Act now and download your CompTIA CAS-002 test today! Do not waste time for the worthless CompTIA CAS-002 tutorials. Download Replace CompTIA CompTIA Advanced Security Practitioner (CASP) exam with real questions and answers and begin to learn CompTIA CAS-002 with a classic professional.

Q21. - (Topic 4) 

A bank now has a major initiative to virtualize as many servers as possible, due to power and rack space capacity at both data centers. The bank has prioritized by virtualizing older servers first as the hardware is nearing end-of-life. 

The two initial migrations include: 

Which of the following should the security consultant recommend based on best practices? 

A. One data center should host virtualized web servers and the second data center should host the virtualized domain controllers. 

B. One virtual environment should be present at each data center, each housing a combination of the converted Windows 2000 and RHEL3 virtual machines. 

C. Each data center should contain one virtual environment for the web servers and another virtual environment for the domain controllers. 

D. Each data center should contain one virtual environment housing converted Windows 2000 virtual machines and converted RHEL3 virtual machines. 

Answer:


Q22. - (Topic 2) 

An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization $10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution? 

A. $0 

B. $7,500 

C. $10,000 

D. $12,500 

E. $15,000 

Answer:


Q23. - (Topic 1) 

In order to reduce costs and improve employee satisfaction, a large corporation is creating a BYOD policy. It will allow access to email and remote connections to the corporate enterprise from personal devices; provided they are on an approved device list. Which of the following security measures would be MOST effective in securing the enterprise under the new policy? (Select TWO). 

A. Provide free email software for personal devices. 

B. Encrypt data in transit for remote access. 

C. Require smart card authentication for all devices. 

D. Implement NAC to limit insecure devices access. 

E. Enable time of day restrictions for personal devices. 

Answer: B,D 


Q24. - (Topic 3) 

A financial institution wants to reduce the costs associated with managing and troubleshooting employees’ desktops and applications, while keeping employees from copying data onto external storage. The Chief Information Officer (CIO) has asked the security team to evaluate four solutions submitted by the change management group. Which of the following BEST accomplishes this task? 

A. Implement desktop virtualization and encrypt all sensitive data at rest and in transit. 

B. Implement server virtualization and move the application from the desktop to the server. 

C. Implement VDI and disable hardware and storage mapping from the thin client. 

D. Move the critical applications to a private cloud and disable VPN and tunneling. 

Answer:


Q25. - (Topic 1) 

A security administrator is shown the following log excerpt from a Unix system: 

2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2 

2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2 

2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2 

2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2 

Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO). 

A. An authorized administrator has logged into the root account remotely. 

B. The administrator should disable remote root logins. 

C. Isolate the system immediately and begin forensic analysis on the host. 

D. A remote attacker has compromised the root account using a buffer overflow in sshd. 

E. A remote attacker has guessed the root password using a dictionary attack. 

F. Use iptables to immediately DROP connections from the IP 198.51.100.23. 

G. A remote attacker has compromised the private key of the root account. 

H. Change the root password immediately to a password not found in a dictionary. 

Answer: C,E 


Q26. - (Topic 2) 

A company Chief Information Officer (CIO) is unsure which set of standards should govern the company’s IT policy. The CIO has hired consultants to develop use cases to test against various government and industry security standards. The CIO is convinced that there is large overlap between the configuration checks and security controls governing each set of standards. Which of the following selections represent the BEST option for the CIO? 

A. Issue a RFQ for vendors to quote a complete vulnerability and risk management solution to the company. 

B. Issue a policy that requires only the most stringent security standards be implemented throughout the company. 

C. Issue a policy specifying best practice security standards and a baseline to be implemented across the company. 

D. Issue a RFI for vendors to determine which set of security standards is best for the company. 

Answer:


Q27. - (Topic 3) 

A WAF without customization will protect the infrastructure from which of the following attack combinations? 

A. DDoS, DNS poisoning, Boink, Teardrop 

B. Reflective XSS, HTTP exhaustion, Teardrop 

C. SQL Injection, DOM based XSS, HTTP exhaustion 

D. SQL Injection, CSRF, Clickjacking 

Answer:


Q28. - (Topic 1) 

An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO). 

A. LDAP/S 

B. SAML 

C. NTLM 

D. OAUTH 

E. Kerberos 

Answer: B,E 


Q29. - (Topic 4) 

After being informed that the company DNS is unresponsive, the system administrator issues the following command from a Linux workstation: 

Once at the command prompt, the administrator issues the below commanD. 

Which of the following is true about the above situation? 

A. The administrator must use the sudo command in order to restart the service. 

B. The administrator used the wrong SSH port to restart the DNS server. 

C. The service was restarted correctly, but it failed to bind to the network interface. 

D. The service did not restart because the bind command is privileged. 

Answer:


Q30. - (Topic 3) 

A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the following recommendations should the consultant provide to the security administrator? 

A. Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ. 

B. Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ. 

C. Disable AH. Enable ESP on the internal network, and use NIPS on both networks. 

D. Enable ESP on the internal network, and place NIPS on both networks. 

Answer: