Press "Enter" to skip to content

All About CAS-002 practice question Dec 2018

Cause all that matters here is passing the CompTIA CAS-002 exam. Cause all that you need is a high score of CAS-002 CompTIA Advanced Security Practitioner (CASP) exam. The only one thing you need to do is downloading Exambible CAS-002 exam study guides now. We will not let you down with our money-back guarantee.

2018 NEW RECOMMEND

Pass on Your First TRY 100% Money Back Guarantee Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on:
https://www.certshared.com/exam/CAS-002/

P.S. High value CAS-002 preparation are available on Google Drive, GET MORE: https://drive.google.com/open?id=1MWxVvRqKw5P-3mL6Zi7QlXk_26ObOJ_y

New CompTIA CAS-002 Exam Dumps Collection (Question 14 – Question 23)

New Questions 14

The Chief Information Officer (CIO) of a technology company is likely to move away from a de-perimeterized model for employee owned devices. This is because there were too many issues with lack of patching, malware incidents, and data leakage due to lost/stolen devices which did not have full-disk encryption. The u2018bring your own computingu2019 approach was originally introduced because different business units preferred different operating systems and application stacks. Based on the issues and user needs, which of the following is the BEST recommendation for the CIO to make?

A. The de-perimeterized model should be kept as this is major industry trend and other companies are following this direction. Advise that the issues being faced are standard business as usual concerns in a modern IT environment.

B. Update the policy to disallow non-company end-point devices on the corporate network. Develop security-focused standard operating environments (SOEs) for all required operating systems and ensure the needs of each business unit are met.

C. The de-perimeterized model should be kept but update company policies to state that non-company end-points require full disk encryption, anti-virus software, and regular patching.

D. Update the policy to disallow non-company end-point devices on the corporate network. Allow only one type of outsourced SOE to all users as this will be easier to provision, secure, and will save money on operating costs.

Answer: B

New Questions 15

After being informed that the company DNS is unresponsive, the system administrator issues the following command from a Linux workstation:

Once at the command prompt, the administrator issues the below commanD. Which of the following is true about the above situation?

A. The administrator must use the sudo command in order to restart the service.

B. The administrator used the wrong SSH port to restart the DNS server.

C. The service was restarted correctly, but it failed to bind to the network interface.

D. The service did not restart because the bind command is privileged.

Answer: A

New Questions 16

A company is preparing to upgrade its NIPS at five locations around the world. The three platforms the team plans to test, claims to have the most advanced features and lucrative pricing.

Assuming all platforms meet the functionality requirements, which of the following methods should be used to select the BEST platform?

A. Establish return on investment as the main criteria for selection.

A. B. Run a cost/benefit analysis based on the data received from the RFP.

C. Evaluate each platform based on the total cost of ownership.

D. Develop a service level agreement to ensure the selected NIPS meets all performance requirements.

Answer: C

New Questions 17

A web developer is responsible for a simple web application that books holiday accommodations. The front-facing web server offers an HTML form, which asks for a useru2019s age. This input gets placed into a signed integer variable and is then checked to ensure that the user is in the adult age range.

Users have reported that the website is not functioning correctly. The web developer has inspected log files and sees that a very large number (in the billions) was submitted just before the issue started occurring. Which of the following is the MOST likely situation that has occurred?

A. The age variable stored the large number and filled up disk space which stopped the application from continuing to function. Improper error handling prevented the application from recovering.

B. The age variable has had an integer overflow and was assigned a very small negative number which led to unpredictable application behavior. Improper error handling prevented the application from recovering.

C. Computers are able to store numbers well above u201cbillionsu201d in size. Therefore, the website issues are not related to the large number being input.

D. The application has crashed because a very large integer has lead to a u201cdivide by zerou201d. Improper error handling prevented the application from recovering.

Answer: B

New Questions 18

An IT auditor is reviewing the data classification for a sensitive system. The company has classified the data stored in the sensitive system according to the following matrix:

DATA TYPECONFIDENTIALITYINTEGRITYAVAILABILITY

—————————————————————————————————————-

FinancialHIGHHIGHLOW

Client nameMEDIUMMEDIUMHIGH Client addressLOWMEDIUMLOW

—————————————————————————————————————– AGGREGATEMEDIUMMEDIUMMEDIUM

The auditor is advising the company to review the aggregate score and submit it to senior management. Which of the following should be the revised aggregate score?

A. HIGH, MEDIUM, LOW

B. MEDIUM, MEDIUM, LOW

C. HIGH, HIGH, HIGH

D. MEDIUM, MEDIUM, MEDIUM

Answer: C

New Questions 19

A university Chief Information Security Officer is analyzing various solutions for a new project involving the upgrade of the network infrastructure within the campus. The campus has several dorms (two-four person rooms) and administrative buildings. The network is currently setup to provide only two network ports in each dorm room and ten network ports per classroom. Only administrative buildings provide 2.4 GHz wireless coverage.

The following three goals must be met after the new implementation:

1. Provide all users (including students in their dorms) connections to the Internet.

2. Provide IT department with the ability to make changes to the network environment to improve performance.

3. Provide high speed connections wherever possible all throughout campus including sporting event areas.

Which of the following risk responses would MOST likely be used to reduce the risk of network outages and financial expenditures while still meeting each of the goals stated above?

A. Avoid any risk of network outages by providing additional wired connections to each

A. user and increasing the number of data ports throughout the campus.

B. Transfer the risk of network outages by hiring a third party to survey, implement and manage a 5.0 GHz wireless network.

C. Accept the risk of possible network outages and implement a WLAN solution to provide complete 5.0 GHz coverage in each building that can be managed centrally on campus.

D. Mitigate the risk of network outages by implementing SOHO WiFi coverage throughout the dorms and upgrading only the administrative buildings to 5.0 GHz coverage using a one for one AP replacement.

Answer: C

New Questions 20

A WAF without customization will protect the infrastructure from which of the following attack combinations?

A. DDoS, DNS poisoning, Boink, Teardrop

B. Reflective XSS, HTTP exhaustion, Teardrop

C. SQL Injection, DOM based XSS, HTTP exhaustion

D. SQL Injection, CSRF, Clickjacking

Answer: C

New Questions 21

An organization has just released a new mobile application for its customers. The application has an inbuilt browser and native application to render content from existing websites and the organizationu2019s new web services gateway. All rendering of the content is performed on the mobile application.

The application requires SSO between the application, the web services gateway and legacy UI. Which of the following controls MUST be implemented to securely enable SSO?

A. A registration process is implemented to have a random number stored on the client.

B. The identity is passed between the applications as a HTTP header over REST.

C. Local storage of the authenticated token on the mobile application is secured.

D. Attestation of the XACML payload to ensure that the client is authorized.

Answer: C

New Questions 22

A Security Manager is part of a team selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following are the MAIN concerns of the security manager? (Select THREE).

A. Security of data storage

B. The cost of the solution

C. System availability

D. User authentication strategy

E. PBX integration of the service

F. Operating system compatibility

Answer: A,C,D

New Questions 23

Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network?

A. Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access.

B. Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments.

C. Provide sales staff with a separate laptop with no administrator access just for sales visits.

D. Update the acceptable use policy and ensure sales staff read and acknowledge the policy.

Answer: A

P.S. Easily pass CAS-002 Exam with Examcollection High value Dumps & pdf vce, Try Free: http://www.examcollectionuk.com/CAS-002-vce-download.html (450 New Questions)