Proper study guides for Most recent CompTIA CompTIA Advanced Security Practitioner (CASP) certified begins with CompTIA CAS-002 preparation products which designed to deliver the Realistic CAS-002 questions by making you pass the CAS-002 test at your first time. Try the free CAS-002 demo right now.

Q261. - (Topic 1) 

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats? 

A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates. 

B. Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs. 

C. Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs. 

D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed. 


Q262. - (Topic 4) 

A university Chief Information Security Officer is analyzing various solutions for a new project involving the upgrade of the network infrastructure within the campus. The campus has several dorms (two-four person rooms) and administrative buildings. The network is currently setup to provide only two network ports in each dorm room and ten network ports per classroom. Only administrative buildings provide 2.4 GHz wireless coverage. 

The following three goals must be met after the new implementation: 

1. Provide all users (including students in their dorms) connections to the Internet. 

2. Provide IT department with the ability to make changes to the network environment to improve performance. 

3. Provide high speed connections wherever possible all throughout campus including sporting event areas. 

Which of the following risk responses would MOST likely be used to reduce the risk of network outages and financial expenditures while still meeting each of the goals stated above? 

A. Avoid any risk of network outages by providing additional wired connections to each user and increasing the number of data ports throughout the campus. 

B. Transfer the risk of network outages by hiring a third party to survey, implement and manage a 5.0 GHz wireless network. 

C. Accept the risk of possible network outages and implement a WLAN solution to provide complete 5.0 GHz coverage in each building that can be managed centrally on campus. 

D. Mitigate the risk of network outages by implementing SOHO WiFi coverage throughout the dorms and upgrading only the administrative buildings to 5.0 GHz coverage using a one for one AP replacement. 


Q263. - (Topic 1) 

A forensic analyst works for an e-discovery firm where several gigabytes of data are processed daily. While the business is lucrative, they do not have the resources or the scalability to adequately serve their clients. Since it is an e-discovery firm where chain of custody is important, which of the following scenarios should they consider? 

A. Offload some data processing to a public cloud 

B. Aligning their client intake with the resources available 

C. Using a community cloud with adequate controls 

D. Outsourcing the service to a third party cloud provider 


Q264. - (Topic 5) 

A security engineer at a bank has detected a Zeus variant, which relies on covert communication channels to receive new instructions and updates from the malware developers. As a result, NIPS and AV systems did not detect the configuration files received by staff in emails that appeared as normal files. Which of the following BEST describes the technique used by the malware developers? 

A. Perfect forward secrecy 

B. Stenography 

C. Diffusion 

D. Confusion 

E. Transport encryption 


Q265. - (Topic 5) 

A large organization has recently suffered a massive credit card breach. During the months of Incident Response, there were multiple attempts to assign blame as to whose fault it was that the incident occurred. In which part of the incident response phase would this be addressed in a controlled and productive manner? 

A. During the Identification Phase 

B. During the Lessons Learned phase 

C. During the Containment Phase 

D. During the Preparation Phase 


Q266. - (Topic 2) 

A security manager looked at various logs while investigating a recent security breach in the data center from an external source. Each log below was collected from various security devices compiled from a report through the company’s security information and event management server. 


Log 1: 

Feb 5 23:55:37.743: %SEC-6-IPACCESSLOGS: list 10 denied 3 packets 

Log 2: 

HTTP:// aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa 

Log 3: Security Error Alert Event ID 50: The RDP protocol component X.224 detected an error in the protocol stream 

and has disconnected the client 

Log 4: 

Encoder oe = new OracleEncoder (); 

String query = “Select user_id FROM user_data WHERE user_name = ‘ ” 

+ oe.encode ( req.getParameter(“userID”) ) + “ ‘ and user_password = ‘ “ 

+ oe.encode ( req.getParameter(“pwd”) ) +” ‘ “; 


Buffer overflow 

SQL injection 



Which of the following logs and vulnerabilities would MOST likely be related to the security breach? (Select TWO). 

A. Log 1 

B. Log 2 

C. Log 3 

D. Log 4 

E. Buffer overflow 



H. SQL injection 

Answer: B,E 

Q267. - (Topic 1) 

A security administrator is shown the following log excerpt from a Unix system: 

2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from port 37914 ssh2 

2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from port 37915 ssh2 

2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from port 37916 ssh2 

2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from port 37918 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from port 37920 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from port 37924 ssh2 

Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO). 

A. An authorized administrator has logged into the root account remotely. 

B. The administrator should disable remote root logins. 

C. Isolate the system immediately and begin forensic analysis on the host. 

D. A remote attacker has compromised the root account using a buffer overflow in sshd. 

E. A remote attacker has guessed the root password using a dictionary attack. 

F. Use iptables to immediately DROP connections from the IP 

G. A remote attacker has compromised the private key of the root account. 

H. Change the root password immediately to a password not found in a dictionary. 

Answer: C,E 

Q268. - (Topic 3) 

After connecting to a secure payment server at, an auditor notices that the SSL certificate was issued to * The auditor also notices that many of the internal development servers use the same certificate. After installing the certificate on, one of the developers reports misplacing the USB thumb-drive where the SSL certificate was stored. Which of the following should the auditor recommend FIRST? 

A. Generate a new public key on both servers. 

B. Replace the SSL certificate on 

C. Generate a new private key password for both servers. 

D. Replace the SSL certificate on 


Q269. - (Topic 4) 

Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software form running on mobile devices? 

A. Single sign-on 

B. Identity propagation 

C. Remote attestation 

D. Secure code review 


Q270. - (Topic 1) 

A large enterprise acquires another company which uses antivirus from a different vendor. The CISO has requested that data feeds from the two different antivirus platforms be combined in a way that allows management to assess and rate the overall effectiveness of antivirus across the entire organization. Which of the following tools can BEST meet the CISO’s requirement? 




D. Syslog-ng