CAS-002の無料問題集（465題）、CAS-002認定試験参考書

CompTIA CAS-002 問題集

試験コード：CAS-002

試験名称：CompTIA Advanced Security Practitioner (CASP)

最近更新時間：2025-03-24

問題と解答：全465問

CAS-002 無料でデモをダウンロード：

PDF版 Demo ソフト版 Demo オンライン版 Demo

無料問題集CAS-002 資格取得

質問 1：
A systems administrator establishes a CIFS share on a UNIX device to share data to Windows systems. The security authentication on the Windows domain is set to the highest level. Windows users are stating that they cannot authenticate to the UNIX share. Which of the following settings on the UNIX server would correct this problem?
A. Refuse LM and only accept NTLMv2
B. Accept only NTLM
C. Accept only LM
D. Refuse NTLMv2 and accept LM
正解：A

質問 2：
An IT manager is concerned about the cost of implementing a web filtering solution in an effort to mitigate the risks associated with malware and resulting data leakage. Given that the ARO is twice per year, the ALE resulting from a data leak is $25,000 and the ALE after implementing the web filter is $15,000. The web filtering solution will cost the organization
$10,000 per year. Which of the following values is the single loss expectancy of a data leakage event after implementing the web filtering solution?
A. $12,500
B. $10,000
C. $15,000
D. $0
E. $7,500
正解：E

質問 3：
A software development manager is taking over an existing software development project.
The team currently suffers from poor communication due to a long delay between requirements documentation and feature delivery. This gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies is the team MOST likely using now?
A. Scrum
B. Agile
C. Spiral
D. Waterfall
正解：D

質問 4：
Company policy requires that all company laptops meet the following baseline requirements:
Software requirements:
Antivirus
Anti-malware
Anti-spyware
Log monitoring
Full-disk encryption
Terminal services enabled for RDP
Administrative access for local users
Hardware restrictions:
Bluetooth disabled
FireWire disabled
WiFi adapter disabled
Ann, a web developer, reports performance issues with her laptop and is not able to access any network resources. After further investigation, a bootkit was discovered and it was trying to access external websites. Which of the following hardening techniques should be applied to mitigate this specific issue from reoccurring? (Select TWO).
A. Restrict VPN access for all mobile users
B. Remove administrative access to local users
C. Perform vulnerability scanning on a daily basis
D. Group policy to limit web access
E. Remove full-disk encryption
F. Restrict/disable USB access
G. Restrict/disable TELNET access to network resources
正解：B,F

質問 5：
A security consultant is conducting a network assessment and wishes to discover any legacy backup Internet connections the network may have. Where would the consultant find this information and why would it be valuable?
A. This information can be found by calling the regional Internet registry, and is valuable because backup connections typically do not require VPN access to the network.
B. This information can be found by querying the network's DNS servers, and is valuable because backup DNS servers typically allow recursive queries from Internet hosts.
C. This information can be found by accessing telecom billing records, and is valuable because backup connections typically have much lower latency than primary connections.
D. This information can be found in global routing tables, and is valuable because backup connections typically do not have perimeter protection as strong as the primary connection.
正解：D

質問 6：
A small retail company recently deployed a new point of sale (POS) system to all 67 stores.
The core of the POS is an extranet site, accessible only from retail stores and the corporate office over a split-tunnel VPN. An additional split-tunnel VPN provides bi-directional connectivity back to the main office, which provides voice connectivity for store VoIP phones. Each store offers guest wireless functionality, as well as employee wireless. Only the staff wireless network has access to the POS VPN. Recently, stores are reporting poor response times when accessing the POS application from store computers as well as degraded voice quality when making phone calls. Upon investigation, it is determined that three store PCs are hosting malware, which is generating excessive network traffic. After malware removal, the information security department is asked to review the configuration and suggest changes to prevent this from happening again. Which of the following denotes the BEST way to mitigate future malware risk?
A. Deploy new perimeter firewalls at all stores with UTM functionality.
B. Change antivirus vendors at the store and the corporate office.
C. Deploy a proxy server with content filtering at the corporate office and route all traffic through it.
D. Move to a VDI solution that runs offsite from the same data center that hosts the new POS solution.
正解：A

質問 7：
After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT);
The programmer found that every time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and a timestamp in the form of MM-DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping cart's items?
A. Session hijacking
B. Input validation
C. TOCTOU
D. SQL injection
正解：C

質問 8：
Due to cost and implementation time pressures, a security architect has allowed a NAS to be used instead of a SAN for a non-critical, low volume database. Which of the following would make a NAS unsuitable for a business critical, high volume database application that required a high degree of data confidentiality and data availability? (Select THREE).
A. File level encryption
B. Multipath
C. File level transfer of data
D. Zoning and LUN security
E. Broadcast storms
F. Latency
G. Block level transfer of data
正解：C,E,F

弊社は失敗したら全額で返金することを承諾します

我々は弊社のCAS-002問題集に自信を持っていますから、試験に失敗したら返金する承諾をします。我々のCompTIA CAS-002を利用して君は試験に合格できると信じています。もし試験に失敗したら、我々は君の支払ったお金を君に全額で返して、君の試験の失敗する経済損失を減少します。

弊社のCompTIA CAS-002を利用すれば試験に合格できます

弊社のCompTIA CAS-002は専門家たちが長年の経験を通して最新のシラバスに従って研究し出した勉強資料です。弊社はCAS-002問題集の質問と答えが間違いないのを保証いたします。

この問題集は過去のデータから分析して作成されて、カバー率が高くて、受験者としてのあなたを助けて時間とお金を節約して試験に合格する通過率を高めます。我々の問題集は的中率が高くて、100％の合格率を保証します。我々の高質量のCompTIA CAS-002を利用すれば、君は一回で試験に合格できます。

弊社は無料CompTIA CAS-002サンプルを提供します

お客様は問題集を購入する時、問題集の質量を心配するかもしれませんが、我々はこのことを解決するために、お客様に無料CAS-002サンプルを提供いたします。そうすると、お客様は購入する前にサンプルをダウンロードしてやってみることができます。君はこのCAS-002問題集は自分に適するかどうか判断して購入を決めることができます。

CAS-002試験ツール：あなたの訓練に便利をもたらすために、あなたは自分のペースによって複数のパソコンで設置できます。

一年間の無料更新サービスを提供します

君が弊社のCompTIA CAS-002をご購入になってから、我々の承諾する一年間の更新サービスが無料で得られています。弊社の専門家たちは毎日更新状態を検査していますから、この一年間、更新されたら、弊社は更新されたCompTIA CAS-002をお客様のメールアドレスにお送りいたします。だから、お客様はいつもタイムリーに更新の通知を受けることができます。我々は購入した一年間でお客様がずっと最新版のCompTIA CAS-002を持っていることを保証します。

CompTIA CAS-002 認定試験の出題範囲：

トピック	出題範囲
トピック 1	Applying for a workshop at CompTIA headquarters means you must be able to commit to up to an eight-hour day
トピック 2	CompTIA appreciates interest
トピック 3	You must have experience with applicable technology and tools according to the specific workshop requirements

参照：https://certification.comptia.org/certifications/comptia-advanced-security-practitioner

安全的な支払方式を利用しています

Credit Cardは今まで全世界の一番安全の支払方式です。少数の手続きの費用かかる必要がありますとはいえ、保障があります。お客様の利益を保障するために、弊社のCAS-002問題集は全部Credit Cardで支払われることができます。

領収書について：社名入りの領収書が必要な場合、メールで社名に記入していただき送信してください。弊社はPDF版の領収書を提供いたします。

TopExamは君にCAS-002の問題集を提供して、あなたの試験への復習にヘルプを提供して、君に難しい専門知識を楽に勉強させます。TopExamは君の試験への合格を期待しています。