It is more faster and easier to pass the CompTIA CAS-002 exam by using Vivid CompTIA CompTIA Advanced Security Practitioner (CASP) questuins and answers. Immediate access to the Latest CAS-002 Exam and find the same core area CAS-002 questions with professionally verified answers, then PASS your exam with a high score now.

Q271. - (Topic 1) 

A security administrator was doing a packet capture and noticed a system communicating with an unauthorized address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network. Which of the following is the BEST course of action? 

A. Investigate the network traffic and block UDP port 3544 at the firewall 

B. Remove the system from the network and disable IPv6 at the router 

C. Locate and remove the unauthorized 6to4 relay from the network 

D. Disable the switch port and block the 2001::/32 traffic at the firewall 


Q272. - (Topic 4) 

-- Exhibit – 

-- Exhibit --

Company management has indicated that instant messengers (IM) add to employee productivity. Management would like to implement an IM solution, but does not have a budget for the project. The security engineer creates a feature matrix to help decide the most secure product. Click on the Exhibit button. 

Which of the following would the security engineer MOST likely recommend based on the table? 

A. Product A 

B. Product B 

C. Product C 

D. Product D 


Q273. - (Topic 4) 

The security administrator has just installed an active\passive cluster of two firewalls for enterprise perimeter defense of the corporate network. Stateful firewall inspection is being used in the firewall implementation. There have been numerous reports of dropped connections with external clients. 

Which of the following is MOST likely the cause of this problem? 

A. TCP sessions are traversing one firewall and return traffic is being sent through the secondary firewall and sessions are being dropped. 

B. TCP and UDP sessions are being balanced across both firewalls and connections are being dropped because the session IDs are not recognized by the secondary firewall. 

C. Prioritize UDP traffic and associated stateful UDP session information is traversing the passive firewall causing the connections to be dropped. 

D. The firewall administrator connected a dedicated communication cable between the firewalls in order to share a single state table across the cluster causing the sessions to be dropped. 


Q274. - (Topic 2) 

A multi-national company has a highly mobile workforce and minimal IT infrastructure. The company utilizes a BYOD and social media policy to integrate presence technology into global collaboration tools by individuals and teams. As a result of the dispersed employees and frequent international travel, the company is concerned about the safety of employees and their families when moving in and out of certain countries. Which of the following could the company view as a downside of using presence technology? 

A. Insider threat 

B. Network reconnaissance 

C. Physical security 

D. Industrial espionage 


Q275. - (Topic 5) 

A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure. Which of the following security goals does this meet? (Select TWO). 

A. Availability 

B. Authentication 

C. Integrity 

D. Confidentiality 

E. Encryption 

Answer: B,C 

Q276. - (Topic 4) 

A security engineer is troubleshooting a possible virus infection, which may have spread to multiple desktop computers within the organization. The company implements enterprise antivirus software on all desktops, but the enterprise antivirus server’s logs show no sign of a virus infection. The border firewall logs show suspicious activity from multiple internal hosts trying to connect to the same external IP address. The security administrator decides to post the firewall logs to a security mailing list and receives confirmation from other security administrators that the firewall logs indicate internal hosts are compromised with a new variant of the Trojan.Ransomcrypt.G malware not yet detected by most antivirus software. Which of the following would have detected the malware infection sooner? 

A. The security administrator should consider deploying a signature-based intrusion detection system. 

B. The security administrator should consider deploying enterprise forensic analysis tools. 

C. The security administrator should consider installing a cloud augmented security service. 

D. The security administrator should consider establishing an incident response team. 


Q277. - (Topic 2) 

Customers have recently reported incomplete purchase history and other anomalies while accessing their account history on the web server farm. Upon investigation, it has been determined that there are version mismatches of key e-commerce applications on the production web servers. The development team has direct access to the production servers and is most likely the cause of the different release versions. Which of the following process level solutions would address this problem? 

A. Implement change control practices at the organization level. 

B. Adjust the firewall ACL to prohibit development from directly accessing the production server farm. 

C. Update the vulnerability management plan to address data discrepancy issues. 

D. Change development methodology from strict waterfall to agile. 


Q278. - (Topic 4) 

A business owner has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security infrastructure, but corporate assets are still found to be vulnerable. The business recently implemented a patch management product and SOE hardening initiative. A third party auditor reported findings against the business because some systems were missing patches. Which of the following statements BEST describes this situation? 

A. The business owner is at fault because they are responsible for patching the systems and have already been given patch management and SOE hardening products. 

B. The audit findings are invalid because remedial steps have already been applied to patch servers and the remediation takes time to complete. 

C. The CISO has not selected the correct controls and the audit findings should be assigned to them instead of the business owner. 

D. Security controls are generally never 100% effective and gaps should be explained to stakeholders and managed accordingly. 


Q279. - (Topic 1) 

A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time. A total outage period of four hours is permitted for servers. Workstations can undergo maintenance from 8:00 pm to 6:00 am daily. Which of the following can specify parameters for the maintenance work? (Select TWO). 

A. Managed security service 

B. Memorandum of understanding 

C. Quality of service 

D. Network service provider 

E. Operating level agreement 

Answer: B,E 

Q280. - (Topic 4) 

Two storage administrators are discussing which SAN configurations will offer the MOST confidentiality. Which of the following configurations would the administrators use? (Select TWO). 

A. Deduplication 

B. Zoning 

C. Snapshots 

D. Multipathing 

E. LUN masking 

Answer: B,E