Top High value CAS-002 study guides Tips!

Our pass rate is high to 98.9% and the similarity percentage between our CAS-002 study guide and real exam is 90% based on our seven-year educating experience. Do you want achievements in the CompTIA CAS-002 exam in just one try? I am currently studying for the CompTIA CAS-002 exam. Latest CompTIA CAS-002 Test exam practice questions and answers, Try CompTIA CAS-002 Brain Dumps First.

P.S. Validated CAS-002 pdf are available on Google Drive, GET MORE: https://drive.google.com/open?id=1o83EG0ADisGFtGQxvx-BzUZbRUif5wko


New CompTIA CAS-002 Exam Dumps Collection (Question 4 - Question 13)

Q4. A penetration tester is inspecting traffic on a new mobile banking application and sends the following web request:

POST http://www.example.com/resources/NewBankAccount HTTP/1.1 Content-type: application/json

{

u201caccountu201d: [

{ u201ccreditAccountu201d:u201dCredit Card Rewards accountu201d} { u201csalesLeadRefu201d:u201dwww.example.com/badcontent/exploitme.exeu201d}

],

u201ccustomeru201d: [

{ u201cnameu201d:u201dJoe Citizenu201d} { u201ccustRefu201d:u201d3153151u201d}

]

}

The banking website responds with: HTTP/1.1 200 OK

{

u201cnewAccountDetailsu201d: [

{ u201ccardNumberu201d:u201d1234123412341234u201d} { u201ccardExpiryu201d:u201d2020-12-31u201d}

{ u201ccardCVVu201d:u201d909u201d}

],

u201cmarketingCookieTrackeru201d:u201cJSESSIONID=000000001u201d u201creturnCodeu201d:u201cAccount added successfullyu201d

}

Which of the following are security weaknesses in this example? (Select TWO).

A. Missing input validation on some fields

B. Vulnerable to SQL injection

C. Sensitive details communicated in clear-text

D. Vulnerable to XSS

E. Vulnerable to malware file uploads

F. JSON/REST is not as secure as XML

Answer: A,C


Q5. A trust relationship has been established between two organizations with web based services. One organization is acting as the Requesting Authority (RA) and the other acts as the Provisioning Service Provider (PSP). Which of the following is correct about the trust relationship?

A. The trust relationship uses SAML in the SOAP header. The SOAP body transports the SPML requests / responses.

B. The trust relationship uses XACML in the SAML header. The SAML body transports the SOAP requests / responses.

C. The trust relationship uses SPML in the SOAP header. The SOAP body transports the SAML requests / responses.

D. The trust relationship uses SPML in the SAML header. The SAML body transports the SPML requests / responses.

Answer: A


Q6. At 9:00 am each morning, all of the virtual desktops in a VDI implementation become extremely slow and/or unresponsive. The outage lasts for around 10 minutes, after which everything runs properly again. The administrator has traced the problem to a lab of thin clients that are all booted at 9:00 am each morning. Which of the following is the MOST likely cause of the problem and the BEST solution? (Select TWO).

A. Add guests with more memory to increase capacity of the infrastructure.

B. A backup is running on the thin clients at 9am every morning.

C. Install more memory in the thin clients to handle the increased load while booting.

D. Booting all the lab desktops at the same time is creating excessive I/O.

E. Install 10-Gb uplinks between the hosts and the lab to increase network capacity.

F. Install faster SSD drives in the storage system used in the infrastructure.

G. The lab desktops are saturating the network while booting.

H. The lab desktops are using more memory than is available to the host systems.

Answer: D,F


Q7. A health service provider is considering the impact of allowing doctors and nurses access to the internal email system from their personal smartphones. The Information Security Officer (ISO) has received a technical document from the security administrator explaining that the current email system is capable of enforcing security policies to personal smartphones, including screen lockout and mandatory PINs. Additionally, the system is able to remotely wipe a phone if reported lost or stolen. Which of the following should the Information Security Officer be MOST concerned with based on this scenario? (Select THREE).

A. The email system may become unavailable due to overload.

B. Compliance may not be supported by all smartphones.

C. Equipment loss, theft, and data leakage.

D. Smartphone radios can interfere with health equipment.

E. Data usage cost could significantly increase.

F. Not all smartphones natively support encryption.

G. Smartphones may be used as rogue access points.

Answer: B,C,F


Q8. In order for a company to boost profits by implementing cost savings on non-core business activities, the IT manager has sought approval for the corporate email system to be hosted in the cloud. The compliance officer has been tasked with ensuring that data lifecycle issues are taken into account. Which of the following BEST covers the data lifecycle end- to-end?

A. Creation and secure destruction of mail accounts, emails, and calendar items

B. Information classification, vendor selection, and the RFP process

C. Data provisioning, processing, in transit, at rest, and de-provisioning

D. Securing virtual environments, appliances, and equipment that handle email

Answer: C


Q9. Company A is purchasing Company B. Company A uses a change management system for all IT processes while Company B does not have one in place. Company Bu2019s IT staff needs to purchase a third party product to enhance production. Which of the following NEXT steps should be implemented to address the security impacts this product may cause?

A. Purchase the product and test it in a lab environment before installing it on any live system.

B. Allow Company A and Bu2019s IT staff to evaluate the new product prior to purchasing it.

C. Purchase the product and test it on a few systems before installing it throughout the entire company.

D. Use Company Au2019s change management process during the evaluation of the new product.

Answer: D


Q10. Company ABC was formed by combining numerous companies which all had multiple databases, web portals, and cloud data sets. Each data store had a unique set of custom developed authentication mechanisms and schemas. Which of the following approaches to combining the disparate mechanisms has the LOWEST up front development costs?

A. Attestation

B. PKI

C. Biometrics

D. Federated IDs

Answer: : D


Q11. Several business units have requested the ability to use collaborative web-based meeting places with third party vendors. Generally these require user registration, installation of client-based ActiveX or Java applets, and also the ability for the user to share their desktop in read-only or read-write mode. In order to ensure that information security is not compromised, which of the following controls is BEST suited to this situation?

A. Disallow the use of web-based meetings as this could lead to vulnerable client-side components being installed, or a malicious third party gaining read-write control over an internal workstation.

B. Hire an outside consultant firm to perform both a quantitative and a qualitative risk- based assessment. Based on the outcomes, if any risks are identified then do not allow web-based meetings. If no risks are identified then go forward and allow for these meetings to occur.

C. Allow the use of web-based meetings, but put controls in place to ensure that the use of these meetings is logged and tracked.

D. Evaluate several meeting providers. Ensure that client-side components do not introduce undue security risks. Ensure that the read-write desktop mode can either be prevented or strongly audited.

Answer: D


Q12. A large financial company has a team of security-focused architects and designers that contribute into broader IT architecture and design solutions. Concerns have been raised due to the security contributions having varying levels of quality and consistency. It has been agreed that a more formalized methodology is needed that can take business drivers, capabilities, baselines, and re-usable patterns into account. Which of the following would BEST help to achieve these objectives?

A. Construct a library of re-usable security patterns

B. Construct a security control library

C. Introduce an ESA framework

A. D. Include SRTM in the SDLC

Answer: C


Q13. A financial company implements end-to-end encryption via SSL in the DMZ, and only IPSec in transport mode with AH enabled and ESP disabled throughout the internal network. The company has hired a security consultant to analyze the network infrastructure and provide a solution for intrusion prevention. Which of the following recommendations should the consultant provide to the security administrator?

A. Switch to TLS in the DMZ. Implement NIPS on the internal network, and HIPS on the DMZ.

B. Switch IPSec to tunnel mode. Implement HIPS on the internal network, and NIPS on the DMZ.

C. Disable AH. Enable ESP on the internal network, and use NIPS on both networks.

D. Enable ESP on the internal network, and place NIPS on both networks.

Answer: A


100% Up to the immediate present CompTIA CAS-002 Questions & Answers shared by Allfreedumps, Get HERE: https://www.allfreedumps.com/CAS-002-dumps.html (New 450 Q&As)