Shortcuts To CAS-002(291 to 300)

Act now and download your CompTIA CAS-002 test today! Do not waste time for the worthless CompTIA CAS-002 tutorials. Download Renewal CompTIA CompTIA Advanced Security Practitioner (CASP) exam with real questions and answers and begin to learn CompTIA CAS-002 with a classic professional.

Q291. - (Topic 2) 

Customers are receiving emails containing a link to malicious software. These emails are subverting spam filters. The email reads as follows: 


Received: by 

Mon, 1 Nov 2010 11:15:24 -0700 (PDT) 

Received: by 

Mon, 01 Nov 2010 11:15:23 -0700 (PDT) 

Return-Path: <> 

Received: from for <>; Mon, 1 Nov 2010 13:15:14 -0500 

(envelope-from <>) 

Received: by (SMTP READY) 

with ESMTP (AIO); Mon, 01 Nov 2010 13:15:14 -0500 Received: from by; Mon, 1 Nov 2010 13:15:14 -0500 From: Company <> To: "" <> Date: Mon, 1 Nov 2010 13:15:11 -0500 Subject: New Insurance Application Thread-Topic: New Insurance Application 

Please download and install software from the site below to maintain full access to your account. 

Additional information: The authorized mail servers IPs are and 

The network’s subnet is 

Which of the following are the MOST appropriate courses of action a security administrator could take to eliminate this risk? (Select TWO). 

A. Identify the origination point for malicious activity on the unauthorized mail server. 

B. Block port 25 on the firewall for all unauthorized mail servers. 

C. Disable open relay functionality. 

D. Shut down the SMTP service on the unauthorized mail server. 

E. Enable STARTTLS on the spam filter. 

Answer: B,D 

Q292. - (Topic 4) 

The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees: 

Employee A. Works in the accounts receivable office and is in charge of entering data into the finance system. 

Employee B. Works in the accounts payable office and is in charge of approving purchase orders. 

Employee C. Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B. 

Which of the following should the auditor suggest be done to avoid future security breaches? 

A. All employees should have the same access level to be able to check on each others. 

B. The manager should only be able to review the data and approve purchase orders. 

C. Employee A and Employee B should rotate jobs at a set interval and cross-train. 

D. The manager should be able to both enter and approve information. 


Q293. - (Topic 2) 

A security services company is scoping a proposal with a client. They want to perform a general security audit of their environment within a two week period and consequently have the following requirements: 

Requirement 1 – Ensure their server infrastructure operating systems are at their latest patch levels 

Requirement 2 – Test the behavior between the application and database 

Requirement 3 – Ensure that customer data can not be exfiltrated Which of the following is the BEST solution to meet the above requirements? 

A. Penetration test, perform social engineering and run a vulnerability scanner 

B. Perform dynamic code analysis, penetration test and run a vulnerability scanner 

C. Conduct network analysis, dynamic code analysis, and static code analysis 

D. Run a protocol analyzer perform static code analysis and vulnerability assessment 


Q294. - (Topic 4) 

A systems administrator establishes a CIFS share on a Unix device to share data to windows systems. The security authentication on the windows domain is set to the highest level. Windows users are stating that they cannot authenticate to the Unix share. Which of the following settings on the Unix server is the cause of this problem? 

A. Refuse LM and only accept NTLMv2 

B. Accept only LM 

C. Refuse NTLMv2 and accept LM 

D. Accept only NTLM 


Q295. - (Topic 5) 

The Chief Information Security Officer (CISO) is asking for ways to protect against zero-day exploits. The CISO is concerned that an unrecognized threat could compromise corporate data and result in regulatory fines as well as poor corporate publicity. The network is mostly flat, with split staff/guest wireless functionality. Which of the following equipment MUST be deployed to guard against unknown threats? 

A. Cloud-based antivirus solution, running as local admin, with push technology for definition updates. 

B. Implementation of an offsite data center hosting all company data, as well as deployment of VDI for all client computing needs. 

C. Host based heuristic IPS, segregated on a management VLAN, with direct control of the perimeter firewall ACLs. 

D. Behavior based IPS with a communication link to a cloud based vulnerability and threat feed. 


Q296. - (Topic 5) 

A large organization that builds and configures every data center against distinct requirements loses efficiency, which results in slow response time to resolve issues. However, total uniformity presents other problems. Which of the following presents the GREATEST risk when consolidating to a single vendor or design solution? 

A. Competitors gain an advantage by increasing their service offerings. 

B. Vendor lock in may prevent negotiation of lower rates or prices. 

C. Design constraints violate the principle of open design. 

D. Lack of diversity increases the impact of specific events or attacks. 


Q297. - (Topic 2) 

Joe is a security architect who is tasked with choosing a new NIPS platform that has the ability to perform SSL inspection, analyze up to 10Gbps of traffic, can be centrally managed and only reveals inspected application payload data to specified internal security employees. Which of the following steps should Joe take to reach the desired outcome? 

A. Research new technology vendors to look for potential products. Contribute to an RFP and then evaluate RFP responses to ensure that the vendor product meets all mandatory requirements. Test the product and make a product recommendation. 

B. Evaluate relevant RFC and ISO standards to choose an appropriate vendor product. Research industry surveys, interview existing customers of the product and then recommend that the product be purchased. 

C. Consider outsourcing the product evaluation and ongoing management to an outsourced provider on the basis that each of the requirements are met and a lower total cost of ownership (TCO) is achieved. 

D. Choose a popular NIPS product and then consider outsourcing the ongoing device management to a cloud provider. Give access to internal security employees so that they can inspect the application payload data. 

E. Ensure that the NIPS platform can also deal with recent technological advancements, such as threats emerging from social media, BYOD and cloud storage prior to purchasing the product. 


Q298. - (Topic 4) 

A general insurance company wants to set up a new online business. The requirements are that the solution needs to be: 

The conceptual solution architecture has specified that the application will consist of a traditional three tiered architecture for the front end components, an ESB to provide services, data transformation capability and legacy system integration and a web services gateway. 

Which of the following security components will BEST meet the above requirements and fit into the solution architecture? (Select TWO). 

A. Implement WS-Security for services authentication and XACML for service authorization. 

B. Use end-to-end application level encryption to encrypt all fields and store them encrypted in the database. 

C. Implement a certificate based solution on a smart card in combination with a PIN to provide authentication and authorization of users. 

D. Implement WS-Security as a federated single sign-on solution for authentication authorization of users. 

E. Implement SSL encryption for all sensitive data flows and encryption of passwords of the data at rest. 

F. Use application level encryption to encrypt sensitive fields, SSL encryption on sensitive flows, and database encryption for sensitive data storage. 

Answer: A,F 

Q299. - (Topic 3) 

A company receives an e-discovery request for the Chief Information Officer’s (CIO’s) email data. The storage administrator reports that the data retention policy relevant to their industry only requires one year of email data. However the storage administrator also reports that there are three years of email data on the server and five years of email data on backup tapes. How many years of data MUST the company legally provide? 

A. 1 

B. 2 

C. 3 

D. 5 Answer: D 

Q300. - (Topic 2) 

Using SSL, an administrator wishes to secure public facing server farms in three subdomains:,, and Which of the following is the number of wildcard SSL certificates that should be purchased? 

A. 0 

B. 1 

C. 3 

D. 6