Proper study guides for Replace CompTIA CompTIA Advanced Security Practitioner (CASP) certified begins with CompTIA CAS-002 preparation products which designed to deliver the Best Quality CAS-002 questions by making you pass the CAS-002 test at your first time. Try the free CAS-002 demo right now.

Q221. - (Topic 3) 

After three vendors submit their requested documentation, the CPO and the SPM can better understand what each vendor does and what solutions that they can provide. But now they want to see the intricacies of how these solutions can adequately match the requirements needed by the firm. Upon the directive of the CPO, the CISO should submit which of the following to the three submitting firms? 

A. A T&M contract 

B. An RFP 

C. A FFP agreement 

D. A new RFQ 


Q222. - (Topic 1) 

An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure? 

A. Replicate NAS changes to the tape backups at the other datacenter. 

B. Ensure each server has two HBAs connected through two routes to the NAS. 

C. Establish deduplication across diverse storage paths. 

D. Establish a SAN that replicates between datacenters. 


Q223. - (Topic 4) 

The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company’s external router’s IP which is 

11:16:22.110343 IP > UDP, length 1400 

11:16:22.110351 IP > UDP, length 1400 

11:16:22.110358 IP > UDP, length 1400 11:16:22.110402 IP > UDP, length 1400 

11:16:22.110406 IP > UDP, length 1400 

Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration? 

A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company’s ISP should be contacted and instructed to block the malicious packets. 

B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication. 

C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks. 

D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company’s external router to block incoming UDP port 19 traffic. 


Q224. - (Topic 1) 

During a recent audit of servers, a company discovered that a network administrator, who required remote access, had deployed an unauthorized remote access application that communicated over common ports already allowed through the firewall. A network scan showed that this remote access application had already been installed on one third of the servers in the company. Which of the following is the MOST appropriate action that the company should take to provide a more appropriate solution? 

A. Implement an IPS to block the application on the network 

B. Implement the remote application out to the rest of the servers 

C. Implement SSL VPN with SAML standards for federation 

D. Implement an ACL on the firewall with NAT for remote access 


Q225. - (Topic 1) 

The risk manager is reviewing a report which identifies a requirement to keep a business critical legacy system operational for the next two years. The legacy system is out of support because the vendor and security patches are no longer released. Additionally, this is a proprietary embedded system and little is documented and known about it. Which of the following should the Information Technology department implement to reduce the security risk from a compromise of this system? 

A. Virtualize the system and migrate it to a cloud provider. 

B. Segment the device on its own secure network. 

C. Install an antivirus and HIDS on the system. 

D. Hire developers to reduce vulnerabilities in the code. 


Q226. - (Topic 1) 

The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. The CIO’s budget does not allow for full system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance director to minimize financial loss? 

A. The company should mitigate the risk. 

B. The company should transfer the risk. 

C. The company should avoid the risk. 

D. The company should accept the risk. 


Q227. - (Topic 1) 

After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position? 

A. Least privilege 

B. Job rotation 

C. Mandatory vacation 

D. Separation of duties 


Q228. - (Topic 5) 

As a cost saving measure, a company has instructed the security engineering team to allow all consumer devices to be able to access the network. They have asked for recommendations on what is needed to secure the enterprise, yet offer the most flexibility in terms of controlling applications, and stolen devices. Which of the following is BEST suited for the requirements? 

A. MEAP with Enterprise Appstore 

B. Enterprise Appstore with client-side VPN software 

C. MEAP with TLS 

D. MEAP with MDM 


Q229. - (Topic 5) 

A high-tech company dealing with sensitive data seized the mobile device of an employee suspected of leaking company secrets to a competitive organization. Which of the following is the BEST order for mobile phone evidence extraction? 

A. Device isolation, evidence intake, device identification, data processing, verification of data accuracy, documentation, reporting, presentation and archival. 

B. Evidence intake, device identification, preparation to identify the necessary tools, device isolation, data processing, verification of data accuracy, documentation, reporting, presentation and archival. 

C. Evidence log, device isolation ,device identification, preparation to identify the necessary tools, data processing, verification of data accuracy, presentation and archival. 

D. Device identification, evidence log, preparation to identify the necessary tools, data processing, verification of data accuracy, device isolation, documentation, reporting, presentation and archival. 


Q230. - (Topic 2) 

A small company is developing a new Internet-facing web application. The security requirements are: 

1. Users of the web application must be uniquely identified and authenticated. 

2. Users of the web application will not be added to the company’s directory services. 

3. Passwords must not be stored in the code. 

Which of the following meets these requirements? 

A. Use OpenID and allow a third party to authenticate users. 

B. Use TLS with a shared client certificate for all users. 

C. Use SAML with federated directory services. 

D. Use Kerberos and browsers that support SAML.