It is more faster and easier to pass the CompTIA CAS-002 exam by using Actual CompTIA CompTIA Advanced Security Practitioner (CASP) questuins and answers. Immediate access to the Up to the minute CAS-002 Exam and find the same core area CAS-002 questions with professionally verified answers, then PASS your exam with a high score now.

Q181. - (Topic 1) 

The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53? 

A. PING 

B. NESSUS 

C. NSLOOKUP 

D. NMAP 

Answer:


Q182. - (Topic 1) 

Three companies want to allow their employees to seamlessly connect to each other’s wireless corporate networks while keeping one consistent wireless client configuration. Each company wants to maintain its own authentication infrastructure and wants to ensure that an employee who is visiting the other two companies is authenticated by the home office when connecting to the other companies’ wireless network. All three companies have agreed to standardize on 802.1x EAP-PEAP-MSCHAPv2 for client configuration. Which of the following should the three companies implement? 

A. The three companies should agree on a single SSID and configure a hierarchical RADIUS system which implements trust delegation. 

B. The three companies should implement federated authentication through Shibboleth connected to an LDAP backend and agree on a single SSID. 

C. The three companies should implement a central portal-based single sign-on and agree to use the same CA when issuing client certificates. 

D. All three companies should use the same wireless vendor to facilitate the use of a shared cloud based wireless controller. 

Answer:


Q183. - (Topic 2) 

A bank has decided to outsource some existing IT functions and systems to a third party service provider. The third party service provider will manage the outsourced systems on their own premises and will continue to directly interface with the bank’s other systems through dedicated encrypted links. Which of the following is critical to ensure the successful management of system security concerns between the two organizations? 

A. ISA 

B. BIA 

C. MOU 

D. SOA 

E. BPA 

Answer:


Q184. - (Topic 3) 

The security manager of a company has hired an external consultant to conduct a security assessment of the company network. The contract stipulates that the consultant is not allowed to transmit any data on the company network while performing wired and wireless security assessments. Which of the following technical means can the consultant use to determine the manufacturer and likely operating system of the company wireless and wired network devices, as well as the computers connected to the company network? 

A. Social engineering 

B. Protocol analyzer 

C. Port scanner 

D. Grey box testing 

Answer:


Q185. - (Topic 5) 

A security manager is collecting RFQ, RFP, and RFI publications to help identify the technology trends which a government will be moving towards in the future. This information is available to the public. By consolidating the information, the security manager will be able to combine several perspectives into a broader view of technology trends. This is an example of which of the following? (Select TWO). 

A. Supervisory control and data acquisition 

B. Espionage 

C. Hacktivism 

D. Data aggregation 

E. Universal description discovery and integration 

F. Open source intelligence gathering 

Answer: D,F 


Q186. - (Topic 2) 

The telecommunications manager wants to improve the process for assigning company-owned mobile devices and ensuring data is properly removed when no longer needed. Additionally, the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the following should be implemented to ensure these processes can be automated? (Select THREE). 

A. SIM’s PIN 

B. Remote wiping 

C. Chargeback system 

D. MDM software 

E. Presence software 

F. Email profiles 

G. Identity attestation 

H. GPS tracking 

Answer: B,D,G 


Q187. - (Topic 3) 

The risk committee has endorsed the adoption of a security system development life cycle (SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organization’s mission. Which of the following BEST describes the correct order of implementing a five phase SSDLC? 

A. Initiation, assessment/acquisition, development/implementation, operations/maintenance and sunset. 

B. Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset. 

C. Assessment, initiation/development, implementation/assessment, operations/maintenance and disposal. 

D. Acquisition, initiation/development, implementation/assessment, operations/maintenance and disposal. 

Answer:


Q188. - (Topic 2) 

An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected: 

Pattern 1 – Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated. 

Pattern 2 – For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out. 

Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO). 

A. Apply a hidden field that triggers a SIEM alert 

B. Cross site scripting attack 

C. Resource exhaustion attack 

D. Input a blacklist of all known BOT malware IPs into the firewall 

E. SQL injection 

F. Implement an inline WAF and integrate into SIEM 

G. Distributed denial of service 

H. Implement firewall rules to block the attacking IP addresses 

Answer: C,F 


Q189. - (Topic 3) 

A security administrator is conducting network forensic analysis of a recent defacement of the company’s secure web payment server (HTTPS). The server was compromised around the New Year’s holiday when all the company employees were off. The company’s network diagram is summarized below: 

The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm during the holiday. 

Which of the following is true? 

A. The security administrator should review the IDS logs to determine the source of the attack and the attack vector used to compromise the web server. 

B. The security administrator must correlate the external firewall logs with the intrusion detection system logs to determine what specific attack led to the web server compromise. 

C. The security administrator must reconfigure the network and place the IDS between the SSL accelerator and the server farm to be able to determine the cause of future attacks. 

D. The security administrator must correlate logs from all the devices in the network diagram to determine what specific attack led to the web server compromise. 

Answer:


Q190. - (Topic 2) 

It has come to the IT administrator’s attention that the “post your comment” field on the company blog page has been exploited, resulting in cross-site scripting attacks against customers reading the blog. Which of the following would be the MOST effective at preventing the “post your comment” field from being exploited? 

A. Update the blog page to HTTPS 

B. Filter metacharacters 

C. Install HIDS on the server 

D. Patch the web application 

E. Perform client side input validation 

Answer: