Pass4sure offers free demo for CAS-002 exam. "CompTIA Advanced Security Practitioner (CASP)", also known as CAS-002 exam, is a CompTIA Certification. This set of posts, Passing the CompTIA CAS-002 exam, will help you answer those questions. The CAS-002 Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA CAS-002 exams and revised by experts!

Q291. CORRECT TEXT - (Topic 2) 

Compliance with company policy requires a quarterly review of firewall rules. A new administrator is asked to conduct this review on the internal firewall sitting between several Internal networks. The intent of this firewall is to make traffic more restrictive. Given the following information answer the questions below: 

User Subnet: Server Subnet: Finance Subnet: 

Instructions: To perform the necessary tasks, please modify the DST port, Protocol, Action, and/or Rule Order columns. Firewall ACLs are read from the top down 

Task 1) An administrator added a rule to allow their machine terminal server access to the server subnet. This rule is not working. Identify the rule and correct this issue. 

Task 2) All web servers have been changed to communicate solely over SSL. Modify the appropriate rule to allow communications. 

Task 3) An administrator added a rule to block access to the SQL server from anywhere on the network. This rule is not working. Identify and correct this issue. 

Task 4) Other than allowing all hosts to do network time and SSL, modify a rule to ensure that no other traffic is allowed. 

Answer: Please look into the explanation for the solution to this question. 

Q292. - (Topic 4) 

A retail bank has had a number of issues in regards to the integrity of sensitive information across all of its customer databases. This has resulted in the bank’s share price decreasing in value by 50% and regulatory intervention and monitoring. 

The new Chief Information Security Officer (CISO) as a result has initiated a program of work to solve the issues. 

The business has specified that the solution needs to be enterprise grade and meet the following requirements: 

In order to solve this problem, which of the following security solutions will BEST meet the above requirements? (Select THREE). 

A. Implement a security operations center to provide real time monitoring and incident response with self service reporting capability. 

B. Implement an aggregation based SIEM solution to be deployed on the log servers of the major platforms, applications, and infrastructure. 

C. Implement a security operations center to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capability. 

D. Ensure that the network operations center has the tools to provide real time monitoring and incident response and an event correlation dashboard with self service reporting capabilities. 

E. Implement an agent only based SIEM solution to be deployed on all major platforms, applications, and infrastructures. 

F. Ensure appropriate auditing is enabled to capture the required information. 

G. Manually pull the logs from the major platforms, applications, and infrastructures to a central secure server. 

Answer: B,C,F 

Q293. - (Topic 3) 

Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network? 

A. Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access. 

B. Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments. 

C. Provide sales staff with a separate laptop with no administrator access just for sales visits. 

D. Update the acceptable use policy and ensure sales staff read and acknowledge the policy. 


Q294. - (Topic 4) 

The security administrator has just installed an active\passive cluster of two firewalls for enterprise perimeter defense of the corporate network. Stateful firewall inspection is being used in the firewall implementation. There have been numerous reports of dropped connections with external clients. 

Which of the following is MOST likely the cause of this problem? 

A. TCP sessions are traversing one firewall and return traffic is being sent through the secondary firewall and sessions are being dropped. 

B. TCP and UDP sessions are being balanced across both firewalls and connections are being dropped because the session IDs are not recognized by the secondary firewall. 

C. Prioritize UDP traffic and associated stateful UDP session information is traversing the passive firewall causing the connections to be dropped. 

D. The firewall administrator connected a dedicated communication cable between the firewalls in order to share a single state table across the cluster causing the sessions to be dropped. 


Q295. - (Topic 1) 

A small retail company recently deployed a new point of sale (POS) system to all 67 stores. The core of the POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless. Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality when making phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating excessive network traffic. After malware removal, the information security department is asked to review the configuration and suggest changes to prevent this from happening again. Which of the following denotes the BEST way to mitigate future malware risk? 

A. Deploy new perimeter firewalls at all stores with UTM functionality. 

B. Change antivirus vendors at the store and the corporate office. 

C. Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution. 

D. Deploy a proxy server with content filtering at the corporate office and route all traffic through it. 


Q296. - (Topic 2) 

ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security? (Select THREE). 

A. Establish a list of users that must work with each regulation 

B. Establish a list of devices that must meet each regulation 

C. Centralize management of all devices on the network 

D. Compartmentalize the network 

E. Establish a company framework 

F. Apply technical controls to meet compliance with the regulation 

Answer: B,D,F 

Q297. - (Topic 2) 

A facilities manager has observed varying electric use on the company’s metered service lines. The facility management rarely interacts with the IT department unless new equipment is being delivered. However, the facility manager thinks that there is a correlation between spikes in electric use and IT department activity. Which of the following business processes and/or practices would provide better management of organizational resources with the IT department’s needs? (Select TWO). 

A. Deploying a radio frequency identification tagging asset management system 

B. Designing a business resource monitoring system 

C. Hiring a property custodian 

D. Purchasing software asset management software 

E. Facility management participation on a change control board 

F. Rewriting the change board charter 

G. Implementation of change management best practices 

Answer: E,G 

Q298. CORRECT TEXT - (Topic 2) 

Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address. The company uses the following internal IP address ranges: for the corporate site and for the remote site. The Telco router interface uses the IP range. 

Instructions: Click on the simulation button to refer to the Network Diagram for Company A. 

Click on Router 1, Router 2, and the Firewall to evaluate and configure each device. 

Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces. 

Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other servers on the corporate network. 

Answer: Please check the explanation part for the solution. 

Q299. - (Topic 2) 

An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data stored in the sensitive system according to the following matrix: 




Client addressLOWMEDIUMLOW 


The auditor is advising the company to review the aggregate score and submit it to senior management. Which of the following should be the revised aggregate score? 






Q300. - (Topic 2) 

During an incident involving the company main database, a team of forensics experts is hired to respond to the breach. The team is in charge of collecting forensics evidence from the company’s database server. Which of the following is the correct order in which the forensics team should engage? 

A. Notify senior management, secure the scene, capture volatile storage, capture non-volatile storage, implement chain of custody, and analyze original media. 

B. Take inventory, secure the scene, capture RAM, capture had drive, implement chain of custody, document, and analyze the data. 

C. Implement chain of custody, take inventory, secure the scene, capture volatile and non-volatile storage, and document the findings. 

D. Secure the scene, take inventory, capture volatile storage, capture non-volatile storage, document, and implement chain of custody.