Actualtests offers free demo for CAS-002 exam. "CompTIA Advanced Security Practitioner (CASP)", also known as CAS-002 exam, is a CompTIA Certification. This set of posts, Passing the CompTIA CAS-002 exam, will help you answer those questions. The CAS-002 Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA CAS-002 exams and revised by experts!

P.S. Practical CAS-002 testing software are available on Google Drive, GET MORE: https://drive.google.com/open?id=1D1OsvtV6EsmahSAfh5egZO5fZVoFYzmV


New CompTIA CAS-002 Exam Dumps Collection (Question 11 - Question 20)

Q11. A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the following recommendations should the consultant provide to the security administrator?

A. Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.

B. Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.

C. Disable AH. Enable ESP on the internal network, and use NIPS on both networks.

D. Enable ESP on the internal network, and place NIPS on both networks.

Answer: A



Q12. Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network?

A. Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access.

B. Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments.

C. Provide sales staff with a separate laptop with no administrator access just for sales visits.

D. Update the acceptable use policy and ensure sales staff read and acknowledge the policy.

Answer: A



Q13. A system administrator has installed a new Internet facing secure web application that consists of a Linux web server and Windows SQL server into a new corporate site. The administrator wants to place the servers in the most logical network security zones and implement the appropriate security controls. Which of the following scenarios BEST accomplishes this goal?

A. Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 80 and 443. Set SELinux to permissive. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 80 and

443. Configure the Internet zone with ACLs of allow 80 and 443 destination DMZ.

B. Create an Internet zone, DMZ, and Internal zone on the firewall. Place the web server in the DMZ. Configure IPtables to allow TCP 443. Set enforcement threshold on SELinux to one. Place the SQL server in the internal zone. Configure the Windows firewall to allow TCP 1433 and 1443. Configure the Internet zone with ACLs of allow 443 destination DMZ.

A. C. Create an Internet zone and two DMZ zones on the firewall. Place the web server in the DMZ one. Set the enforcement threshold on SELinux to 100, and configure IPtables to allow TCP 80 and 443. Place the SQL server in DMZ two. Configure the Windows firewall to allow TCP 80 and 443. Configure the Internet zone with an ACL of allow 443 destination ANY.

D. Create an Internet zone and two DMZ zones on the firewall. Place the web server in DMZ one. Set enforcement threshold on SELinux to zero, and configure IPtables to allow TCP 80 and 443. Place the SQL server in DMZ two. Configure the Internet zone ACLs with allow 80, 443, 1433, and 1443 destination ANY.

Answer: B



Q14. Warehouse users are reporting performance issues at the end of each month when trying to access cloud applications to complete their end of the month financial reports. They have no problem accessing those applications at the beginning of the month.

Network information:

DMZ network u2013 192.168.5.0/24 VPN network u2013 192.168.1.0/24 Datacenter u2013 192.168.2.0/24 User network - 192.168.3.0/24

HR network u2013 192.168.4.0/24 Warehouse network u2013 192.168.6.0/24 Finance network 192.168.7.0/24

Traffic shaper configuration:

VLAN Bandwidth limit (Mbps) VPN50

User175 HR220

Finance230 Warehouse75 Guest50

External firewall allows all networks to access the Internet. Internal Firewall Rules:

ActionSourceDestination Permit192.168.1.0/24192.168.2.0/24 Permit192.168.1.0/24192.168.3.0/24 Permit192.168.1.0/24192.168.5.0/24 Permit192.168.2.0/24192.168.1.0/24 Permit192.168.3.0/24192.168.1.0/24 Permit192.168.5.0/24192.168.1.0/24 Permit192.168.4.0/24192.168.7.0/24 Permit192.168.7.0/24192.168.4.0/24

Permit192.168.7.0/24any Deny192.168.4.0/24any Deny192.168.1.0/24192.168.4.0/24

Denyanyany

Which of the following restrictions is the MOST likely cause?

A. Bandwidth limit on the traffic shaper for the finance department

B. Proxy server preventing the warehouse from accessing cloud applications

C. Deny statements in the firewall for the warehouse network

D. Bandwidth limit on the traffic shaper for the warehouse department

Answer: D



Q15. A morphed worm carrying a 0-day payload has infiltrated the company network and is now spreading across the organization. The security administrator was able to isolate the worm communication and payload distribution channel to TCP port 445. Which of the following can the administrator do in the short term to minimize the attack?

A. Deploy the following ACL to the HIPS: DENY - TCP - ANY - ANY u2013 445.

B. Run a TCP 445 port scan across the organization and patch hosts with open ports.

C. Add the following ACL to the corporate firewall: DENY - TCP - ANY - ANY - 445.

D. Force a signature update and full system scan from the enterprise anti-virus solution.

Answer: A



Q16. Which of the following should be used to identify overflow vulnerabilities?

A. Fuzzing

B. Input validation

C. Privilege escalation

D. Secure coding standards

Answer: A



Q17. A network administrator notices a security intrusion on the web server. Which of the following is noticed by http://test.com/modules.php?op=modload&name=XForum&file=[hostilejavascript]&fid=2 in the log file?

A. Buffer overflow

B. Click jacking

C. SQL injection

D. XSS attack

Answer: D



Q18. A UNIX administrator notifies the storage administrator that extra LUNs can be seen on a UNIX server. The LUNs appear to be NTFS file systems. Which of the following MOST likely happened?

A. The iSCSI initiator was not restarted.

B. The NTFS LUNs are snapshots.

C. The HBA allocation is wrong.

D. The UNIX server is multipathed.

Answer: C



Q19. An organization has had component integration related vulnerabilities exploited in consecutive releases of the software it hosts. The only reason the company was able to identify the compromises was because of a correlation of slow server performance and an attentive security analyst noticing unusual outbound network activity from the application

servers. End-to-end management of the development process is the responsibility of the applications development manager and testing is done by various teams of programmers. Which of the following will MOST likely reduce the likelihood of similar incidents?

A. Conduct monthly audits to verify that application modifications do not introduce new vulnerabilities.

B. Implement a peer code review requirement prior to releasing code into production.

C. Follow secure coding practices to minimize the likelihood of creating vulnerable applications.

D. Establish cross-functional planning and testing requirements for software development activities.

Answer: D



Q20. A Physical Security Manager is ready to replace all 50 analog surveillance cameras with IP cameras with built-in web management. The Security Manager has several security guard desks on different networks that must be able to view the cameras without unauthorized people viewing the video as well. The selected IP camera vendor does not have the ability to authenticate users at the camera level. Which of the following should the Security Manager suggest to BEST secure this environment?

A. Create an IP camera network and deploy NIPS to prevent unauthorized access.

B. Create an IP camera network and only allow SSL access to the cameras.

C. Create an IP camera network and deploy a proxy to authenticate users prior to accessing the cameras.

D. Create an IP camera network and restrict access to cameras from a single management host.

Answer: C



100% Regenerate CompTIA CAS-002 Questions & Answers shared by Allfreedumps, Get HERE: https://www.allfreedumps.com/CAS-002-dumps.html (New 532 Q&As)