Examcollection offers free demo for CAS-002 exam. "CompTIA Advanced Security Practitioner (CASP)", also known as CAS-002 exam, is a CompTIA Certification. This set of posts, Passing the CompTIA CAS-002 exam, will help you answer those questions. The CAS-002 Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA CAS-002 exams and revised by experts!
♥♥ 2021 NEW RECOMMEND ♥♥
Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)
★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions
Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on:
http://www.surepassexam.com/CAS-002-exam-dumps.html
Q191. - (Topic 3)
A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re-usable patterns into account. Which of the following would BEST help to achieve these objectives?
A. Construct a library of re-usable security patterns
B. Construct a security control library
C. Introduce an ESA framework
D. Include SRTM in the SDLC
Answer: C
Q192. - (Topic 1)
A security administrator was doing a packet capture and noticed a system communicating with an unauthorized address within the 2001::/32 prefix. The network administrator confirms there is no IPv6 routing into or out of the network. Which of the following is the BEST course of action?
A. Investigate the network traffic and block UDP port 3544 at the firewall
B. Remove the system from the network and disable IPv6 at the router
C. Locate and remove the unauthorized 6to4 relay from the network
D. Disable the switch port and block the 2001::/32 traffic at the firewall
Answer: A
Q193. - (Topic 4)
The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation.
The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. The CIO’s budget does not allow for full system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance director to minimize financial loss?
A. The company should mitigate the risk.
B. The company should transfer the risk.
C. The company should avoid the risk.
D. The company should accept the risk.
Answer: B
Q194. - (Topic 3)
In an effort to reduce internal email administration costs, a company is determining whether to outsource its email to a managed service provider that provides email, spam, and malware protection. The security manager is asked to provide input regarding any security implications of this change.
Which of the following BEST addresses risks associated with disclosure of intellectual property?
A. Require the managed service provider to implement additional data separation.
B. Require encrypted communications when accessing email.
C. Enable data loss protection to minimize emailing PII and confidential data.
D. Establish an acceptable use policy and incident response policy.
Answer: C
Q195. - (Topic 3)
Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users?
A. Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking.
B. IPv6 networking, port security, full disk encryption, three-factor authentication, cloud based servers, and a cold site.
C. Port security on switches, point to point VPN tunnels for user server connections, two-factor cryptographic authentication, physical locks, and a standby hot site.
D. Port security on all switches, point to point VPN tunnels for user connections to servers, two-factor authentication, a sign-in roster, and a warm site.
Answer: C
Q196. - (Topic 3)
A company receives a subpoena for email that is four years old. Which of the following should the company consult to determine if it can provide the email in question?
A. Data retention policy
B. Business continuity plan
C. Backup and archive processes
D. Electronic inventory
Answer: A
Q197. - (Topic 3)
A security consultant is hired by a company to determine if an internally developed web application is vulnerable to attacks. The consultant spent two weeks testing the application, and determines that no vulnerabilities are present. Based on the results of the tools and tests available, which of the following statements BEST reflects the security status of the application?
A. The company’s software lifecycle management improved the security of the application.
B. There are no vulnerabilities in the application.
C. The company should deploy a web application firewall to ensure extra security.
D. There are no known vulnerabilities at this time.
Answer: D
Q198. - (Topic 4)
After being informed that the company DNS is unresponsive, the system administrator issues the following command from a Linux workstation:
Once at the command prompt, the administrator issues the below commanD.
Which of the following is true about the above situation?
A. The administrator must use the sudo command in order to restart the service.
B. The administrator used the wrong SSH port to restart the DNS server.
C. The service was restarted correctly, but it failed to bind to the network interface.
D. The service did not restart because the bind command is privileged.
Answer: A
Q199. - (Topic 3)
Which of the following is the BEST place to contractually document security priorities, responsibilities, guarantees, and warranties when dealing with outsourcing providers?
A. NDA
B. OLA
C. MOU
D. SLA
Answer: D
Q200. - (Topic 3)
A startup company offering software on demand has hired a security consultant to provide expertise on data security. The company’s clients are concerned about data confidentiality. The security consultant must design an environment with data confidentiality as the top priority, over availability and integrity. Which of the following designs is BEST suited for this purpose?
A. All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment to access the virtualized applications. A secret key kept by the startup encrypts the application virtual memory and data store.
B. All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment and to access the virtualized applications. Each client has a common shared key, which encrypts the application virtual memory and data store.
C. Each client is assigned a set of virtual hosts running shared hardware. Physical storage is partitioned into LUNS and assigned to each client. MPLS technology is used to segment and encrypt each of the client’s networks. PKI based remote desktop with hardware tokens is used by the client to connect to the application.
D. Each client is assigned a set of virtual hosts running shared hardware. Virtual storage is partitioned and assigned to each client. VLAN technology is used to segment each of the client’s networks. PKI based remote desktop access is used by the client to connect to the application.
Answer: C
