Actual CAS-002 Exam Questions and Answers 2021

Your success in is our sole target and we develop all our in a way that facilitates the attainment of this target. Not only is our material the best you can find, it is also the most detailed and the most updated. for CompTIA CAS-002 are written to the highest standards of technical accuracy.

Online CompTIA CAS-002 free dumps demo Below:

NEW QUESTION 1
For companies seeking to move to cloud services, variances in regulation between jurisdictions can be addressed in which of the following ways?

  • A. Ensuring the cloud service provides high availability spanning multiple regions.
  • B. Using an international private cloud model as opposed to public IaaS.
  • C. Encrypting all data moved to or processed in a cloud-based service.
  • D. Tagging VMs to ensure they are only run in certain geographic regions.

Answer: D

NEW QUESTION 2
Which of the following is the BEST place to contractually document security priorities, responsibilities, guarantees, and warranties when dealing with outsourcing providers?

  • A. NDA
  • B. OLA
  • C. MOU
  • D. SLA

Answer: D

NEW QUESTION 3
Company XYZ provides hosting services for hundreds of companies across multiple industries including healthcare, education, and manufacturing. The security architect for company XYZ is reviewing a vendor proposal to reduce company XYZ’s hardware costs by combining multiple physical hosts through the use of virtualization technologies. The security architect notes concerns about data separation, confidentiality, regulatory requirements concerning PII, and administrative complexity on the proposal. Which of the following BEST describes the core concerns of the security architect?

  • A. Most of company XYZ’s customers are willing to accept the risks of unauthorized disclosure and access to information by outside users.
  • B. The availability requirements in SLAs with each hosted customer would have to be re- written to account for the transfer of virtual machines between physical platforms for regular maintenance.
  • C. Company XYZ could be liable for disclosure of sensitive data from one hosted customer when accessed by a malicious user who has gained access to the virtual machine of another hosted customer.
  • D. Not all of company XYZ’s customers require the same level of security and the administrative complexity of maintaining multiple security postures on a single hypervisor negates hardware cost savings.

Answer: C

NEW QUESTION 4
A forensic analyst receives a hard drive containing malware quarantined by the antivirus application. After creating an image and determining the directory location of the malware file, which of the following helps to determine when the system became infected?

  • A. The malware file’s modify, access, change time properties.
  • B. The timeline analysis of the file system.
  • C. The time stamp of the malware in the swap file.
  • D. The date/time stamp of the malware detection in the antivirus logs.

Answer: B

NEW QUESTION 5
A new IT company has hired a security consultant to implement a remote access system, which will enable employees to telecommute from home using both company issued as well as personal computing devices, including mobile devices. The company wants a flexible system to provide confidentiality and integrity for data in transit to the company’s internally developed application GUI. Company policy prohibits employees from having administrative rights to company issued devices. Which of the following remote access solutions has the lowest technical complexity?

  • A. RDP server
  • B. Client-based VPN
  • C. IPSec
  • D. Jump box
  • E. SSL VPN

Answer: A

NEW QUESTION 6
A security administrator is redesigning, and implementing a service-oriented architecture to replace an old, in-house software processing system, tied to a corporate sales website. After performing the business process analysis, the administrator decides the services need to operate in a dynamic fashion. The company has also been the victim of data injection attacks in the past and needs to build in mitigation features. Based on these requirements and past vulnerabilities, which of the following needs to be incorporated into the SOA?

  • A. Point to point VPNs for all corporate intranet users.
  • B. Cryptographic hashes of all data transferred between services.
  • C. Service to service authentication for all workflows.
  • D. Two-factor authentication and signed code

Answer: C

NEW QUESTION 7
A company has decided to move to an agile software development methodology. The company gives all of its developers security training. After a year of agile, a management review finds that the number of items on a vulnerability scan has actually increased since the methodology change. Which of the following best practices has MOST likely been overlooked in the agile implementation?

  • A. Penetration tests should be performed after each sprint.
  • B. A security engineer should be paired with a developer during each cycle.
  • C. The security requirements should be introduced during the implementation phase.
  • D. The security requirements definition phase should be added to each sprint.

Answer: D

NEW QUESTION 8
An organization is preparing to upgrade its firewall and NIPS infrastructure and has narrowed the vendor choices down to two platforms. The integrator chosen to assist the organization with the deployment has many clients running a mixture of the possible combinations of environments. Which of the following is the MOST comprehensive method for evaluating the two platforms?

  • A. Benchmark each possible solution with the integrators existing client deployments.
  • B. Develop testing criteria and evaluate each environment in-house.
  • C. Run virtual test scenarios to validate the potential solutions.
  • D. Use results from each vendor’s test labs to determine adherence to project requirements.

Answer: B

NEW QUESTION 9
The Chief Executive Officer (CEO) of an Internet service provider (ISP) has decided to limit the company’s contribution to worldwide Distributed Denial of Service (DDoS) attacks. Which of the following should the ISP implement? (Select TWO).

  • A. Block traffic from the ISP’s networks destined for blacklisted IPs.
  • B. Prevent the ISP’s customers from querying DNS servers other than those hosted by the ISP.
  • C. Block traffic with a source IP not allocated to the ISP from exiting the ISP’s network.
  • D. Scan the ISP’s customer networks using an up-to-date vulnerability scanner.
  • E. Notify customers when services they run are involved in an attack.

Answer: CE

NEW QUESTION 10
A member of the software development team has requested advice from the security team to implement a new secure lab for testing malware. Which of the following is the NEXT step that the security team should take?

  • A. Purchase new hardware to keep the malware isolated.
  • B. Develop a policy to outline what will be required in the secure lab.
  • C. Construct a series of VMs to host the malware environment.
  • D. Create a proposal and present it to management for approval.

Answer: D

NEW QUESTION 11
A software developer and IT administrator are focused on implementing security in the organization to protect OSI layer 7. Which of the following security technologies would BEST meet their requirements? (Select TWO).

  • A. NIPS
  • B. HSM
  • C. HIPS
  • D. NIDS
  • E. WAF

Answer: CE

NEW QUESTION 12
A security administrator is investigating the compromise of a software distribution website. Forensic analysis shows that several popular files are infected with malicious code. However, comparing a hash of the infected files with the original, non-infected files which were restored from backup, shows that the hash is the same. Which of the following explains this?

  • A. The infected files were using obfuscation techniques to evade detection by antivirus software.
  • B. The infected files were specially crafted to exploit a collision in the hash function.
  • C. The infected files were using heuristic techniques to evade detection by antivirus software.
  • D. The infected files were specially crafted to exploit diffusion in the hash function.

Answer: B

NEW QUESTION 13
A system administrator has just installed a new Linux distribution. The distribution is configured to be “secure out of the box”. The system administrator cannot make updates to certain system files and services. Each time changes are attempted, they are denied and a system error is generated. Which of the following troubleshooting steps should the security administrator suggest?

  • A. Review settings in the SELinux configuration files
  • B. Reset root permissions on systemd files
  • C. Perform all administrative actions while logged in as root
  • D. Disable any firewall software before making changes

Answer: A

NEW QUESTION 14
CORRECT TEXT
An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner. Instructions The last install that is completed will be the final submission
CAS-002 dumps exhibit

    Answer:

    NEW QUESTION 15
    An administrator is reviewing logs and sees the following entry:
    Message: Access denied with code 403 (phase 2). Pattern match "bunionb.{1,100}?bselectb" at ARGS:$id. [data "union all select"] [severity "CRITICAL"] [tag "WEB_ATTACK"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag
    "OWASP_AppSensor/CIE1"]
    Action: Intercepted (phase 2) Apache-Handler: php5-script Which of the following attacks was being attempted?

    • A. Session hijacking
    • B. Cross-site script
    • C. SQL injection
    • D. Buffer overflow

    Answer: C

    NEW QUESTION 16
    An organization recently upgraded its wireless infrastructure to support 802.1x and requires all clients to use this method. After the upgrade, several critical wireless clients fail to
    connect because they are only pre-shared key compliant. For the foreseeable future, none of the affected clients have an upgrade path to put them into compliance with the 802.1x requirement. Which of the following provides the MOST secure method of integrating the non-compliant clients into the network?

    • A. Create a separate SSID and require the use of dynamic encryption keys.
    • B. Create a separate SSID with a pre-shared key to support the legacy clients and rotate the key at random intervals.
    • C. Create a separate SSID and pre-shared WPA2 key on a new network segment and only allow required communication paths.
    • D. Create a separate SSID and require the legacy clients to connect to the wireless network using certificate-based 802.1x.

    Answer: B

    NEW QUESTION 17
    The senior security administrator wants to redesign the company DMZ to minimize the risks associated with both external and internal threats. The DMZ design must support security in depth, change management and configuration processes, and support incident reconstruction. Which of the following designs BEST supports the given requirements?

    • A. A dual firewall DMZ with remote logging where each firewall is managed by a separate administrator.
    • B. A single firewall DMZ where each firewall interface is managed by a separate administrator and logging to the cloud.
    • C. A SaaS based firewall which logs to the company’s local storage via SSL, and is managed by the change control team.
    • D. A virtualized firewall, where each virtual instance is managed by a separate administrator and logging to the same hardware.

    Answer: A

    NEW QUESTION 18
    A security architect has been engaged during the implementation stage of the SDLC to review a new HR software installation for security gaps. With the project under a tight schedule to meet market commitments on project delivery, which of the following security activities should be prioritized by the security architect? (Select TWO).

    • A. Perform penetration testing over the HR solution to identify technical vulnerabilities
    • B. Perform a security risk assessment with recommended solutions to close off high-rated risks
    • C. Secure code review of the HR solution to identify security gaps that could be exploited
    • D. Perform access control testing to ensure that privileges have been configured correctly
    • E. Determine if the information security standards have been complied with by the project

    Answer: BE

    NEW QUESTION 19
    New zero-day attacks are announced on a regular basis against a broad range of technology systems. Which of the following best practices should a security manager do to manage the risks of these attack vectors? (Select TWO).

    • A. Establish an emergency response call tree.
    • B. Create an inventory of applications.
    • C. Backup the router and firewall configurations.
    • D. Maintain a list of critical systems.
    • E. Update all network diagrams.

    Answer: BD

    NEW QUESTION 20
    A developer has implemented a piece of client-side JavaScript code to sanitize a user’s provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log:
    10.235.62.11 – - [02/Mar/2014:06:13:04] “GET
    /site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1” 200 5724
    Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer?

    • A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.
    • B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.
    • C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation.
    • D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.

    Answer: C

    100% Valid and Newest Version CAS-002 Questions & Answers shared by Certleader, Get Full Dumps HERE: https://www.certleader.com/CAS-002-dumps.html (New 450 Q&As)