Validated of CAS-002 download materials and free samples for CompTIA certification for candidates, Real Success Guaranteed with Updated CAS-002 pdf dumps vce Materials. 100% PASS CompTIA Advanced Security Practitioner (CASP) exam Today!

Q161. - (Topic 4) 

When generating a new key pair, a security application asks the user to move the mouse and type random characters on the keyboard. Which of the following BEST describes why this is necessary? 

A. The user needs a non-repudiation data source in order for the application to generate the key pair. 

B. The user is providing entropy so the application can use random data to create the key pair. 

C. The user is providing a diffusion point to the application to aid in creating the key pair. 

D. The application is requesting perfect forward secrecy from the user in order to create the key pair. 


Q162. - (Topic 1) 

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO). 

A. Demonstration of IPS system 

B. Review vendor selection process 

C. Calculate the ALE for the event 

D. Discussion of event timeline 

E. Assigning of follow up items 

Answer: D,E 

Q163. - (Topic 2) 

An information security assessor for an organization finished an assessment that identified critical issues with the human resource new employee management software application. The assessor submitted the report to senior management but nothing has happened. Which of the following would be a logical next step? 

A. Meet the two key VPs and request a signature on the original assessment. 

B. Include specific case studies from other organizations in an updated report. 

C. Schedule a meeting with key human resource application stakeholders. 

D. Craft an RFP to begin finding a new human resource application. 


Q164. - (Topic 4) 

Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZ’s hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning PII, and administrative complexity on the proposal. Which of the following BEST describes the core concerns of the security architect? 

A. Most of company XYZ’s customers are willing to accept the risks of unauthorized disclosure and access to information by outside users. 

B. The availability requirements in SLAs with each hosted customer would have to be re-written to account for the transfer of virtual machines between physical platforms for regular maintenance. 

C. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer. 

D. Not all of company XYZ’s customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings. 


Q165. - (Topic 5) 

The audit department at a company requires proof of exploitation when conducting internal network penetration tests. Which of the following provides the MOST conclusive proof of compromise without further compromising the integrity of the system? 

A. Provide a list of grabbed service banners. 

B. Modify a file on the system and include the path in the test’s report. 

C. Take a packet capture of the test activity. 

D. Add a new test user account on the system. 


Q166. - (Topic 4) 

An administrator has four virtual guests on a host server. Two of the servers are corporate SQL servers, one is a corporate mail server, and one is a testing web server for a small group of developers. The administrator is experiencing difficulty connecting to the host server during peak network usage times. Which of the following would allow the administrator to securely connect to and manage the host server during peak usage times? 

A. Increase the virtual RAM allocation to high I/O servers. 

B. Install a management NIC and dedicated virtual switch. 

C. Configure the high I/O virtual servers to use FCoE rather than iSCSI. 

D. Move the guest web server to another dedicated host. 


Q167. - (Topic 2) 

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected from various security devices compiled from a report through the company’s security information and event management server. 


Log 1: 

Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 3 packets 

Log 2: 

HTTP:// aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 

Log 3: Security Error Alert Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream 

and has disconnected the client 

Log 4: 

Encoder oe = new OracleEncoder (); 

String query = “Select user_id FROM user_data WHERE user_name = ‘ ” 

+ oe.encode ( req.getParameter(“userID”) ) + “ ‘ and user_password = ‘ “ 

+ oe.encode ( req.getParameter(“pwd”) ) +” ‘ “; 


Buffer overflow 

SQL injection 



Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO). 

A. Log 1 

B. Log 2 

C. Log 3 

D. Log 4 

E. Buffer overflow 



H. SQL injection 

Answer: B,E 

Q168. - (Topic 2) 

A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. The application utilizes streaming video that can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO). 

A. Use AES in Electronic Codebook mode 

B. Use RC4 in Cipher Block Chaining mode 

C. Use RC4 with Fixed IV generation 

D. Use AES with cipher text padding 

E. Use RC4 with a nonce generated IV 

F. Use AES in Counter mode 

Answer: E,F 

Q169. - (Topic 4) 

A trust relationship has been established between two organizations with web based services. One organization is acting as the Requesting Authority (RA) and the other acts as the Provisioning Service Provider (PSP). Which of the following is correct about the trust relationship? 

A. The trust relationship uses SAML in the SOAP header. The SOAP body transports the SPML requests / responses. 

B. The trust relationship uses XACML in the SAML header. The SAML body transports the SOAP requests / responses. 

C. The trust relationship uses SPML in the SOAP header. The SOAP body transports the SAML requests / responses. 

D. The trust relationship uses SPML in the SAML header. The SAML body transports the SPML requests / responses. 


Q170. - (Topic 5) 

A security administrator is investigating the compromise of a SCADA network that is not physically connected to any other network. Which of the following is the MOST likely cause of the compromise? 

A. Outdated antivirus definitions 

B. Insecure wireless 

C. Infected USB device 

D. SQL injection