Exam Code: CAS-002 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Advanced Security Practitioner (CASP)
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass CAS-002 Exam.

Q191. - (Topic 3) 

An organization has had six security incidents over the past year against their main web application. Each time the organization was able to determine the cause of the incident and restore operations within a few hours to a few days. Which of the following provides the MOST comprehensive method for reducing the time to recover? 

A. Create security metrics that provide information on response times and requirements to determine the best place to focus time and money. 

B. Conduct a loss analysis to determine which systems to focus time and money towards increasing security. 

C. Implement a knowledge management process accessible to the help desk and finance departments to estimate cost and prioritize remediation. 

D. Develop an incident response team, require training for incident remediation, and provide incident reporting and tracking metrics. 


Q192. - (Topic 4) 

-- Exhibit – 

-- Exhibit --

Company management has indicated that instant messengers (IM) add to employee productivity. Management would like to implement an IM solution, but does not have a budget for the project. The security engineer creates a feature matrix to help decide the most secure product. Click on the Exhibit button. 

Which of the following would the security engineer MOST likely recommend based on the table? 

A. Product A 

B. Product B 

C. Product C 

D. Product D 


Q193. - (Topic 1) 

A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable? 

A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection. 

B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network. 

C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections. 

D. This information can be found by querying the network’s DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts. 


Q194. - (Topic 1) 

An attacker attempts to create a DoS event against the VoIP system of a company. The attacker uses a tool to flood the network with a large number of SIP INVITE traffic. Which of the following would be LEAST likely to thwart such an attack? 

A. Install IDS/IPS systems on the network 

B. Force all SIP communication to be encrypted 

C. Create separate VLANs for voice and data traffic 

D. Implement QoS parameters on the switches 


Q195. - (Topic 3) 

A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security items should the company have in place before implementation? (Select TWO). 

A. The company must dedicate specific staff to act as social media representatives of the company. 

B. All staff needs to be instructed in the proper use of social media in the work environment. 

C. Senior staff blogs should be ghost written by marketing professionals. 

D. The finance department must provide a cost benefit analysis for social media. 

E. The security policy needs to be reviewed to ensure that social media policy is properly implemented. 

F. The company should ensure that the company has sufficient bandwidth to allow for social media traffic. 

Answer: A,E 

Q196. - (Topic 1) 

A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applications’ compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted? 

A. Establish the security control baseline 

B. Build the application according to software development security standards 

C. Review the results of user acceptance testing 

D. Consult with the stakeholders to determine which standards can be omitted 


Q197. - (Topic 2) 

An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant? 

A. $4,800 

B. $24,000 

C. $96,000 

D. $120,000 


Q198. - (Topic 2) 

The network administrator at an enterprise reported a large data leak. One compromised server was used to aggregate data from several critical application servers and send it out to the Internet using HTTPS. Upon investigation, there have been no user logins over the previous week and the endpoint protection software is not reporting any issues. Which of the following BEST provides insight into where the compromised server collected the information? 

A. Review the flow data against each server’s baseline communications profile. 

B. Configure the server logs to collect unusual activity including failed logins and restarted services. 

C. Correlate data loss prevention logs for anomalous communications from the server. 

D. Setup a packet capture on the firewall to collect all of the server communications. 


Q199. - (Topic 3) 

After three vendors submit their requested documentation, the CPO and the SPM can better understand what each vendor does and what solutions that they can provide. But now they want to see the intricacies of how these solutions can adequately match the requirements needed by the firm. Upon the directive of the CPO, the CISO should submit which of the following to the three submitting firms? 

A. A T&M contract 

B. An RFP 

C. A FFP agreement 

D. A new RFQ 


Q200. - (Topic 5) 

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO). 

A. Block traffic from the ISP’s networks destined for blacklisted IPs. 

B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP. 

C. Block traffic with a source IP not allocated to the ISP from exiting the ISP’s network. 

D. Scan the ISP’s customer networks using an up-to-date vulnerability scanner. 

E. Notify customers when services they run are involved in an attack. 

Answer: C,E