Exam Code: CAS-002 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Advanced Security Practitioner (CASP)
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass CAS-002 Exam.
Q211. - (Topic 4)
A bank provides single sign on services between its internally hosted applications and externally hosted CRM. The following sequence of events occurs:
1. The banker accesses the CRM system, a redirect is performed back to the organization’s internal systems.
2. A lookup is performed of the identity and a token is generated, signed and encrypted.
3. A redirect is performed back to the CRM system with the token.
4. The CRM system validates the integrity of the payload, extracts the identity and performs a lookup.
5. If the banker is not in the system and automated provisioning request occurs.
6. The banker is authenticated and authorized and can access the system. This is an example of which of the following?
A. Service provider initiated SAML 2.0
B. Identity provider initiated SAML 1.0
C. OpenID federated single sign on
D. Service provider initiated SAML 1.1
Q212. - (Topic 5)
A security manager has received the following email from the Chief Financial Officer (CFO):
“While I am concerned about the security of the proprietary financial data in our ERP application, we have had a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance targets. As things currently stand, we do not allow employees to work from home but this is something I am willing to allow so we can get back on track. What should we do first to securely enable this capability for my group?”
Based on the information provided, which of the following would be the MOST appropriate response to the CFO?
A. Remote access to the ERP tool introduces additional security vulnerabilities and should not be allowed.
B. Allow VNC access to corporate desktops from personal computers for the users working from home.
C. Allow terminal services access from personal computers after the CFO provides a list of the users working from home.
D. Work with the executive management team to revise policies before allowing any remote access.
Q213. - (Topic 1)
A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security infrastructure, but corporate assets are still found to be vulnerable. The business recently funded a patch management product and SOE hardening initiative. A third party auditor reported findings against the business because some systems were missing patches. Which of the following statements BEST describes this situation?
A. The CFO is at fault because they are responsible for patching the systems and have already been given patch management and SOE hardening products.
B. The audit findings are invalid because remedial steps have already been applied to patch servers and the remediation takes time to complete.
C. The CISO has not selected the correct controls and the audit findings should be assigned to them instead of the CFO.
D. Security controls are generally never 100% effective and gaps should be explained to stakeholders and managed accordingly.
Q214. - (Topic 3)
An administrator is notified that contract workers will be onsite assisting with a new project. The administrator wants each worker to be aware of the corporate policy pertaining to USB storage devices. Which of the following should each worker review and understand before beginning work?
A. Interconnection Security Agreement
B. Memorandum of Understanding
C. Business Partnership Agreement
D. Non-Disclosure Agreement
Q215. - (Topic 1)
A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless. Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality when making phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating excessive network traffic. After malware removal, the information security department is asked to review the configuration and suggest changes to prevent this from happening again. Which of the following denotes the BEST way to mitigate future malware risk?
A. Deploy new perimeter firewalls at all stores with UTM functionality.
B. Change antivirus vendors at the store and the corporate office.
C. Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution.
D. Deploy a proxy server with content filtering at the corporate office and route all traffic through it.
Q216. - (Topic 3)
The Chief Information Officer (CIO) of a technology company is likely to move away from a de-perimeterized model for employee owned devices. This is because there were too many issues with lack of patching, malware incidents, and data leakage due to lost/stolen devices which did not have full-disk encryption. The ‘bring your own computing’ approach was originally introduced because different business units preferred different operating systems and application stacks. Based on the issues and user needs, which of the following is the BEST recommendation for the CIO to make?
A. The de-perimeterized model should be kept as this is major industry trend and other companies are following this direction. Advise that the issues being faced are standard business as usual concerns in a modern IT environment.
B. Update the policy to disallow non-company end-point devices on the corporate network. Develop security-focused standard operating environments (SOEs) for all required operating systems and ensure the needs of each business unit are met.
C. The de-perimeterized model should be kept but update company policies to state that non-company end-points require full disk encryption, anti-virus software, and regular patching.
D. Update the policy to disallow non-company end-point devices on the corporate network. Allow only one type of outsourced SOE to all users as this will be easier to provision, secure, and will save money on operating costs.
Q217. - (Topic 5)
A small company’s Chief Executive Officer (CEO) has asked its Chief Security Officer (CSO) to improve the company’s security posture with regard to targeted attacks. Which of the following should the CSO conduct FIRST?
A. Survey threat feeds from analysts inside the same industry.
B. Purchase multiple threat feeds to ensure diversity and implement blocks for malicious traffic.
C. Conduct an internal audit against industry best practices to perform a gap analysis.
D. Deploy a UTM solution that receives frequent updates from a trusted industry vendor.
Q218. - (Topic 4)
The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company’s external router’s IP which is 188.8.131.52:
11:16:22.110343 IP 184.108.40.206.19 > 220.127.116.11.19: UDP, length 1400
11:16:22.110351 IP 18.104.22.168.19 > 22.214.171.124.19: UDP, length 1400
11:16:22.110358 IP 126.96.36.199.19 > 188.8.131.52.19: UDP, length 1400 11:16:22.110402 IP 184.108.40.206.19 > 220.127.116.11.19: UDP, length 1400
11:16:22.110406 IP 18.104.22.168.19 > 22.214.171.124.19: UDP, length 1400
Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration?
A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company’s ISP should be contacted and instructed to block the malicious packets.
B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication.
C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks.
D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company’s external router to block incoming UDP port 19 traffic.
Q219. - (Topic 3)
A security consultant is hired by a company to determine if an internally developed web application is vulnerable to attacks. The consultant spent two weeks testing the application, and determines that no vulnerabilities are present. Based on the results of the tools and tests available, which of the following statements BEST reflects the security status of the application?
A. The company’s software lifecycle management improved the security of the application.
B. There are no vulnerabilities in the application.
C. The company should deploy a web application firewall to ensure extra security.
D. There are no known vulnerabilities at this time.
Q220. - (Topic 2)
After reviewing a company’s NAS configuration and file system access logs, the auditor is advising the security administrator to implement additional security controls on the NFS export. The security administrator decides to remove the no_root_squash directive from the export and add the nosuid directive. Which of the following is true about the security controls implemented by the security administrator?
A. The newly implemented security controls are in place to ensure that NFS encryption can only be controlled by the root user.
B. Removing the no_root_squash directive grants the root user remote NFS read/write access to important files owned by root on the NAS.
C. Users with root access on remote NFS client computers can always use the SU command to modify other user’s files on the NAS.
D. Adding the nosuid directive disables regular users from accessing files owned by the root user over NFS even after using the SU command.