Get actual & Latest CAS-002 Questions, Plus Accurate Answers
Exam Code: CAS-002
Exam Name: CompTIA Advanced Security Practitioner (CASP)
Most up-to-date CAS-002 vce Guide
Passleader CAS-002 Questions are updated and all CAS-002 answers are verified by experts. Once you have completely prepared with our CAS-002 exam prep kits you will be ready for the real CAS-002 exam without a problem. We have Abreast of the times CompTIA CAS-002 dumps study guide. PASSED CAS-002 First attempt! Here What I Did.
P.S. 100% Correct CAS-002 bible are available on Google Drive, GET MORE: https://drive.google.com/open?id=1J1BBpAPWFcvqB6OREC6YP3KoGX0G5jQM
New CompTIA CAS-002 Exam Dumps Collection (Question 7 - Question 16)
Question No: 7
A large organization has gone through several mergers, acquisitions, and de-mergers over the past decade. As a result, the internal networks have been integrated but have complex dependencies and interactions between systems. Better integration is needed in order to simplify the underlying complexity. Which of the following is the MOST suitable integration platform to provide event-driven and standards-based secure software architecture?
A. Service oriented architecture (SOA)
B. Federated identities
C. Object request broker (ORB)
D. Enterprise service bus (ESB)
Question No: 8
When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their smartphones.
Which of the following would impact the security of conferenceu2019s resources?
A. Wireless network security may need to be increased to decrease access of mobile devices.
B. Physical security may need to be increased to deter or prevent theft of mobile devices.
C. Network security may need to be increased by reducing the number of available physical network jacks.
D. Wireless network security may need to be decreased to allow for increased access of mobile devices.
Question No: 9
Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?
A. Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation.
B. Hire an outside consultant firm to perform both a quantitative and a qualitative risk- based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur.
C. Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked.
D. Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited.
Question No: 10
An administrator receives reports that the network is running slow for users connected to a certain switch. Viewing the network traffic, the administrator reviews the following:
18:51:59.042108 IP linuxwksta.55467 > dns.company.com.domain: 39462+ PTR? 188.8.131.52.in-addr.arpa. (42)
18:51:59.055732 IP dns.company.com.domain > linuxwksta.55467: 39462 NXDomain 0/0/0 (42)
18:51:59.055842 IP linuxwksta.48287 > dns.company.com.domain: 46767+ PTR? 255.19.4.10.in-addr.arpa. (42)
18:51:59.069816 IP dns.company.com.domain > linuxwksta.48287: 46767 NXDomain 0/0/0 (42)
18:51:59.159060 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [P.], seq 1989625106:1989625154, ack 2067334822, win 1525, options [nop,nop,TS val 16021424
ecr 215646227], length 48
18:51:59.159145 IP linuxwksta.48854 > dns.company.com.domain: 3834+ PTR? 184.108.40.206.in-addr.arpa. (41)
18:51:59.159314 IP 10.4.17.72.iscsi-target > linuxwksta.42491: Flags [P.], seq 1:49, ack 48, win 124, options [nop,nop,TS val 215647479 ecr 16021424], length 48
18:51:59.159330 IP linuxwksta.42491 > 10.4.17.72.iscsi-target: Flags [.], ack 49, win 1525, options [nop,nop,TS val 16021424 ecr 215647479], length 0
18:51:59.165342 IP dns.company.com.domain > linuxwksta.48854: 3834 NXDomain 0/0/0 (41)
18:51:59.397461 ARP, Request who-has 10.4.16.58 tell 10.4.16.1, length 46 18:51:59.397597 IP linuxwksta.37684 > dns.company.com.domain: 15022+ PTR?
Given the traffic report, which of the following is MOST likely causing the slow traffic?
A. DNS poisoning
B. Improper network zoning
C. ARP poisoning
D. Improper LUN masking
Question No: 11
In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which of the following BEST covers the data lifecycle end- to-end?
A. Creation and secure destruction of mail accounts, emails, and calendar items
B. Information classification, vendor selection, and the RFP process
C. Data provisioning, processing, in transit, at rest, and de-provisioning
D. Securing virtual environments, appliances, and equipment that handle email
Question No: 12
A vulnerability scanner report shows that a client-server host monitoring solution operating in the credit card corporate environment is managing SSL sessions with a weak algorithm which does not meet corporate policy. Which of the following are true statements? (Select TWO).
A. The X509 V3 certificate was issued by a non trusted public CA.
B. The client-server handshake could not negotiate strong ciphers.
C. The client-server handshake is configured with a wrong priority.
D. The client-server handshake is based on TLS authentication.
E. The X509 V3 certificate is expired.
F. The client-server implements client-server mutual authentication with different certificates.
Question No: 13
A small company is developing a new Internet-facing web application. The security requirements are:Users of the web application must be uniquely identified and authenticated. Users of the web application will not be added to the companyu2019s directory services. Passwords must not be stored in the code. Which of the following meets these requirements?
A. Use OpenID and allow a third party to authenticate users.
B. Use TLS with a shared client certificate for all users.
C. Use SAML with federated directory services.
D. Use Kerberos and browsers that support SAML.
Question No: 14
The IT Security Analyst for a small organization is working on a customeru2019s system and identifies a possible intrusion in a database that contains PII. Since PII is involved, the analyst wants to get the issue addressed as soon as possible. Which of the following is the FIRST step the analyst should take in mitigating the impact of the potential intrusion?
A. Contact the local authorities so an investigation can be started as quickly as possible.
B. Shut down the production network interfaces on the server and change all of the DBMS account passwords.
C. Disable the front-end web server and notify the customer by email to determine how the customer would like to proceed.
D. Refer the issue to management for handling according to the incident response process.
Question No: 15
Which of the following would be used in forensic analysis of a compromised Linux system? (Select THREE).
A. Check log files for logins from unauthorized IPs.
B. Check /proc/kmem for fragmented memory segments.
C. Check for unencrypted passwords in /etc/shadow.
D. Check timestamps for files modified around time of compromise.
E. Use lsof to determine files with future timestamps.
F. Use gpg to encrypt compromised data files.
G. Verify the MD5 checksum of system binaries.
H. Use vmstat to look for excessive disk I/O.
Question No: 16
A new IDS device is generating a very large number of irrelevant events. Which of the following would BEST remedy this problem?
A. Change the IDS to use a heuristic anomaly filter.
B. Adjust IDS filters to decrease the number of false positives.
C. Change the IDS filter to data mine the false positives for statistical trending data.
D. Adjust IDS filters to increase the number of false negatives.
P.S. Easily pass CAS-002 Exam with Examcollection 100% Correct Dumps & pdf vce, Try Free: http://www.examcollectionuk.com/CAS-002-vce-download.html (532 New Questions)
Get More Information : Get CAS-002 now
Money Back Guarantee
CertifyForAll has a remarkable Candidate Success record. We're confident of our products and provide a no hassle money back guarantee.
Who Chooses CertifyForAll
CertifyForAll is the world's largest certification preparation company with 99.3% Pass Rate History from 170344+ Satisfied Customers in 145 Countries.