It is impossible to pass CompTIA CAS-002 exam without any help in the short term. Come to Actualtests soon and find the most advanced, correct and guaranteed CompTIA CAS-002 practice questions. You will get a surprising result by our Rebirth CompTIA Advanced Security Practitioner (CASP) practice guides.

Q271. - (Topic 3) 

A company receives a subpoena for email that is four years old. Which of the following should the company consult to determine if it can provide the email in question? 

A. Data retention policy 

B. Business continuity plan 

C. Backup and archive processes 

D. Electronic inventory 


Q272. - (Topic 4) 

A security auditor is conducting an audit of a corporation where 95% of the users travel or work from non-corporate locations a majority of the time. While the employees are away from the corporate offices, they retain full access to the corporate network and use of corporate laptops. The auditor knows that the corporation processes PII and other sensitive data with applications requiring local caches of any data being manipulated. Which of the following security controls should the auditor check for and recommend to be implemented if missing from the laptops? 

A. Trusted operating systems 

B. Full disk encryption 

C. Host-based firewalls 

D. Command shell restrictions 


Q273. - (Topic 3) 

The Chief Information Officer (CIO) of a technology company is likely to move away from a de-perimeterized model for employee owned devices. This is because there were too many issues with lack of patching, malware incidents, and data leakage due to lost/stolen devices which did not have full-disk encryption. The ‘bring your own computing’ approach was originally introduced because different business units preferred different operating systems and application stacks. Based on the issues and user needs, which of the following is the BEST recommendation for the CIO to make? 

A. The de-perimeterized model should be kept as this is major industry trend and other companies are following this direction. Advise that the issues being faced are standard business as usual concerns in a modern IT environment. 

B. Update the policy to disallow non-company end-point devices on the corporate network. Develop security-focused standard operating environments (SOEs) for all required operating systems and ensure the needs of each business unit are met. 

C. The de-perimeterized model should be kept but update company policies to state that non-company end-points require full disk encryption, anti-virus software, and regular patching. 

D. Update the policy to disallow non-company end-point devices on the corporate network. Allow only one type of outsourced SOE to all users as this will be easier to provision, secure, and will save money on operating costs. 


Q274. - (Topic 4) 

A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank’s share price decreasing in value by 50% and regulatory intervention and monitoring. 

The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues. 

The business has specified that the solution needs to be enterprise grade and meet the following requirements: 

In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE). 

A. Implement a security operations center to provide real time monitoring and incident response with self service reporting capability. 

B. Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms, applications, and infrastructure. 

C. Implement a security operations center to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capability. 

D. Ensure that the network operations center has the tools to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capabilities. 

E. Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures. 

F. Ensure appropriate auditing is enabled to capture the required information. 

G. Manually pull the logs from the major platforms, applications, and infrastructures to a central secure server. 

Answer: B,C,F 

Q275. - (Topic 1) 

The risk manager is reviewing a report which identifies a requirement to keep a business critical legacy system operational for the next two years. The legacy system is out of support because the vendor and security patches are no longer released. Additionally, this is a proprietary embedded system and little is documented and known about it. Which of the following should the Information Technology department implement to reduce the security risk from a compromise of this system? 

A. Virtualize the system and migrate it to a cloud provider. 

B. Segment the device on its own secure network. 

C. Install an antivirus and HIDS on the system. 

D. Hire developers to reduce vulnerabilities in the code. 


Q276. - (Topic 4) 

Company XYZ plans to donate 1,000 used computers to a local school. The company has a large research and development section and some of the computers were previously used to store proprietary research. 

The security administrator is concerned about data remnants on the donated machines, but the company does not have a device sanitization section in the data handling policy. 

Which of the following is the BEST course of action for the security administrator to take? 

A. Delay the donation until a new policy is approved by the Chief Information Officer (CIO), and then donate the machines. 

B. Delay the donation until all storage media on the computers can be sanitized. 

C. Reload the machines with an open source operating system and then donate the machines. 

D. Move forward with the donation, but remove all software license keys from the machines. 


Q277. DRAG DROP - (Topic 2) 

An organization is implementing a project to simplify the management of its firewall network flows and implement security controls. The following requirements exist. Drag and drop the BEST security solution to meet the given requirements. Options may be used once or not at all. All placeholders must be filled. 


Q278. - (Topic 4) 

A security administrator at Company XYZ is trying to develop a body of knowledge to enable heuristic and behavior based security event monitoring of activities on a geographically distributed network. Instrumentation is chosen to allow for monitoring and measuring the network. Which of the following is the BEST methodology to use in establishing this baseline? 

A. Model the network in a series of VMs; instrument the systems to record comprehensive metrics; run a large volume of simulated data through the model; record and analyze results; document expected future behavior. 

B. Completely duplicate the network on virtual machines; replay eight hours of captured corporate network traffic through the duplicate network; instrument the network; analyze the results; document the baseline. 

C. Instrument the operational network; simulate extra traffic on the network; analyze net flow information from all network devices; document the baseline volume of traffic. 

D. Schedule testing on operational systems when users are not present; instrument the systems to log all network traffic; monitor the network for at least eight hours; analyze the results; document the established baseline. 


Q279. - (Topic 3) 

A WAF without customization will protect the infrastructure from which of the following attack combinations? 

A. DDoS, DNS poisoning, Boink, Teardrop 

B. Reflective XSS, HTTP exhaustion, Teardrop 

C. SQL Injection, DOM based XSS, HTTP exhaustion 

D. SQL Injection, CSRF, Clickjacking 


Q280. - (Topic 2) 

A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company servers via REST/JSON calls. The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following controls MUST be implemented to enable stateless communication? 

A. Generate a one-time key as part of the device registration process. 

B. Require SSL between the mobile application and the web services gateway. 

C. The jsession cookie should be stored securely after authentication. 

D. Authentication assertion should be stored securely on the client.