cas-002 - edusum · cas-002 - comptia advanced security practitioner pg. 2 introduction to cas-002...

CAS-002 CASP

edusum.com

A Success Guide to Prepare- CompTIA Advanced Security Practitioner

CASP- Success Guide ____________________________________________________________________________________

____________________________________________________________________________________ CAS-002 - CompTIA Advanced Security Practitioner pg. 1

Table of Contents Introduction to CAS-002 Exam on CompTIA Advanced Security Practitioner ... 2

CompTIA CAS-002 Certification Details: ....................................................... 2

CompTIA CAS-002 Exam Syllabus: ............................................................... 3

CAS-002 Sample Questions: ....................................................................... 17

Answers to CAS-002 Exam Questions: ........................................................ 19



Introduction to CAS-002 Exam on CompTIA

Advanced Security Practitioner Use this quick start guide to collect all the information about CompTIA CASP (CAS-002) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the CAS-002 Advanced Security Practitioner exam. The

Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual CompTIA CASP

certification exam.

The CompTIA CASP certification is mainly targeted to those candidates who want to build their career in IT Security domain. The CompTIA Advanced Security Practitioner (CASP)

exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of CompTIA CASP.

CompTIA CAS-002 Certification Details:

Exam Name CompTIA Advanced Security Practitioner (CASP)

Exam Code CAS-002

Exam Price $426 (USD)

Duration 165 min

Number of Questions 90

Passing Score Pass/Fail

Schedule Exam CompTIA Marketplace

Sample Questions CompTIA CASP Sample Questions

Practice Exam CompTIA CAS-002 Certification Practice Exam

http://www.comptiastore.com/default.asp

https://www.edusum.com/comptia/cas-002-casp-certification-sample-questions

https://www.edusum.com/comptia/cas-002-advanced-security-practitioner



CompTIA CAS-002 Exam Syllabus:

Topic Details

Enterprise Security 30%

Given a scenario, select

appropriate cryptographic concepts and techniques.

1. Techniques

1. Key stretching

2. Hashing

3. Code signing

4. Pseudorandom number generation

5. Perfect forward secrecy

6. Transport encryption

7. Data-at-rest encryption

8. Digital signature

2. Concepts

1. Entropy

2. Diffusion

3. Confusion

4. Non-repudiation

5. Confidentiality

6. Integrity

7. Chain of trust, root of trust

8. Cryptographic applications and proper/improper implementations

9. Advanced PKI concepts

10. Wild card

11. OCSP vs. CRL

12. Issuance to entities

13. Users

14. Systems

15. Applications

16. Key escrow

17. Steganography

18. Implications of cryptographic methods and design

19. Stream

20. Block

21. Modes

22. ECB

23. CBC

24. CFB

25. OFB

26. Known flaws/weaknesses

27. Strength vs. performance vs. feasibility to

implement vs. interoperability

3. Implementations



Topic Details

1. DRM

2. Watermarking

3. GPG

4. SSL

5. SSH

6. S/MIME

Explain the security implications associated with

enterprise storage.

1. Storage type

1. Virtual storage

2. Cloud storage

3. Data warehousing

4. Data archiving

5. NAS

6. SAN

7. vSAN

2. Storage protocols

1. iSCSI

2. FCoE

3. NFS, CIFS

3. Secure storage management

1. Multipath

2. Snapshots

3. Deduplication

4. Dynamic disk pools

5. LUN masking/mapping

6. HBA allocation

7. Offsite or multisite replication

8. Encryption

9. Disk

10. Block

11. File

12. Record

13. Port

Given a scenario, analyze network and security

components, concepts and architectures

1. Advanced network design (wired/wireless)

1. Remote access

2. VPN

3. SSH

4. RDP

5. VNC



Topic Details

6. SSL

7. IPv6 and associated transitional technologies

8. Transport encryption

9. Network authentication methods

10. 802.1x

11. Mesh networks

2. Security devices

1. UTM

2. NIPS

3. NIDS

4. INE

5. SIEM

6. HSM

7. Placement of devices

8. Application and protocol aware technologies

9. WAF

10. NextGen firewalls

11. IPS

12. Passive vulnerability scanners

13. DAM

3. Virtual networking and security components

1. Switches

2. Firewalls

3. Wireless controllers

4. Routers

5. Proxies

4. Complex network security solutions for data flow

1. SSL inspection

2. Network flow data

5. Secure configuration and baselining of networking and security components

1. ACLs

2. Change monitoring

3. Configuration lockdown

4. Availability controls

6. Software-defined networking

7. Cloud-managed networks 8. Network management and monitoring tools



Topic Details

9. Advanced configuration of routers, switches and other

network devices

1. Transport security

2. Trunking security

3. Route protection

10. Security zones

1. Data flow enforcement 2. DMZ

3. Separation of critical assets

11. Network access control

1. Quarantine/remediation

12. Operational and consumer network-enabled devices

1. Building automation systems

2. IP video

3. HVAC controllers

4. Sensors

5. Physical access control systems

6. A/V systems

7. Scientific/industrial equipment

13. Critical infrastructure/Supervisory Control and Data

Acquisition (SCADA)/ Industrial Control Systems (ICS)

Given a scenario, select and

troubleshoot security controls for hosts.

1. Trusted OS (e.g., how and when to use it)

2. Endpoint security software

1. Anti-malware

2. Antivirus

3. Anti-spyware

4. Spam filters

5. Patch management 6. HIPS/HIDS

7. Data loss prevention

8. Host-based firewalls

9. Log monitoring

3. Host hardening

1. Standard operating environment/

2. configuration baselining

3. Application whitelisting and blacklisting



Topic Details

4. Security/group policy implementation

5. Command shell restrictions

6. Patch management 7. Configuring dedicated interfaces

8. Out-of-band NICs

9. ACLs

10. Management interface

11. Data interface

12. Peripheral restrictions

13. USB

14. Bluetooth

15. Firewire

16. Full disk encryption

4. Security advantages and disadvantages of virtualizing servers

1. Type I 2. Type II

3. Container-based

5. Cloud augmented security services

1. Hash matching

2. Antivirus

3. Anti-spam

4. Vulnerability scanning

5. Sandboxing

6. Content filtering

6. Boot loader protections

1. Secure boot 2. Measured launch

3. Integrity Measurement 4. Architecture (IMA)

5. BIOS/UEFI

7. Vulnerabilities associated with co-mingling of hosts with different security requirements

1. VM escape

2. Privilege elevation

3. Live VM migration

4. Data remnants

8. Virtual Desktop Infrastructure (VDI) 9. Terminal services/application delivery services



Topic Details

10. TPM

11. VTPM 12. HSM

Differentiate application vulnerabilities and select

appropriate security controls.

1. Web application security design considerations

1. Secure: by design, by default, by deployment

2. Specific application issues

1. Cross-Site Request Forgery (CSRF)

2. Click-jacking

3. Session management

4. Input validation

5. SQL injection

6. Improper error and exception handling

7. Privilege escalation

8. Improper storage of sensitive data

9. Fuzzing/fault injection

10. Secure cookie storage and transmission

11. Buffer overflow

12. Memory leaks

13. Integer overflows

14. Race conditions

15. Time of check

16. Time of use

17. Resource exhaustion

18. Geo-tagging

19. Data remnants

3. Application sandboxing 4. Application security frameworks

1. Standard libraries

2. Industry-accepted approaches

3. Web services security (WS-security)

5. Secure coding standards 6. Database Activity Monitor (DAM)

7. Web Application Firewalls (WAF) 8. Client-side processing vs.server-side processing

1. JSON/REST

2. Browser extensions

3. ActiveX

4. Java Applets

5. Flash

6. HTML5

7. AJAX



Topic Details

8. SOAP

9. State management 10. JavaScript

Risk Management and Incident Response 20%

Interpret business and industry influences and explain associated security

risks.

1. Risk management of new products, new technologies and user behaviors

2. New or changing business models/strategies

1. Partnerships

2. Outsourcing

3. Cloud

4. Merger and demerger/divestiture

3. Security concerns of integrating diverse industries

1. Rules

2. Policies

3. Regulations

4. Geography

4. Ensuring third-party providers have requisite levels of information security 5. Internal and external influences

1. Competitors

2. Auditors/audit findings

3. Regulatory entities

4. Internal and external

5. client requirements

6. Top level management

6. Impact of de-perimeterization (e.g., constantly

changing network boundary)

1. Telecommuting

2. Cloud

3. BYOD

4. Outsourcing

Given a scenario, execute

risk mitigation planning, strategies and controls.

1. Classify information types into levels of CIA based on organization/industry 2. Incorporate stakeholder input into CIA decisions

3. Implement technical controls based on CIA requirements and policies of the organization

4. Determine aggregate score of CIA 5. Extreme scenario planning/worst case scenario



Topic Details

6. Determine minimum required security controls based

on aggregate score 7. Conduct system specific risk analysis 8. Make risk determination

1. Magnitude of impact 2. ALE

3. SLE

4. Likelihood of threat 5. Motivation

6. Source

7. ARO

8. Trend analysis

9. Return On Investment (ROI)

10. Total cost of ownership

9. Recommend which strategy should be applied based on risk appetite

1. Avoid

2. Transfer

3. Mitigate

4. Accept

10. Risk management processes

1. Exemptions

2. Deterrance

3. Inherent 4. Residual

11. Enterprise security architecture frameworks 12. Continuous improvement/monitoring

13. Business continuity planning 14. IT governance

Compare and contrast

security, privacy policies and procedures based on organizational requirements.

1. Policy development and updates in light of new business, technology, risks and environment changes 2. Process/procedure development and updates in light of

policy, environment and business changes 3. Support legal compliance and advocacy by partnering with HR, legal, management and other entities

4. Use common business documents to support security

1. Risk assessment (RA)/

2. Statement Of Applicability (SOA)

3. Business Impact Analysis (BIA)

4. Interoperability Agreement (IA)

5. Interconnection Security



Topic Details

6. Agreement (ISA)

7. Memorandum Of Understanding (MOU)

8. Service Level Agreement (SLA)

9. Operating Level Agreement (OLA)

10. Non-Disclosure Agreement (NDA)

11. Business Partnership Agreement (BPA)

5. Use general privacy principles for sensitive information

(PII) 6. Support the development of policies that contain

1. Separation of duties

2. Job rotation

3. Mandatory vacation

4. Least privilege

5. Incident response

6. Forensic tasks

7. Employment and

8. termination procedures

9. Continuous monitoring

10. Training and awareness for users

11. Auditing requirements and frequency

Given a scenario, conduct incident response and

recovery procedures.

1. E-discovery

1. Electronic inventory and asset control 2. Data retention policies

3. Data recovery and storage

4. Data ownership

5. Data handling

6. Legal holds

2. Data breach

1. Detection and collection

2. Data analytics

3. Mitigation

4. Minimize

5. Isolate

6. Recovery/reconstitution

7. Response

8. Disclosure

3. Design systems to facilitate incident response

1. Internal and external violations

2. Privacy policy violations

3. Criminal actions



Topic Details

4. Insider threat

5. Non-malicious threats/misconfigurations

6. Establish and review system, audit and security logs

4. Incident and emergency response

1. Chain of custody

2. Forensic analysis of compromised system

3. Continuity Of Operation Plan (COOP)

4. Order of volatility

Research and Analysis 18%

Apply research methods to determine industry

trends and impact to the enterprise.

1. Perform ongoing research

1. Best practices

2. New technologies

3. New security systems and services

4. Technology evolution (e.g., RFCs, ISO)

2. Situational awareness

1. Latest client-side attacks

2. Knowledge of current vulnerabilities and threats

3. Zero-day mitigating controls and remediation

4. Emergent threats and issues

3. Research security implications of new business tools

1. Social media/networking

2. End user cloud storage

3. Integration within the business

4. Global IA industry/community

1. Computer Emergency Response Team (CERT)

2. Conventions/conferences

3. Threat actors

4. Emerging threat sources/ threat intelligence

5. Research security requirements for contracts

1. Request For Proposal (RFP)

2. Request For Quote (RFQ)

3. Request For Information (RFI)

4. Agreements



Topic Details

Analyze scenarios to secure

the enterprise.

1. Create benchmarks and compare to baselines

2. Prototype and test multiple solutions 3. Cost benefit analysis

1. ROI

2. TCO

4. Metrics collection and analysis 5. Analyze and interpret trend data to anticipate cyber defense needs

6. Review effectiveness of existing security controls 7. Reverse engineer/deconstruct existing solutions 8. Analyze security solution attributes to ensure they

meet business needs

1. Performance

2. Latency

3. Scalability

4. Capability

5. Usability

6. Maintainability

7. Availability

8. Recoverability

9. Conduct a lessons-learned/after-action report 10. Use judgment to solve difficult problems that do not

have a best solution

Given a scenario, select methods or tools appropriate

to conduct an assessment

and analyze results

1. Tool type

1. Port scanners

2. Vulnerability scanners

3. Protocol analyzer

4. Network enumerator

5. Password cracker

6. Fuzzer

7. HTTP interceptor

8. Exploitation tools/frameworks

9. Passive reconnaissance and intelligence gathering tools

10. Social media

11. Whois

12. Routing tables

2. Methods

1. Vulnerability assessment 2. Malware sandboxing

3. Memory dumping, runtime debugging



Topic Details

4. Penetration testing

5. Black box

6. White box

7. Grey box

8. Reconnaissance

9. Fingerprinting

10. Code review

11. Social engineering

Integration of Computing, Communications and Business Disciplines 16%

Given a scenario, facilitate collaboration across diverse

business units to achieve

security goals.

1. Interpreting security requirements and goals to communicate with stakeholders from other disciplines

1. Sales staff 2. Programmer

3. Database administrator

4. Network administrator

5. Management/executive management

6. Financial 7. Human resources

8. Emergency response team

9. Facilities manager

10. Physical security manager

2. Provide objective guidance and impartial recommendations to staff and senior management on

security processes and controls 3. Establish effective collaboration within teams to

implement secure solutions 4. IT governance

Given a scenario, select the appropriate control to secure

communications and collaboration solutions.

1. Security of unified collaboration tools

1. Web conferencing

2. Video conferencing

3. Instant messaging

4. Desktop sharing

5. Remote assistance

6. Presence

7. Email

8. Telephony

9. VoIP

10. Collaboration sites

11. Social media

12. Cloud-based

2. Remote access

3. Mobile device management



Topic Details

1. BYOD

4. Over-the-air technologies concerns

Implement security activities across the technology life

cycle.

1. End-to-end solution ownership

1. Operational activities

2. Maintenance

3. Commissioning/decommissioning

4. Asset disposal 5. Asset/object reuse

6. General change management

2. Systems development life cycle

1. Security System DevelopmentLife Cycle (SSDLC)/Security Development Lifecycle (SDL)

2. Security Requirements Traceability Matrix (SRTM)

3. Validation and acceptance testing

4. Security implications of agile, waterfall and spiral software development methodologies

3. Adapt solutions to address emerging threats and

security trends 4. Asset management (inventory control)

1. Device tracking technologies

2. Geo-location/GPS location

3. Object tracking and containment technologies

4. Geo-tagging/geo-fencing

5. RFID

Technical Integration of Enterprise Components 16%

Given a scenario, integrate hosts, storage, networks and

applications into a secure enterprise architecture.

1. Secure data flows to meet changing business needs 2. Standards

1. Open standards

2. Adherence to standards

3. Competing standards

4. Lack of standards

5. De facto standards

3. Interoperability issues

1. Legacy systems/current systems

2. Application requirements



Topic Details

3. In-house developed vs. commercial vs. commercial

customized

4. Technical deployment models (outsourcing/insourcing/managed services/partnership)

1. Cloud and virtualization considerations and hosting

options

2. Public

3. Private

4. Hybrid

5. Community

6. Multi-tenancy

7. Single tenancy

8. Vulnerabilities associated with a single physical server hosting multiple companies’ virtual machines

9. Vulnerabilities associated with a single platform hosting multiple companies’ virtual machines

10. Secure use of on-demand/ elastic cloud computing

11. Data remnants

12. Data aggregation

13. Data isolation

14. Resources provisioning and deprovisioning

15. Users

16. Servers

17. Virtual devices

18. Applications

19. Securing virtual environments, services, applications, appliances and equipment

20. Design considerations during mergers, acquisitions

and demergers/divestitures

21. Network secure segmentation and delegation

5. Logical deployment diagram and corresponding physical deployment diagram of all relevant devices

6. Secure infrastructure design (e.g., decide where to place certain devices/applications) 7. Storage integration (security considerations)

8. Enterprise application integration enablers

1. CRM

2. ERP

3. GRC

4. ESB

5. SOA

6. Directory services

7. DNS



Topic Details

8. CMDB

9. CMS

Given a scenario, integrate advanced authentication and

authorization technologies to support enterprise objectives.

1. Authentication

1. Certificate-based authentication

2. Single sign-on

2. Authorization

1. OAUTH

2. XACML

3. SPML

3. Attestation 4. Identity propagation

5. Federation

1. SAML

2. OpenID

3. Shibboleth

4. WAYF

6. Advanced trust models

1. RADIUS configurations

2. LDAP

3. AD

CAS-002 Sample Questions: 01. A new system has recently been built using the SSDLC process and is in the validation process to ensure the system is behaving correctly. During this

process, the development team notices that the system is behaving as it should, except for a few minor internal application bugs. Which of the following validation types would be a result of this issue?

a) Application interface validation

b) Code validation

c) Functional validation

d) Requirements validation



02. A server administrator needs to find a web service that will allow most systems to communicate over HTTP using an XML based protocol. Which of the following communication methods will allow this?

a) SOAP

b) XACML

c) SSO

d) SAML

03. When considering security requirements which require third party vendor requests, which of the following is a correctly ordered set of events from start

to finish?

a) RFP, RFQ, RFC

b) RFI, RFQ, RFP

c) RFP, RFQ, RFI

d) RFC, RFT

04. As a condition of being awarded a new contract, an organization must increase the security of its VPN ensuring that one compromised SA session key

cannot be used to compromise any other sessions. Which of the following could be configured to meet this requirement?

a) Opportunistic encryption

b) Pseudo-random number generator

c) Dual-factor authentication

d) Perfect forward secrecy

05. During a routine security assessment of a network, the security administrator discovers a user workstation with multiple SSH connections to servers outside the corporate network. Using a protocol analyzer, the

administrator identifies hundreds of gigabytes of information being transferred to an external server via SCP. After identifying the user, the administrator discovers that today is the user’s

last day of employment, and that the employee is going to work for a competitor. Which of the following tactics is being used to steal company secrets?

a) Logic bomb

b) SSH worm

c) Data exfiltration

d) Privilege escalation

e) SAML exploit

06. Which of the following practices is MOST likely employed during e-

discovery?

a) Legal hold and chain of custody

b) Risk mitigation and policy generation

c) Network enumeration and fingerprinting

d) Data deduplication and hashing



07. A security administrator notices a network intrusion and quickly solves the problem by closing an unused port. Which of the following should be completed?

a) After action report b) ELA

c) MOA

d) Reverse engineering incident report

08. An IT Manager has requested that specific files stored on the company SAN containing data which is not protected by patent law, but is classified as trade

secret encrypted with a block cipher which is both secure and fast. Which of the following BEST satisfies the request?

a) Blowfish

b) MD5

c) Triple-DES

d) RC4

09. A new Chief Information Officer’s (CIO’s) primary initiative is to reduce

risk and the number of vulnerabilities affecting an organization. Which of the following reduces the number of locations to patch internal applications?

a) Provide application access through a VDI

b) Host applications using terminal services

c) Implement an enterprise patch management solution

d) Convert applications to leverage hosted cloud computing

10. An administrator uses an iSCSI unencrypted connection over the corporate network. Which of the following vulnerabilities would be present in regards to iSCSI authentication?

a) Authentication uses the older TACACS protocol and is vulnerable to a botnet attack. b) Authentication is vulnerable to a dictionary attack. c) iSCSI uses LDAP authentication in plain text, which can be easily compromised.

d) Kerberos authentication would not be supported on Linux hosts.

Answers to CAS-002 Exam Questions:

Question: 01

Answer: b

Question: 02

Answer: a

Question: 03

Answer: b

Question: 04

Answer: d

Question: 05

Answer: c

Question: 06

Answer: a

Question: 07

Answer: a

Question: 08

Answer: a

Question: 09

Answer: b

Question: 10

Answer: b

Note: If you find any typo or data entry error in these sample questions, we request you to update us by commenting on this page or write an email on [email protected]

cas-002 - edusum · cas-002 - comptia advanced security practitioner pg. 2 introduction to cas-002...

Documents