It is impossible to pass CompTIA CAS-002 exam without any help in the short term. Come to Exambible soon and find the most advanced, correct and guaranteed CompTIA CAS-002 practice questions. You will get a surprising result by our Most recent CompTIA Advanced Security Practitioner (CASP) practice guides.

Q291. - (Topic 4) 

Which of the following protocols only facilitates access control? A. XACML 

B. Kerberos 

C. SPML 

D. SAML 

Answer:


Q292. - (Topic 1) 

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO). 

A. Demonstration of IPS system 

B. Review vendor selection process 

C. Calculate the ALE for the event 

D. Discussion of event timeline 

E. Assigning of follow up items 

Answer: D,E 


Q293. - (Topic 1) 

A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. The original collaboration solution has been in place for nine years, contains over a million lines of code, and took over two years to develop originally. The SDLC has been broken up into eight primary stages, with each stage requiring an in-depth risk analysis before moving on to the next phase. Which of the following software development methods is MOST applicable? 

A. Spiral model 

B. Incremental model 

C. Waterfall model 

D. Agile model 

Answer:


Q294. - (Topic 4) 

A security code reviewer has been engaged to manually review a legacy application. A number of systemic issues have been uncovered relating to buffer overflows and format string vulnerabilities. 

The reviewer has advised that future software projects utilize managed code platforms if at all possible. 

Which of the following languages would suit this recommendation? (Select TWO). 

A. C 

B. C# 

C. C++ 

D. Perl 

E. Java 

Answer: B,E 


Q295. - (Topic 2) 

A senior network security engineer has been tasked to decrease the attack surface of the corporate network. Which of the following actions would protect the external network interfaces from external attackers performing network scanning? 

A. Remove contact details from the domain name registrar to prevent social engineering attacks. 

B. Test external interfaces to see how they function when they process fragmented IP packets. 

C. Enable a honeynet to capture and facilitate future analysis of malicious attack vectors. 

D. Filter all internal ICMP message traffic, forcing attackers to use full-blown TCP port scans against external network interfaces. 

Answer:


Q296. - (Topic 2) 

Customers are receiving emails containing a link to malicious software. These emails are subverting spam filters. The email reads as follows: 

Delivered-To: customer@example.com 

Received: by 10.14.120.205 

Mon, 1 Nov 2010 11:15:24 -0700 (PDT) 

Received: by 10.231.31.193 

Mon, 01 Nov 2010 11:15:23 -0700 (PDT) 

Return-Path: <IT@company.com> 

Received: from 127.0.0.1 for <customer@example.com>; Mon, 1 Nov 2010 13:15:14 -0500 

(envelope-from <IT@company.com>) 

Received: by smtpex.example.com (SMTP READY) 

with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500 Received: from 172.18.45.122 by 192.168.2.55; Mon, 1 Nov 2010 13:15:14 -0500 From: Company <IT@Company.com> To: "customer@example.com" <customer@example.com> Date: Mon, 1 Nov 2010 13:15:11 -0500 Subject: New Insurance Application Thread-Topic: New Insurance Application 

Please download and install software from the site below to maintain full access to your account. 

www.examplesite.com 

Additional information: The authorized mail servers IPs are 192.168.2.10 and 192.168.2.11. 

The network’s subnet is 192.168.2.0/25. 

Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk? (Select TWO). 

A. Identify the origination point for malicious activity on the unauthorized mail server. 

B. Block port 25 on the firewall for all unauthorized mail servers. 

C. Disable open relay functionality. 

D. Shut down the SMTP service on the unauthorized mail server. 

E. Enable STARTTLS on the spam filter. 

Answer: B,D 


Q297. - (Topic 2) 

The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur. Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices? 

A. Revise the corporate policy to include possible termination as a result of violations 

B. Increase the frequency and distribution of the USB violations report 

C. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense 

D. Implement group policy objects 

Answer:


Q298. - (Topic 5) 

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool? 

A. The tool could show that input validation was only enabled on the client side 

B. The tool could enumerate backend SQL database table and column names 

C. The tool could force HTTP methods such as DELETE that the server has denied 

D. The tool could fuzz the application to determine where memory leaks occur 

Answer:


Q299. - (Topic 5) 

A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure. Which of the following security goals does this meet? (Select TWO). 

A. Availability 

B. Authentication 

C. Integrity 

D. Confidentiality 

E. Encryption 

Answer: B,C 


Q300. - (Topic 2) 

A security manager is looking into the following vendor proposal for a cloud-based SIEM solution. The intention is that the cost of the SIEM solution will be justified by having reduced the number of incidents and therefore saving on the amount spent investigating incidents. 

Proposal: 

External cloud-based software as a service subscription costing $5,000 per month. Expected to reduce the number of current incidents per annum by 50%. 

The company currently has ten security incidents per annum at an average cost of $10,000 per incident. Which of the following is the ROI for this proposal after three years? 

A. -$30,000 

B. $120,000 

C. $150,000 

D. $180,000 

Answer: