CompTIA CAS-002 Dumps Questions 2019
It is impossible to pass CompTIA CAS-002 exam without any help in the short term. Come to us soon and find the most advanced, correct and guaranteed . You will get a surprising result by our .
Online CAS-002 free questions and answers of New Version:
NEW QUESTION 1
A company is facing penalties for failing to effectively comply with e-discovery requests. Which of the following could reduce the overall risk to the company from this issue?
- A. Establish a policy that only allows filesystem encryption and disallows the use of individual file encryption.
- B. Require each user to log passwords used for file encryption to a decentralized repository.
- C. Permit users to only encrypt individual files using their domain password and archive all old user passwords.
- D. Allow encryption only by tools that use public keys from the existing escrowed corporate PKI.
NEW QUESTION 2
A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night. Which of the following presents the MOST risk to confidentiality in this scenario?
- A. Loss of physical control of the servers
- B. Distribution of the job to multiple data centers
- C. Network transmission of cryptographic keys
- D. Data scraped from the hardware platforms
NEW QUESTION 3
Part of the procedure for decommissioning a database server is to wipe all local disks, as well as SAN LUNs allocated to the server, even though the SAN itself is not being decommissioned. Which of the following is the reason for wiping the SAN LUNs?
- A. LUN masking will prevent the next server from accessing the LUNs.
- B. The data may be replicated to other sites that are not as secure.
- C. Data remnants remain on the LUN that could be read by other servers.
- D. The data is not encrypted during transport.
NEW QUESTION 4
At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which everything runs properly again. The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO).
- A. Add guests with more memory to increase capacity of the infrastructure.
- B. A backup is running on the thin clients at 9am every morning.
- C. Install more memory in the thin clients to handle the increased load while booting.
- D. Booting all the lab desktops at the same time is creating excessive I/O.
- E. Install 10-Gb uplinks between the hosts and the lab to increase network capacity.
- F. Install faster SSD drives in the storage system used in the infrastructure.
- G. The lab desktops are saturating the network while booting.
- H. The lab desktops are using more memory than is available to the host systems.
NEW QUESTION 5
The Chief Information Officer (CIO) is reviewing the IT centric BIA and RA documentation. The documentation shows that a single 24 hours downtime in a critical business function will cost the business $2.3 million. Additionally, the business unit which depends on the critical business function has determined that there is a high probability that a threat will materialize based on historical data. The CIO’s budget does not allow for full system hardware replacement in case of a catastrophic failure, nor does it allow for the purchase of additional compensating controls. Which of the following should the CIO recommend to the finance director to minimize financial loss?
- A. The company should mitigate the risk.
- B. The company should transfer the risk.
- C. The company should avoid the risk.
- D. The company should accept the risk.
NEW QUESTION 6
An administrator attempts to install the package "named.9.3.6-12-x86_64.rpm" on a server. Even though the package was downloaded from the official repository, the server states the package cannot be installed because no GPG key is found. Which of the following should the administrator perform to allow the program to be installed?
- A. Download the file from the program publisher's website.
- B. Generate RSA and DSA keys using GPG.
- C. Import the repository's public key.
- D. Run sha1sum and verify the hash.
NEW QUESTION 7
A university Chief Information Security Officer is analyzing various solutions for a new project involving the upgrade of the network infrastructure within the campus. The campus has several dorms (two-four person rooms) and administrative buildings. The network is currently setup to provide only two network ports in each dorm room and ten network ports per classroom. Only administrative buildings provide 2.4 GHz wireless coverage.
The following three goals must be met after the new implementation:
1. Provide all users (including students in their dorms) connections to the Internet.
2. Provide IT department with the ability to make changes to the network environment to improve performance.
3. Provide high speed connections wherever possible all throughout campus including sporting event areas.
Which of the following risk responses would MOST likely be used to reduce the risk of network outages and financial expenditures while still meeting each of the goals stated above?
- A. Avoid any risk of network outages by providing additional wired connections to each
- B. user and increasing the number of data ports throughout the campus.
- C. Transfer the risk of network outages by hiring a third party to survey, implement and manage a 5.0 GHz wireless network.
- D. Accept the risk of possible network outages and implement a WLAN solution to provide complete 5.0 GHz coverage in each building that can be managed centrally on campus.
- E. Mitigate the risk of network outages by implementing SOHO WiFi coverage throughout the dorms and upgrading only the administrative buildings to 5.0 GHz coverage using a one for one AP replacement.
NEW QUESTION 8
Company ABC is hiring customer service representatives from Company XYZ. The representatives reside at Company XYZ’s headquarters. Which of the following BEST prevents Company XYZ representatives from gaining access to unauthorized Company ABC systems?
- A. Require each Company XYZ employee to use an IPSec connection to the required systems
- B. Require Company XYZ employees to establish an encrypted VDI session to the required systems
- C. Require Company ABC employees to use two-factor authentication on the required systems
- D. Require a site-to-site VPN for intercompany communications
NEW QUESTION 9
A security architect is designing a new infrastructure using both type 1 and type 2 virtual machines. In addition to the normal complement of security controls (e.g. antivirus, host hardening, HIPS/NIDS) the security architect needs to implement a mechanism to securely store cryptographic keys used to sign code and code modules on the VMs. Which of the following will meet this goal without requiring any hardware pass-through implementations?
- A. vTPM
- B. HSM
- C. TPM
- D. INE
NEW QUESTION 10
An administrator wants to install a patch to an application. Given the scenario, download, verify and install the patch in the most secure manner.
Instructions: The last install that is completed will be the final submission.
NEW QUESTION 11
Company XYZ finds itself using more cloud-based business tools, and password management is becoming onerous. Security is important to the company; as a result, password replication and shared accounts are not acceptable. Which of the following implementations addresses the distributed login with centralized authentication and has wide compatibility among SaaS vendors?
- A. Establish a cloud-based authentication service that supports SAML.
- B. Implement a new Diameter authentication server with read-only attestation.
- C. Install a read-only Active Directory server in the corporate DMZ for federation.
- D. Allow external connections to the existing corporate RADIUS server.
NEW QUESTION 12
A new company requirement mandates the implementation of multi-factor authentication to access network resources. The security administrator was asked to research and implement the most cost-effective solution that would allow for the authentication of both hardware and users. The company wants to leverage the PKI infrastructure which is already well established. Which of the following solutions should the security administrator implement?
- A. Issue individual private/public key pairs to each user, install the private key on the central authentication system, and protect the private key with the user’s credential
- B. Require each user to install the public key on their computer.
- C. Deploy USB fingerprint scanners on all desktops, and enable the fingerprint scanner on all laptop
- D. Require all network users to register their fingerprint using the reader and store the information in the central authentication system.
- E. Issue each user one hardware toke
- F. Configure the token serial number in the user properties of the central authentication system for each user and require token authentication with PIN for network logon.
- G. Issue individual private/public key pairs to each user, install the public key on the central authentication system, and require each user to install the private key on their computer and protect it with a password.
NEW QUESTION 13
After reviewing a company’s NAS configuration and file system access logs, the auditor is advising the security administrator to implement additional security controls on the NFS export. The security administrator decides to remove the no_root_squash directive from the export and add the nosuid directive. Which of the following is true about the security controls implemented by the security administrator?
- A. The newly implemented security controls are in place to ensure that NFS encryption can only be controlled by the root user.
- B. Removing the no_root_squash directive grants the root user remote NFS read/write access to important files owned by root on the NAS.
- C. Users with root access on remote NFS client computers can always use the SU command to modify other user’s files on the NAS.
- D. Adding the nosuid directive disables regular users from accessing files owned by the root user over NFS even after using the SU command.
NEW QUESTION 14
- A. Buffer overflow
- B. Click jacking
- C. SQL injection
- D. XSS attack
NEW QUESTION 15
Which of the following provides the HIGHEST level of security for an integrated network providing services to authenticated corporate users?
- A. Point to point VPN tunnels for external users, three-factor authentication, a cold site, physical security guards, cloud based servers, and IPv6 networking.
- B. IPv6 networking, port security, full disk encryption, three-factor authentication, cloud based servers, and a cold site.
- C. Port security on switches, point to point VPN tunnels for user server connections, two- factor cryptographic authentication, physical locks, and a standby hot site.
- D. Port security on all switches, point to point VPN tunnels for user connections to servers, two-factor authentication, a sign-in roster, and a warm site.
NEW QUESTION 16
Ann, a software developer, wants to publish her newly developed software to an online store. Ann wants to ensure that the software will not be modified by a third party or end users before being installed on mobile devices. Which of the following should Ann implement to stop modified copies of her software form running on mobile devices?
- A. Single sign-on
- B. Identity propagation
- C. Remote attestation
- D. Secure code review
NEW QUESTION 17
The Universal Research Association has just been acquired by the Association of Medical Business Researchers. The new conglomerate has funds to upgrade or replace hardware as part of the acquisition, but cannot fund labor for major software projects. Which of the following will MOST likely result in some IT resources not being integrated?
- A. One of the companies may use an outdated VDI.
- B. Corporate websites may be optimized for different web browsers.
- C. Industry security standards and regulations may be in conflict.
- D. Data loss prevention standards in one company may be less stringent.
NEW QUESTION 18
A new startup company with very limited funds wants to protect the organization from external threats by implementing some type of best practice security controls across a number of hosts located in the application zone, the production zone, and the core network. The 50 hosts in the core network are a mixture of Windows and Linux based systems, used by development staff to develop new applications. The single Windows host in the application zone is used exclusively by the production team to control software deployments into the production zone. There are 10 UNIX web application hosts in the production zone which are publically accessible.
Development staff is required to install and remove various types of software from their hosts on a regular basis while the hosts in the zone rarely require any type of configuration changes.
Which of the following when implemented would provide the BEST level of protection with the LEAST amount of disruption to staff?
- A. NIPS in the production zone, HIPS in the application zone, and anti-virus / anti-malware across all Windows hosts.
- B. NIPS in the production zone, NIDS in the application zone, HIPS in the core network, and anti-virus / anti-malware across all hosts.
- C. HIPS in the production zone, NIPS in the application zone, and HIPS in the core network.
- D. NIDS in the production zone, HIDS in the application zone, and anti-virus / anti-malware across all hosts.
NEW QUESTION 19
An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected:
Pattern 1 – Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated.
Pattern 2 – For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out.
Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).
- A. Apply a hidden field that triggers a SIEM alert
- B. Cross site scripting attack
- C. Resource exhaustion attack
- D. Input a blacklist of all known BOT malware IPs into the firewall
- E. SQL injection
- F. Implement an inline WAF and integrate into SIEM
- G. Distributed denial of service
- H. Implement firewall rules to block the attacking IP addresses
100% Valid and Newest Version CAS-002 Questions & Answers shared by 2passeasy, Get Full Dumps HERE: https://www.2passeasy.com/dumps/CAS-002/ (New 450 Q&As)