What Does CAS-002 test Mean?

Cause all that matters here is passing the CompTIA CAS-002 exam. Cause all that you need is a high score of CAS-002 CompTIA Advanced Security Practitioner (CASP) exam. The only one thing you need to do is downloading Ucertify CAS-002 exam study guides now. We will not let you down with our money-back guarantee.


♥♥ 2018 NEW RECOMMEND ♥♥

Free VCE & PDF File for CompTIA CAS-002 Real Exam (Full Version!)

★ Pass on Your First TRY ★ 100% Money Back Guarantee ★ Realistic Practice Exam Questions

Free Instant Download NEW CAS-002 Exam Dumps (PDF & VCE):
Available on: http://www.surepassexam.com/CAS-002-exam-dumps.html

P.S. Precise CAS-002 rapidshare are available on Google Drive, GET MORE: https://drive.google.com/open?id=1ddthACQd1JGf0imm89GpLL8acwMLf-_e


New CompTIA CAS-002 Exam Dumps Collection (Question 3 - Question 12)

Question No: 3

A business unit of a large enterprise has outsourced the hosting and development of a new external website which will be accessed by premium customers, in order to speed up the time to market timeline. Which of the following is the MOST appropriate?

A. The external party providing the hosting and website development should be obligated under contract to provide a secure service which is regularly tested (vulnerability and penetration). SLAs should be in place for the resolution of newly identified vulnerabilities and a guaranteed uptime.

B. The use of external organizations to provide hosting and web development services is not recommended as the costs are typically higher than what can be achieved internally. In addition, compliance with privacy regulations becomes more complex and guaranteed uptimes are difficult to track and measure.

C. Outsourcing transfers all the risk to the third party. An SLA should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly.

D. Outsourcing transfers the risk to the third party, thereby minimizing the cost and any legal obligations. An MOU should be in place for the resolution of newly identified vulnerabilities and penetration / vulnerability testing should be conducted regularly.

Answer: A



Question No: 4

A new IDS device is generating a very large number of irrelevant events. Which of the following would BEST remedy this problem?

A. Change the IDS to use a heuristic anomaly filter.

B. Adjust IDS filters to decrease the number of false positives.

C. Change the IDS filter to data mine the false positives for statistical trending data.

D. Adjust IDS filters to increase the number of false negatives.

Answer: B



Question No: 5

An administrator has four virtual guests on a host server. Two of the servers are corporate SQL servers, one is a corporate mail server, and one is a testing web server for a small group of developers. The administrator is experiencing difficulty connecting to the host server during peak network usage times. Which of the following would allow the administrator to securely connect to and manage the host server during peak usage times?

A. Increase the virtual RAM allocation to high I/O servers.

B. Install a management NIC and dedicated virtual switch.

C. Configure the high I/O virtual servers to use FCoE rather than iSCSI.

D. Move the guest web server to another dedicated host.

Answer: B



Question No: 6

In developing a new computing lifecycle process for a large corporation, the security team is developing the process for decommissioning computing equipment. In order to reduce the potential for data leakage, which of the following should the team consider? (Select TWO).

A. Erase all files on drive

B. Install of standard image

C. Remove and hold all drives

D. Physical destruction

E. Drive wipe

Answer: D,E



Question No: 7

An administrator is reviewing logs and sees the following entry:

Message: Access denied with code 403 (phase 2). Pattern match "\\bunion\\b.{1,100}?\\bselect\\b" at ARGS:$id. [data "union all select"] [severity "CRITICAL"] [tag "WEB_ATTACK"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag

"OWASP_AppSensor/CIE1"]

Action: Intercepted (phase 2) Apache-Handler: php5-script Which of the following attacks was being attempted?

A. Session hijacking

B. Cross-site script

C. SQL injection

D. Buffer overflow

Answer: C



Question No: 8

The Chief Technology Officer (CTO) has decided that servers in the company datacenter should be virtualized to conserve physical space. The risk assurance officer is concerned that the project team in charge of virtualizing servers plans to co-mingle many guest operating systems with different security requirements to speed up the rollout and reduce the number of host operating systems or hypervisors required.

Which of the following BEST describes the risk assurance officeru2019s concerns?

A. Co-mingling guest operating system with different security requirements allows guest OS privilege elevation to occur within the guest OS via shared memory allocation with the host OS.

B. Co-mingling of guest operating systems with different security requirements increases the risk of data loss if the hypervisor fails.

C. A weakly protected guest OS combined with a host OS exploit increases the chance of a successful VMEscape attack being executed, compromising the hypervisor and other guest OS.

D. A weakly protected host OS will allow the hypervisor to become corrupted resulting in

A. data throughput performance issues.

Answer: C



Question No: 9

Company XYZ recently acquired a manufacturing plant from Company ABC which uses a different manufacturing ICS platform. Company XYZ has strict ICS security regulations while Company ABC does not. Which of the following approaches would the network security administrator for Company XYZ MOST likely proceed with to integrate the new manufacturing plant?

A. Conduct a network vulnerability assessment of acquired plant ICS platform and correct all identified flaws during integration.

B. Convert the acquired plant ICS platform to the Company XYZ standard ICS platform solely to eliminate potential regulatory conflicts.

C. Conduct a risk assessment of the acquired plant ICS platform and implement any necessary or required controls during integration.

D. Require Company ABC to bring their ICS platform into regulatory compliance prior to integrating the new plant into Company XYZu2019s network.

Answer: C



Question No: 10

A project manager working for a large city government is required to plan and build a WAN, which will be required to host official business and public access. It is also anticipated that the cityu2019s emergency and first response communication systems will be required to operate across the same network. The project manager has experience with enterprise IT projects, but feels this project has an increased complexity as a result of the mixed business / public use and the critical infrastructure it will provide. Which of the following should the project manager release to the public, academia, and private industry to ensure the city provides due care in considering all project factors prior to building its new WAN?

A. NDA

B. RFI

C. RFP

D. RFQ

Answer: B



Question No: 11

A security administrator is redesigning, and implementing a service-oriented architecture to replace an old, in-house software processing system, tied to a corporate sales website. After performing the business process analysis, the administrator decides the services need to operate in a dynamic fashion. The company has also been the victim of data injection attacks in the past and needs to build in mitigation features. Based on these requirements and past vulnerabilities, which of the following needs to be incorporated into the SOA?

A. Point to point VPNs for all corporate intranet users.

B. Cryptographic hashes of all data transferred between services.

C. Service to service authentication for all workflows.

D. Two-factor authentication and signed code

Answer: C



Question No: 12

Company XYZ provides cable television service to several regional areas. They are currently installing fiber-to-the-home in many areas with hopes of also providing telephone and Internet services. The telephone and Internet services portions of the company will each be separate subsidiaries of the parent company. The board of directors wishes to keep the subsidiaries separate from the parent company. However all three companies must share customer data for the purposes of accounting, billing, and customer authentication. The solution must use open standards, and be simple and seamless for customers, while only sharing minimal data between the companies. Which of the following solutions is BEST suited for this scenario?

A. The companies should federate, with the parent becoming the SP, and the subsidiaries becoming an IdP.

B. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SSP.

C. The companies should federate, with the parent becoming the IdP, and the subsidiaries becoming an SP.

D. The companies should federate, with the parent becoming the ASP, and the subsidiaries becoming an IdP.

Answer: C



P.S. Easily pass CAS-002 Exam with Dumpscollection Precise Dumps & pdf vce, Try Free: http://www.dumpscollection.net/dumps/CAS-002/ (450 New Questions)