Far out CAS-002: Testking real faq from 6 to 15

Pass4sure CAS-002 Questions are updated and all CAS-002 answers are verified by experts. Once you have completely prepared with our CAS-002 exam prep kits you will be ready for the real CAS-002 exam without a problem. We have Up to the minute CompTIA CAS-002 dumps study guide. PASSED CAS-002 First attempt! Here What I Did.

P.S. Top Quality CAS-002 software are available on Google Drive, GET MORE: https://drive.google.com/open?id=1jFEYVEoSSaRH30NOS859G8vaEUVGAdF5

New CompTIA CAS-002 Exam Dumps Collection (Question 6 - Question 15)

Q6. An insurance company has an online quoting system for insurance premiums. It allows potential customers to fill in certain details about their car and obtain a quote. During an investigation, the following patterns were detected:

Pattern 1 u2013 Analysis of the logs identifies that insurance premium forms are being filled in but only single fields are incrementally being updated.

Pattern 2 u2013 For every quote completed, a new customer number is created; due to legacy systems, customer numbers are running out.

Which of the following is the attack type the system is susceptible to, and what is the BEST way to defend against it? (Select TWO).

A. Apply a hidden field that triggers a SIEM alert

B. Cross site scripting attack

C. Resource exhaustion attack

D. Input a blacklist of all known BOT malware IPs into the firewall

E. SQL injection

F. Implement an inline WAF and integrate into SIEM

G. Distributed denial of service

H. Implement firewall rules to block the attacking IP addresses

Answer: C,F

Q7. A security engineer is implementing a new solution designed to process e-business transactions and record them in a corporate audit database. The project has multiple technical stakeholders. The database team controls the physical database resources, the internal audit division controls the audit records in the database, the web hosting team is responsible for implementing the website front end and shopping cart application, and the accounting department is responsible for processing the transaction and interfacing with the payment processor. As the solution owner, the security engineer is responsible for ensuring which of the following?

A. Ensure the process functions in a secure manner from customer input to audit review.

B. Security solutions result in zero additional processing latency.

C. Ensure the process of storing audit records is in compliance with applicable laws.

D. Web transactions are conducted in a secure network channel.

Answer: A

Q8. A UNIX administrator notifies the storage administrator that extra LUNs can be seen on a UNIX server. The LUNs appear to be NTFS file systems. Which of the following MOST likely happened?

A. The iSCSI initiator was not restarted.

B. The NTFS LUNs are snapshots.

C. The HBA allocation is wrong.

D. The UNIX server is multipathed.

Answer: C

Q9. A finance manager says that the company needs to ensure that the new system can u201creplayu201d data, up to the minute, for every exchange being tracked by the investment departments. The finance manager also states that the companyu2019s transactions need to be tracked against this data for a period of five years for compliance. How would a security engineer BEST interpret the finance manageru2019s needs?

A. Compliance standards

B. User requirements

C. Data elements

D. Data storage

E. Acceptance testing

F. Information digest

G. System requirements

Answer: B

Q10. In order to reduce costs and improve employee satisfaction, a large corporation is creating a BYOD policy. It will allow access to email and remote connections to the corporate enterprise from personal devices; provided they are on an approved device list. Which of the following security measures would be MOST effective in securing the enterprise under the new policy? (Select TWO).

A. Provide free email software for personal devices.

B. Encrypt data in transit for remote access.

C. Require smart card authentication for all devices

D. Implement NAC to limit insecure devices access.

E. Enable time of day restrictions for personal devices.

Answer:: B,D

Q11. A security auditor is conducting an audit of a corporation where 95% of the users travel or work from non-corporate locations a majority of the time. While the employees are away from the corporate offices, they retain full access to the corporate network and use of corporate laptops. The auditor knows that the corporation processes PII and other sensitive data with applications requiring local caches of any data being manipulated. Which of the following security controls should the auditor check for and recommend to be implemented if missing from the laptops?

A. Trusted operating systems

B. Full disk encryption

C. Host-based firewalls

D. Command shell restrictions

Answer: B

Q12. An organization has had component integration related vulnerabilities exploited in consecutive releases of the software it hosts. The only reason the company was able to identify the compromises was because of a correlation of slow server performance and an attentive security analyst noticing unusual outbound network activity from the application

servers. End-to-end management of the development process is the responsibility of the applications development manager and testing is done by various teams of programmers. Which of the following will MOST likely reduce the likelihood of similar incidents?

A. Conduct monthly audits to verify that application modifications do not introduce new vulnerabilities.

B. Implement a peer code review requirement prior to releasing code into production.

C. Follow secure coding practices to minimize the likelihood of creating vulnerable applications.

D. Establish cross-functional planning and testing requirements for software development activities.

Answer: D

Q13. In single sign-on, the secondary domain needs to trust the primary domain to do which of the following? (Select TWO).

A. Correctly assert the identity and authorization credentials of the end user.

B. Correctly assert the authentication and authorization credentials of the end user.

C. Protect the authentication credentials used to verify the end user identity to the secondary domain for unauthorized use.

D. Protect the authentication credentials used to verify the end user identity to the secondary domain for authorized use.

A. E. Protect the accounting credentials used to verify the end user identity to the secondary domain for unauthorized use.

F. Correctly assert the identity and authentication credentials of the end user.

Answer: D,F

Topic 4, Volume D

Q14. A company runs large computing jobs only during the overnight hours. To minimize the amount of capital investment in equipment, the company relies on the elastic computing services of a major cloud computing vendor. Because the virtual resources are created and destroyed on the fly across a large pool of shared resources, the company never knows which specific hardware platforms will be used from night to night. Which of the following presents the MOST risk to confidentiality in this scenario?

A. Loss of physical control of the servers

B. Distribution of the job to multiple data centers

C. Network transmission of cryptographic keys

D. Data scraped from the hardware platforms

Answer: D

Q15. An intrusion detection system logged an attack attempt from a remote IP address. One week later, the attacker successfully compromised the network. Which of the following MOST likely occurred?

A. The IDS generated too many false negatives.

B. The attack occurred after hours.

C. The IDS generated too many false positives.

D. No one was reviewing the IDS event logs.

Answer: D

Recommend!! Get the Top Quality CAS-002 dumps in VCE and PDF From Dumpscollection, Welcome to download: http://www.dumpscollection.net/dumps/CAS-002/ (New 532 Q&As Version)