Master the CAS-002 CompTIA Advanced Security Practitioner (CASP) content and be ready for exam day success quickly with this Actualtests CAS-002 book. We guarantee it!We make it a reality and give you real CAS-002 questions in our CompTIA CAS-002 braindumps.Latest 100% VALID CompTIA CAS-002 Exam Questions Dumps at below page. You can use our CompTIA CAS-002 braindumps and pass your exam.
Q281. - (Topic 2)
Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of the following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO).
A. Jailbroken mobile device
B. Reconnaissance tools
C. Network enumerator
D. HTTP interceptor
E. Vulnerability scanner
F. Password cracker
Q282. - (Topic 3)
A corporation has expanded for the first time by integrating several newly acquired businesses.
Which of the following are the FIRST tasks that the security team should undertake? (Select TWO).
A. Remove acquired companies Internet access.
B. Federate identity management systems.
C. Install firewalls between the businesses.
D. Re-image all end user computers to a standard image.
E. Develop interconnection policy.
F. Conduct a risk analysis of each acquired company’s networks.
Q283. - (Topic 5)
A Chief Information Security Officer (CISO) is approached by a business unit manager who heard a report on the radio this morning about an employee at a competing firm who shipped a VPN token overseas so a fake employee could log into the corporate VPN. The CISO asks what can be done to mitigate the risk of such an incident occurring within the organization. Which of the following is the MOST cost effective way to mitigate such a risk?
A. Require hardware tokens to be replaced on a yearly basis.
B. Implement a biometric factor into the token response process.
C. Force passwords to be changed every 90 days.
D. Use PKI certificates as part of the VPN authentication process.
Q284. - (Topic 5)
Every year, the accounts payable employee, Ann, takes a week off work for a vacation. She typically completes her responsibilities remotely during this week. Which of the following policies, when implemented, would allow the company to audit this employee's work and potentially discover improprieties?
A. Job rotation
B. Mandatory vacations
C. Least privilege
D. Separation of duties
Q285. - (Topic 3)
After connecting to a secure payment server at https://pay.xyz.com, an auditor notices that the SSL certificate was issued to *.xyz.com. The auditor also notices that many of the internal development servers use the same certificate. After installing the certificate on dev1.xyz.com, one of the developers reports misplacing the USB thumb-drive where the SSL certificate was stored. Which of the following should the auditor recommend FIRST?
A. Generate a new public key on both servers.
B. Replace the SSL certificate on dev1.xyz.com.
C. Generate a new private key password for both servers.
D. Replace the SSL certificate on pay.xyz.com.
Q286. - (Topic 4)
The Chief Information Security Officer (CISO) regularly receives reports of a single department repeatedly violating the corporate security policy. The head of the department in question informs the CISO that the offending behaviors are a result of necessary business activities. The CISO assigns a junior security administrator to solve the issue. Which of the following is the BEST course of action for the junior security administrator to take?
A. Work with the department head to find an acceptable way to change the business needs so the department no longer violates the corporate security policy.
B. Draft an RFP for the purchase of a COTS product or consulting services to solve the problem through implementation of technical controls.
C. Work with the CISO and department head to create an SLA specifying the response times of the IT security department when incidents are reported.
D. Draft an MOU for the department head and CISO to approve, documenting the limits of the necessary behavior, and actions to be taken by both teams.
Q287. - (Topic 1)
A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now?
Q288. CORRECT TEXT - (Topic 2)
Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address. The company uses the following internal IP address ranges: 188.8.131.52/24 for the corporate site and 184.108.40.206/24 for the remote site. The Telco router interface uses the 220.127.116.11/30 IP range.
Instructions: Click on the simulation button to refer to the Network Diagram for Company A.
Click on Router 1, Router 2, and the Firewall to evaluate and configure each device.
Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces.
Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other servers on the corporate network.
Answer: Please check the explanation part for the solution.
Q289. - (Topic 3)
A helpdesk manager at a financial company has received multiple reports from employees and customers that their phone calls sound metallic on the voice system. The helpdesk has been using VoIP lines encrypted from the handset to the PBX for several years. Which of the following should be done to address this issue for the future?
A. SIP session tagging and QoS
B. A dedicated VLAN
C. Lower encryption setting
D. Traffic shaping
Q290. - (Topic 5)
Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international standards. He has recommended that the company use his cryptographic method. Which of the following methodologies should be adopted?
A. The company should develop an in-house solution and keep the algorithm a secret.
B. The company should use the CEO’s encryption scheme.
C. The company should use a mixture of both systems to meet minimum standards.
D. The company should use the method recommended by other respected information security organizations.