Your success in CompTIA CAS-002 is our sole target and we develop all our CAS-002 braindumps in a way that facilitates the attainment of this target. Not only is our CAS-002 study material the best you can find, it is also the most detailed and the most updated. CAS-002 Practice Exams for CompTIA CASP CAS-002 are written to the highest standards of technical accuracy.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/CAS-002-exam-dumps.html
Q241. - (Topic 2)
A facilities manager has observed varying electric use on the company’s metered service lines. The facility management rarely interacts with the IT department unless new equipment is being delivered. However, the facility manager thinks that there is a correlation between spikes in electric use and IT department activity. Which of the following business processes and/or practices would provide better management of organizational resources with the IT department’s needs? (Select TWO).
A. Deploying a radio frequency identification tagging asset management system
B. Designing a business resource monitoring system
C. Hiring a property custodian
D. Purchasing software asset management software
E. Facility management participation on a change control board
F. Rewriting the change board charter
G. Implementation of change management best practices
Answer: E,G
Q242. - (Topic 3)
A security administrator is conducting network forensic analysis of a recent defacement of the company’s secure web payment server (HTTPS). The server was compromised around the New Year’s holiday when all the company employees were off. The company’s network diagram is summarized below:
The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm during the holiday.
Which of the following is true?
A. The security administrator should review the IDS logs to determine the source of the attack and the attack vector used to compromise the web server.
B. The security administrator must correlate the external firewall logs with the intrusion detection system logs to determine what specific attack led to the web server compromise.
C. The security administrator must reconfigure the network and place the IDS between the SSL accelerator and the server farm to be able to determine the cause of future attacks.
D. The security administrator must correlate logs from all the devices in the network diagram to determine what specific attack led to the web server compromise.
Answer: C
Q243. - (Topic 1)
An organization is concerned with potential data loss in the event of a disaster, and created a backup datacenter as a mitigation strategy. The current storage method is a single NAS used by all servers in both datacenters. Which of the following options increases data availability in the event of a datacenter failure?
A. Replicate NAS changes to the tape backups at the other datacenter.
B. Ensure each server has two HBAs connected through two routes to the NAS.
C. Establish deduplication across diverse storage paths.
D. Establish a SAN that replicates between datacenters.
Answer: D
Q244. - (Topic 5)
After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position?
A. Least privilege
B. Job rotation
C. Mandatory vacation
D. Separation of duties
Answer: B
Q245. - (Topic 1)
A penetration tester is assessing a mobile banking application. Man-in-the-middle attempts via a HTTP intercepting proxy are failing with SSL errors. Which of the following controls has likely been implemented by the developers?
A. SSL certificate revocation
B. SSL certificate pinning
C. Mobile device root-kit detection
D. Extended Validation certificates
Answer: B
Q246. - (Topic 1)
Two separate companies are in the process of integrating their authentication infrastructure into a unified single sign-on system. Currently, both companies use an AD backend and two factor authentication using TOTP. The system administrators have configured a trust relationship between the authentication backend to ensure proper process flow. How should the employees request access to shared resources before the authentication integration is complete?
A. They should logon to the system using the username concatenated with the 6-digit code and their original password.
B. They should logon to the system using the newly assigned global username: first.lastname#### where #### is the second factor code.
C. They should use the username format: LANfirst.lastname together with their original password and the next 6-digit code displayed when the token button is depressed.
D. They should use the username format: first.lastname@company.com, together with a password and their 6-digit code.
Answer: D
Q247. - (Topic 3)
A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security items should the company have in place before implementation? (Select TWO).
A. The company must dedicate specific staff to act as social media representatives of the company.
B. All staff needs to be instructed in the proper use of social media in the work environment.
C. Senior staff blogs should be ghost written by marketing professionals.
D. The finance department must provide a cost benefit analysis for social media.
E. The security policy needs to be reviewed to ensure that social media policy is properly implemented.
F. The company should ensure that the company has sufficient bandwidth to allow for social media traffic.
Answer: A,E
Q248. - (Topic 1)
A security engineer is working on a large software development project. As part of the design of the project, various stakeholder requirements were gathered and decomposed to an implementable and testable level. Various security requirements were also documented. Organize the following security requirements into the correct hierarchy required for an SRTM.
Requirement 1: The system shall provide confidentiality for data in transit and data at rest.
Requirement 2: The system shall use SSL, SSH, or SCP for all data transport.
Requirement 3: The system shall implement a file-level encryption scheme.
Requirement 4: The system shall provide integrity for all data at rest.
Requirement 5: The system shall perform CRC checks on all files.
A. Level 1: Requirements 1 and 4; Level 2: Requirements 2, 3, and 5
B. Level 1: Requirements 1 and 4; Level 2: Requirements 2 and 3 under 1, Requirement 5 under 4
C. Level 1: Requirements 1 and 4; Level 2: Requirement 2 under 1, Requirement 5 under 4; Level 3: Requirement 3 under 2
D. Level 1: Requirements 1, 2, and 3; Level 2: Requirements 4 and 5
Answer: B
Q249. - (Topic 1)
A web services company is planning a one-time high-profile event to be hosted on the corporate website. An outage, due to an attack, would be publicly embarrassing, so Joe, the Chief Executive Officer (CEO), has requested that his security engineers put temporary preventive controls in place. Which of the following would MOST appropriately address Joe's concerns?
A. Ensure web services hosting the event use TCP cookies and deny_hosts.
B. Configure an intrusion prevention system that blocks IPs after detecting too many incomplete sessions.
C. Contract and configure scrubbing services with third-party DDoS mitigation providers.
D. Purchase additional bandwidth from the company’s Internet service provider.
Answer: C
Q250. - (Topic 5)
An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments are the MOST heavily invested in rectifying the problem? (Select THREE).
A. Facilities management
B. Human resources
C. Research and development
D. Programming
E. Data center operations
F. Marketing
G. Information technology
Answer: A,E,G
