Ucertify offers free demo for CAS-002 exam. "CompTIA Advanced Security Practitioner (CASP)", also known as CAS-002 exam, is a CompTIA Certification. This set of posts, Passing the CompTIA CAS-002 exam, will help you answer those questions. The CAS-002 Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA CAS-002 exams and revised by experts!
♥♥ 2017 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Q191. - (Topic 4)
Warehouse users are reporting performance issues at the end of each month when trying to access cloud applications to complete their end of the month financial reports. They have no problem accessing those applications at the beginning of the month.
Network information: DMZ network – 192.168.5.0/24 VPN network – 192.168.1.0/24 Datacenter – 192.168.2.0/24 User network - 192.168.3.0/24
HR network – 192.168.4.0/24 Warehouse network – 192.168.6.0/24 Finance network 192.168.7.0/24
Traffic shaper configuration:
VLAN Bandwidth limit (Mbps) VPN50 User175 HR220 Finance230 Warehouse75 Guest50
External firewall allows all networks to access the Internet. Internal Firewall Rules:
ActionSourceDestination Permit192.168.1.0/24192.168.2.0/24 Permit192.168.1.0/24192.168.3.0/24 Permit192.168.1.0/24192.168.5.0/24 Permit192.168.2.0/24192.168.1.0/24 Permit192.168.3.0/24192.168.1.0/24 Permit192.168.5.0/24192.168.1.0/24 Permit192.168.4.0/24192.168.7.0/24 Permit192.168.7.0/24192.168.4.0/24 Permit192.168.7.0/24any Deny192.168.4.0/24any Deny192.168.1.0/24192.168.4.0/24
Which of the following restrictions is the MOST likely cause?
A. Bandwidth limit on the traffic shaper for the finance department
B. Proxy server preventing the warehouse from accessing cloud applications
C. Deny statements in the firewall for the warehouse network
D. Bandwidth limit on the traffic shaper for the warehouse department
Q192. - (Topic 2)
A company is trying to decide how to manage hosts in a branch location connected via a slow WAN link. The company desires to provide the same level of performance and functionality to the branch office as it provides to the main campus. The company uses Active Directory for its directory service and host configuration management. The branch location does not have a datacenter, and the physical security posture of the building is weak. Which of the following designs is MOST appropriate for this scenario?
A. Deploy a branch location Read-Only Domain Controller in the DMZ at the main campus with a two-way trust.
B. Deploy a corporate Read-Only Domain Controller to the branch location.
C. Deploy a corporate Domain Controller in the DMZ at the main campus.
D. Deploy a branch location Read-Only Domain Controller to the branch office location with a one-way trust.
E. Deploy a corporate Domain Controller to the branch location.
F. Deploy a branch location Domain Controller to the branch location with a one-way trust.
Q193. - (Topic 4)
A large enterprise introduced a next generation firewall appliance into the Internet facing DMZ. All Internet traffic passes through this appliance. Four hours after implementation the network engineering team discovered that traffic through the DMZ now has un-acceptable latency, and is recommending that the new firewall be taken offline. At what point in the implementation process should this problem have been discovered?
A. During the product selection phase
B. When testing the appliance
C. When writing the RFP for the purchase process
D. During the network traffic analysis phase
Q194. - (Topic 2)
A company has a difficult time communicating between the security engineers, application developers, and sales staff. The sales staff tends to overpromise the application deliverables. The security engineers and application developers are falling behind schedule. Which of the following should be done to solve this?
A. Allow the sales staff to shadow the developers and engineers to see how their sales impact the deliverables.
B. Allow the security engineering team to do application development so they understand why it takes so long.
C. Allow the application developers to attend a sales conference so they understand how business is done.
D. Allow the sales staff to learn application programming and security engineering so they understand the whole lifecycle.
Q195. - (Topic 3)
An organization determined that each of its remote sales representatives must use a smartphone for email access.
The organization provides the same centrally manageable model to each person.
Which of the following mechanisms BEST protects the confidentiality of the resident data?
A. Require dual factor authentication when connecting to the organization’s email server.
B. Require each sales representative to establish a PIN to access the smartphone and limit email storage to two weeks.
C. Require encrypted communications when connecting to the organization’s email server.
D. Require a PIN and automatic wiping of the smartphone if someone enters a specific number of incorrect PINs.
Q196. - (Topic 2)
A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. The application utilizes streaming video that can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO).
A. Use AES in Electronic Codebook mode
B. Use RC4 in Cipher Block Chaining mode
C. Use RC4 with Fixed IV generation
D. Use AES with cipher text padding
E. Use RC4 with a nonce generated IV
F. Use AES in Counter mode
Q197. - (Topic 1)
A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?
A. The tool could show that input validation was only enabled on the client side
B. The tool could enumerate backend SQL database table and column names
C. The tool could force HTTP methods such as DELETE that the server has denied
D. The tool could fuzz the application to determine where memory leaks occur
Q198. - (Topic 5)
For companies seeking to move to cloud services, variances in regulation between jurisdictions can be addressed in which of the following ways?
A. Ensuring the cloud service provides high availability spanning multiple regions.
B. Using an international private cloud model as opposed to public IaaS.
C. Encrypting all data moved to or processed in a cloud-based service.
D. Tagging VMs to ensure they are only run in certain geographic regions.
Q199. - (Topic 1)
Joe, the Chief Executive Officer (CEO), was an Information security professor and a Subject Matter Expert for over 20 years. He has designed a network defense method which he says is significantly better than prominent international standards. He has recommended that the company use his cryptographic method. Which of the following methodologies should be adopted?
A. The company should develop an in-house solution and keep the algorithm a secret.
B. The company should use the CEO’s encryption scheme.
C. The company should use a mixture of both systems to meet minimum standards.
D. The company should use the method recommended by other respected information security organizations.
Q200. - (Topic 1)
An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous monitoring of authorized information systems?
A. Independent verification and validation
B. Security test and evaluation
C. Risk assessment
D. Ongoing authorization