Transferring CompTIA CAS-002 examination is not easy. CAS-002 achievements are only able to always be secured having training. Theres lots of means to be able to transferring for Actualtests.A CompTIA CAS-002 examine resources which Actualtests can offer derived from the actual intensive analysis and real-world experiences from our online teachers. CAS-002 examine resources, CAS-002, such as CAS-002 questions provide for in to our more substantial products basic.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/CAS-002-exam-dumps.html
2021 Apr CAS-002 exam engine
Q191. - (Topic 3)
Company XYZ has transferred all of the corporate servers, including web servers, to a cloud hosting provider to reduce costs. All of the servers are running unpatched, outdated versions of Apache. Furthermore, the corporate financial data is also hosted by the cloud services provider, but it is encrypted when not in use. Only the DNS server is configured to audit user and administrator actions and logging is disabled on the other virtual machines. Given this scenario, which of the following is the MOST significant risk to the system?
A. All servers are unpatched and running old versions.
B. Financial data is processed without being encrypted.
C. Logging is disabled on critical servers.
D. Server services have been virtualized and outsourced.
Answer: A
Q192. - (Topic 2)
A small company is developing a new Internet-facing web application. The security requirements are:
1. Users of the web application must be uniquely identified and authenticated.
2. Users of the web application will not be added to the company’s directory services.
3. Passwords must not be stored in the code.
Which of the following meets these requirements?
A. Use OpenID and allow a third party to authenticate users.
B. Use TLS with a shared client certificate for all users.
C. Use SAML with federated directory services.
D. Use Kerberos and browsers that support SAML.
Answer: A
Q193. - (Topic 3)
The Chief Information Officer (CIO) of a technology company is likely to move away from a de-perimeterized model for employee owned devices. This is because there were too many issues with lack of patching, malware incidents, and data leakage due to lost/stolen devices which did not have full-disk encryption. The ‘bring your own computing’ approach was originally introduced because different business units preferred different operating systems and application stacks. Based on the issues and user needs, which of the following is the BEST recommendation for the CIO to make?
A. The de-perimeterized model should be kept as this is major industry trend and other companies are following this direction. Advise that the issues being faced are standard business as usual concerns in a modern IT environment.
B. Update the policy to disallow non-company end-point devices on the corporate network. Develop security-focused standard operating environments (SOEs) for all required operating systems and ensure the needs of each business unit are met.
C. The de-perimeterized model should be kept but update company policies to state that non-company end-points require full disk encryption, anti-virus software, and regular patching.
D. Update the policy to disallow non-company end-point devices on the corporate network. Allow only one type of outsourced SOE to all users as this will be easier to provision, secure, and will save money on operating costs.
Answer: B
Q194. - (Topic 2)
An organization recently upgraded its wireless infrastructure to support 802.1x and requires all clients to use this method. After the upgrade, several critical wireless clients fail to connect because they are only pre-shared key compliant. For the foreseeable future, none of the affected clients have an upgrade path to put them into compliance with the 802.1x requirement. Which of the following provides the MOST secure method of integrating the non-compliant clients into the network?
A. Create a separate SSID and require the use of dynamic encryption keys.
B. Create a separate SSID with a pre-shared key to support the legacy clients and rotate the key at random intervals.
C. Create a separate SSID and pre-shared WPA2 key on a new network segment and only allow required communication paths.
D. Create a separate SSID and require the legacy clients to connect to the wireless network using certificate-based 802.1x.
Answer: B
Q195. DRAG DROP - (Topic 2)
A manufacturer is planning to build a segregated network. There are requirements to segregate development and test infrastructure from production and the need to support multiple entry points into the network depending on the service being accessed. There are also strict rules in place to only permit user access from within the same zone. Currently, the following access requirements have been identified:
1. Developers have the ability to perform technical validation of development applications.
2. End users have the ability to access internal web applications.
3. Third-party vendors have the ability to support applications.
In order to meet segregation and access requirements, drag and drop the appropriate network zone that the user would be accessing and the access mechanism to meet the above criteria. Options may be used once or not at all. All placeholders must be filled.
Answer:
Far out CAS-002 practice:
Q196. - (Topic 3)
A company is preparing to upgrade its NIPS at five locations around the world. The three platforms the team plans to test, claims to have the most advanced features and lucrative pricing.
Assuming all platforms meet the functionality requirements, which of the following methods should be used to select the BEST platform?
A. Establish return on investment as the main criteria for selection.
B. Run a cost/benefit analysis based on the data received from the RFP.
C. Evaluate each platform based on the total cost of ownership.
D. Develop a service level agreement to ensure the selected NIPS meets all performance requirements.
Answer: C
Q197. - (Topic 5)
A court order has ruled that your company must surrender all the email sent and received by a certain employee for the past five years. After reviewing the backup systems, the IT administrator concludes that email backups are not kept that long. Which of the following policies MUST be reviewed to address future compliance?
A. Tape backup policies
B. Offsite backup policies
C. Data retention policies
D. Data loss prevention policies
Answer: C
Q198. - (Topic 3)
An administrator is reviewing logs and sees the following entry:
Message: Access denied with code 403 (phase 2). Pattern match "bunionb.{1,100}?bselectb" at ARGS:$id. [data "union all select"] [severity "CRITICAL"] [tag "WEB_ATTACK"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"]
Action: Intercepted (phase 2) Apache-Handler: php5-script
Which of the following attacks was being attempted?
A. Session hijacking
B. Cross-site script
C. SQL injection
D. Buffer overflow
Answer: C
Q199. - (Topic 3)
A startup company offering software on demand has hired a security consultant to provide expertise on data security. The company’s clients are concerned about data confidentiality. The security consultant must design an environment with data confidentiality as the top priority, over availability and integrity. Which of the following designs is BEST suited for this purpose?
A. All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment to access the virtualized applications. A secret key kept by the startup encrypts the application virtual memory and data store.
B. All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment and to access the virtualized applications. Each client has a common shared key, which encrypts the application virtual memory and data store.
C. Each client is assigned a set of virtual hosts running shared hardware. Physical storage is partitioned into LUNS and assigned to each client. MPLS technology is used to segment and encrypt each of the client’s networks. PKI based remote desktop with hardware tokens is used by the client to connect to the application.
D. Each client is assigned a set of virtual hosts running shared hardware. Virtual storage is partitioned and assigned to each client. VLAN technology is used to segment each of the client’s networks. PKI based remote desktop access is used by the client to connect to the application.
Answer: C
Q200. - (Topic 3)
Company A has a remote work force that often includes independent contractors and out of state full time employees.
Company A's security engineer has been asked to implement a solution allowing these users to collaborate on projects with the following goals:
Which of the following solutions should the security engineer recommend to meet the MOST goals?
A. Create an SSL reverse proxy to a collaboration workspace. Use remote installation service to maintain application version. Have users use full desktop encryption. Schedule server downtime from 12:00 to 1:00 PM.
B. Install an SSL VPN to Company A's datacenter, have users connect to a standard virtual workstation image, set workstation time of day restrictions.
C. Create an extranet web portal using third party web based office applications. Ensure that Company A maintains the administrative access.
D. Schedule server downtime from 12:00 to 1:00 PM, implement a Terminal Server
Gateway, use remote installation services to standardize application on user’s laptops.
Answer: B
