comptia casp cas-002 (351 to 360)

The particular Examcollection CompTIA research instructions happen to be enjoying a far more and much more natural part in candidates researching existence, it help save much time for folks steer clear of to go to the course. Our own CompTIA CAS-002 puts also include several simulation exercises concerns. The particular simulation exercises concerns tend to be mixed into the CompTIA Advanced Security Practitioner (CASP) solutions of our CompTIA CAS-002 instructions. We guarantee an individual that you receive the actual achievement deffinately if you work tirelessly with your CAS-002 certification research components. The greater an individual undertake the actual Examcollection CAS-002 puts, the better tag you are able to attain. You can consider CompTIA CAS-002 publications or the e-books everywhere and also anytime you want within the purpose associated with they all are easily transportable. Examcollection will assure the actual increase benefits of clients due to our own high-quality goods.

2016 Jun CAS-002 exam cram

Q351. - (Topic 3) 

In single sign-on, the secondary domain needs to trust the primary domain to do which of the following? (Select TWO). 

A. Correctly assert the identity and authorization credentials of the end user. 

B. Correctly assert the authentication and authorization credentials of the end user. 

C. Protect the authentication credentials used to verify the end user identity to the secondary domain for unauthorized use. 

D. Protect the authentication credentials used to verify the end user identity to the secondary domain for authorized use. 

E. Protect the accounting credentials used to verify the end user identity to the secondary domain for unauthorized use. 

F. Correctly assert the identity and authentication credentials of the end user. 

Answer: D,F 

Topic 4, Volume D 


Q352. - (Topic 3) 

A team is established to create a secure connection between software packages in order to list employee's remaining or unused benefits on their paycheck stubs. Which of the following business roles would be MOST effective on this team? 

A. Network Administrator, Database Administrator, Programmers 

B. Network Administrator, Emergency Response Team, Human Resources 

C. Finance Officer, Human Resources, Security Administrator 

D. Database Administrator, Facilities Manager, Physical Security Manager 

Answer: C 


Q353. - (Topic 4) 

An Association is preparing to upgrade their firewalls at five locations around the United States. Each of the three vendor’s RFP responses is in-line with the security and other requirements. Which of the following should the security administrator do to ensure the firewall platform is appropriate for the Association? 

A. Correlate current industry research with the RFP responses to ensure validity. 

B. Create a lab environment to evaluate each of the three firewall platforms. 

C. Benchmark each firewall platform’s capabilities and experiences with similar sized companies. 

D. Develop criteria and rate each firewall platform based on information in the RFP responses. 

Answer: B 


Q354. - (Topic 1) 

A security policy states that all applications on the network must have a password length of eight characters. There are three legacy applications on the network that cannot meet this policy. One system will be upgraded in six months, and two are not expected to be upgraded or removed from the network. Which of the following processes should be followed? 

A. Establish a risk matrix 

B. Inherit the risk for six months 

C. Provide a business justification to avoid the risk 

D. Provide a business justification for a risk exception 

Answer: D 


Q355. - (Topic 2) 

A port in a fibre channel switch failed, causing a costly downtime on the company’s primary website. Which of the following is the MOST likely cause of the downtime? 

A. The web server iSCSI initiator was down. 

B. The web server was not multipathed. 

C. The SAN snapshots were not up-to-date. 

D. The SAN replication to the backup site failed. 

Answer: B 


CAS-002  free download

Refresh comptia casp cas-002 pdf:

Q356. - (Topic 2) 

The following has been discovered in an internally developed application: 

Error - Memory allocated but not freed: char *myBuffer = malloc(BUFFER_SIZE); if (myBuffer != NULL) { *myBuffer = STRING_WELCOME_MESSAGE; 

printf(“Welcome to: %s\n”, myBuffer); 

exit(0); 

Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO). 

A. Static code analysis 

B. Memory dumping 

C. Manual code review 

D. Application sandboxing 

E. Penetration testing 

F. Black box testing 

Answer: A,C 


Q357. - (Topic 3) 

A security consultant is called into a small advertising business to recommend which security policies and procedures would be most helpful to the business. The business is comprised of 20 employees, operating off of two shared servers. One server houses employee data and the other houses client data. All machines are on the same local network. Often these employees must work remotely from client sites, but do not access either of the servers remotely. Assuming no security policies or procedures are in place right now, which of the following would be the MOST applicable for implementation? (Select TWO). 

A. Password Policy 

B. Data Classification Policy 

C. Wireless Access Procedure 

D. VPN Policy 

E. Database Administrative Procedure 

Answer: A,B 


Q358. - (Topic 2) 

The finance department for an online shopping website has discovered that a number of customers were able to purchase goods and services without any payments. Further analysis conducted by the security investigations team indicated that the website allowed customers to update a payment amount for shipping. A specially crafted value could be entered and cause a roll over, resulting in the shipping cost being subtracted from the balance and in some instances resulted in a negative balance. As a result, the system processed the negative balance as zero dollars. Which of the following BEST describes the application issue? 

A. Race condition 

B. Click-jacking 

C. Integer overflow 

D. Use after free 

E. SQL injection 

Answer: C 


Q359. - (Topic 2) 

An administrator wishes to replace a legacy clinical software product as it has become a security risk. The legacy product generates $10,000 in revenue a month. The new software product has an initial cost of $180,000 and a yearly maintenance of $2,000 after the first year. However, it will generate $15,000 in revenue per month and be more secure. How many years until there is a return on investment for this new package? 

A. 1 

B. 2 

C. 3 

D. 4 

Answer: D 


Q360. - (Topic 2) 

A bank has decided to outsource some existing IT functions and systems to a third party service provider. The third party service provider will manage the outsourced systems on their own premises and will continue to directly interface with the bank’s other systems through dedicated encrypted links. Which of the following is critical to ensure the successful management of system security concerns between the two organizations? 

A. ISA 

B. BIA 

C. MOU 

D. SOA 

E. BPA 

Answer: A 



see more CAS-002 dumps