High quality CAS-002 testing engine Reviews & Tips

Act now and download your CompTIA CAS-002 test today! Do not waste time for the worthless CompTIA CAS-002 tutorials. Download Rebirth CompTIA CompTIA Advanced Security Practitioner (CASP) exam with real questions and answers and begin to learn CompTIA CAS-002 with a classic professional.

Q121. - (Topic 1) 

Joe, a hacker, has discovered he can specifically craft a webpage that when viewed in a browser crashes the browser and then allows him to gain remote code execution in the context of the victim’s privilege level. The browser crashes due to an exception error when a heap memory that is unused is accessed. Which of the following BEST describes the application issue? 

A. Integer overflow 

B. Click-jacking 

C. Race condition 

D. SQL injection 

E. Use after free 

F. Input validation 

Answer: E 

Q122. - (Topic 1) 

A security manager for a service provider has approved two vendors for connections to the 

service provider backbone. One vendor will be providing authentication services for its payment card service, and the other vendor will be providing maintenance to the service provider infrastructure sites. Which of the following business agreements is MOST relevant to the vendors and service provider’s relationship? 

A. Memorandum of Agreement 

B. Interconnection Security Agreement 

C. Non-Disclosure Agreement 

D. Operating Level Agreement 

Answer: B 

Q123. - (Topic 4) 

The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the following BEST describes the scenario presented and the document the ISO is reviewing? 

A. The ISO is evaluating the business implications of a recent telephone system failure within the BIA. 

B. The ISO is investigating the impact of a possible downtime of the messaging system within the RA. 

C. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ. 

D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR. 

Answer: D 

Q124. - (Topic 2) 

An enterprise must ensure that all devices that connect to its networks have been previously approved. The solution must support dual factor mutual authentication with strong identity assurance. In order to reduce costs and administrative overhead, the security architect wants to outsource identity proofing and second factor digital delivery to the third party. Which of the following solutions will address the enterprise requirements? 

A. Implementing federated network access with the third party. 

B. Using a HSM at the network perimeter to handle network device access. 

C. Using a VPN concentrator which supports dual factor via hardware tokens. 

D. Implementing 802.1x with EAP-TTLS across the infrastructure. 

Answer: D 

Q125. - (Topic 4) 

A university Chief Information Security Officer is analyzing various solutions for a new project involving the upgrade of the network infrastructure within the campus. The campus has several dorms (two-four person rooms) and administrative buildings. The network is currently setup to provide only two network ports in each dorm room and ten network ports per classroom. Only administrative buildings provide 2.4 GHz wireless coverage. 

The following three goals must be met after the new implementation: 

1. Provide all users (including students in their dorms) connections to the Internet. 

2. Provide IT department with the ability to make changes to the network environment to improve performance. 

3. Provide high speed connections wherever possible all throughout campus including sporting event areas. 

Which of the following risk responses would MOST likely be used to reduce the risk of network outages and financial expenditures while still meeting each of the goals stated above? 

A. Avoid any risk of network outages by providing additional wired connections to each user and increasing the number of data ports throughout the campus. 

B. Transfer the risk of network outages by hiring a third party to survey, implement and manage a 5.0 GHz wireless network. 

C. Accept the risk of possible network outages and implement a WLAN solution to provide complete 5.0 GHz coverage in each building that can be managed centrally on campus. 

D. Mitigate the risk of network outages by implementing SOHO WiFi coverage throughout the dorms and upgrading only the administrative buildings to 5.0 GHz coverage using a one for one AP replacement. 

Answer: C 

Q126. - (Topic 1) 

After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position? 

A. Least privilege 

B. Job rotation 

C. Mandatory vacation 

D. Separation of duties 

Answer: B 

Q127. - (Topic 5) 

Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology. Which of the following would be the advantage of conducting this kind of penetration test? 

A. The risk of unplanned server outages is reduced. 

B. Using documentation provided to them, the pen-test organization can quickly determine areas to focus on. 

C. The results will show an in-depth view of the network and should help pin-point areas of internal weakness. 

D. The results should reflect what attackers may be able to learn about the company. 

Answer: D 

Q128. - (Topic 2) 

An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data stored in the sensitive system according to the following matrix: 

DATA TYPECONFIDENTIALITYINTEGRITYAVAILABILITY 

FinancialHIGHHIGHLOW 

Client nameMEDIUMMEDIUMHIGH 

Client addressLOWMEDIUMLOW 

AGGREGATEMEDIUMMEDIUMMEDIUM 

The auditor is advising the company to review the aggregate score and submit it to senior management. Which of the following should be the revised aggregate score? 

A. HIGH, MEDIUM, LOW 

B. MEDIUM, MEDIUM, LOW 

C. HIGH, HIGH, HIGH 

D. MEDIUM, MEDIUM, MEDIUM 

Answer: C 

Q129. - (Topic 2) 

Company XYZ finds itself using more cloud-based business tools, and password management is becoming onerous. Security is important to the company; as a result, password replication and shared accounts are not acceptable. Which of the following implementations addresses the distributed login with centralized authentication and has wide compatibility among SaaS vendors? 

A. Establish a cloud-based authentication service that supports SAML. 

B. Implement a new Diameter authentication server with read-only attestation. 

C. Install a read-only Active Directory server in the corporate DMZ for federation. 

D. Allow external connections to the existing corporate RADIUS server. 

Answer: A 

Q130. - (Topic 2) 

A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for personal items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect such illegal activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activity occurring in the future? 

A. Background checks 

B. Job rotation 

C. Least privilege 

D. Employee termination procedures 

Answer: B