Exambible offers free demo for CAS-002 exam. "CompTIA Advanced Security Practitioner (CASP)", also known as CAS-002 exam, is a CompTIA Certification. This set of posts, Passing the CompTIA CAS-002 exam, will help you answer those questions. The CAS-002 Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA CAS-002 exams and revised by experts!

Q81. - (Topic 1) 

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. The company needs an effective communication solution to remain in constant contact with each other, while maintaining a secure business environment. A junior-level administrator suggests that the company and the sales staff stay connected via free social media. Which of the following decisions is BEST for the CEO to make? 

A. Social media is an effective solution because it is easily adaptable to new situations. 

B. Social media is an ineffective solution because the policy may not align with the business. 

C. Social media is an effective solution because it implements SSL encryption. 

D. Social media is an ineffective solution because it is not primarily intended for business applications. 

Answer:


Q82. - (Topic 2) 

A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for personal items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect such illegal activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activity occurring in the future? 

A. Background checks 

B. Job rotation 

C. Least privilege 

D. Employee termination procedures 

Answer:


Q83. - (Topic 3) 

A corporation has expanded for the first time by integrating several newly acquired businesses. 

Which of the following are the FIRST tasks that the security team should undertake? (Select TWO). 

A. Remove acquired companies Internet access. 

B. Federate identity management systems. 

C. Install firewalls between the businesses. 

D. Re-image all end user computers to a standard image. 

E. Develop interconnection policy. 

F. Conduct a risk analysis of each acquired company’s networks. 

Answer: E,F 


Q84. - (Topic 3) 

A helpdesk manager at a financial company has received multiple reports from employees and customers that their phone calls sound metallic on the voice system. The helpdesk has been using VoIP lines encrypted from the handset to the PBX for several years. Which of the following should be done to address this issue for the future? 

A. SIP session tagging and QoS 

B. A dedicated VLAN 

C. Lower encryption setting 

D. Traffic shaping 

Answer:


Q85. - (Topic 2) 

A web developer is responsible for a simple web application that books holiday accommodations. The front-facing web server offers an HTML form, which asks for a user’s age. This input gets placed into a signed integer variable and is then checked to ensure that the user is in the adult age range. 

Users have reported that the website is not functioning correctly. The web developer has inspected log files and sees that a very large number (in the billions) was submitted just before the issue started occurring. Which of the following is the MOST likely situation that has occurred? 

A. The age variable stored the large number and filled up disk space which stopped the application from continuing to function. Improper error handling prevented the application from recovering. 

B. The age variable has had an integer overflow and was assigned a very small negative number which led to unpredictable application behavior. Improper error handling prevented the application from recovering. 

C. Computers are able to store numbers well above “billions” in size. Therefore, the website issues are not related to the large number being input. 

D. The application has crashed because a very large integer has lead to a “divide by zero”. Improper error handling prevented the application from recovering. 

Answer:


Q86. - (Topic 4) 

A developer has implemented a piece of client-side JavaScript code to sanitize a user’s 

provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log: 

10.235.62.11 – - [02/Mar/2014:06:13:04] “GET /site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1” 200 5724 

Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer? 

A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters. 

B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side. 

C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation. 

D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced. 

Answer:


Q87. - (Topic 2) 

An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected: 

Pattern 1 – Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated. 

Pattern 2 – For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out. 

Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO). 

A. Apply a hidden field that triggers a SIEM alert 

B. Cross site scripting attack 

C. Resource exhaustion attack 

D. Input a blacklist of all known BOT malware IPs into the firewall 

E. SQL injection 

F. Implement an inline WAF and integrate into SIEM 

G. Distributed denial of service 

H. Implement firewall rules to block the attacking IP addresses 

Answer: C,F 


Q88. - (Topic 3) 

The risk committee has endorsed the adoption of a security system development life cycle (SSDLC) designed to ensure compliance with PCI-DSS, HIPAA, and meet the organization’s mission. Which of the following BEST describes the correct order of implementing a five phase SSDLC? 

A. Initiation, assessment/acquisition, development/implementation, operations/maintenance and sunset. 

B. Initiation, acquisition/development, implementation/assessment, operations/maintenance and sunset. 

C. Assessment, initiation/development, implementation/assessment, operations/maintenance and disposal. 

D. Acquisition, initiation/development, implementation/assessment, operations/maintenance and disposal. 

Answer:


Q89. - (Topic 3) 

In single sign-on, the secondary domain needs to trust the primary domain to do which of the following? (Select TWO). 

A. Correctly assert the identity and authorization credentials of the end user. 

B. Correctly assert the authentication and authorization credentials of the end user. 

C. Protect the authentication credentials used to verify the end user identity to the secondary domain for unauthorized use. 

D. Protect the authentication credentials used to verify the end user identity to the secondary domain for authorized use. 

E. Protect the accounting credentials used to verify the end user identity to the secondary domain for unauthorized use. 

F. Correctly assert the identity and authentication credentials of the end user. 

Answer: D,F 

Topic 4, Volume D 


Q90. - (Topic 2) 

ABC Corporation has introduced token-based authentication to system administrators due to the risk of password compromise. The tokens have a set of HMAC counter-based codes and are valid until they are used. Which of the following types of authentication mechanisms does this statement describe? 

A. TOTP 

B. PAP 

C. CHAP 

D. HOTP 

Answer: