CAS-002 Guide

CAS-002 Exam Royal Pack (In Stock.)

  • CompTIA
  • Exam Number/Code CAS-002
  • Product Name CompTIA Advanced Security Practitioner (CASP)
  • Questions and Answers
  • 532 Q&As
  • Last Updated
  • Jun 18,2018
  • List Price
  • $128.99
  • Price
  • Today 49.99 USD

Free TrialVersion: demo Buy Now 50% OFF

Tips to Pass CAS-002 Exam (7 to 16)

Act now and download your CompTIA CAS-002 test today! Do not waste time for the worthless CompTIA CAS-002 tutorials. Download Rebirth CompTIA CompTIA Advanced Security Practitioner (CASP) exam with real questions and answers and begin to learn CompTIA CAS-002 with a classic professional.

P.S. Simulation CAS-002 samples are available on Google Drive, GET MORE:

New CompTIA CAS-002 Exam Dumps Collection (Question 7 - Question 16)

Question No: 7

A company Chief Information Officer (CIO) is unsure which set of standards should govern

the companyu2019s IT policy. The CIO has hired consultants to develop use cases to test against various government and industry security standards. The CIO is convinced that there is large overlap between the configuration checks and security controls governing each set of standards. Which of the following selections represent the BEST option for the CIO?

A. Issue a RFQ for vendors to quote a complete vulnerability and risk management solution to the company.

B. Issue a policy that requires only the most stringent security standards be implemented throughout the company.

C. Issue a policy specifying best practice security standards and a baseline to be implemented across the company.

D. Issue a RFI for vendors to determine which set of security standards is best for the company.

Answer: C

Question No: 8

The telecommunications manager wants to improve the process for assigning company- owned mobile devices and ensuring data is properly removed when no longer needed. Additionally, the manager wants to onboard and offboard personally owned mobile devices that will be used in the BYOD initiative. Which of the following should be implemented to ensure these processes can be automated? (Select THREE).

A. SIMu2019s PIN

B. Remote wiping

C. Chargeback system

D. MDM software

E. Presence software

F. Email profiles

A. G. Identity attestation

H. GPS tracking

Answer: B,D,G

Question No: 9

A security administrator notices a recent increase in workstations becoming compromised by malware. Often, the malware is delivered via drive-by downloads, from malware hosting websites, and is not being detected by the corporate antivirus. Which of the following solutions would provide the BEST protection for the company?

A. Increase the frequency of antivirus downloads and install updates to all workstations.

B. Deploy a cloud-based content filter and enable the appropriate category to prevent further infections.

C. Deploy a WAF to inspect and block all web traffic which may contain malware and exploits.

D. Deploy a web based gateway antivirus server to intercept viruses before they enter the network.

Answer: B

Question No: 10

It has come to the IT administratoru2019s attention that the u201cpost your commentu201d field on the company blog page has been exploited, resulting in cross-site scripting attacks against customers reading the blog. Which of the following would be the MOST effective at preventing the u201cpost your commentu201d field from being exploited?

A. Update the blog page to HTTPS

B. Filter metacharacters

C. Install HIDS on the server

D. Patch the web application

E. Perform client side input validation

Answer: B

Question No: 11

A Chief Financial Officer (CFO) has raised concerns with the Chief Information Security Officer (CISO) because money has been spent on IT security infrastructure, but corporate assets are still found to be vulnerable. The business recently funded a patch management product and SOE hardening initiative. A third party auditor reported findings against the business because some systems were missing patches. Which of the following statements BEST describes this situation?

A. The CFO is at fault because they are responsible for patching the systems and have already been given patch management and SOE hardening products.

B. The audit findings are invalid because remedial steps have already been applied to patch servers and the remediation takes time to complete.

C. The CISO has not selected the correct controls and the audit findings should be assigned to them instead of the CFO.

D. Security controls are generally never 100% effective and gaps should be explained to stakeholders and managed accordingly.

Answer: D

Question No: 12

A facilities manager has observed varying electric use on the companyu2019s metered service lines. The facility management rarely interacts with the IT department unless new equipment is being delivered. However, the facility manager thinks that there is a correlation between spikes in electric use and IT department activity. Which of the following business processes and/or practices would provide better management of organizational resources with the IT departmentu2019s needs? (Select TWO).

A. Deploying a radio frequency identification tagging asset management system

B. Designing a business resource monitoring system

C. Hiring a property custodian

D. Purchasing software asset management software

E. Facility management participation on a change control board

F. Rewriting the change board charter

G. Implementation of change management best practices

Answer: E,G

Question No: 13

An administrator wants to enable policy based flexible mandatory access controls on an open source OS to prevent abnormal application modifications or executions. Which of the following would BEST accomplish this?

A. Access control lists

B. SELinux

C. IPtables firewall


Answer: B

Question No: 14

A senior network security engineer has been tasked to decrease the attack surface of the corporate network. Which of the following actions would protect the external network interfaces from external attackers performing network scanning?

A. Remove contact details from the domain name registrar to prevent social engineering attacks.

B. Test external interfaces to see how they function when they process fragmented IP packets.

C. Enable a honeynet to capture and facilitate future analysis of malicious attack vectors.

D. Filter all internal ICMP message traffic, forcing attackers to use full-blown TCP port

A. scans against external network interfaces.

Answer: B

Question No: 15

The Chief Executive Officer (CEO) of a small start-up company wants to set up offices around the country for the sales staff to generate business. The company needs an effective communication solution to remain in constant contact with each other, while maintaining a secure business environment. A junior-level administrator suggests that the company and the sales staff stay connected via free social media. Which of the following decisions is BEST for the CEO to make?

A. Social media is an effective solution because it is easily adaptable to new situations.

B. Social media is an ineffective solution because the policy may not align with the business.

C. Social media is an effective solution because it implements SSL encryption.

D. Social media is an ineffective solution because it is not primarily intended for business applications.

Answer: B

Question No: 16

A developer has implemented a piece of client-side JavaScript code to sanitize a useru2019s provided input to a web page login screen. The code ensures that only the upper case and lower case letters are entered in the username field, and that only a 6-digit PIN is entered in the password field. A security administrator is concerned with the following web server log: u2013 - [02/Mar/2014:06:13:04] u201cGET

/site/script.php?user=admin&pass=pass%20or%201=1 HTTP/1.1u201d 200 5724

Given this log, which of the following is the security administrator concerned with and which fix should be implemented by the developer?

A. The security administrator is concerned with nonprintable characters being used to gain administrative access, and the developer should strip all nonprintable characters.

B. The security administrator is concerned with XSS, and the developer should normalize Unicode characters on the browser side.

C. The security administrator is concerned with SQL injection, and the developer should implement server side input validation.

D. The security administrator is concerned that someone may log on as the administrator, and the developer should ensure strong passwords are enforced.

Answer: C

P.S. Easily pass CAS-002 Exam with Allfreedumps Simulation Dumps & pdf vce, Try Free: (532 New Questions)

To know more about the CAS-002, click here.

Tagged as : CompTIA CAS-002 Dumps, Download CAS-002 pdf, CAS-002 VCE, CAS-002 pass4sure, examcollection CAS-002