We provide real CAS-002 exam questions and answers braindumps in two formats. Download PDF & Practice Tests. Pass CompTIA CAS-002 Exam quickly & easily. The CAS-002 PDF type is available for reading and printing. You can print more and practice many times. With the help of our CompTIA CAS-002 dumps pdf and vce product and material, you can easily pass the CAS-002 exam.

Q301. - (Topic 5) 

A high-tech company dealing with sensitive data seized the mobile device of an employee suspected of leaking company secrets to a competitive organization. Which of the following is the BEST order for mobile phone evidence extraction? 

A. Device isolation, evidence intake, device identification, data processing, verification of data accuracy, documentation, reporting, presentation and archival. 

B. Evidence intake, device identification, preparation to identify the necessary tools, device isolation, data processing, verification of data accuracy, documentation, reporting, presentation and archival. 

C. Evidence log, device isolation ,device identification, preparation to identify the necessary tools, data processing, verification of data accuracy, presentation and archival. 

D. Device identification, evidence log, preparation to identify the necessary tools, data processing, verification of data accuracy, device isolation, documentation, reporting, presentation and archival. 


Q302. - (Topic 3) 

Company A is purchasing Company B. Company A uses a change management system for all IT processes while Company B does not have one in place. Company B’s IT staff needs to purchase a third party product to enhance production. Which of the following NEXT steps should be implemented to address the security impacts this product may cause? 

A. Purchase the product and test it in a lab environment before installing it on any live system. 

B. Allow Company A and B’s IT staff to evaluate the new product prior to purchasing it. 

C. Purchase the product and test it on a few systems before installing it throughout the entire company. 

D. Use Company A’s change management process during the evaluation of the new product. 


Q303. - (Topic 4) 

A security administrator at Company XYZ is trying to develop a body of knowledge to enable heuristic and behavior based security event monitoring of activities on a geographically distributed network. Instrumentation is chosen to allow for monitoring and measuring the network. Which of the following is the BEST methodology to use in establishing this baseline? 

A. Model the network in a series of VMs; instrument the systems to record comprehensive metrics; run a large volume of simulated data through the model; record and analyze results; document expected future behavior. 

B. Completely duplicate the network on virtual machines; replay eight hours of captured corporate network traffic through the duplicate network; instrument the network; analyze the results; document the baseline. 

C. Instrument the operational network; simulate extra traffic on the network; analyze net flow information from all network devices; document the baseline volume of traffic. 

D. Schedule testing on operational systems when users are not present; instrument the systems to log all network traffic; monitor the network for at least eight hours; analyze the results; document the established baseline. 


Q304. - (Topic 4) 

Company ABC’s SAN is nearing capacity, and will cause costly downtimes if servers run out disk space. Which of the following is a more cost effective alternative to buying a new SAN? 

A. Enable multipath to increase availability 

B. Enable deduplication on the storage pools 

C. Implement snapshots to reduce virtual disk size 

D. Implement replication to offsite datacenter 


Q305. - (Topic 3) 

A team of security engineers has applied regulatory and corporate guidance to the design of a corporate network. The engineers have generated an SRTM based on their work and a thorough analysis of the complete set of functional and performance requirements in the network specification. Which of the following BEST describes the purpose of an SRTM in this scenario? 

A. To ensure the security of the network is documented prior to customer delivery 

B. To document the source of all functional requirements applicable to the network 

C. To facilitate the creation of performance testing metrics and test plans 

D. To allow certifiers to verify the network meets applicable security requirements 


Q306. - (Topic 1) 

Company A needs to export sensitive data from its financial system to company B’s database, using company B’s API in an automated manner. Company A’s policy prohibits the use of any intermediary external systems to transfer or store its sensitive data, therefore the transfer must occur directly between company A’s financial system and company B’s destination server using the supplied API. Additionally, company A’s legacy financial software does not support encryption, while company B’s API supports encryption. Which of the following will provide end-to-end encryption for the data transfer while adhering to these requirements? 

A. Company A must install an SSL tunneling software on the financial system. 

B. Company A’s security administrator should use an HTTPS capable browser to transfer the data. 

C. Company A should use a dedicated MPLS circuit to transfer the sensitive data to company B. 

D. Company A and B must create a site-to-site IPSec VPN on their respective firewalls. 


Q307. - (Topic 1) 

An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments are the 

MOST heavily invested in rectifying the problem? (Select THREE). 

A. Facilities management 

B. Human resources 

C. Research and development 

D. Programming 

E. Data center operations 

F. Marketing 

G. Information technology 

Answer: A,E,G 

Q308. - (Topic 4) 

Company XYZ has experienced a breach and has requested an internal investigation be conducted by the IT Department. Which of the following represents the correct order of the investigation process? 

A. Collection, Identification, Preservation, Examination, Analysis, Presentation. 

B. Identification, Preservation, Collection, Examination, Analysis, Presentation. 

C. Collection, Preservation, Examination, Identification, Analysis, Presentation. 

D. Identification, Examination, Preservation, Collection, Analysis, Presentation. 


Q309. - (Topic 1) 

The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53? 






Q310. - (Topic 4) 

Company ABC will test connecting networks with Company XYZ as part of their upcoming merger and are both concerned with minimizing security exposures to each others network throughout the test. Which of the following is the FIRST thing both sides should do prior to connecting the networks? 

A. Create a DMZ to isolate the two companies and provide a security inspection point for all inter-company network traffic. 

B. Determine the necessary data flows between the two companies. 

C. Implement a firewall that restricts everything except the IPSec VPN traffic connecting the two companies. 

D. Implement inline NIPS on the connection points between the two companies.