CAS-002 torrent(91 to 100) for IT examinee: Apr 2021 Edition

Want to know Examcollection CAS-002 Exam practice test features? Want to lear more about CompTIA CompTIA Advanced Security Practitioner (CASP) certification experience? Study Validated CompTIA CAS-002 answers to Improved CAS-002 questions at Examcollection. Gat a success with an absolute guarantee to pass CompTIA CAS-002 (CompTIA Advanced Security Practitioner (CASP)) test on your first attempt.


The article at Testaimer.com going over http://www.testaimer.com/CAS-002-test is very comprehensive.

2021 Apr CAS-002 training

Q91. - (Topic 2) 

A security auditor suspects two employees of having devised a scheme to steal money from the company. While one employee submits purchase orders for personal items, the other employee approves these purchase orders. The auditor has contacted the human resources director with suggestions on how to detect such illegal activities. Which of the following should the human resource director implement to identify the employees involved in these activities and reduce the risk of this activity occurring in the future? 

A. Background checks 

B. Job rotation 

C. Least privilege 

D. Employee termination procedures 

Answer:


Q92. - (Topic 2) 

The risk manager at a small bank wants to use quantitative analysis to determine the ALE of running a business system at a location which is subject to fires during the year. A risk analyst reports to the risk manager that the asset value of the business system is $120,000 and, based on industry data, the exposure factor to fires is only 20% due to the fire suppression system installed at the site. Fires occur in the area on average every four years. Which of the following is the ALE? 

A. $6,000 

B. $24,000 

C. $30,000 

D. $96,000 

Answer:


Q93. - (Topic 2) 

A pentester must attempt to crack passwords on a windows domain that enforces strong complex passwords. Which of the following would crack the MOST passwords in the shortest time period? 

A. Online password testing 

B. Rainbow tables attack 

C. Dictionary attack 

D. Brute force attack 

Answer:


Q94. - (Topic 3) 

A security manager is developing new policies and procedures. Which of the following is a best practice in end user security? 

A. Employee identity badges and physical access controls to ensure only staff are allowed onsite. 

B. A training program that is consistent, ongoing, and relevant. 

C. Access controls to prevent end users from gaining access to confidential data. 

D. Access controls for computer systems and networks with two-factor authentication. 

Answer:


Q95. - (Topic 5) 

A high-tech company dealing with sensitive data seized the mobile device of an employee suspected of leaking company secrets to a competitive organization. Which of the following is the BEST order for mobile phone evidence extraction? 

A. Device isolation, evidence intake, device identification, data processing, verification of data accuracy, documentation, reporting, presentation and archival. 

B. Evidence intake, device identification, preparation to identify the necessary tools, device isolation, data processing, verification of data accuracy, documentation, reporting, presentation and archival. 

C. Evidence log, device isolation ,device identification, preparation to identify the necessary tools, data processing, verification of data accuracy, presentation and archival. 

D. Device identification, evidence log, preparation to identify the necessary tools, data processing, verification of data accuracy, device isolation, documentation, reporting, presentation and archival. 

Answer:


Rebirth CAS-002 free exam:

Q96. CORRECT TEXT - (Topic 3) 

Answer: 192.18.1.0/24 any 192.168.20.0/24 3389 any 


Q97. - (Topic 2) 

A security tester is testing a website and performs the following manual query: 

https://www.comptia.com/cookies.jsp?products=5%20and%201=1 

The following response is received in the payload: 

“ORA-000001: SQL command not properly ended” 

Which of the following is the response an example of? 

A. Fingerprinting 

B. Cross-site scripting 

C. SQL injection 

D. Privilege escalation 

Answer:


Q98. - (Topic 1) 

A security engineer on a large enterprise network needs to schedule maintenance within a fixed window of time. A total outage period of four hours is permitted for servers. Workstations can undergo maintenance from 8:00 pm to 6:00 am daily. Which of the following can specify parameters for the maintenance work? (Select TWO). 

A. Managed security service 

B. Memorandum of understanding 

C. Quality of service 

D. Network service provider 

E. Operating level agreement 

Answer: B,E 


Q99. - (Topic 1) 

An industry organization has implemented a system to allow trusted authentication between all of its partners. The system consists of a web of trusted RADIUS servers communicating over the Internet. An attacker was able to set up a malicious server and conduct a successful man-in-the-middle attack. Which of the following controls should be implemented to mitigate the attack in the future? 

A. Use PAP for secondary authentication on each RADIUS server 

B. Disable unused EAP methods on each RADIUS server 

C. Enforce TLS connections between RADIUS servers 

D. Use a shared secret for each pair of RADIUS servers 

Answer:


Q100. - (Topic 1) 

A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of: 

A. an administrative control 

B. dual control 

C. separation of duties 

D. least privilege 

E. collusion 

Answer: