are updated and are verified by experts. Once you have completely prepared with our you will be ready for the real CAS-002 exam without a problem. We have . PASSED First attempt! Here What I Did.
Online CAS-002 free questions and answers of New Version:
NEW QUESTION 1
A senior network security engineer has been tasked to decrease the attack surface of the corporate network. Which of the following actions would protect the external network interfaces from external attackers performing network scanning?
- A. Remove contact details from the domain name registrar to prevent social engineering attacks.
- B. Test external interfaces to see how they function when they process fragmented IP packets.
- C. Enable a honeynet to capture and facilitate future analysis of malicious attack vectors.
- D. Filter all internal ICMP message traffic, forcing attackers to use full-blown TCP port
- E. scans against external network interfaces.
Answer: B
NEW QUESTION 2
The <nameID> element in SAML can be provided in which of the following predefined
formats? (Select TWO).
- A. X.509 subject name
- B. PTR DNS record
- C. EV certificate OID extension
- D. Kerberos principal name
- E. WWN record name
Answer: AD
NEW QUESTION 3
Which of the following BEST explains SAML?
- A. A security attestation model built on XML and SOAP-based services, which allows for the exchange of A&A data between systems and supports Federated Identity Management.
- B. An XML and SOAP-based protocol, which enables the use of PKI for code signing and SSO by using SSL and SSH to establish a trust model.
- C. A security model built on the transfer of assertions over XML and SOAP-based protocols, which allows for seamless SSO and the open exchange of data.
- D. A security verification model built on SSO and SSL-based services, which allows for the exchange of PKI data between users and supports XACML.
Answer: A
NEW QUESTION 4
Continuous monitoring is a popular risk reduction technique in many large organizations with formal certification processes for IT projects. In order to implement continuous monitoring in an effective manner which of the following is correct?
- A. Only security related alerts should be forwarded to the network team for resolution.
- B. All logs must be centrally managed and access to the logs restricted only to data storage staff.
- C. Logging must be set appropriately and alerts delivered to security staff in a timely manner.
- D. Critical logs must be monitored hourly and adequate staff must be assigned to the network team.
Answer: C
NEW QUESTION 5
A security administrator is investigating the compromise of a SCADA network that is not physically connected to any other network. Which of the following is the MOST likely cause of the compromise?
- A. Outdated antivirus definitions
- B. Insecure wireless
- C. Infected USB device
- D. SQL injection
Answer: C
NEW QUESTION 6
CORRECT TEXT
Company A has noticed abnormal behavior targeting their SQL server on the network from a rogue IP address. The company uses the following internal IP address ranges: 192.10.1.0/24 for the corporate site and 192.10.2.0/24 for the remote site. The Telco router interface uses the 192.10.5.0/30 IP range.
Instructions: Click on the simulation button to refer to the Network Diagram for Company A. Click on Router 1, Router 2, and the Firewall to evaluate and configure each device.
Task 1: Display and examine the logs and status of Router 1, Router 2, and Firewall interfaces.
Task 2: Reconfigure the appropriate devices to prevent the attacks from continuing to target the SQL server and other servers on the corporate network.
Answer:
NEW QUESTION 7
A trust relationship has been established between two organizations with web based services. One organization is acting as the Requesting Authority (RA) and the other acts as the Provisioning Service Provider (PSP). Which of the following is correct about the trust relationship?
- A. The trust relationship uses SAML in the SOAP heade
- B. The SOAP body transports the SPML requests / responses.
- C. The trust relationship uses XACML in the SAML heade
- D. The SAML body transports the SOAP requests / responses.
- E. The trust relationship uses SPML in the SOAP heade
- F. The SOAP body transports the SAML requests / responses.
- G. The trust relationship uses SPML in the SAML heade
- H. The SAML body transports the SPML requests / responses.
Answer: A
NEW QUESTION 8
A corporation has expanded for the first time by integrating several newly acquired businesses.
Which of the following are the FIRST tasks that the security team should undertake? (Select TWO).
- A. Remove acquired companies Internet access.
- B. Federate identity management systems.
- C. Install firewalls between the businesses.
- D. Re-image all end user computers to a standard image.
- E. Develop interconnection policy.
- F. Conduct a risk analysis of each acquired company’s networks.
Answer: EF
NEW QUESTION 9
An organization uses IP address block 203.0.113.0/24 on its internal network. At the border router, the network administrator sets up rules to deny packets with a source address in this subnet from entering the network, and to deny packets with a destination address in this subnet from leaving the network. Which of the following is the administrator attempting to prevent?
- A. BGP route hijacking attacks
- B. Bogon IP network traffic
- C. IP spoofing attacks
- D. Man-in-the-middle attacks
- E. Amplified DDoS attacks
Answer: C
NEW QUESTION 10
A new company requirement mandates the implementation of multi-factor authentication to access network resources. The security administrator was asked to research and implement the most cost-effective solution that would allow for the authentication of both hardware and users. The company wants to leverage the PKI infrastructure which is already well established. Which of the following solutions should the security administrator implement?
- A. Issue individual private/public key pairs to each user, install the private key on the central authentication system, and protect the private key with the user’s credential
- B. Require each user to install the public key on their computer.
- C. Deploy USB fingerprint scanners on all desktops, and enable the fingerprint scanner on all laptop
- D. Require all network users to register their fingerprint using the reader and store the information in the central authentication system.
- E. Issue each user one hardware toke
- F. Configure the token serial number in the user properties of the central authentication system for each user and require token authentication with PIN for network logon.
- G. Issue individual private/public key pairs to each user, install the public key on the central authentication system, and require each user to install the private key on their computer and protect it with a password.
Answer: D
NEW QUESTION 11
Customer Need:
“We need the system to produce a series of numbers with no discernible mathematical progression for use by our Java based, PKI-enabled, customer facing website.”
Which of the following BEST restates the customer need?
- A. The system shall use a pseudo-random number generator seeded the same every time.
- B. The system shall generate a pseudo-random number upon invocation by the existing Java program.
- C. The system shall generate a truly random number based upon user PKI certificates.
- D. The system shall implement a pseudo-random number generator for use by corporate customers.
Answer: B
NEW QUESTION 12
The Chief Information Officer (CIO) of a technology company is likely to move away from a de-perimeterized model for employee owned devices. This is because there were too many issues with lack of patching, malware incidents, and data leakage due to lost/stolen devices which did not have full-disk encryption. The ‘bring your own computing’ approach was originally introduced because different business units preferred different operating systems and application stacks. Based on the issues and user needs, which of the following is the BEST recommendation for the CIO to make?
- A. The de-perimeterized model should be kept as this is major industry trend and other companies are following this directio
- B. Advise that the issues being faced are standard business as usual concerns in a modern IT environment.
- C. Update the policy to disallow non-company end-point devices on the corporate networ
- D. Develop security-focused standard operating environments (SOEs) for all required operating systems and ensure the needs of each business unit are met.
- E. The de-perimeterized model should be kept but update company policies to state that non-company end-points require full disk encryption, anti-virus software, and regular patching.
- F. Update the policy to disallow non-company end-point devices on the corporate networ
- G. Allow only one type of outsourced SOE to all users as this will be easier to provision, secure, and will save money on operating costs.
Answer: B
NEW QUESTION 13
It has come to the IT administrator’s attention that the “post your comment” field on the company blog page has been exploited, resulting in cross-site scripting attacks against customers reading the blog. Which of the following would be the MOST effective at preventing the “post your comment” field from being exploited?
- A. Update the blog page to HTTPS
- B. Filter metacharacters
- C. Install HIDS on the server
- D. Patch the web application
- E. Perform client side input validation
Answer: B
NEW QUESTION 14
A corporation implements a mobile device policy on smartphones that utilizes a white list for allowed applications. Recently, the security administrator notices that a consumer cloud based storage application has been added to the mobile device white list. Which of the following security implications should the security administrator cite when recommending the application’s removal from the white list?
- A. Consumer cloud storage systems retain local copies of each file on the smartphone, as well as in the cloud, causing a potential data breach if the phone is lost or stolen.
- B. Smartphones can export sensitive data or import harmful data with this application causing the potential for DLP or malware issues.
- C. Consumer cloud storage systems could allow users to download applications to the smartphon
- D. Installing applications this way would circumvent the application white list.
- E. Smartphones using consumer cloud storage are more likely to have sensitive data remnants on them when they are repurposed.
Answer: B
NEW QUESTION 15
Staff from the sales department have administrator rights to their corporate standard operating environment, and often connect their work laptop to customer networks when onsite during meetings and presentations. This increases the risk and likelihood of a security incident when the sales staff reconnects to the corporate LAN. Which of the following controls would BEST protect the corporate network?
- A. Implement a network access control (NAC) solution that assesses the posture of the laptop before granting network access.
- B. Use an independent consulting firm to provide regular network vulnerability assessments and biannually qualitative risk assessments.
- C. Provide sales staff with a separate laptop with no administrator access just for sales visits.
- D. Update the acceptable use policy and ensure sales staff read and acknowledge the policy.
Answer: A
NEW QUESTION 16
The Information Security Officer (ISO) believes that the company has been targeted by cybercriminals and it is under a cyber attack. Internal services that are normally available to the public via the Internet are inaccessible, and employees in the office are unable to browse the Internet. The senior security engineer starts by reviewing the bandwidth at the border router, and notices that the incoming bandwidth on the router’s external interface is maxed out. The security engineer then inspects the following piece of log to try and determine the reason for the downtime, focusing on the company’s external router’s IP which is 128.20.176.19:
11:16:22.110343 IP 90.237.31.27.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110351 IP 23.27.112.200.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110358 IP 192.200.132.213.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110402 IP 70.192.2.55.19 > 128.20.176.19.19: UDP, length 1400
11:16:22.110406 IP 112.201.7.39.19 > 128.20.176.19.19: UDP, length 1400
Which of the following describes the findings the senior security engineer should report to the ISO and the BEST solution for service restoration?
- A. After the senior engineer used a network analyzer to identify an active Fraggle attack, the company’s ISP should be contacted and instructed to block the malicious packets.
- B. After the senior engineer used the above IPS logs to detect the ongoing DDOS attack, an IPS filter should be enabled to block the attack and restore communication.
- C. After the senior engineer used a mirror port to capture the ongoing amplification attack, a BGP sinkhole should be configured to drop traffic at the source networks.
- D. After the senior engineer used a packet capture to identify an active Smurf attack, an ACL should be placed on the company’s external router to block incoming UDP port 19 traffic.
Answer: A
NEW QUESTION 17
An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO).
- A. LDAP/S
- B. SAML
- C. NTLM
- D. OAUTH
- E. Kerberos
Answer: BE
NEW QUESTION 18
The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented?
- A. Geographical regulation issues, loss of intellectual property and interoperability agreement issues
- B. Improper handling of client data, interoperability agreement issues and regulatory issues
- C. Cultural differences, increased cost of doing business and divestiture issues
- D. Improper handling of customer data, loss of intellectual property and reputation damage
Answer: D
NEW QUESTION 19
A finance manager says that the company needs to ensure that the new system can “replay” data, up to the minute, for every exchange being tracked by the investment departments. The finance manager also states that the company’s transactions need to be tracked against this data for a period of five years for compliance. How would a security engineer BEST interpret the finance manager’s needs?
- A. Compliance standards
- B. User requirements
- C. Data elements
- D. Data storage
- E. Acceptance testing
- F. Information digest
- G. System requirements
Answer: B
NEW QUESTION 20
Two universities are making their 802.11n wireless networks available to the other university’s students. The infrastructure will pass the student’s credentials back to the home school for authentication via the Internet.
The requirements are:
Mutual authentication of clients and authentication server
The design should not limit connection speeds Authentication must be delegated to the home school No passwords should be sent unencrypted
The following design was implemented:
WPA2 Enterprise using EAP-PEAP-MSCHAPv2 will be used for wireless security RADIUS proxy servers will be used to forward authentication requests to the home school The RADIUS servers will have certificates from a common public certificate authority
A strong shared secret will be used for RADIUS server authentication
Which of the following security considerations should be added to the design?
- A. The transport layer between the RADIUS servers should be secured
- B. WPA Enterprise should be used to decrease the network overhead
- C. The RADIUS servers should have local accounts for the visiting students
- D. Students should be given certificates to use for authentication to the network
Answer: A
P.S. Easily pass CAS-002 Exam with 450 Q&As Certleader Dumps & pdf Version, Welcome to Download the Newest Certleader CAS-002 Dumps: https://www.certleader.com/CAS-002-dumps.html (450 New Questions)