. In order to reduce costs and administrative overhead, the security architect wants to outsource identity proofing and second factor digital delivery to the third party. Which of the following solutions will address the enterprise requirements? 

A. Implementing federated network access with the third party. 

B. Using a HSM at the network perimeter to handle network device access. 

C. Using a VPN concentrator which supports dual factor via hardware tokens. 

D. Implementing 802.1x with EAP-TTLS across the infrastructure. 


Q116. - (Topic 4) 

A system administrator is troubleshooting a possible denial of service on a sensitive system. The system seems to run properly for a few hours after it is restarted, but then it suddenly stops processing transactions. The system administrator suspects an internal DoS caused by a disgruntled developer who is currently seeking a new job while still working for the company. After looking into various system logs, the system administrator looks at the following output from the main system service responsible for processing incoming transactions. 



031020141100002055com.proc12.35.2M 031020141230002055com.proc22.022M 031020141300002055com.proc33.01.6G 031020141330002055com.proc30.28.0G 

Which of the following is the MOST likely cause for the DoS? 

A. The system does not implement proper garbage collection. 

B. The system is susceptible to integer overflow. 

C. The system does not implement input validation. 

D. The system does not protect against buffer overflows properly. 


Q117. - (Topic 2) 

Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection, analyze up to 10Gbps of traffic, can be centrally managed and only reveals inspected application payload data to specified internal security employees. Which of the following steps should Joe take to reach the desired outcome? 

A. Research new technology vendors to look for potential products. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirements. Test the product and make a product recommendation. 

B. Evaluate relevant RFC and ISO standards to choose an appropriate vendor product. Research industry surveys, interview existing customers of the product and then recommend that the product be purchased. 

C. Consider outsourcing the product evaluation and ongoing management to an outsourced provider on the basis that each of the requirements are met and a lower total cost of ownership (TCO) is achieved. 

D. Choose a popular NIPS product and then consider outsourcing the ongoing device management to a cloud provider. Give access to internal security employees so that they can inspect the application payload data. 

E. Ensure that the NIPS platform can also deal with recent technological advancements, such as threats emerging from social media, BYOD and cloud storage prior to purchasing the product. 


Q118. - (Topic 2) 

ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security? (Select THREE). 

A. Establish a list of users that must work with each regulation 

B. Establish a list of devices that must meet each regulation 

C. Centralize management of all devices on the network 

D. Compartmentalize the network 

E. Establish a company framework 

F. Apply technical controls to meet compliance with the regulation 

Answer: B,D,F 

Q119. - (Topic 1) 

The administrator is troubleshooting availability issues on an FCoE-based storage array that uses deduplication. The single controller in the storage array has failed, so the administrator wants to move the drives to a storage array from a different manufacturer in order to access the data. Which of the following issues may potentially occur? 

A. The data may not be in a usable format. 

B. The new storage array is not FCoE based. 

C. The data may need a file system check. 

D. The new storage array also only has a single controller. 


Q120. - (Topic 1) 

An attacker attempts to create a DoS event against the VoIP system of a company. The attacker uses a tool to flood the network with a large number of SIP INVITE traffic. Which of the following would be LEAST likely to thwart such an attack? 

A. Install IDS/IPS systems on the network 

B. Force all SIP communication to be encrypted 

C. Create separate VLANs for voice and data traffic 

D. Implement QoS parameters on the switches