CAS-002 Latest Exam (Mar 2018)

[Free] 2018(Mar) EnsurePass Testinsides CompTIA CAS-002 Dumps with VCE and PDF 201-210

April 14, 2018 : Ensure you pass the IT Exams
2018 Mar CompTIA Official New Released CAS-002
100% Free Download! 100% Pass Guaranteed!

CompTIA Advanced Security Practitioner (CASP)

Question No: 201 – (Topic 2)

ODBC access to a database on a network-connected host is required. The host does not have a security mechanism to authenticate the incoming ODBC connection, and the application requires that the connection have read/write permissions. In order to further secure the data, a nonstandard configuration would need to be implemented. The information in the database is not sensitive, but was not readily accessible prior to the implementation of the ODBC connection. Which of the following actions should be taken by the security analyst?

  1. Accept the risk in order to keep the system within the company’s standard security configuration.

  2. Explain the risks to the data owner and aid in the decision to accept the risk versus choosing a nonstandard solution.

  3. Secure the data despite the need to use a security control or solution that is not within company standards.

  4. Do not allow the connection to be made to avoid unnecessary risk and avoid deviating from the standard security configuration.

Answer: B

Question No: 202 – (Topic 2)

A vulnerability scanner report shows that a client-server host monitoring solution operating in the credit card corporate environment is managing SSL sessions with a weak algorithm which does not meet corporate policy. Which of the following are true statements? (Select TWO).

  1. The X509 V3 certificate was issued by a non trusted public CA.

  2. The client-server handshake could not negotiate strong ciphers.

  3. The client-server handshake is configured with a wrong priority.

  4. The client-server handshake is based on TLS authentication.

  5. The X509 V3 certificate is expired.

  6. The client-server implements client-server mutual authentication with different certificates.

Answer: B,C

Question No: 203 – (Topic 2)

Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request:

POST /login.aspx HTTP/1.1 Host:

Content-type: text/html txtUsername=annamp;txtPassword=annamp;alreadyLoggedIn=falseamp;submit=true

Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?

  1. Remove all of the post data and change the request to /login.aspx from POST to GET

  2. Attempt to brute force all usernames and passwords using a password cracker

  3. Remove the txtPassword post data and change alreadyLoggedIn from false to true

  4. Remove the txtUsername and txtPassword post data and toggle submit from true to false

Answer: C

Question No: 204 – (Topic 2)

A company has adopted a BYOD program. The company would like to protect confidential information. However, it has been decided that when an employee leaves, the company will not completely wipe the personal device. Which of the following would MOST likely help the company maintain security when employees leave?

  1. Require cloud storage on corporate servers and disable access upon termination

  2. Whitelist access to only non-confidential information

  3. Utilize an MDM solution with containerization

  4. Require that devices not have local storage

Answer: C

Question No: 205 – (Topic 2)

Which of the following technologies prevents an unauthorized HBA from viewing iSCSI target information?

  1. Deduplication

  2. Data snapshots

  3. LUN masking

  4. Storage multipaths

Answer: C

Question No: 206 – (Topic 2)

The IT director has charged the company helpdesk with sanitizing fixed and removable media. The helpdesk manager has written a new procedure to be followed by the helpdesk staff. This procedure includes the current standard to be used for data sanitization, as well as the location of physical degaussing tools. In which of the following cases should the helpdesk staff use the new procedure? (Select THREE).

  1. During asset disposal

  2. While reviewing the risk assessment

  3. While deploying new assets

  4. Before asset repurposing

  5. After the media has been disposed of

  6. During the data classification process

  7. When installing new printers

  8. When media fails or is unusable

Answer: A,D,H

Question No: 207 – (Topic 2)

An administrator is tasked with securing several website domains on a web server. The administrator elects to secure,,, and with the same certificate. Which of the following would allow the administrator to secure those domains with a single issued certificate?

  1. Intermediate Root Certificate

  2. Wildcard Certificate

  3. EV x509 Certificate

  4. Subject Alternative Names Certificate

Answer: D

Question No: 208 – (Topic 2)

An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant?

A. $4,800 B. $24,000 C. $96,000 D. $120,000

Answer: C

Question No: 209 – (Topic 2)

The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry

trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur. Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices?

  1. Revise the corporate policy to include possible termination as a result of violations

  2. Increase the frequency and distribution of the USB violations report

  3. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense

  4. Implement group policy objects

Answer: D

Question No: 210 – (Topic 2)

A web developer is responsible for a simple web application that books holiday accommodations. The front-facing web server offers an HTML form, which asks for a user’s age. This input gets placed into a signed integer variable and is then checked to ensure that the user is in the adult age range.

Users have reported that the website is not functioning correctly. The web developer has inspected log files and sees that a very large number (in the billions) was submitted just before the issue started occurring. Which of the following is the MOST likely situation that has occurred?

  1. The age variable stored the large number and filled up disk space which stopped the application from continuing to function. Improper error handling prevented the application from recovering.

  2. The age variable has had an integer overflow and was assigned a very small negative number which led to unpredictable application behavior. Improper error handling prevented the application from recovering.

  3. Computers are able to store numbers well above “billions” in size. Therefore, the website issues are not related to the large number being input.

  4. The application has crashed because a very large integer has lead to a “divide by zero”. Improper error handling prevented the application from recovering.

Answer: B

100% Ensurepass Free Download!
Download Free Demo:CAS-002 Demo PDF
100% Ensurepass Free Guaranteed!
CAS-002 Dumps

EnsurePass ExamCollection Testking
Lowest Price Guarantee Yes No No
Up-to-Dated Yes No No
Real Questions Yes No No
Explanation Yes No No
Free VCE Simulator Yes No No
Instant Download Yes No No