Your success in CompTIA CAS-002 is our sole target and we develop all our CAS-002 braindumps in a way that facilitates the attainment of this target. Not only is our CAS-002 study material the best you can find, it is also the most detailed and the most updated. CAS-002 Practice Exams for CompTIA CASP CAS-002 are written to the highest standards of technical accuracy.
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/CAS-002-exam-dumps.html
Q101. DRAG DROP - (Topic 2)
An organization is implementing a project to simplify the management of its firewall network flows and implement security controls. The following requirements exist. Drag and drop the BEST security solution to meet the given requirements. Options may be used once or not at all. All placeholders must be filled.
Answer:
Q102. - (Topic 4)
An administrator has four virtual guests on a host server. Two of the servers are corporate SQL servers, one is a corporate mail server, and one is a testing web server for a small group of developers. The administrator is experiencing difficulty connecting to the host server during peak network usage times. Which of the following would allow the administrator to securely connect to and manage the host server during peak usage times?
A. Increase the virtual RAM allocation to high I/O servers.
B. Install a management NIC and dedicated virtual switch.
C. Configure the high I/O virtual servers to use FCoE rather than iSCSI.
D. Move the guest web server to another dedicated host.
Answer: B
Q103. - (Topic 2)
A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request:
POST http://www.example.com/resources/NewBankAccount HTTP/1.1
Content-type: application/json
{
“account”:
[
{ “creditAccount”:”Credit Card Rewards account”} {
“salesLeadRef”:”www.example.com/badcontent/exploitme.exe”}
],
“customer”:
[
{ “name”:”Joe Citizen”} { “custRef”:”3153151”}
]
}
The banking website responds with:
HTTP/1.1 200 OK
{
“newAccountDetails”:
[
{ “cardNumber”:”1234123412341234”} { “cardExpiry”:”2021-12-31”}
{ “cardCVV”:”909”}
],
“marketingCookieTracker”:“JSESSIONID=000000001”
“returnCode”:“Account added successfully”
}
Which of the following are security weaknesses in this example? (Select TWO).
A. Missing input validation on some fields
B. Vulnerable to SQL injection
C. Sensitive details communicated in clear-text
D. Vulnerable to XSS
E. Vulnerable to malware file uploads
F. JSON/REST is not as secure as XML
Answer: A,C
Q104. - (Topic 1)
After a security incident, an administrator would like to implement policies that would help reduce fraud and the potential for collusion between employees. Which of the following would help meet these goals by having co-workers occasionally audit another worker's position?
A. Least privilege
B. Job rotation
C. Mandatory vacation
D. Separation of duties
Answer: B
Q105. - (Topic 5)
A software development manager is taking over an existing software development project. The team currently suffers from poor communication, and this gap is resulting in an above average number of security-related bugs making it into production. Which of the following development methodologies involves daily stand-ups designed to improve communication?
A. Spiral
B. Agile
C. Waterfall
D. Rapid
Answer: B
Q106. - (Topic 3)
A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the following recommendations should the consultant provide to the security administrator?
A. Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.
B. Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.
C. Disable AH. Enable ESP on the internal network, and use NIPS on both networks.
D. Enable ESP on the internal network, and place NIPS on both networks.
Answer: A
Q107. - (Topic 2)
A security administrator has been asked to select a cryptographic algorithm to meet the criteria of a new application. The application utilizes streaming video that can be viewed both on computers and mobile devices. The application designers have asked that the algorithm support the transport encryption with the lowest possible performance overhead. Which of the following recommendations would BEST meet the needs of the application designers? (Select TWO).
A. Use AES in Electronic Codebook mode
B. Use RC4 in Cipher Block Chaining mode
C. Use RC4 with Fixed IV generation
D. Use AES with cipher text padding
E. Use RC4 with a nonce generated IV
F. Use AES in Counter mode
Answer: E,F
Q108. - (Topic 2)
An accountant at a small business is trying to understand the value of a server to determine if the business can afford to buy another server for DR. The risk manager only provided the accountant with the SLE of $24,000, ARO of 20% and the exposure factor of 25%. Which of the following is the correct asset value calculated by the accountant?
A. $4,800
B. $24,000
C. $96,000
D. $120,000
Answer: C
Q109. - (Topic 4)
Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process?
A. Collection, Identification, Preservation, Examination, Analysis, Presentation.
B. Identification, Preservation, Collection, Examination, Analysis, Presentation.
C. Collection, Preservation, Examination, Identification, Analysis, Presentation.
D. Identification, Examination, Preservation, Collection, Analysis, Presentation.
Answer: B
Q110. - (Topic 5)
A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital’s guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital’s system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).
A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.
B. Device encryption has not been enabled and will result in a greater likelihood of data loss.
C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.
D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.
E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.
Answer: A,D
