Cause all that matters here is passing the CompTIA CAS-002 exam. Cause all that you need is a high score of CAS-002 CompTIA Advanced Security Practitioner (CASP) exam. The only one thing you need to do is downloading Actualtests CAS-002 exam study guides now. We will not let you down with our money-back guarantee.

2021 Jan CAS-002 actual exam

Q111. - (Topic 2) 

A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. The application utilizes streaming video that can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO). 

A. Use AES in Electronic Codebook mode 

B. Use RC4 in Cipher Block Chaining mode 

C. Use RC4 with Fixed IV generation 

D. Use AES with cipher text padding 

E. Use RC4 with a nonce generated IV 

F. Use AES in Counter mode 

Answer: E,F 


Q112. - (Topic 3) 

The security manager of a company has hired an external consultant to conduct a security assessment of the company network. The contract stipulates that the consultant is not allowed to transmit any data on the company network while performing wired and wireless security assessments. Which of the following technical means can the consultant use to determine the manufacturer and likely operating system of the company wireless and wired network devices, as well as the computers connected to the company network? 

A. Social engineering 

B. Protocol analyzer 

C. Port scanner 

D. Grey box testing 

Answer:


Q113. - (Topic 1) 

A company is in the process of outsourcing its customer relationship management system to a cloud provider. It will host the entire organization’s customer database. The database will be accessed by both the company’s users and its customers. The procurement department has asked what security activities must be performed for the deal to proceed. Which of the following are the MOST appropriate security activities to be performed as part of due diligence? (Select TWO). 

A. Physical penetration test of the datacenter to ensure there are appropriate controls. 

B. Penetration testing of the solution to ensure that the customer data is well protected. 

C. Security clauses are implemented into the contract such as the right to audit. 

D. Review of the organizations security policies, procedures and relevant hosting certifications. 

E. Code review of the solution to ensure that there are no back doors located in the software. 

Answer: C,D 


Q114. - (Topic 1) 

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed? 

A. Establish a risk matrix 

B. Inherit the risk for six months 

C. Provide a business justification to avoid the risk 

D. Provide a business justification for a risk exception 

Answer:


Q115. - (Topic 1) 

A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable? 

A. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection. 

B. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network. 

C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections. 

D. This information can be found by querying the network’s DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts. 

Answer:


Improve CAS-002 actual exam:

Q116. - (Topic 5) 

A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital’s guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital’s system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO). 

A. Privacy could be compromised as patient records can be viewed in uncontrolled areas. 

B. Device encryption has not been enabled and will result in a greater likelihood of data loss. 

C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data. 

D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes. 

E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable. 

Answer: A,D 


Q117. - (Topic 1) 

A security administrator is shown the following log excerpt from a Unix system: 

2013 Oct 10 07:14:57 web14 sshd[1632]: Failed password for root from 198.51.100.23 port 37914 ssh2 

2013 Oct 10 07:14:57 web14 sshd[1635]: Failed password for root from 198.51.100.23 port 37915 ssh2 

2013 Oct 10 07:14:58 web14 sshd[1638]: Failed password for root from 198.51.100.23 port 37916 ssh2 

2013 Oct 10 07:15:59 web14 sshd[1640]: Failed password for root from 198.51.100.23 port 37918 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1641]: Failed password for root from 198.51.100.23 port 37920 ssh2 

2013 Oct 10 07:16:00 web14 sshd[1642]: Successful login for root from 198.51.100.23 port 37924 ssh2 

Which of the following is the MOST likely explanation of what is occurring and the BEST immediate response? (Select TWO). 

A. An authorized administrator has logged into the root account remotely. 

B. The administrator should disable remote root logins. 

C. Isolate the system immediately and begin forensic analysis on the host. 

D. A remote attacker has compromised the root account using a buffer overflow in sshd. 

E. A remote attacker has guessed the root password using a dictionary attack. 

F. Use iptables to immediately DROP connections from the IP 198.51.100.23. 

G. A remote attacker has compromised the private key of the root account. 

H. Change the root password immediately to a password not found in a dictionary. 

Answer: C,E 


Q118. - (Topic 1) 

Ann, a systems engineer, is working to identify an unknown node on the corporate network. To begin her investigative work, she runs the following nmap command string: 

user@hostname:~$ sudo nmap –O 192.168.1.54 

Based on the output, nmap is unable to identify the OS running on the node, but the following ports are open on the device: 

TCP/22 TCP/111 TCP/512-514 TCP/2049 TCP/32778 

Based on this information, which of the following operating systems is MOST likely running on the unknown node? 

A. Linux 

B. Windows 

C. Solaris 

D. OSX 

Answer:


Q119. - (Topic 1) 

An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the-middle attack. Which of the following controls should be implemented to mitigate the attack in the future? 

A. Use PAP for secondary authentication on each RADIUS server 

B. Disable unused EAP methods on each RADIUS server 

C. Enforce TLS connections between RADIUS servers 

D. Use a shared secret for each pair of RADIUS servers 

Answer:


Q120. - (Topic 5) 

Noticing latency issues at its connection to the Internet, a company suspects that it is being targeted in a Distributed Denial of Service attack. A security analyst discovers numerous inbound monlist requests coming to the company’s NTP servers. Which of the following mitigates this activity with the LEAST impact to existing operations? 

A. Block in-bound connections to the company’s NTP servers. 

B. Block IPs making monlist requests. 

C. Disable the company’s NTP servers. 

D. Disable monlist on the company’s NTP servers. 

Answer: