The Secret of CAS-002 exam engine
It is more faster and easier to pass the CompTIA CAS-002 exam by using Accurate CompTIA CompTIA Advanced Security Practitioner (CASP) questuins and answers. Immediate access to the Renewal CAS-002 Exam and find the same core area CAS-002 questions with professionally verified answers, then PASS your exam with a high score now.
P.S. Accurate CAS-002 lab are available on Google Drive, GET MORE: https://drive.google.com/open?id=1J1BBpAPWFcvqB6OREC6YP3KoGX0G5jQM
New CompTIA CAS-002 Exam Dumps Collection (Question 5 - Question 14)
Q1. The Information Security Officer (ISO) is reviewing a summary of the findings from the last COOP tabletop exercise. The Chief Information Officer (CIO) wants to determine which additional controls must be implemented to reduce the risk of an extended customer service outage due to the VoIP system being unavailable. Which of the following BEST describes the scenario presented and the document the ISO is reviewing?
A. The ISO is evaluating the business implications of a recent telephone system failure within the BIA.
B. The ISO is investigating the impact of a possible downtime of the messaging system within the RA.
C. The ISO is calculating the budget adjustment needed to ensure audio/video system redundancy within the RFQ.
D. The ISO is assessing the effect of a simulated downtime involving the telecommunication system within the AAR.
Q2. An IT administrator has been tasked by the Chief Executive Officer with implementing security using a single device based on the following requirements:
1. Selective sandboxing of suspicious code to determine malicious intent.
2. VoIP handling for SIP and H.323 connections.
3. Block potentially unwanted applications.
1. Which of the following devices would BEST meet all of these requirements?
Q3. An intruder was recently discovered inside the data center, a highly sensitive area. To gain access, the intruder circumvented numerous layers of physical and electronic security measures. Company leadership has asked for a thorough review of physical security controls to prevent this from happening again. Which of the following departments are the MOST heavily invested in rectifying the problem? (Select THREE).
A. Facilities management
B. Human resources
C. Research and development
E. Data center operations
G. Information technology
Q4. A new web based application has been developed and deployed in production. A security engineer decides to use an HTTP interceptor for testing the application. Which of the following problems would MOST likely be uncovered by this tool?
A. The tool could show that input validation was only enabled on the client side
B. The tool could enumerate backend SQL database table and column names
C. The tool could force HTTP methods such as DELETE that the server has denied
D. The tool could fuzz the application to determine where memory leaks occur
Q5. The Chief Information Security Officer (CISO) at a company knows that many users store business documents on public cloud-based storage; and realizes this is a risk to the company. In response, the CISO implements a mandatory training course in which all employees are instructed on the proper use of cloud-based storage. Which of the following risk strategies did the CISO implement?
Q6. The Chief Information Officer (CIO) is focused on improving IT governance within the organization to reduce system downtime. The CIO has mandated that the following improvements be implemented:
-All business units must now identify IT risks and include them in their business risk profiles.
-Key controls must be identified and monitored.
-Incidents and events must be recorded and reported with management oversight.
-Exemptions to the information security policy must be formally recorded, approved, and managed.
-IT strategy will be reviewed to ensure it is aligned with the businesses strategy and objectives.
In addition to the above, which of the following would BEST help the CIO meet the requirements?
A. Establish a register of core systems and identify technical service owners
B. Establish a formal change management process
C. Develop a security requirement traceability matrix
D. Document legacy systems to be decommissioned and the disposal process
Q7. An organization is selecting a SaaS provider to replace its legacy, in house Customer Resource Management (CRM) application. Which of the following ensures the organization mitigates the risk of managing separate user credentials?
A. Ensure the SaaS provider supports dual factor authentication.
B. Ensure the SaaS provider supports encrypted password transmission and storage.
C. Ensure the SaaS provider supports secure hash file exchange.
D. Ensure the SaaS provider supports role-based access control.
E. Ensure the SaaS provider supports directory services federation.
Q8. The sales team is considering the deployment of a new CRM solution within the enterprise. The IT and Security teams are members of the project; however, neither team has expertise or experience with the proposed system. Which of the following activities should be performed FIRST?
A. Visit a company who already has the technology, sign an NDA, and read their latest risk assessment.
B. Contact the top vendor, assign IT and Security to work together to implement a demo and pen test the system.
C. Work with Finance to do a second ROI calculation before continuing further with the project.
D. Research the market, select the top vendors and solicit RFPs from those vendors.
Q9. A large hospital has implemented BYOD to allow doctors and specialists the ability to access patient medical records on their tablets. The doctors and specialists access patient records over the hospitalu2019s guest WiFi network which is isolated from the internal network with appropriate security controls. The patient records management system can be accessed from the guest network and requires two factor authentication. Using a remote desktop type interface, the doctors and specialists can interact with the hospitalu2019s system. Cut and paste and printing functions are disabled to prevent the copying of data to BYOD devices. Which of the following are of MOST concern? (Select TWO).
A. Privacy could be compromised as patient records can be viewed in uncontrolled areas.
B. Device encryption has not been enabled and will result in a greater likelihood of data loss.
C. The guest WiFi may be exploited allowing non-authorized individuals access to confidential patient data.
D. Malware may be on BYOD devices which can extract data via key logging and screen scrapes.
E. Remote wiping of devices should be enabled to ensure any lost device is rendered inoperable.
Q10. A large organization that builds and configures every data center against distinct requirements loses efficiency, which results in slow response time to resolve issues. However, total uniformity presents other problems. Which of the following presents the GREATEST risk when consolidating to a single vendor or design solution?
A. Competitors gain an advantage by increasing their service offerings.
B. Vendor lock in may prevent negotiation of lower rates or prices.
C. Design constraints violate the principle of open design.
D. Lack of diversity increases the impact of specific events or attacks.
P.S. Easily pass CAS-002 Exam with Examcollection Accurate Dumps & pdf vce, Try Free: http://www.examcollectionuk.com/CAS-002-vce-download.html (532 New Questions)