Printable of CAS-002 exam question materials and dumps for CompTIA certification for IT engineers, Real Success Guaranteed with Updated CAS-002 pdf dumps vce Materials. 100% PASS CompTIA Advanced Security Practitioner (CASP) exam Today!

P.S. Printable CAS-002 dumps are available on Google Drive, GET MORE: https://drive.google.com/open?id=1jFEYVEoSSaRH30NOS859G8vaEUVGAdF5


New CompTIA CAS-002 Exam Dumps Collection (Question 7 - Question 16)

New Questions 7

CORRECT TEXTThe IDS has detected abnormal behavior on this network Click on the network devices to view device information Based on this information, the following tasks need to be completed:

1. Select the server that is a victim of a SQL injection attack. 2 Select the source of the buffer overflow attack.

3. Modify the access control list (ACL) on the router(s) to ONLY block the buffer overflow attack.

Instructions: Simulations can be reset at any time to the initial state: however, all selections will be deleted.

Answer: Follow the Steps as


New Questions 8

Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?

A. Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation.

B. Hire an outside consultant firm to perform both a quantitative and a qualitative risk- based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur.

C. Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked.

D. Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited.

Answer: D


New Questions 9

A bank now has a major initiative to virtualize as many servers as possible, due to power and rack space capacity at both data centers. The bank has prioritized by virtualizing older servers first as the hardware is nearing end-of-life.

The two initial migrations include:

Which of the following should the security consultant recommend based on best practices?

A. One data center should host virtualized web servers and the second data center should host the virtualized domain controllers.

B. One virtual environment should be present at each data center, each housing a combination of the converted Windows 2000 and RHEL3 virtual machines.

C. Each data center should contain one virtual environment for the web servers and another virtual environment for the domain controllers.

D. Each data center should contain one virtual environment housing converted Windows 2000 virtual machines and converted RHEL3 virtual machines.

Answer: C


New Questions 10

The Universal Research Association has just been acquired by the Association of Medical Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part of the acquisition, but cannot fund labor for major software projects. Which of the following will MOST likely result in some IT resources not being integrated?

A. One of the companies may use an outdated VDI.

A. B. Corporate websites may be optimized for different web browsers.

C. Industry security standards and regulations may be in conflict.

D. Data loss prevention standards in one company may be less stringent.

Answer: C


New Questions 11

The internal audit department is investigating a possible breach of security. One of the auditors is sent to interview the following employees:

Employee A. Works in the accounts receivable office and is in charge of entering data into the finance system.

Employee B. Works in the accounts payable office and is in charge of approving purchase orders.

Employee C. Is the manager of the finance department, supervises Employee A and Employee B, and can perform the functions of both Employee A and Employee B.

Which of the following should the auditor suggest be done to avoid future security breaches?

A. All employees should have the same access level to be able to check on each others.

B. The manager should only be able to review the data and approve purchase orders.

C. Employee A and Employee B should rotate jobs at a set interval and cross-train.

D. The manager should be able to both enter and approve information.

Answer: B


New Questions 12

A small customer focused bank with implemented least privilege principles, is concerned about the possibility of branch staff unintentionally aiding fraud in their day to day interactions with customers. Bank staff has been encouraged to build friendships with customers to make the banking experience feel more personal. The security and risk team have decided that a policy needs to be implemented across all branches to address the

risk. Which of the following BEST addresses the security and risk teamu2019s concerns?

A. Information disclosure policy

B. Awareness training

C. Job rotation

D. Separation of duties

Answer: B


New Questions 13

A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP protocol anomalies from causing problems with the web server. Which of the following is the MOST likely solution?

A. Application firewall and NIPS

B. Edge firewall and HIDS

C. ACLs and anti-virus

D. Host firewall and WAF

Answer: D


New Questions 14

A team of security engineers has applied regulatory and corporate guidance to the design of a corporate network. The engineers have generated an SRTM based on their work and a thorough analysis of the complete set of functional and performance requirements in the network specification. Which of the following BEST describes the purpose of an SRTM in this scenario?

A. To ensure the security of the network is documented prior to customer delivery

B. To document the source of all functional requirements applicable to the network

C. To facilitate the creation of performance testing metrics and test plans

D. To allow certifiers to verify the network meets applicable security requirements

Answer: D


New Questions 15

Within the company, there is executive management pressure to start advertising to a new target market. Due to the perceived schedule and budget inefficiencies of engaging a technology business unit to commission a new micro-site, the marketing department is engaging third parties to develop the site in order to meet time-to-market demands. From a security perspective, which of the following options BEST balances the needs between marketing and risk management?

A. The third party should be contractually obliged to perform adequate security activities, and evidence of those activities should be confirmed by the company prior to launch.

B. Outsourcing is a valid option to increase time-to-market. If a security incident occurs, it is not of great concern as the reputational damage will be the third partyu2019s responsibility.

C. The company should never outsource any part of the business that could cause a security or privacy incident. It could lead to legal and compliance issues.

D. If the third party has an acceptable record to date on security compliance and is provably faster and cheaper, then it makes sense to outsource in this specific situation.

Answer: A


New Questions 16

An administrator has a system hardening policy to only allow network access to certain services, to always use similar hardware, and to protect from unauthorized application configuration changes.

Which of the following technologies would help meet this policy requirement? (Select TWO).

A. Spam filter

B. Solid state drives

C. Management interface

D. Virtualization

E. Host firewall

Answer: D,E


Recommend!! Get the Printable CAS-002 dumps in VCE and PDF From Allfreedumps, Welcome to download: https://www.allfreedumps.com/CAS-002-dumps.html (New 532 Q&As Version)