It is more faster and easier to pass the CompTIA CAS-002 exam by using Realistic CompTIA CompTIA Advanced Security Practitioner (CASP) questuins and answers. Immediate access to the Renewal CAS-002 Exam and find the same core area CAS-002 questions with professionally verified answers, then PASS your exam with a high score now.

P.S. Realistic CAS-002 guidance are available on Google Drive, GET MORE:

New CompTIA CAS-002 Exam Dumps Collection (Question 4 - Question 13)

Q1. It has come to the IT administratoru2019s attention that the u201cpost your commentu201d field on the company blog page has been exploited, resulting in cross-site scripting attacks against customers reading the blog. Which of the following would be the MOST effective at preventing the u201cpost your commentu201d field from being exploited?

A. Update the blog page to HTTPS

B. Filter metacharacters

C. Install HIDS on the server

D. Patch the web application

E. Perform client side input validation

Answer: B

Q2. A security manager has received the following email from the Chief Financial Officer (CFO):

u201cWhile I am concerned about the security of the proprietary financial data in our ERP application, we have had a lot of turnover in the accounting group and I am having a difficult time meeting our monthly performance targets. As things currently stand, we do not allow employees to work from home but this is something I am willing to allow so we can get back on track. What should we do first to securely enable this capability for my group?u201d

Based on the information provided, which of the following would be the MOST appropriate response to the CFO?

A. Remote access to the ERP tool introduces additional security vulnerabilities and should not be allowed.

B. Allow VNC access to corporate desktops from personal computers for the users working from home.

C. Allow terminal services access from personal computers after the CFO provides a list of the users working from home.

D. Work with the executive management team to revise policies before allowing any remote access.

Answer: D

Q3. An IT manager is working with a project manager to implement a new ERP system capable of transacting data between the new ERP system and the legacy system. As part of this process, both parties must agree to the controls utilized to secure data connections between the two enterprise systems. This is commonly documented in which of the

following formal documents?

A. Memorandum of Understanding

B. Information System Security Agreement

C. Interconnection Security Agreement

D. Interoperability Agreement

E. Operating Level Agreement

Answer: C

Q4. A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:

A. an administrative control

B. dual control

C. separation of duties

D. least privilege

E. collusion

Answer: C

Q5. A security administrator was recently hired in a start-up company to represent the interest of security and to assist the network team in improving security in the company. The programmers are not on good terms with the security team and do not want to be distracted with security issues while they are working on a major project. Which of the following is the BEST time to make them address security issues in the project?

A. In the middle of the project

B. At the end of the project

C. At the inception of the project

D. At the time they request

Answer: C

Q6. An assessor identifies automated methods for identifying security control compliance through validating sensors at the endpoint and at Tier 2. Which of the following practices satisfy continuous monitoring of authorized information systems?

A. Independent verification and validation

B. Security test and evaluation

C. Risk assessment

D. Ongoing authorization

Answer: D

Q7. A developer is determining the best way to improve security within the code being developed. The developer is focusing on input fields where customers enter their credit card details. Which of the following techniques, if implemented in the code, would be the MOST effective in protecting the fields from malformed input?

A. Client side input validation

B. Stored procedure

C. Encrypting credit card details

D. Regular expression matching

Answer: D

Q8. Which of the following represents important technical controls for securing a SAN storage infrastructure? (Select TWO).

A. Synchronous copy of data

B. RAID configuration

C. Data de-duplication

D. Storage pool space allocation

E. Port scanning

F. LUN masking/mapping

G. Port mapping

Answer: F,G

Q9. A company Chief Information Officer (CIO) is unsure which set of standards should govern

the companyu2019s IT policy. The CIO has hired consultants to develop use cases to test against various government and industry security standards. The CIO is convinced that there is large overlap between the configuration checks and security controls governing each set of standards. Which of the following selections represent the BEST option for the CIO?

A. Issue a RFQ for vendors to quote a complete vulnerability and risk management solution to the company.

B. Issue a policy that requires only the most stringent security standards be implemented throughout the company.

C. Issue a policy specifying best practice security standards and a baseline to be implemented across the company.

D. Issue a RFI for vendors to determine which set of security standards is best for the company.

Answer: C

Q10. An employee is performing a review of the organizationu2019s security functions and noticed that there is some cross over responsibility between the IT security team and the financial fraud team. Which of the following security documents should be used to clarify the roles and responsibilities between the teams?





Answer: C

Recommend!! Get the Realistic CAS-002 dumps in VCE and PDF From Examcollection, Welcome to download: (New 450 Q&As Version)