Testking offers free demo for CAS-002 exam. "CompTIA Advanced Security Practitioner (CASP)", also known as CAS-002 exam, is a CompTIA Certification. This set of posts, Passing the CompTIA CAS-002 exam, will help you answer those questions. The CAS-002 Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA CAS-002 exams and revised by experts!
♥♥ 2017 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Q301. - (Topic 5)
A company is in the process of implementing a new front end user interface for its customers, the goal is to provide them with more self service functionality. The application has been written by developers over the last six months and the project is currently in the test phase.
Which of the following security activities should be implemented as part of the SDL in order to provide the MOST security coverage over the solution? (Select TWO).
A. Perform unit testing of the binary code
B. Perform code review over a sampling of the front end source code
C. Perform black box penetration testing over the solution
D. Perform grey box penetration testing over the solution
E. Perform static code review over the front end source code
Q302. - (Topic 2)
A bank is in the process of developing a new mobile application. The mobile client renders content and communicates back to the company servers via REST/JSON calls. The bank wants to ensure that the communication is stateless between the mobile application and the web services gateway. Which of the following controls MUST be implemented to enable stateless communication?
A. Generate a one-time key as part of the device registration process.
B. Require SSL between the mobile application and the web services gateway.
C. The jsession cookie should be stored securely after authentication.
D. Authentication assertion should be stored securely on the client.
Q303. - (Topic 3)
A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night. Which of the following presents the MOST risk to confidentiality in this scenario?
A. Loss of physical control of the servers
B. Distribution of the job to multiple data centers
C. Network transmission of cryptographic keys
D. Data scraped from the hardware platforms
Q304. - (Topic 3)
A security administrator is conducting network forensic analysis of a recent defacement of the company’s secure web payment server (HTTPS). The server was compromised around the New Year’s holiday when all the company employees were off. The company’s network diagram is summarized below:
The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm during the holiday.
Which of the following is true?
A. The security administrator should review the IDS logs to determine the source of the attack and the attack vector used to compromise the web server.
B. The security administrator must correlate the external firewall logs with the intrusion detection system logs to determine what specific attack led to the web server compromise.
C. The security administrator must reconfigure the network and place the IDS between the SSL accelerator and the server farm to be able to determine the cause of future attacks.
D. The security administrator must correlate logs from all the devices in the network diagram to determine what specific attack led to the web server compromise.
Q305. - (Topic 1)
A software development manager is taking over an existing software development project. The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now?
Q306. - (Topic 5)
A security engineer at a software development company has identified several vulnerabilities in a product late in the development cycle. This causes a huge delay for the release of the product. Which of the following should the administrator do to prevent these issues from occurring in the future?
A. Recommend switching to an SDLC methodology and perform security testing during each maintenance iteration
B. Recommend switching to a spiral software development model and perform security testing during the requirements gathering
C. Recommend switching to a waterfall development methodology and perform security testing during the testing phase
D. Recommend switching to an agile development methodology and perform security testing during iterations
Q307. - (Topic 4)
An administrator has four virtual guests on a host server. Two of the servers are corporate SQL servers, one is a corporate mail server, and one is a testing web server for a small group of developers. The administrator is experiencing difficulty connecting to the host server during peak network usage times. Which of the following would allow the administrator to securely connect to and manage the host server during peak usage times?
A. Increase the virtual RAM allocation to high I/O servers.
B. Install a management NIC and dedicated virtual switch.
C. Configure the high I/O virtual servers to use FCoE rather than iSCSI.
D. Move the guest web server to another dedicated host.
Q308. - (Topic 1)
Which of the following provides the BEST risk calculation methodology?
A. Annual Loss Expectancy (ALE) x Value of Asset
B. Potential Loss x Event Probability x Control Failure Probability
C. Impact x Threat x Vulnerability
D. Risk Likelihood x Annual Loss Expectancy (ALE)
Q309. - (Topic 2)
A project manager working for a large city government is required to plan and build a WAN, which will be required to host official business and public access. It is also anticipated that the city’s emergency and first response communication systems will be required to operate across the same network. The project manager has experience with enterprise IT projects, but feels this project has an increased complexity as a result of the mixed business / public use and the critical infrastructure it will provide. Which of the following should the project manager release to the public, academia, and private industry to ensure the city provides due care in considering all project factors prior to building its new WAN?
Q310. - (Topic 3)
A team is established to create a secure connection between software packages in order to list employee's remaining or unused benefits on their paycheck stubs. Which of the following business roles would be MOST effective on this team?
A. Network Administrator, Database Administrator, Programmers
B. Network Administrator, Emergency Response Team, Human Resources
C. Finance Officer, Human Resources, Security Administrator
D. Database Administrator, Facilities Manager, Physical Security Manager