It is more faster and easier to pass the CompTIA CAS-002 exam by using Breathing CompTIA CompTIA Advanced Security Practitioner (CASP) questuins and answers. Immediate access to the Renew CAS-002 Exam and find the same core area CAS-002 questions with professionally verified answers, then PASS your exam with a high score now.

2017 Apr CAS-002 vce

Q51. - (Topic 5) 

A security administrator was recently hired in a start-up company to represent the interest of security and to assist the network team in improving security in the company. The sales team is continuously contacting the security administrator to answer security questions posed by potential customers/clients. Which of the following is the BEST strategy to minimize the frequency of these requests? 

A. Request the major stakeholder hire a security liaison to assist the sales team with security-related questions. 

B. Train the sales team about basic security, and make them aware of the security policies and procedures of the company. 

C. The job description of the security administrator is to assist the sales team; thus the process should not be changed. 

D. Compile a list of the questions, develop an FAQ on the website, and train the sales team about basic security concepts. 

Answer:


Q52. - (Topic 1) 

Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international standards. He has recommended that the company use his cryptographic method. Which of the following methodologies should be adopted? 

A. The company should develop an in-house solution and keep the algorithm a secret. 

B. The company should use the CEO’s encryption scheme. 

C. The company should use a mixture of both systems to meet minimum standards. 

D. The company should use the method recommended by other respected information security organizations. 

Answer:


Q53. - (Topic 1) 

The technology steering committee is struggling with increased requirements stemming from an increase in telecommuting. The organization has not addressed telecommuting in the past. The implementation of a new SSL-VPN and a VOIP phone solution enables personnel to work from remote locations with corporate assets. Which of the following steps must the committee take FIRST to outline senior management’s directives? 

A. Develop an information classification scheme that will properly secure data on corporate systems. 

B. Implement database views and constrained interfaces so remote users will be unable to access PII from personal equipment. 

C. Publish a policy that addresses the security requirements for working remotely with company equipment. 

D. Work with mid-level managers to identify and document the proper procedures for telecommuting. 

Answer:


Q54. - (Topic 2) 

A large company is preparing to merge with a smaller company. The smaller company has been very profitable, but the smaller company’s main applications were created in-house. Which of the following actions should the large company’s security administrator take in preparation for the merger? 

A. A review of the mitigations implemented from the most recent audit findings of the smaller company should be performed. 

B. An ROI calculation should be performed to determine which company's application should be used. 

C. A security assessment should be performed to establish the risks of integration or co-existence. 

D. A regression test should be performed on the in-house software to determine security risks associated with the software. 

Answer:


Q55. - (Topic 5) 

An administrator is trying to categorize the security impact of a database server in the case of a security event. There are three databases on the server. 

Current Financial Data = High level of damage if data is disclosed. Moderate damage if the system goes offline 

Archived Financial Data = No need for the database to be online. Low damage for integrity loss 

Public Website Data = Low damage if the site goes down. Moderate damage if the data is corrupted 

Given these security categorizations of each database, which of the following is the aggregate security categorization of the database server? 

A. Database server = {(Confidentiality HIGH),(Integrity High),(Availability High)} 

B. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Moderate)} 

C. Database server = {(Confidentiality HIGH),(Integrity Moderate),(Availability Low)} 

D. Database server = {(Confidentiality Moderate),(Integrity Moderate),(Availability Moderate)} 

Answer:


Abreast of the times CAS-002 latest exam:

Q56. CORRECT TEXT - (Topic 2) 

Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address. The company uses the following internal IP address ranges: 192.10.1.0/24 for the corporate site and 192.10.2.0/24 for the remote site. The Telco router interface uses the 192.10.5.0/30 IP range. 

Instructions: Click on the simulation button to refer to the Network Diagram for Company A. 

Click on Router 1, Router 2, and the Firewall to evaluate and configure each device. 

Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces. 

Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other servers on the corporate network. 

Answer: Please check the explanation part for the solution. 


Q57. - (Topic 1) 

A security administrator is shown the following log excerpt from a Unix system: 

2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2 

2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2 

2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2 

2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2 

Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO). 

A. An authorized administrator has logged into the root account remotely. 

B. The administrator should disable remote root logins. 

C. Isolate the system immediately and begin forensic analysis on the host. 

D. A remote attacker has compromised the root account using a buffer overflow in sshd. 

E. A remote attacker has guessed the root password using a dictionary attack. 

F. Use iptables to immediately DROP connections from the IP 198.51.100.23. 

G. A remote attacker has compromised the private key of the root account. 

H. Change the root password immediately to a password not found in a dictionary. 

Answer: C,E 


Q58. - (Topic 2) 

Company ABC is hiring customer service representatives from Company XYZ. The representatives reside at Company XYZ’s headquarters. Which of the following BEST prevents Company XYZ representatives from gaining access to unauthorized Company ABC systems? 

A. Require each Company XYZ employee to use an IPSec connection to the required systems 

B. Require Company XYZ employees to establish an encrypted VDI session to the required systems 

C. Require Company ABC employees to use two-factor authentication on the required systems 

D. Require a site-to-site VPN for intercompany communications 

Answer:


Q59. - (Topic 1) 

A forensic analyst works for an e-discovery firm where several gigabytes of data are processed daily. While the business is lucrative, they do not have the resources or the scalability to adequately serve their clients. Since it is an e-discovery firm where chain of custody is important, which of the following scenarios should they consider? 

A. Offload some data processing to a public cloud 

B. Aligning their client intake with the resources available 

C. Using a community cloud with adequate controls 

D. Outsourcing the service to a third party cloud provider 

Answer:


Q60. - (Topic 4) 

A security administrator is shown the following log excerpt from a Unix system: 

2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2 

2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2 

2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2 

2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2 

Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO). 

A. An authorized administrator has logged into the root account remotely. 

B. The administrator should disable remote root logins. 

C. Isolate the system immediately and begin forensic analysis on the host. 

D. A remote attacker has compromised the root account using a buffer overflow in sshd. 

E. A remote attacker has guessed the root password using a dictionary attack. 

F. Use iptables to immediately DROP connections from the IP 198.51.100.23. 

G. A remote attacker has compromised the private key of the root account. 

H. Change the root password immediately to a password not found in a dictionary. 

Answer: C,E