Top Tips Of CAS-002 tutorials

Actualtests offers free demo for CAS-002 exam. "CompTIA Advanced Security Practitioner (CASP)", also known as CAS-002 exam, is a CompTIA Certification. This set of posts, Passing the CompTIA CAS-002 exam, will help you answer those questions. The CAS-002 Questions & Answers covers all the knowledge points of the real exam. 100% real CompTIA CAS-002 exams and revised by experts!

P.S. Guaranteed CAS-002 faq are available on Google Drive, GET MORE:

New CompTIA CAS-002 Exam Dumps Collection (Question 11 - Question 20)

Q1. A business wants to start using social media to promote the corporation and to ensure that customers have a good experience with their products. Which of the following security items should the company have in place before implementation? (Select TWO).

A. The company must dedicate specific staff to act as social media representatives of the company.

B. All staff needs to be instructed in the proper use of social media in the work environment.

C. Senior staff blogs should be ghost written by marketing professionals.

D. The finance department must provide a cost benefit analysis for social media.

E. The security policy needs to be reviewed to ensure that social media policy is properly implemented.

F. The company should ensure that the company has sufficient bandwidth to allow for social media traffic.

Answer: A,E

Q2. An organization has just released a new mobile application for its customers. The application has an inbuilt browser and native application to render content from existing websites and the organizationu2019s new web services gateway. All rendering of the content is performed on the mobile application.

The application requires SSO between the application, the web services gateway and legacy UI. Which of the following controls MUST be implemented to securely enable SSO?

A. A registration process is implemented to have a random number stored on the client.

B. The identity is passed between the applications as a HTTP header over REST.

C. Local storage of the authenticated token on the mobile application is secured.

D. Attestation of the XACML payload to ensure that the client is authorized.

Answer: C

Q3. The IT Security Analyst for a small organization is working on a customeru2019s system and identifies a possible intrusion in a database that contains PII. Since PII is involved, the analyst wants to get the issue addressed as soon as possible. Which of the following is the FIRST step the analyst should take in mitigating the impact of the potential intrusion?

A. Contact the local authorities so an investigation can be started as quickly as possible.

B. Shut down the production network interfaces on the server and change all of the DBMS account passwords.

C. Disable the front-end web server and notify the customer by email to determine how the customer would like to proceed.

D. Refer the issue to management for handling according to the incident response process.

Answer: D

Q4. Company XYZ has employed a consultant to perform a controls assessment of the HR system, backend business operations, and the SCADA system used in the factory. Which of the following correctly states the risk management options that the consultant should use during the assessment?

A. Risk reduction, risk sharing, risk retention, and risk acceptance.

B. Avoid, transfer, mitigate, and accept.

C. Risk likelihood, asset value, and threat level.

D. Calculate risk by determining technical likelihood and potential business impact.

Answer: B

Q5. A company has noticed recently that its corporate information has ended up on an online forum. An investigation has identified that internal employees are sharing confidential corporate information on a daily basis. Which of the following are the MOST effective security controls that can be implemented to stop the above problem? (Select TWO).

A. Implement a URL filter to block the online forum

B. Implement NIDS on the desktop and DMZ networks

C. Security awareness compliance training for all employees

D. Implement DLP on the desktop, email gateway, and web proxies

A. E. Review of security policies and procedures

Answer: C,D

Q6. A vulnerability scanner report shows that a client-server host monitoring solution operating in the credit card corporate environment is managing SSL sessions with a weak algorithm which does not meet corporate policy. Which of the following are true statements? (Select TWO).

A. The X509 V3 certificate was issued by a non trusted public CA.

B. The client-server handshake could not negotiate strong ciphers.

C. The client-server handshake is configured with a wrong priority.

D. The client-server handshake is based on TLS authentication.

E. The X509 V3 certificate is expired.

F. The client-server implements client-server mutual authentication with different certificates.

Answer: B,C

Q7. Due to cost and implementation time pressures, a security architect has allowed a NAS to be used instead of a SAN for a non-critical, low volume database. Which of the following would make a NAS unsuitable for a business critical, high volume database application that required a high degree of data confidentiality and data availability? (Select THREE).

A. File level transfer of data

B. Zoning and LUN security

C. Block level transfer of data

D. Multipath

E. Broadcast storms

F. File level encryption

G. Latency

Answer: A,E,G

Q8. A corporation has Research and Development (R&D) and IT support teams, each requiring separate networks with independent control of their security boundaries to support department objectives. The corporationu2019s Information Security Officer (ISO) is responsible for providing firewall services to both departments, but does not want to increase the hardware footprint within the datacenter. Which of the following should the ISO consider to provide the independent functionality required by each departmentu2019s IT teams?

A. Put both departments behind the firewall and assign administrative control for each department to the corporate firewall.

B. Provide each department with a virtual firewall and assign administrative control to the physical firewall.

C. Put both departments behind the firewall and incorporate restrictive controls on each departmentu2019s network.

A. D. Provide each department with a virtual firewall and assign appropriate levels of management for the virtual device.

Answer: D

Q9. Company ABC is planning to outsource its Customer Relationship Management system (CRM) and marketing / leads management to Company XYZ.

Which of the following is the MOST important to be considered before going ahead with the service?

A. Internal auditors have approved the outsourcing arrangement.

B. Penetration testing can be performed on the externally facing web system.

C. Ensure there are security controls within the contract and the right to audit.

D. A physical site audit is performed on Company XYZu2019s management / operation.

Answer: C

Q10. A new web application system was purchased from a vendor and configured by the internal development team. Before the web application system was moved into production, a vulnerability assessment was conducted. A review of the vulnerability assessment report indicated that the testing team discovered a minor security issue with the configuration of the web application. The security issue should be reported to:

A. CISO immediately in an exception report.

B. Users of the new web application system.

C. The vendor who supplied the web application system.

D. Team lead in a weekly report.

Answer: D

P.S. Easily pass CAS-002 Exam with Certleader Guaranteed Dumps & pdf vce, Try Free: (532 New Questions)