Cause all that matters here is passing the CompTIA CAS-002 exam. Cause all that you need is a high score of CAS-002 CompTIA Advanced Security Practitioner (CASP) exam. The only one thing you need to do is downloading Examcollection CAS-002 exam study guides now. We will not let you down with our money-back guarantee.

Q231. - (Topic 3) 

A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night. Which of the following presents the MOST risk to confidentiality in this scenario? 

A. Loss of physical control of the servers 

B. Distribution of the job to multiple data centers 

C. Network transmission of cryptographic keys 

D. Data scraped from the hardware platforms 


Q232. - (Topic 2) 

ABC Corporation has introduced token-based authentication to system administrators due to the risk of password compromise. The tokens have a set of HMAC counter-based codes and are valid until they are used. Which of the following types of authentication mechanisms does this statement describe? 






Q233. - (Topic 1) 

Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company’s purchased application? (Select TWO). 

A. Code review 

B. Sandbox 

C. Local proxy 

D. Fuzzer 

E. Port scanner 

Answer: C,D 

Q234. - (Topic 1) 

A new piece of ransomware got installed on a company’s backup server which encrypted the hard drives containing the OS and backup application configuration but did not affect the deduplication data hard drives. During the incident response, the company finds that all backup tapes for this server are also corrupt. Which of the following is the PRIMARY concern? 

A. Determining how to install HIPS across all server platforms to prevent future incidents 

B. Preventing the ransomware from re-infecting the server upon restore 

C. Validating the integrity of the deduplicated data 

D. Restoring the data will be difficult without the application configuration 


Q235. - (Topic 2) 

A security administrator is assessing a new application. The application uses an API that is supposed to encrypt text strings that are stored in memory. How might the administrator test that the strings are indeed encrypted in memory? 

A. Use fuzzing techniques to examine application inputs 

B. Run nmap to attach to application memory 

C. Use a packet analyzer to inspect the strings 

D. Initiate a core dump of the application 

E. Use an HTTP interceptor to capture the text strings 


Q236. - (Topic 4) 

A bank provides single sign on services between its internally hosted applications and externally hosted CRM. The following sequence of events occurs: 

1. The banker accesses the CRM system, a redirect is performed back to the organization’s internal systems. 

2. A lookup is performed of the identity and a token is generated, signed and encrypted. 

3. A redirect is performed back to the CRM system with the token. 

4. The CRM system validates the integrity of the payload, extracts the identity and performs a lookup. 

5. If the banker is not in the system and automated provisioning request occurs. 

6. The banker is authenticated and authorized and can access the system. This is an example of which of the following? 

A. Service provider initiated SAML 2.0 

B. Identity provider initiated SAML 1.0 

C. OpenID federated single sign on 

D. Service provider initiated SAML 1.1 


Q237. - (Topic 3) 

New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should a security manager do to manage the risks of these attack vectors? (Select TWO). 

A. Establish an emergency response call tree. 

B. Create an inventory of applications. 

C. Backup the router and firewall configurations. 

D. Maintain a list of critical systems. 

E. Update all network diagrams. 

Answer: B,D 

Q238. - (Topic 5) 

The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO). 

A. Block traffic from the ISP’s networks destined for blacklisted IPs. 

B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP. 

C. Block traffic with a source IP not allocated to the ISP from exiting the ISP’s network. 

D. Scan the ISP’s customer networks using an up-to-date vulnerability scanner. 

E. Notify customers when services they run are involved in an attack. 

Answer: C,E 

Q239. CORRECT TEXT - (Topic 2) 

An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. 

Instructions: The last install that is completed will be the final submission. 

Answer: Please check the explanation part for full details on solution. 

Q240. - (Topic 2) 

Customers are receiving emails containing a link to malicious software. These emails are subverting spam filters. The email reads as follows: 


Received: by 

Mon, 1 Nov 2010 11:15:24 -0700 (PDT) 

Received: by 

Mon, 01 Nov 2010 11:15:23 -0700 (PDT) 

Return-Path: <> 

Received: from for <>; Mon, 1 Nov 2010 13:15:14 -0500 

(envelope-from <>) 

Received: by (SMTP READY) 

with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500 Received: from by; Mon, 1 Nov 2010 13:15:14 -0500 From: Company <> To: "" <> Date: Mon, 1 Nov 2010 13:15:11 -0500 Subject: New Insurance Application Thread-Topic: New Insurance Application 

Please download and install software from the site below to maintain full access to your account. 

Additional information: The authorized mail servers IPs are and 

The network’s subnet is 

Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk? (Select TWO). 

A. Identify the origination point for malicious activity on the unauthorized mail server. 

B. Block port 25 on the firewall for all unauthorized mail servers. 

C. Disable open relay functionality. 

D. Shut down the SMTP service on the unauthorized mail server. 

E. Enable STARTTLS on the spam filter. 

Answer: B,D