Act now and download your CompTIA CAS-002 test today! Do not waste time for the worthless CompTIA CAS-002 tutorials. Download Avant-garde CompTIA CompTIA Advanced Security Practitioner (CASP) exam with real questions and answers and begin to learn CompTIA CAS-002 with a classic professional.

2017 Mar CAS-002 sample question

Q141. - (Topic 1) 

A human resources manager at a software development company has been tasked with recruiting personnel for a new cyber defense division in the company. This division will require personnel to have high technology skills and industry certifications. Which of the following is the BEST method for this manager to gain insight into this industry to execute the task? 

A. Interview candidates, attend training, and hire a staffing company that specializes in technology jobs 

B. Interview employees and managers to discover the industry hot topics and trends 

C. Attend meetings with staff, internal training, and become certified in software management 

D. Attend conferences, webinars, and training to remain current with the industry and job requirements 

Answer:


Q142. - (Topic 5) 

An IT administrator has been tasked with implementing an appliance-based web proxy server to control external content accessed by internal staff. Concerned with the threat of corporate data leakage via web-based email, the IT administrator wants to decrypt all outbound HTTPS sessions and pass the decrypted content to an ICAP server for inspection by the corporate DLP software. Which of the following is BEST at protecting the internal certificates used in the decryption process? 

A. NIPS 

B. HSM 

C. UTM 

D. HIDS 

E. WAF 

F. SIEM 

Answer:


Q143. - (Topic 1) 

The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the following BEST describes the scenario presented and the document the ISO is reviewing? 

A. The ISO is evaluating the business implications of a recent telephone system failure within the BIA. 

B. The ISO is investigating the impact of a possible downtime of the messaging system within the RA. 

C. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ. 

D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR. 

Answer:


Q144. - (Topic 4) 

The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees: 

Employee A. Works in the accounts receivable office and is in charge of entering data into the finance system. 

Employee B. Works in the accounts payable office and is in charge of approving purchase orders. 

Employee C. Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B. 

Which of the following should the auditor suggest be done to avoid future security breaches? 

A. All employees should have the same access level to be able to check on each others. 

B. The manager should only be able to review the data and approve purchase orders. 

C. Employee A and Employee B should rotate jobs at a set interval and cross-train. 

D. The manager should be able to both enter and approve information. 

Answer:


Q145. - (Topic 2) 

The following has been discovered in an internally developed application: 

Error - Memory allocated but not freed: char *myBuffer = malloc(BUFFER_SIZE); if (myBuffer != NULL) { *myBuffer = STRING_WELCOME_MESSAGE; 

printf(“Welcome to: %s\n”, myBuffer); 

exit(0); 

Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO). 

A. Static code analysis 

B. Memory dumping 

C. Manual code review 

D. Application sandboxing 

E. Penetration testing 

F. Black box testing 

Answer: A,C 


Rebirth CAS-002 exam answers:

Q146. CORRECT TEXT - (Topic 2) 

Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to conduct this review on the internal firewall sitting between several Internal networks. The intent of this firewall is to make traffic more restrictive. Given the following information answer the questions below: 

User Subnet: 192.168.1.0/24 Server Subnet: 192.168.2.0/24 Finance Subnet:192.168.3.0/24 

Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order columns. Firewall ACLs are read from the top down 

Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue. 

Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications. 

Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue. 

Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed. 

Answer: Please look into the explanation for the solution to this question. 


Q147. - (Topic 2) 

The IT director has charged the company helpdesk with sanitizing fixed and removable media. The helpdesk manager has written a new procedure to be followed by the helpdesk staff. This procedure includes the current standard to be used for data sanitization, as well as the location of physical degaussing tools. In which of the following cases should the helpdesk staff use the new procedure? (Select THREE). 

A. During asset disposal 

B. While reviewing the risk assessment 

C. While deploying new assets 

D. Before asset repurposing 

E. After the media has been disposed of 

F. During the data classification process 

G. When installing new printers 

H. When media fails or is unusable 

Answer: A,D,H 


Q148. - (Topic 5) 

A security analyst is tasked to create an executive briefing, which explains the activity and motivation of a cyber adversary. Which of the following is the MOST important content for the brief for management personnel to understand? 

A. Threat actor types, threat actor motivation, and attack tools 

B. Unsophisticated agents, organized groups, and nation states 

C. Threat actor types, attack sophistication, and the anatomy of an attack 

D. Threat actor types, threat actor motivation, and the attack impact 

Answer:


Q149. - (Topic 2) 

An organization has several production critical SCADA supervisory systems that cannot follow the normal 30-day patching policy. Which of the following BEST maximizes the protection of these systems from malicious software? 

A. Configure a firewall with deep packet inspection that restricts traffic to the systems 

B. Configure a separate zone for the systems and restrict access to known ports 

C. Configure the systems to ensure only necessary applications are able to run 

D. Configure the host firewall to ensure only the necessary applications have listening ports 

Answer:


Q150. - (Topic 3) 

A data processing server uses a Linux based file system to remotely mount physical disks on a shared SAN. The server administrator reports problems related to processing of files where the file appears to be incompletely written to the disk. The network administration team has conducted a thorough review of all network infrastructure and devices and found everything running at optimal performance. Other SAN customers are unaffected. The data being processed consists of millions of small files being written to disk from a network source one file at a time. These files are then accessed by a local Java program for processing before being transferred over the network to a SE Linux host for processing. Which of the following is the MOST likely cause of the processing problem? 

A. The administrator has a PERL script running which disrupts the NIC by restarting the CRON process every 65 seconds. 

B. The Java developers accounted for network latency only for the read portion of the processing and not the write process. 

C. The virtual file system on the SAN is experiencing a race condition between the reads and writes of network files. 

D. The Linux file system in use cannot write files as fast as they can be read by the Java program resulting in the errors. 

Answer: