Printable CAS-002 Dumps 2019

Your success in is our sole target and we develop all our in a way that facilitates the attainment of this target. Not only is our material the best you can find, it is also the most detailed and the most updated. for CompTIA CAS-002 are written to the highest standards of technical accuracy.

Also have CAS-002 free dumps questions for you:

The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?

  • A. PING
  • D. NMAP

Answer: D

Noticing latency issues at its connection to the Internet, a company suspects that it is being targeted in a Distributed Denial of Service attack. A security analyst discovers numerous inbound monlist requests coming to the company’s NTP servers. Which of the following mitigates this activity with the LEAST impact to existing operations?

  • A. Block in-bound connections to the company’s NTP servers.
  • B. Block IPs making monlist requests.
  • C. Disable the company’s NTP servers.
  • D. Disable monlist on the company’s NTP servers.

Answer: D

News outlets are beginning to report on a number of retail establishments that are experiencing payment card data breaches. The data exfiltration is enabled by malware on a compromised computer. After the initial exploit network mapping and fingerprinting occurs in preparation for further exploitation. Which of the following is the MOST effective solution to protect against unrecognized malware infections, reduce detection time, and minimize any damage that might be done?

  • A. Remove local admin permissions from all users and change anti-virus to a cloud aware, push technology.
  • B. Implement an application whitelist at all levels of the organization.
  • C. Deploy a network based heuristic IDS, configure all layer 3 switches to feed data to the IDS for more effective monitoring.
  • D. Update router configuration to pass all network traffic through a new proxy server with advanced malware detection.

Answer: B

The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur. Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices?

  • A. Revise the corporate policy to include possible termination as a result of violations
  • B. Increase the frequency and distribution of the USB violations report
  • C. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense
  • D. Implement group policy objects

Answer: D

A small company is developing a new Internet-facing web application. The security requirements are:
1. Users of the web application must be uniquely identified and authenticated.
2. Users of the web application will not be added to the company’s directory services.
3. Passwords must not be stored in the code. Which of the following meets these requirements?

  • A. Use OpenID and allow a third party to authenticate users.
  • B. Use TLS with a shared client certificate for all users.
  • C. Use SAML with federated directory services.
  • D. Use Kerberos and browsers that support SAML.

Answer: A

A security administrator wants to verify and improve the security of a business process which is tied to proven company workflow. The security administrator was able to improve security by applying controls that were defined by the newly released company security standard. Such controls included code improvement, transport encryption, and interface restrictions. Which of the following can the security administrator do to further increase security after having exhausted all the technical controls dictated by the company’s security standard?

  • A. Modify the company standard to account for higher security and meet with upper management for approval to implement the new standard.
  • B. Conduct a gap analysis and recommend appropriate non-technical mitigating controls, and incorporate the new controls into the standard.
  • C. Conduct a risk analysis on all current controls, and recommend appropriate mechanisms to increase overall security.
  • D. Modify the company policy to account for higher security, adapt the standard accordingly, and implement new technical controls.

Answer: B

A security officer is leading a lessons learned meeting. Which of the following should be components of that meeting? (Select TWO).

  • A. Demonstration of IPS system
  • B. Review vendor selection process
  • C. Calculate the ALE for the event
  • D. Discussion of event timeline
  • E. Assigning of follow up items

Answer: DE

An administrator wants to enable policy based flexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions. Which of the following would BEST accomplish this?

  • A. Access control lists
  • B. SELinux
  • C. IPtables firewall
  • D. HIPS

Answer: B

A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the following recommendations should the consultant provide to the security administrator?

  • A. Switch to TLS in the DM
  • B. Implement NIPS on the internal network, and HIPS on the DMZ.
  • C. Switch IPSec to tunnel mod
  • D. Implement HIPS on the internal network, and NIPS on the DMZ.
  • E. Disable A
  • F. Enable ESP on the internal network, and use NIPS on both networks.
  • G. Enable ESP on the internal network, and place NIPS on both networks.

Answer: A

A large bank deployed a DLP solution to detect and block customer and credit card data from leaving the organization via email. A disgruntled employee was able to successfully exfiltrate data through the corporate email gateway by embedding a word processing document containing sensitive data as an object in a CAD file. Which of the following BEST explains why it was not detected and blocked by the DLP solution? (Select TWO).

  • A. The product does not understand how to decode embedded objects.
  • B. The embedding of objects in other documents enables document encryption by default.
  • C. The process of embedding an object obfuscates the data.
  • D. The mail client used to send the email is not compatible with the DLP product.
  • E. The DLP product cannot scan multiple email attachments at the same time.

Answer: AC

A security administrator needs to deploy a remote access solution for both staff and contractors. Management favors remote desktop due to ease of use. The current risk assessment suggests protecting Windows as much as possible from direct ingress traffic exposure. Which of the following solutions should be selected?

  • A. Deploy a remote desktop server on your internal LAN, and require an active directory integrated SSL connection for access.
  • B. Change remote desktop to a non-standard port, and implement password complexity for the entire active directory domain.
  • C. Distribute new IPSec VPN client software to applicable partie
  • D. Virtualize remote desktop services functionality.
  • E. Place the remote desktop server(s) on a screened subnet, and implement two-factor authentication.

Answer: D

A small customer focused bank with implemented least privilege principles, is concerned about the possibility of branch staff unintentionally aiding fraud in their day to day interactions with customers. Bank staff has been encouraged to build friendships with customers to make the banking experience feel more personal. The security and risk team have decided that a policy needs to be implemented across all branches to address the
risk. Which of the following BEST addresses the security and risk team’s concerns?

  • A. Information disclosure policy
  • B. Awareness training
  • C. Job rotation
  • D. Separation of duties

Answer: B

A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?

  • A. The tool could show that input validation was only enabled on the client side
  • B. The tool could enumerate backend SQL database table and column names
  • C. The tool could force HTTP methods such as DELETE that the server has denied
  • D. The tool could fuzz the application to determine where memory leaks occur

Answer: A

A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for personal items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect such illegal activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activity occurring in the future?

  • A. Background checks
  • B. Job rotation
  • C. Least privilege
  • D. Employee termination procedures

Answer: B

The Chief Information Security Officer (CISO) at a software development company is concerned about the lack of introspection during a testing cycle of the company’s flagship product. Testing was conducted by a small offshore consulting firm and the report by the consulting firm clearly indicates that limited test cases were used and many of the code paths remained untested.
The CISO raised concerns about the testing results at the monthly risk committee meeting, highlighting the need to get to the bottom of the product behaving unexpectedly in only some large enterprise deployments.
The Security Assurance and Development teams highlighted their availability to redo the testing if required.
Which of the following will provide the MOST thorough testing?

  • A. Have the small consulting firm redo the Black box testing.
  • B. Use the internal teams to perform Grey box testing.
  • C. Use the internal team to perform Black box testing.
  • D. Use the internal teams to perform White box testing.
  • E. Use a larger consulting firm to perform Black box testing.

Answer: D

A Security Manager is part of a team selecting web conferencing systems for internal use. The system will only be used for internal employee collaboration. Which of the following are the MAIN concerns of the security manager? (Select THREE).

  • A. Security of data storage
  • B. The cost of the solution
  • C. System availability
  • D. User authentication strategy
  • E. PBX integration of the service
  • F. Operating system compatibility

Answer: ACD

A large company is preparing to merge with a smaller company. The smaller company has been very profitable, but the smaller company’s main applications were created in-house. Which of the following actions should the large company’s security administrator take in preparation for the merger?

  • A. A review of the mitigations implemented from the most recent audit findings of the smaller company should be performed.
  • B. An ROI calculation should be performed to determine which company's application should be used.
  • C. A security assessment should be performed to establish the risks of integration or co- existence.
  • D. A regression test should be performed on the in-house software to determine security risks associated with the software.

Answer: C

A security administrator is conducting network forensic analysis of a recent defacement of the company’s secure web payment server (HTTPS). The server was compromised around the New Year’s holiday when all the company employees were off. The company’s network diagram is summarized below:
The security administrator discovers that all the local web server logs have been deleted. Additionally, the Internal Firewall logs are intact but show no activity from the internal network to the web server farm during the holiday.
Which of the following is true?

  • A. The security administrator should review the IDS logs to determine the source of the attack and the attack vector used to compromise the web server.
  • B. The security administrator must correlate the external firewall logs with the intrusion detection system logs to determine what specific attack led to the web server compromise.
  • C. The security administrator must reconfigure the network and place the IDS between the SSL accelerator and the server farm to be able to determine the cause of future attacks.
  • D. The security administrator must correlate logs from all the devices in the network
  • E. diagram to determine what specific attack led to the web server compromise.

Answer: C

A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of:

  • A. An administrative control
  • B. Dual control
  • C. Separation of duties
  • D. Least privilege
  • E. Collusion

Answer: C

Recommend!! Get the Full CAS-002 dumps in VCE and PDF From 2passeasy, Welcome to Download: (New 450 Q&As Version)