It is impossible to pass CompTIA CAS-002 exam without any help in the short term. Come to Testking soon and find the most advanced, correct and guaranteed CompTIA CAS-002 practice questions. You will get a surprising result by our Abreast of the times CompTIA Advanced Security Practitioner (CASP) practice guides.

Q201. - (Topic 1) 

A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented. Organize the following security requirements into the correct hierarchy required for an SRTM. 

Requirement 1: The system shall provide confidentiality for data in transit and data at rest. 

Requirement 2: The system shall use SSL, SSH, or SCP for all data transport. 

Requirement 3: The system shall implement a file-level encryption scheme. 

Requirement 4: The system shall provide integrity for all data at rest. 

Requirement 5: The system shall perform CRC checks on all files. 

A. Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5 

B. Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5 under 4 

C. Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under 4; Level 3: Requirement 3 under 2 

D. Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5 


Q202. - (Topic 2) 

A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. The application utilizes streaming video that can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO). 

A. Use AES in Electronic Codebook mode 

B. Use RC4 in Cipher Block Chaining mode 

C. Use RC4 with Fixed IV generation 

D. Use AES with cipher text padding 

E. Use RC4 with a nonce generated IV 

F. Use AES in Counter mode 

Answer: E,F 

Q203. - (Topic 5) 

The threat abatement program manager tasked the software engineer with identifying the fastest implementation of a hash function to protect passwords with the least number of collisions. Which of the following should the software engineer implement to best meet the requirements? 

A. hash = sha512(password + salt);for (k = 0; k < 4000; k++) {hash = sha512 (hash);} 

B. hash = md5(password + salt);for (k = 0; k < 5000; k++) {hash = md5 (hash);} 

C. hash = sha512(password + salt);for (k = 0; k < 3000; k++) {hash = sha512 (hash + password + salt);} 

D. hash1 = sha1(password + salt);hash = sha1 (hash1); 


Q204. - (Topic 5) 

An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the-middle attack. Which of the following controls should be implemented to mitigate the attack in the future? 

A. Use PAP for secondary authentication on each RADIUS server 

B. Disable unused EAP methods on each RADIUS server 

C. Enforce TLS connections between RADIUS servers 

D. Use a shared secret for each pair of RADIUS servers 


Q205. - (Topic 2) 

An internal development team has migrated away from Waterfall development to use Agile development. Overall, this has been viewed as a successful initiative by the stakeholders as it has improved time-to-market. However, some staff within the security team have contended that Agile development is not secure. Which of the following is the MOST accurate statement? 

A. Agile and Waterfall approaches have the same effective level of security posture. They both need similar amounts of security effort at the same phases of development. 

B. Agile development is fundamentally less secure than Waterfall due to the lack of formal up-front design and inability to perform security reviews. 

C. Agile development is more secure than Waterfall as it is a more modern methodology which has the advantage of having been able to incorporate security best practices of recent years. 

D. Agile development has different phases and timings compared to Waterfall. Security activities need to be adapted and performed within relevant Agile phases. 


Q206. - (Topic 5) 

The Chief Risk Officer (CRO) has requested that the MTD, RTO and RPO for key business applications be identified and documented. Which of the following business documents would MOST likely contain the required values? 



C. RA 




Q207. - (Topic 2) 

A company decides to purchase commercially available software packages. This can introduce new security risks to the network. Which of the following is the BEST description of why this is true? 

A. Commercially available software packages are typically well known and widely available. Information concerning vulnerabilities and viable attack patterns are never revealed by the developer to avoid lawsuits. 

B. Commercially available software packages are often widely available. Information concerning vulnerabilities is often kept internal to the company that developed the software. 

C. Commercially available software packages are not widespread and are only available in limited areas. Information concerning vulnerabilities is often ignored by business managers. 

D. Commercially available software packages are well known and widely available. Information concerning vulnerabilities and viable attack patterns are always shared within the IT community. 


Q208. - (Topic 1) 

An external penetration tester compromised one of the client organization’s authentication servers and retrieved the password database. Which of the following methods allows the penetration tester to MOST efficiently use any obtained administrative credentials on the client organization’s other systems, without impacting the integrity of any of the systems? 

A. Use the pass the hash technique 

B. Use rainbow tables to crack the passwords 

C. Use the existing access to change the password 

D. Use social engineering to obtain the actual password 


Q209. - (Topic 3) 

New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should a security manager do to manage the risks of these attack vectors? (Select TWO). 

A. Establish an emergency response call tree. 

B. Create an inventory of applications. 

C. Backup the router and firewall configurations. 

D. Maintain a list of critical systems. 

E. Update all network diagrams. 

Answer: B,D 

Q210. - (Topic 4) 

A university Chief Information Security Officer is analyzing various solutions for a new project involving the upgrade of the network infrastructure within the campus. The campus has several dorms (two-four person rooms) and administrative buildings. The network is currently setup to provide only two network ports in each dorm room and ten network ports per classroom. Only administrative buildings provide 2.4 GHz wireless coverage. 

The following three goals must be met after the new implementation: 

1. Provide all users (including students in their dorms) connections to the Internet. 

2. Provide IT department with the ability to make changes to the network environment to improve performance. 

3. Provide high speed connections wherever possible all throughout campus including sporting event areas. 

Which of the following risk responses would MOST likely be used to reduce the risk of network outages and financial expenditures while still meeting each of the goals stated above? 

A. Avoid any risk of network outages by providing additional wired connections to each user and increasing the number of data ports throughout the campus. 

B. Transfer the risk of network outages by hiring a third party to survey, implement and manage a 5.0 GHz wireless network. 

C. Accept the risk of possible network outages and implement a WLAN solution to provide complete 5.0 GHz coverage in each building that can be managed centrally on campus. 

D. Mitigate the risk of network outages by implementing SOHO WiFi coverage throughout the dorms and upgrading only the administrative buildings to 5.0 GHz coverage using a one for one AP replacement.