Top Update CAS-002 book Reviews!
Master the CAS-002 CompTIA Advanced Security Practitioner (CASP) content and be ready for exam day success quickly with this Pass4sure CAS-002 exam question. We guarantee it!We make it a reality and give you real CAS-002 questions in our CompTIA CAS-002 braindumps.Latest 100% VALID CompTIA CAS-002 Exam Questions Dumps at below page. You can use our CompTIA CAS-002 braindumps and pass your exam.
Q251. - (Topic 1)
A company sales manager received a memo from the company’s financial department which stated that the company would not be putting its software products through the same security testing as previous years to reduce the research and development cost by 20 percent for the upcoming year. The memo also stated that the marketing material and service level agreement for each product would remain unchanged. The sales manager has reviewed the sales goals for the upcoming year and identified an increased target across the software products that will be affected by the financial department’s change. All software products will continue to go through new development in the coming year. Which of the following should the sales manager do to ensure the company stays out of trouble?
A. Discuss the issue with the software product's user groups
B. Consult the company’s legal department on practices and law
C. Contact senior finance management and provide background information
D. Seek industry outreach for software practices and law
Q252. - (Topic 4)
A company’s security policy states that its own internally developed proprietary Internet facing software must be resistant to web application attacks. Which of the following methods provides the MOST protection against unauthorized access to stored database information?
A. Require all development to follow secure coding practices.
B. Require client-side input filtering on all modifiable fields.
C. Escape character sequences at the application tier.
D. Deploy a WAF with application specific signatures.
Q253. - (Topic 1)
An insurance company is looking to purchase a smaller company in another country. Which of the following tasks would the security administrator perform as part of the security due diligence?
A. Review switch and router configurations
B. Review the security policies and standards
C. Perform a network penetration test
D. Review the firewall rule set and IPS logs
Q254. - (Topic 2)
A facilities manager has observed varying electric use on the company’s metered service lines. The facility management rarely interacts with the IT department unless new equipment is being delivered. However, the facility manager thinks that there is a correlation between spikes in electric use and IT department activity. Which of the following business processes and/or practices would provide better management of organizational resources with the IT department’s needs? (Select TWO).
A. Deploying a radio frequency identification tagging asset management system
B. Designing a business resource monitoring system
C. Hiring a property custodian
D. Purchasing software asset management software
E. Facility management participation on a change control board
F. Rewriting the change board charter
G. Implementation of change management best practices
Q255. - (Topic 3)
“We need the system to produce a series of numbers with no discernible mathematical progression for use by our Java based, PKI-enabled, customer facing website.”
Which of the following BEST restates the customer need?
A. The system shall use a pseudo-random number generator seeded the same every time.
B. The system shall generate a pseudo-random number upon invocation by the existing Java program.
C. The system shall generate a truly random number based upon user PKI certificates.
D. The system shall implement a pseudo-random number generator for use by corporate customers.
Q256. - (Topic 4)
An Association is preparing to upgrade their firewalls at five locations around the United States. Each of the three vendor’s RFP responses is in-line with the security and other requirements. Which of the following should the security administrator do to ensure the firewall platform is appropriate for the Association?
A. Correlate current industry research with the RFP responses to ensure validity.
B. Create a lab environment to evaluate each of the three firewall platforms.
C. Benchmark each firewall platform’s capabilities and experiences with similar sized companies.
D. Develop criteria and rate each firewall platform based on information in the RFP responses.
Q257. - (Topic 2)
Company policy requires that all unsupported operating systems be removed from the network. The security administrator is using a combination of network based tools to identify such systems for the purpose of disconnecting them from the network. Which of the following tools, or outputs from the tools in use, can be used to help the security administrator make an approximate determination of the operating system in use on the local company network? (Select THREE).
A. Passive banner grabbing
B. Password cracker
D. 443/tcp open http
E. dig host.company.com
F. 09:18:16.262743 IP (tos 0x0, ttl 64, id 9870, offset 0, flags [none], proto TCP (6), length 40)192.168.1.3.1051 > 10.46.3.7.80: Flags [none], cksum 0x1800 (correct), win 512, length
Q258. - (Topic 2)
ABC Corporation uses multiple security zones to protect systems and information, and all of the VM hosts are part of a consolidated VM infrastructure. Each zone has different VM administrators. Which of the following restricts different zone administrators from directly accessing the console of a VM host from another zone?
A. Ensure hypervisor layer firewalling between all VM hosts regardless of security zone.
B. Maintain a separate virtual switch for each security zone and ensure VM hosts bind to only the correct virtual NIC(s).
C. Organize VM hosts into containers based on security zone and restrict access using an ACL.
D. Require multi-factor authentication when accessing the console at the physical VM host.
Q259. - (Topic 4)
An audit at a popular on-line shopping site reveals that a flaw in the website allows customers to purchase goods at a discounted rate. To improve security the Chief Information Security Officer (CISO) has requested that the web based shopping cart application undergo testing to validate user input in both free form text fields and drop down boxes.
Which of the following is the BEST combination of tools and / or methods to use?
A. Blackbox testing and fingerprinting
B. Code review and packet analyzer
C. Fuzzer and HTTP interceptor
D. Enumerator and vulnerability assessment
Q260. - (Topic 3)
When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their smartphones.
Which of the following would impact the security of conference’s resources?
A. Wireless network security may need to be increased to decrease access of mobile devices.
B. Physical security may need to be increased to deter or prevent theft of mobile devices.
C. Network security may need to be increased by reducing the number of available physical network jacks.
D. Wireless network security may need to be decreased to allow for increased access of mobile devices.