Our pass rate is high to 98.9% and the similarity percentage between our CAS-002 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the CompTIA CAS-002 exam in just one try? I am currently studying for the CompTIA CAS-002 exam. Latest CompTIA CAS-002 Test exam practice questions and answers, Try CompTIA CAS-002 Brain Dumps First.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/CAS-002-exam-dumps.html
Q11. - (Topic 4)
A medium-sized company has recently launched an online product catalog. It has decided to keep the credit card purchasing in-house as a secondary potential income stream has been identified in relation to sales leads. The company has decided to undertake a PCI assessment in order to determine the amount of effort required to meet the business objectives. Which compliance category would this task be part of?
A. Government regulation
B. Industry standard
C. Company guideline
D. Company policy
Answer: B
Q12. - (Topic 3)
An IT administrator wants to restrict DNS zone transfers between two geographically dispersed, external company DNS name servers, and has decided to use TSIG. Which of the following are critical when using TSIG? (Select TWO).
A. Periodic key changes once the initial keys are established between the DNS name servers.
B. Secure exchange of the key values between the two DNS name servers.
C. A secure NTP source used by both DNS name servers to avoid message rejection.
D. DNS configuration files on both DNS name servers must be identically encrypted.
E. AES encryption with a SHA1 hash must be used to encrypt the configuration files on both DNS name servers.
Answer: B,C
Q13. - (Topic 4)
Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the following correctly states the risk management options that the consultant should use during the assessment?
A. Risk reduction, risk sharing, risk retention, and risk acceptance.
B. Avoid, transfer, mitigate, and accept.
C. Risk likelihood, asset value, and threat level.
D. Calculate risk by determining technical likelihood and potential business impact.
Answer: B
Q14. - (Topic 3)
A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number of hosts located in the application zone, the production zone, and the core network. The 50 hosts in the core network are a mixture of Windows and Linux based systems, used by development staff to develop new applications. The single Windows host in the application zone is used exclusively by the production team to control software deployments into the production zone. There are 10 UNIX web application hosts in the production zone which are publically accessible.
Development staff is required to install and remove various types of software from their hosts on a regular basis while the hosts in the zone rarely require any type of configuration changes.
Which of the following when implemented would provide the BEST level of protection with the LEAST amount of disruption to staff?
A. NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware across all Windows hosts.
B. NIPS in the production zone, NIDS in the application zone, HIPS in the core network, and anti-virus / anti-malware across all hosts.
C. HIPS in the production zone, NIPS in the application zone, and HIPS in the core network.
D. NIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware across all hosts.
Answer: A
Q15. - (Topic 4)
Company A needs to export sensitive data from its financial system to company B’s database, using company B’s API in an automated manner. Company A’s policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company A’s financial system and company B’s destination server using the supplied API. Additionally, company A’s legacy financial software does not support encryption, while company B’s API supports encryption. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements?
A. Company A must install an SSL tunneling service on the financial system.
B. Company A’s security administrator should use an HTTPS capable browser to transfer the data.
C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B.
D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls.
Answer: A
Q16. - (Topic 4)
When generating a new key pair, a security application asks the user to move the mouse and type random characters on the keyboard. Which of the following BEST describes why this is necessary?
A. The user needs a non-repudiation data source in order for the application to generate the key pair.
B. The user is providing entropy so the application can use random data to create the key pair.
C. The user is providing a diffusion point to the application to aid in creating the key pair.
D. The application is requesting perfect forward secrecy from the user in order to create the key pair.
Answer: B
Q17. DRAG DROP - (Topic 2)
An organization is implementing a project to simplify the management of its firewall network flows and implement security controls. The following requirements exist. Drag and drop the BEST security solution to meet the given requirements. Options may be used once or not at all. All placeholders must be filled.
Answer:
Q18. - (Topic 3)
Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?
A. Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation.
B. Hire an outside consultant firm to perform both a quantitative and a qualitative risk-based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur.
C. Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked.
D. Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited.
Answer: D
Q19. - (Topic 2)
Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO).
A. Synchronous copy of data
B. RAID configuration
C. Data de-duplication
D. Storage pool space allocation
E. Port scanning
F. LUN masking/mapping
G. Port mapping
Answer: F,G
Q20. - (Topic 1)
Company XYZ has purchased and is now deploying a new HTML5 application. The company wants to hire a penetration tester to evaluate the security of the client and server components of the proprietary web application before launch. Which of the following is the penetration tester MOST likely to use while performing black box testing of the security of the company’s purchased application? (Select TWO).
A. Code review
B. Sandbox
C. Local proxy
D. Fuzzer
E. Port scanner
Answer: C,D
