♥♥ 2017 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
CAS-002 Product Description:
Exam Number/Code: CAS-002 vce
Exam name: CompTIA Advanced Security Practitioner (CASP)
n questions with full explanations
Certification: CompTIA Certification
Last updated on Global synchronizing
Refined of CAS-002 practice question materials and answers for CompTIA certification for examinee, Real Success Guaranteed with Updated CAS-002 pdf dumps vce Materials. 100% PASS CompTIA Advanced Security Practitioner (CASP) exam Today!
2016 May CAS-002 Study Guide Questions:
Q261. - (Topic 1)
Due to compliance regulations, a company requires a yearly penetration test. The Chief Information Security Officer (CISO) has asked that it be done under a black box methodology.
Which of the following would be the advantage of conducting this kind of penetration test?
A. The risk of unplanned server outages is reduced.
B. Using documentation provided to them, the pen-test organization can quickly determine areas to focus on.
C. The results will show an in-depth view of the network and should help pin-point areas of internal weakness.
D. The results should reflect what attackers may be able to learn about the company.
Q262. - (Topic 2)
A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company servers via REST/JSON calls. The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following controls MUST be implemented to enable stateless communication?
A. Generate a one-time key as part of the device registration process.
B. Require SSL between the mobile application and the web services gateway.
C. The jsession cookie should be stored securely after authentication.
D. Authentication assertion should be stored securely on the client.
Q263. - (Topic 4)
A large enterprise introduced a next generation firewall appliance into the Internet facing DMZ. All Internet traffic passes through this appliance. Four hours after implementation the network engineering team discovered that traffic through the DMZ now has un-acceptable latency, and is recommending that the new firewall be taken offline. At what point in the implementation process should this problem have been discovered?
A. During the product selection phase
B. When testing the appliance
C. When writing the RFP for the purchase process
D. During the network traffic analysis phase
Replace comptia casp cas-002:
Q264. - (Topic 1)
Two universities are making their 802.11n wireless networks available to the other university’s students. The infrastructure will pass the student’s credentials back to the home school for authentication via the Internet.
The requirements are:
The following design was implemented: WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be used to forward authentication requests to the home school The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?
A. The transport layer between the RADIUS servers should be secured
B. WPA Enterprise should be used to decrease the network overhead
C. The RADIUS servers should have local accounts for the visiting students
D. Students should be given certificates to use for authentication to the network
Q265. DRAG DROP - (Topic 2)
Company A has experienced external attacks on their network and wants to minimize the attacks from reoccurring. Modify the network diagram to prevent SQL injections, XSS attacks, smurf attacks, e-mail spam, downloaded malware, viruses and ping attacks. The company can spend a MAXIMUM of $50,000 USD. A cost list for each item is listed below:
1. Anti-Virus Server - $10,000
3. Load Balanced Server - $10,000
5. Packet Analyzer - $5,000
6. Patch Server-$15,000
7. Proxy Server-$20,000
9. Spam Filter-$5,000
10. Traffic Shaper - $20,000
11. Web Application Firewall - $10,000
Instructions: Not all placeholders in the diagram need to be filled and items can only be used once. If you place an object on the network diagram, you can remove it by clicking the
(x) in the upper right-hand of the object.
Q266. - (Topic 5)
A security administrator needs to deploy a remote access solution for both staff and contractors. Management favors remote desktop due to ease of use. The current risk assessment suggests protecting Windows as much as possible from direct ingress traffic exposure. Which of the following solutions should be selected?
A. Deploy a remote desktop server on your internal LAN, and require an active directory integrated SSL connection for access.
B. Change remote desktop to a non-standard port, and implement password complexity for the entire active directory domain.
C. Distribute new IPSec VPN client software to applicable parties. Virtualize remote desktop services functionality.
D. Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication.
Realistic certainteed cas-002:
Q267. - (Topic 2)
A critical system audit shows that the payroll system is not meeting security policy due to missing OS security patches. Upon further review, it appears that the system is not being patched at all. The vendor states that the system is only supported on the current OS patch level. Which of the following compensating controls should be used to mitigate the vulnerability of missing OS patches on this system?
A. Isolate the system on a secure network to limit its contact with other systems
B. Implement an application layer firewall to protect the payroll system interface
C. Monitor the system’s security log for unauthorized access to the payroll application
D. Perform reconciliation of all payroll transactions on a daily basis
Q268. CORRECT TEXT - (Topic 3)
Answer: 220.127.116.11/24 any 192.168.20.0/24 3389 any
Q269. - (Topic 1)
A popular commercial virtualization platform allows for the creation of virtual hardware. To virtual machines, this virtual hardware is indistinguishable from real hardware. By implementing virtualized TPMs, which of the following trusted system concepts can be implemented?
A. Software-based root of trust
B. Continuous chain of trust
C. Chain of trust with a hardware root of trust
D. Software-based trust anchor with no root of trust
Q270. - (Topic 5)
A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applications’ compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted? (Select TWO).
A. Establish the security control baseline to be assessed
B. Build the application according to software development security standards
C. Write the systems functionality requirements into the security requirements traceability matrix
D. Review the results of user acceptance testing
E. Categorize the applications according to use
F. Consult with the stakeholders to determine which standards can be omitted
see more CompTIA Advanced Security Practitioner (CASP)