Renovate CAS-002: Examcollection real paper from 11 to 20

Simulation of CAS-002 test materials and answers for CompTIA certification for IT specialist, Real Success Guaranteed with Updated CAS-002 pdf dumps vce Materials. 100% PASS CompTIA Advanced Security Practitioner (CASP) exam Today!

Q11. - (Topic 3) 

A company is preparing to upgrade its NIPS at five locations around the world. The three platforms the team plans to test, claims to have the most advanced features and lucrative pricing. 

Assuming all platforms meet the functionality requirements, which of the following methods should be used to select the BEST platform? 

A. Establish return on investment as the main criteria for selection. 

B. Run a cost/benefit analysis based on the data received from the RFP. 

C. Evaluate each platform based on the total cost of ownership. 

D. Develop a service level agreement to ensure the selected NIPS meets all performance requirements. 


Q12. - (Topic 2) 

The Chief Information Security Officer (CISO) at a large organization has been reviewing some security-related incidents at the organization and comparing them to current industry trends. The desktop security engineer feels that the use of USB storage devices on office computers has contributed to the frequency of security incidents. The CISO knows the acceptable use policy prohibits the use of USB storage devices. Every user receives a popup warning about this policy upon login. The SIEM system produces a report of USB violations on a monthly basis; yet violations continue to occur. Which of the following preventative controls would MOST effectively mitigate the logical risks associated with the use of USB storage devices? 

A. Revise the corporate policy to include possible termination as a result of violations 

B. Increase the frequency and distribution of the USB violations report 

C. Deploy PKI to add non-repudiation to login sessions so offenders cannot deny the offense 

D. Implement group policy objects 


Q13. - (Topic 3) 

A company has a single subnet in a small office. The administrator wants to limit non-web related traffic to the corporate intranet server as well as prevent abnormal HTTP requests and HTTP protocol anomalies from causing problems with the web server. Which of the following is the MOST likely solution? 

A. Application firewall and NIPS 

B. Edge firewall and HIDS 

C. ACLs and anti-virus 

D. Host firewall and WAF 


Q14. - (Topic 1) 

A software project manager has been provided with a requirement from the customer to place limits on the types of transactions a given user can initiate without external interaction from another user with elevated privileges. This requirement is BEST described as an implementation of: 

A. an administrative control 

B. dual control 

C. separation of duties 

D. least privilege 

E. collusion 


Q15. - (Topic 1) 

The Chief Executive Officer (CEO) of a large prestigious enterprise has decided to reduce business costs by outsourcing to a third party company in another country. Functions to be outsourced include: business analysts, testing, software development and back office functions that deal with the processing of customer data. The Chief Risk Officer (CRO) is concerned about the outsourcing plans. Which of the following risks are MOST likely to occur if adequate controls are not implemented? 

A. Geographical regulation issues, loss of intellectual property and interoperability agreement issues 

B. Improper handling of client data, interoperability agreement issues and regulatory issues 

C. Cultural differences, increased cost of doing business and divestiture issues 

D. Improper handling of customer data, loss of intellectual property and reputation damage 


Q16. - (Topic 5) 

A system administrator has a responsibility to maintain the security of the video teleconferencing system. During a self-audit of the video teleconferencing room, the administrator notices that speakers and microphones are hard-wired and wireless enabled. Which of the following security concerns should the system administrator have about the existing technology in the room? 

A. Wired transmissions could be intercepted by remote users. 

B. Bluetooth speakers could cause RF emanation concerns. 

C. Bluetooth is an unsecure communication channel. 

D. Wireless transmission causes interference with the video signal. 


Q17. - (Topic 5) 

A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospital’s guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospital’s system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO). 

A. Privacy could be compromised as patient records can be viewed in uncontrolled areas. 

B. Device encryption has not been enabled and will result in a greater likelihood of data loss. 

C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data. 

D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes. 

E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable. 

Answer: A,D 

Q18. - (Topic 5) 

A security engineer is a new member to a configuration board at the request of management. The company has two new major IT projects starting this year and wants to plan security into the application deployment. The board is primarily concerned with the applications’ compliance with federal assessment and authorization standards. The security engineer asks for a timeline to determine when a security assessment of both applications should occur and does not attend subsequent configuration board meetings. If the security engineer is only going to perform a security assessment, which of the following steps in system authorization has the security engineer omitted? (Select TWO). 

A. Establish the security control baseline to be assessed 

B. Build the application according to software development security standards 

C. Write the systems functionality requirements into the security requirements traceability matrix 

D. Review the results of user acceptance testing 

E. Categorize the applications according to use 

F. Consult with the stakeholders to determine which standards can be omitted 

Answer: A,E 

Q19. - (Topic 5) 

A mature organization with legacy information systems has incorporated numerous new processes and dependencies to manage security as its networks and infrastructure are modernized. The Chief Information Office has become increasingly frustrated with frequent releases, stating that the organization needs everything to work completely, and the vendor should already have those desires built into the software product. The vendor has been in constant communication with personnel and groups within the organization to understand its business process and capture new software requirements from users. Which of the following methods of software development is this organization’s configuration management process using? 

A. Agile 


C. Waterfall 

D. Joint application development 


Q20. - (Topic 3) 

When attending the latest security conference, an information security administrator noticed only a few people carrying a laptop around. Most other attendees only carried their smartphones. 

Which of the following would impact the security of conference’s resources? 

A. Wireless network security may need to be increased to decrease access of mobile devices. 

B. Physical security may need to be increased to deter or prevent theft of mobile devices. 

C. Network security may need to be increased by reducing the number of available physical network jacks. 

D. Wireless network security may need to be decreased to allow for increased access of mobile devices.