It is more faster and easier to pass the CompTIA CAS-002 exam by using High quality CompTIA CompTIA Advanced Security Practitioner (CASP) questuins and answers. Immediate access to the Improve CAS-002 Exam and find the same core area CAS-002 questions with professionally verified answers, then PASS your exam with a high score now.

P.S. High quality CAS-002 tutorials are available on Google Drive, GET MORE:

New CompTIA CAS-002 Exam Dumps Collection (Question 8 - Question 17)

New Questions 8

A security administrator wants to deploy a dedicated storage solution which is inexpensive, can natively integrate with AD, allows files to be selectively encrypted and is suitable for a small number of users at a satellite office. Which of the following would BEST meet the requirement?



C. Virtual SAN

D. Virtual storage

Answer: B

New Questions 9

A developer has implemented a piece of client-side JavaScript code to sanitize a useru2019s provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log: u2013 - [02/Mar/2014:06:13:04] u201cGET

/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1u201d 200 5724

Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer?

A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.

B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.

C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation.

D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.

Answer: C

New Questions 10

Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an AD backend and two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete?

A. They should logon to the system using the username concatenated with the 6-digit code and their original password.

B. They should logon to the system using the newly assigned global username: first.lastname#### where #### is the second factor code.

C. They should use the username format: LAN\first.lastname together with their original password and the next 6-digit code displayed when the token button is depressed.

D. They should use the username format:, together with a password and their 6-digit code.

Answer: D

New Questions 11

Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request:

POST /login.aspx HTTP/1.1 Host:

Content-type: text/html txtUsername=ann&txtPassword=ann&alreadyLoggedIn=false&submit=true

Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?

A. Remove all of the post data and change the request to /login.aspx from POST to GET

B. Attempt to brute force all usernames and passwords using a password cracker

C. Remove the txtPassword post data and change alreadyLoggedIn from false to true

D. Remove the txtUsername and txtPassword post data and toggle submit from true to false

Answer: C

New Questions 12

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

A. Demonstration of IPS system

B. Review vendor selection process

C. Calculate the ALE for the event

D. Discussion of event timeline

E. Assigning of follow up items

Answer: D,E

New Questions 13

A company sales manager received a memo from the companyu2019s financial department which stated that the company would not be putting its software products through the same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that the marketing material and service level agreement for each product would remain unchanged. The sales manager has reviewed the sales goals for the upcoming year and identified an increased target across the software products that will be affected by the financial departmentu2019s change. All software products will continue to go through new development in the coming year. Which of the following should the sales manager do to ensure the company stays out of trouble?

A. Discuss the issue with the software product's user groups

B. Consult the companyu2019s legal department on practices and law

C. Contact senior finance management and provide background information

D. Seek industry outreach for software practices and law

Answer: B

New Questions 14

Company ABCu2019s SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN?

A. Enable multipath to increase availability

B. Enable deduplication on the storage pools

C. Implement snapshots to reduce virtual disk size

D. Implement replication to offsite datacenter

Answer: B

New Questions 15

A well-known retailer has experienced a massive credit card breach. The retailer had gone through an audit and had been presented with a potential problem on their network. Vendors were authenticating directly to the retaileru2019s AD servers, and an improper firewall rule allowed pivoting from the AD server to the DMZ where credit card servers were kept. The firewall rule was needed for an internal application that was developed, which presents risk. The retailer determined that because the vendors were required to have site to site VPNu2019s no other security action was taken.

To prove to the retailer the monetary value of this risk, which of the following type of calculations is needed?

A. Residual Risk calculation

B. A cost/benefit analysis

C. Quantitative Risk Analysis

D. Qualitative Risk Analysis

Answer: C

New Questions 16

After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position?

A. Least privilege

B. Job rotation

C. Mandatory vacation

D. Separation of duties

Answer: B

New Questions 17

The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage, and realizes this is a risk to the company. In response, the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based storage. Which of the following risk strategies did the CISO implement?

A. Avoid

B. Accept

C. Mitigate

D. Transfer

Answer: C

100% Improve CompTIA CAS-002 Questions & Answers shared by Examcollectionplus, Get HERE: (New 532 Q&As)