Exam Code: CAS-002 (Practice Exam Latest Test Questions VCE PDF)
Exam Name: CompTIA Advanced Security Practitioner (CASP)
Certification Provider: CompTIA
Free Today! Guaranteed Training- Pass CAS-002 Exam.

Q211. - (Topic 5) 

The Chief Risk Officer (CRO) has requested that the MTD, RTO and RPO for key business applications be identified and documented. Which of the following business documents would MOST likely contain the required values? 

A. MOU 

B. BPA 

C. RA 

D. SLA 

E. BIA 

Answer:


Q212. - (Topic 4) 

Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process? 

A. Collection, Identification, Preservation, Examination, Analysis, Presentation. 

B. Identification, Preservation, Collection, Examination, Analysis, Presentation. 

C. Collection, Preservation, Examination, Identification, Analysis, Presentation. 

D. Identification, Examination, Preservation, Collection, Analysis, Presentation. 

Answer:


Q213. - (Topic 5) 

An internal committee comprised of the facilities manager, the physical security manager, the network administrator, and a member of the executive team has been formed to address a recent breach at a company’s data center. It was discovered that during the breach, an HVAC specialist had gained entry to an area that contained server farms holding sensitive financial data. Although the HVAC specialist was there to fix a legitimate issue, the investigation concluded security be provided for the two entry and exit points for the server farm. Which of the following should be implemented to accomplish the recommendations of the investigation? 

A. Implement a policy that all non-employees should be escorted in the data center. 

B. Place a mantrap at the points with biometric security. 

C. Hire an HVAC person for the company, eliminating the need for external HVAC people. 

D. Implement CCTV cameras at both points. 

Answer:


Q214. - (Topic 4) 

A security code reviewer has been engaged to manually review a legacy application. A number of systemic issues have been uncovered relating to buffer overflows and format string vulnerabilities. 

The reviewer has advised that future software projects utilize managed code platforms if at all possible. 

Which of the following languages would suit this recommendation? (Select TWO). 

A. C 

B. C# 

C. C++ 

D. Perl 

E. Java 

Answer: B,E 


Q215. - (Topic 2) 

Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE). 

A. Check log files for logins from unauthorized IPs. 

B. Check /proc/kmem for fragmented memory segments. 

C. Check for unencrypted passwords in /etc/shadow. 

D. Check timestamps for files modified around time of compromise. 

E. Use lsof to determine files with future timestamps. 

F. Use gpg to encrypt compromised data files. 

G. Verify the MD5 checksum of system binaries. 

H. Use vmstat to look for excessive disk I/O. 

Answer: A,D,G 


Q216. - (Topic 4) 

An audit at a popular on-line shopping site reveals that a flaw in the website allows customers to purchase goods at a discounted rate. To improve security the Chief Information Security Officer (CISO) has requested that the web based shopping cart application undergo testing to validate user input in both free form text fields and drop down boxes. 

Which of the following is the BEST combination of tools and / or methods to use? 

A. Blackbox testing and fingerprinting 

B. Code review and packet analyzer 

C. Fuzzer and HTTP interceptor 

D. Enumerator and vulnerability assessment 

Answer:


Q217. - (Topic 5) 

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats? 

A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates. 

B. Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs. 

C. Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs. 

D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed. 

Answer:


Q218. - (Topic 3) 

The marketing department at Company A regularly sends out emails signed by the company’s Chief Executive Officer (CEO) with announcements about the company. The CEO sends company and personal emails from a different email account. During legal proceedings against the company, the Chief Information Officer (CIO) must prove which emails came from the CEO and which came from the marketing department. The email server allows emails to be digitally signed and the corporate PKI provisioning allows for one certificate per user. The CEO did not share their password with anyone. Which of the following will allow the CIO to state which emails the CEO sent and which the marketing department sent? 

A. Identity proofing 

B. Non-repudiation 

C. Key escrow 

D. Digital rights management 

Answer:


Q219. - (Topic 2) 

ABC Company must achieve compliance for PCI and SOX. Which of the following would BEST allow the organization to achieve compliance and ensure security? (Select THREE). 

A. Establish a list of users that must work with each regulation 

B. Establish a list of devices that must meet each regulation 

C. Centralize management of all devices on the network 

D. Compartmentalize the network 

E. Establish a company framework 

F. Apply technical controls to meet compliance with the regulation 

Answer: B,D,F 


Q220. - (Topic 2) 

The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. A vulnerability scan found a collection of Linux servers that are missing OS level patches. Upon further investigation, a technician notices that there are a few unidentified processes running on a number of the servers. What would be a key FIRST step for the data security team to undertake at this point? 

A. Capture process ID data and submit to anti-virus vendor for review. 

B. Reboot the Linux servers, check running processes, and install needed patches. 

C. Remove a single Linux server from production and place in quarantine. 

D. Notify upper management of a security breach. 

E. Conduct a bit level image, including RAM, of one or more of the Linux servers. 

Answer: