Pass4sure offers free demo for CAS-002 exam. "CompTIA Advanced Security Practitioner (CASP)", also known as CAS-002 exam, is a CompTIA Certification. This set of posts, Passing the CompTIA CAS-002 exam, will help you answer those questions. The CAS-002 Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA CAS-002 exams and revised by experts!


♥♥ 2017 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/CAS-002-exam-dumps.html

Q271. - (Topic 4) 

A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO). 

A. The user’s certificate private key must be installed on the VPN concentrator. 

B. The CA’s certificate private key must be installed on the VPN concentrator. 

C. The user certificate private key must be signed by the CA. 

D. The VPN concentrator’s certificate private key must be signed by the CA and installed on the VPN concentrator. 

E. The VPN concentrator’s certificate private key must be installed on the VPN concentrator. 

F. The CA’s certificate public key must be installed on the VPN concentrator. 

Answer: E,F 


Q272. - (Topic 1) 

A security administrator is tasked with implementing two-factor authentication for the company VPN. The VPN is currently configured to authenticate VPN users against a backend RADIUS server. New company policies require a second factor of authentication, and the Information Security Officer has selected PKI as the second factor. Which of the following should the security administrator configure and implement on the VPN concentrator to implement the second factor and ensure that no error messages are displayed to the user during the VPN connection? (Select TWO). 

A. The user’s certificate private key must be installed on the VPN concentrator. 

B. The CA’s certificate private key must be installed on the VPN concentrator. 

C. The user certificate private key must be signed by the CA. 

D. The VPN concentrator’s certificate private key must be signed by the CA and installed on the VPN concentrator. 

E. The VPN concentrator’s certificate private key must be installed on the VPN concentrator. 

F. The CA’s certificate public key must be installed on the VPN concentrator. 

Answer: E,F 


Q273. - (Topic 1) 

A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented. Organize the following security requirements into the correct hierarchy required for an SRTM. 

Requirement 1: The system shall provide confidentiality for data in transit and data at rest. 

Requirement 2: The system shall use SSL, SSH, or SCP for all data transport. 

Requirement 3: The system shall implement a file-level encryption scheme. 

Requirement 4: The system shall provide integrity for all data at rest. 

Requirement 5: The system shall perform CRC checks on all files. 

A. Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5 

B. Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5 under 4 

C. Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under 4; Level 3: Requirement 3 under 2 

D. Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5 

Answer:


Q274. - (Topic 2) 

An international shipping company discovered that deliveries left idle are being tampered with. The company wants to reduce the idle time associated with international deliveries by ensuring that personnel are automatically notified when an inbound delivery arrives at the transit dock. Which of the following should be implemented to help the company increase the security posture of its operations? 

A. Back office database 

B. Asset tracking 

C. Geo-fencing 

D. Barcode scanner 

Answer:


Q275. - (Topic 5) 

A system administrator needs to meet the maximum amount of security goals for a new DNS infrastructure. The administrator deploys DNSSEC extensions to the domain names and infrastructure. Which of the following security goals does this meet? (Select TWO). 

A. Availability 

B. Authentication 

C. Integrity 

D. Confidentiality 

E. Encryption 

Answer: B,C 


Q276. - (Topic 4) 

A general insurance company wants to set up a new online business. The requirements are that the solution needs to be: 

The conceptual solution architecture has specified that the application will consist of a traditional three tiered architecture for the front end components, an ESB to provide services, data transformation capability and legacy system integration and a web services gateway. 

Which of the following security components will BEST meet the above requirements and fit into the solution architecture? (Select TWO). 

A. Implement WS-Security for services authentication and XACML for service authorization. 

B. Use end-to-end application level encryption to encrypt all fields and store them encrypted in the database. 

C. Implement a certificate based solution on a smart card in combination with a PIN to provide authentication and authorization of users. 

D. Implement WS-Security as a federated single sign-on solution for authentication authorization of users. 

E. Implement SSL encryption for all sensitive data flows and encryption of passwords of the data at rest. 

F. Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage. 

Answer: A,F 


Q277. - (Topic 5) 

The IT manager is evaluating IPS products to determine which would be most effective at stopping network traffic that contains anomalous content on networks that carry very specific types of traffic. Based on the IT manager’s requirements, which of the following types of IPS products would be BEST suited for use in this situation? 

A. Signature-based 

B. Rate-based 

C. Anomaly-based 

D. Host-based 

Answer:


Q278. - (Topic 2) 

A security tester is testing a website and performs the following manual query: 

https://www.comptia.com/cookies.jsp?products=5%20and%201=1 

The following response is received in the payload: 

“ORA-000001: SQL command not properly ended” 

Which of the following is the response an example of? 

A. Fingerprinting 

B. Cross-site scripting 

C. SQL injection 

D. Privilege escalation 

Answer:


Q279. - (Topic 5) 

The helpdesk department desires to roll out a remote support application for internal use on all company computers. This tool should allow remote desktop sharing, system log gathering, chat, hardware logging, inventory management, and remote registry access. The risk management team has been asked to review vendor responses to the RFQ. Which of the following questions is the MOST important? 

A. What are the protections against MITM? 

B. What accountability is built into the remote support application? 

C. What encryption standards are used in tracking database? 

D. What snapshot or “undo” features are present in the application? 

E. What encryption standards are used in remote desktop and file transfer functionality? 

Answer:


Q280. - (Topic 4) 

An administrator attempts to install the package "named.9.3.6-12-x86_64.rpm" on a server. Even though the package was downloaded from the official repository, the server states the package cannot be installed because no GPG key is found. Which of the following should the administrator perform to allow the program to be installed? 

A. Download the file from the program publisher's website. 

B. Generate RSA and DSA keys using GPG. 

C. Import the repository's public key. 

D. Run sha1sum and verify the hash. 

Answer: