we provide High value CompTIA CAS-002 test preparation which are the best for clearing CAS-002 test, and to get certified by CompTIA CompTIA Advanced Security Practitioner (CASP). The CAS-002 Questions & Answers covers all the knowledge points of the real CAS-002 exam. Crack your CompTIA CAS-002 Exam with latest dumps, guaranteed!
2017 NEW RECOMMEND
Free VCE & PDF File for CompTIA CAS-002 Real Exam
Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions
Q301. – (Topic 2)
A security tester is testing a website and performs the following manual query:
The following response is received in the payload:
âORA-000001: SQL command not properly endedâ
Which of the following is the response an example of?
B. Cross-site scripting
C. SQL injection
D. Privilege escalation
Q302. – (Topic 3)
Company ABC was formed by combining numerous companies which all had multiple databases, web portals, and cloud data sets. Each data store had a unique set of custom developed authentication mechanisms and schemas. Which of the following approaches to combining the disparate mechanisms has the LOWEST up front development costs?
D. Federated IDs
Q303. – (Topic 5)
The manager of the firewall team is getting complaints from various IT teams that firewall changes are causing issues. Which of the following should the manager recommend to BEST address these issues?
A. Set up a weekly review for relevant teams to discuss upcoming changes likely to have a broad impact.
B. Update the change request form so that requesting teams can provide additional details about the requested changes.
C. Require every new firewall rule go through a secondary firewall administrator for review before pushing the firewall policy.
D. Require the firewall team to verify the change with the requesting team before pushing the updated firewall policy.
Q304. – (Topic 4)
Company A needs to export sensitive data from its financial system to company Bâs database, using company Bâs API in an automated manner. Company Aâs policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company Aâs financial system and company Bâs destination server using the supplied API. Additionally, company Aâs legacy financial software does not support encryption, while company Bâs API supports encryption. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?
A. Company A must install an SSL tunneling service on the financial system.
B. Company Aâs security administrator should use an HTTPS capable browser to transfer the data.
C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.
D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls.
Q305. – (Topic 2)
Ann is testing the robustness of a marketing website through an intercepting proxy. She has intercepted the following HTTP request:
POST /login.aspx HTTP/1.1
Which of the following should Ann perform to test whether the website is susceptible to a simple authentication bypass?
A. Remove all of the post data and change the request to /login.aspx from POST to GET
B. Attempt to brute force all usernames and passwords using a password cracker
C. Remove the txtPassword post data and change alreadyLoggedIn from false to true
D. Remove the txtUsername and txtPassword post data and toggle submit from true to false
Q306. – (Topic 2)
Joe, a penetration tester, is tasked with testing the security robustness of the protocol between a mobile web application and a RESTful application server. Which of the following security tools would be required to assess the security between the mobile web application and the RESTful application server? (Select TWO).
A. Jailbroken mobile device
B. Reconnaissance tools
C. Network enumerator
D. HTTP interceptor
E. Vulnerability scanner
F. Password cracker
Q307. – (Topic 5)
A company has received the contract to begin developing a new suite of software tools to replace an aging collaboration solution. The original collaboration solution has been in place for nine years, contains over a million lines of code, and took over two years to develop originally. The SDLC has broken the primary delivery stages into eight different deliverables, with each section requiring an in-depth risk analysis before moving on to the next phase. Which of the following software development methods is MOST applicable?
A. Spiral model
B. Incremental model
C. Waterfall model
D. Agile model
Q308. – (Topic 3)
A. Buffer overflow
B. Click jacking
C. SQL injection
D. XSS attack
Q309. – (Topic 4)
Three companies want to allow their employees to seamlessly connect to each otherâs wireless corporate networks while keeping one consistent wireless client configuration. Each company wants to maintain its own authentication infrastructure and wants to ensure that an employee who is visiting the other two companies is authenticated by the home office when connecting to the other companiesâ wireless network. All three companies have agreed to standardize on 802.1x EAP-PEAP-MSCHAPv2 for client configuration. Which of the following should the three companies implement?
A. The three companies should agree on a single SSID and configure a hierarchical RADIUS system which implements trust delegation.
B. The three companies should implement federated authentication through Shibboleth connected to an LDAP backend and agree on a single SSID.
C. The three companies should implement a central portal-based single sign-on and agree to use the same CA when issuing client certificates.
D. All three companies should use the same wireless vendor to facilitate the use of a shared cloud based wireless controller.
Q310. – (Topic 4)
The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented?
A. Geographical regulation issues, loss of intellectual property and interoperability agreement issues
B. Improper handling of client data, interoperability agreement issues and regulatory issues
C. Cultural differences, increased cost of doing business and divestiture issues
D. Improper handling of customer data, loss of intellectual property and reputation damage