You will get instant gain access to to the CompTIA CAS-002 exam Pdf files and test engine from the date associated with purchase. The actual updated CompTIA CAS-002 practice materials will be also readily available for downloading immediately. Youll be able to print the actual CompTIA CompTIA Pdf demos and preview and review these at anytime and anywhere. Youll be able to trust about our CompTIA CompTIA preparation materials because of the actual high passing ratio before you. Almost all of our customers have approved the CAS-002 real exam with assistance with the CompTIA certification exam demos.

2017 Mar CAS-002 free practice questions

Q91. - (Topic 2) 

The IT Security Analyst for a small organization is working on a customer’s system and identifies a possible intrusion in a database that contains PII. Since PII is involved, the analyst wants to get the issue addressed as soon as possible. Which of the following is the FIRST step the analyst should take in mitigating the impact of the potential intrusion? 

A. Contact the local authorities so an investigation can be started as quickly as possible. 

B. Shut down the production network interfaces on the server and change all of the DBMS account passwords. 

C. Disable the front-end web server and notify the customer by email to determine how the customer would like to proceed. 

D. Refer the issue to management for handling according to the incident response process. 

Answer:


Q92. - (Topic 3) 

An organization determined that each of its remote sales representatives must use a smartphone for email access. 

The organization provides the same centrally manageable model to each person. 

Which of the following mechanisms BEST protects the confidentiality of the resident data? 

A. Require dual factor authentication when connecting to the organization’s email server. 

B. Require each sales representative to establish a PIN to access the smartphone and limit email storage to two weeks. 

C. Require encrypted communications when connecting to the organization’s email server. 

D. Require a PIN and automatic wiping of the smartphone if someone enters a specific number of incorrect PINs. 

Answer:


Q93. - (Topic 3) 

A startup company offering software on demand has hired a security consultant to provide expertise on data security. The company’s clients are concerned about data confidentiality. The security consultant must design an environment with data confidentiality as the top priority, over availability and integrity. Which of the following designs is BEST suited for this purpose? 

A. All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment to access the virtualized applications. A secret key kept by the startup encrypts the application virtual memory and data store. 

B. All of the company servers are virtualized in a highly available environment sharing common hardware and redundant virtual storage. Clients use terminal service access to the shared environment and to access the virtualized applications. Each client has a common shared key, which encrypts the application virtual memory and data store. 

C. Each client is assigned a set of virtual hosts running shared hardware. Physical storage is partitioned into LUNS and assigned to each client. MPLS technology is used to segment and encrypt each of the client’s networks. PKI based remote desktop with hardware tokens is used by the client to connect to the application. 

D. Each client is assigned a set of virtual hosts running shared hardware. Virtual storage is partitioned and assigned to each client. VLAN technology is used to segment each of the client’s networks. PKI based remote desktop access is used by the client to connect to the application. 

Answer:


Q94. - (Topic 2) 

A senior network security engineer has been tasked to decrease the attack surface of the corporate network. Which of the following actions would protect the external network interfaces from external attackers performing network scanning? 

A. Remove contact details from the domain name registrar to prevent social engineering attacks. 

B. Test external interfaces to see how they function when they process fragmented IP packets. 

C. Enable a honeynet to capture and facilitate future analysis of malicious attack vectors. 

D. Filter all internal ICMP message traffic, forcing attackers to use full-blown TCP port scans against external network interfaces. 

Answer:


Q95. - (Topic 3) 

A large organization has gone through several mergers, acquisitions, and de-mergers over the past decade. As a result, the internal networks have been integrated but have complex dependencies and interactions between systems. Better integration is needed in order to simplify the underlying complexity. Which of the following is the MOST suitable integration platform to provide event-driven and standards-based secure software architecture? 

A. Service oriented architecture (SOA) 

B. Federated identities 

C. Object request broker (ORB) 

D. Enterprise service bus (ESB) 

Answer:


Up to date CAS-002 practice test:

Q96. - (Topic 1) 

An organization has decided to reduce labor costs by outsourcing back office processing of credit applications to a provider located in another country. Data sovereignty and privacy concerns raised by the security team resulted in the third-party provider only accessing and processing the data via remote desktop sessions. To facilitate communications and improve productivity, staff at the third party has been provided with corporate email accounts that are only accessible via the remote desktop sessions. Email forwarding is blocked and staff at the third party can only communicate with staff within the organization. Which of the following additional controls should be implemented to prevent data loss? (Select THREE). 

A. Implement hashing of data in transit 

B. Session recording and capture 

C. Disable cross session cut and paste 

D. Monitor approved credit accounts 

E. User access audit reviews 

F. Source IP whitelisting 

Answer: C,E,F 


Q97. - (Topic 3) 

The Linux server at Company A hosts a graphical application widely used by the company designers. One designer regularly connects to the server from a Mac laptop in the designer’s office down the hall. When the security engineer learns of this it is discovered the connection is not secured and the password can easily be obtained via network sniffing. Which of the following would the security engineer MOST likely implement to secure this connection? 

Linux Server: 192.168.10.10/24 

Mac Laptop: 192.168.10.200/24 

A. From the server, establish an SSH tunnel to the Mac and VPN to 192.168.10.200. 

B. From the Mac, establish a remote desktop connection to 192.168.10.10 using Network Layer Authentication and the CredSSP security provider. 

C. From the Mac, establish a VPN to the Linux server and connect the VNC to 127.0.0.1. 

D. From the Mac, establish a SSH tunnel to the Linux server and connect the VNC to 

127.0.0.1. 

Answer:


Q98. - (Topic 2) 

A small company is developing a new Internet-facing web application. The security requirements are: 

1. Users of the web application must be uniquely identified and authenticated. 

2. Users of the web application will not be added to the company’s directory services. 

3. Passwords must not be stored in the code. 

Which of the following meets these requirements? 

A. Use OpenID and allow a third party to authenticate users. 

B. Use TLS with a shared client certificate for all users. 

C. Use SAML with federated directory services. 

D. Use Kerberos and browsers that support SAML. 

Answer:


Q99. - (Topic 1) 

A popular commercial virtualization platform allows for the creation of virtual hardware. To virtual machines, this virtual hardware is indistinguishable from real hardware. By implementing virtualized TPMs, which of the following trusted system concepts can be implemented? 

A. Software-based root of trust 

B. Continuous chain of trust 

C. Chain of trust with a hardware root of trust 

D. Software-based trust anchor with no root of trust 

Answer:


Q100. - (Topic 2) 

The telecommunications manager wants to improve the process for assigning company-owned mobile devices and ensuring data is properly removed when no longer needed. Additionally, the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the following should be implemented to ensure these processes can be automated? (Select THREE). 

A. SIM’s PIN 

B. Remote wiping 

C. Chargeback system 

D. MDM software 

E. Presence software 

F. Email profiles 

G. Identity attestation 

H. GPS tracking 

Answer: B,D,G