Exam Code: CAS-002 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Advanced Security Practitioner (CASP)
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass CAS-002 Exam.

Q191. - (Topic 5) 

The IT manager is evaluating IPS products to determine which would be most effective at stopping network traffic that contains anomalous content on networks that carry very specific types of traffic. Based on the IT manager’s requirements, which of the following types of IPS products would be BEST suited for use in this situation? 

A. Signature-based 

B. Rate-based 

C. Anomaly-based 

D. Host-based 

Answer:


Q192. - (Topic 1) 

A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized. The Chief Information Office has become increasingly frustrated with frequent releases, stating that the organization needs everything to work completely, and the vendor should already have those desires built into the software product. The vendor has been in constant communication with personnel and groups within the organization to understand its business process and capture new software requirements from users. Which of the following methods of software development is this organization’s configuration management process using? 

A. Agile 

B. SDL 

C. Waterfall 

D. Joint application development 

Answer:


Q193. - (Topic 2) 

A senior network security engineer has been tasked to decrease the attack surface of the corporate network. Which of the following actions would protect the external network interfaces from external attackers performing network scanning? 

A. Remove contact details from the domain name registrar to prevent social engineering attacks. 

B. Test external interfaces to see how they function when they process fragmented IP packets. 

C. Enable a honeynet to capture and facilitate future analysis of malicious attack vectors. 

D. Filter all internal ICMP message traffic, forcing attackers to use full-blown TCP port scans against external network interfaces. 

Answer:


Q194. - (Topic 1) 

An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the-middle attack. Which of the following controls should be implemented to mitigate the attack in the future? 

A. Use PAP for secondary authentication on each RADIUS server 

B. Disable unused EAP methods on each RADIUS server 

C. Enforce TLS connections between RADIUS servers 

D. Use a shared secret for each pair of RADIUS servers 

Answer:


Q195. - (Topic 3) 

An IT administrator wants to restrict DNS zone transfers between two geographically dispersed, external company DNS name servers, and has decided to use TSIG. Which of the following are critical when using TSIG? (Select TWO). 

A. Periodic key changes once the initial keys are established between the DNS name servers. 

B. Secure exchange of the key values between the two DNS name servers. 

C. A secure NTP source used by both DNS name servers to avoid message rejection. 

D. DNS configuration files on both DNS name servers must be identically encrypted. 

E. AES encryption with a SHA1 hash must be used to encrypt the configuration files on both DNS name servers. 

Answer: B,C 


Q196. - (Topic 1) 

The security administrator finds unauthorized tables and records, which were not present before, on a Linux database server. The database server communicates only with one web server, which connects to the database server via an account with SELECT only privileges. Web server logs show the following: 

90.76.165.40 – - [08/Mar/2014:10:54:04] “GET calendar.php?create%20table%20hidden HTTP/1.1” 200 5724 

90.76.165.40 – - [08/Mar/2014:10:54:05] “GET ../../../root/.bash_history HTTP/1.1” 200 5724 

90.76.165.40 – - [08/Mar/2014:10:54:04] “GET index.php?user=<script>Create</script> HTTP/1.1” 200 5724 

The security administrator also inspects the following file system locations on the database server using the command ‘ls -al /root’ 

drwxrwxrwx 11 root root 4096 Sep 28 22:45 . 

drwxr-xr-x 25 root root 4096 Mar 8 09:30 .. 

-rws------ 25 root root 4096 Mar 8 09:30 .bash_history 

-rw------- 25 root root 4096 Mar 8 09:30 .bash_history 

-rw------- 25 root root 4096 Mar 8 09:30 .profile 

-rw------- 25 root root 4096 Mar 8 09:30 .ssh 

Which of the following attacks was used to compromise the database server and what can the security administrator implement to detect such attacks in the future? (Select TWO). 

A. Privilege escalation 

B. Brute force attack 

C. SQL injection 

D. Cross-site scripting 

E. Using input validation, ensure the following characters are sanitized: <> 

F. Update crontab with: find / \\( -perm -4000 \\) –type f –print0 | xargs -0 ls –l | email.sh 

G. Implement the following PHP directive: $clean_user_input = addslashes($user_input) 

H. Set an account lockout policy 

Answer: A,F 


Q197. - (Topic 5) 

An administrator is trying to categorize the security impact of a database server in the case of a security event. There are three databases on the server. 

Current Financial Data = High level of damage if data is disclosed. Moderate damage if the system goes offline 

Archived Financial Data = No need for the database to be online. Low damage for integrity loss 

Public Website Data = Low damage if the site goes down. Moderate damage if the data is corrupted 

Given these security categorizations of each database, which of the following is the aggregate security categorization of the database server? 

A. Database server = {(Confidentiality HIGH),(Integrity High),(Availability High)} 

B. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Moderate)} 

C. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Low)} 

D. Database server = {(Confidentiality Moderate),(Integrity Moderate),(Availability Moderate)} 

Answer:


Q198. - (Topic 5) 

A security manager is concerned about performance and patch management, and, as a result, wants to implement a virtualization strategy to avoid potential future OS vulnerabilities in the host system. The IT manager wants a strategy that would provide the hypervisor with direct communications with the underlying physical hardware allowing the hardware resources to be paravirtualized and delivered to the guest machines. Which of the following recommendations from the server administrator BEST meets the IT and security managers’ requirements? (Select TWO). 

A. Nested virtualized hypervisors 

B. Type 1 hypervisor 

C. Hosted hypervisor with a three layer software stack 

D. Type 2 hypervisor 

E. Bare metal hypervisor with a software stack of two layers 

Answer: B,E 


Q199. - (Topic 5) 

The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important? 

A. What are the protections against MITM? 

B. What accountability is built into the remote support application? 

C. What encryption standards are used in tracking database? 

D. What snapshot or “undo” features are present in the application? 

E. What encryption standards are used in remote desktop and file transfer functionality? 

Answer:


Q200. - (Topic 2) 

A web developer is responsible for a simple web application that books holiday accommodations. The front-facing web server offers an HTML form, which asks for a user’s age. This input gets placed into a signed integer variable and is then checked to ensure that the user is in the adult age range. 

Users have reported that the website is not functioning correctly. The web developer has inspected log files and sees that a very large number (in the billions) was submitted just before the issue started occurring. Which of the following is the MOST likely situation that has occurred? 

A. The age variable stored the large number and filled up disk space which stopped the application from continuing to function. Improper error handling prevented the application from recovering. 

B. The age variable has had an integer overflow and was assigned a very small negative number which led to unpredictable application behavior. Improper error handling prevented the application from recovering. 

C. Computers are able to store numbers well above “billions” in size. Therefore, the website issues are not related to the large number being input. 

D. The application has crashed because a very large integer has lead to a “divide by zero”. Improper error handling prevented the application from recovering. 

Answer: